The "ops lessons we all learn the hard way"

Network administration prof and infrastructure security architect Jan Schaumann has compiled a list of 88 "ops lessons we all learn the hard way" (e.g.: "Any sufficiently successful product launch is indistinguishable from a DDoS; any sufficiently advanced user indistinguishable from an attacker.")


It's one of those lists of how things go wrong that are fun to read ("Self-signed certificates beget long lived certs, which beget lack of certificate validity monitoring, which begets curl -k, which begets a lack of certificate deployment automation, which begets self-signed certificates."), but produce a sinking feeling at the same time as your realize just how likely it is that these are lessons you will likely have to confront in your own immediate future ("'Obsolete' doesn't mean it's not in use and relied on").

22. Ok, we all at times keep adding $, {, }, and @ in random places trying to make things work, but still.

23. Serverless isn't.

24. Y38K is already here, it's just not evenly distributed.

25. If you determine "human error" as the root cause, then you're doing it wrong.
Your network team has a way into the network that your security team doesn't know about.


(A few) Ops Lessons We All Learn The Hard Way [Jan Schaumann/Signs of Triviality]


(via The Grugq)