More unintended consequences
-
This all starts a few months ago. There is a fellow I know who works for a small NFP and he attempts to do their IT support. I do not know him all that well, but somehow I have become the one he calls when he needs answers to things that are above his technology paygrade.
So a few months ago they are having an issue. They rely on shit tons of web apps and services to do their work and when the internet goes down they may as well pack up and go home. So he asks me what to do. They are in a part of town where all the ISPs are universally pretty crap because they are all running on copper that has been in place since @HardwareGeek was a youth. Shitty cable ISP or shitty DSL ISP, take your choice. The only other option would be a dedicated fiber connection, but that is not in the budget for Tiny NFP.
So my suggestion would be to get service with both of the shitty ISPs and bank on that it would be highly unlikely for both of them to go down at the same time. Then I have to walk him through the concept of a Multi-WAN load balancing firewall. He looks at options and as most of you are probably aware they are somewhat expensive. Once again, not really in the budget for them. It could be, probably, but whenever you ask them what they are looking to spend on a project the answer is always "As little as possible". I understand that small NFPs need to pinch pennies, but IMHO they pinch them a bit too hard.
So I suggest he brush up on NethServer. Multi-WAN capabilities, straight out of the box. The learning curve is not too bad either. I even help him find a used set of hardware to run it on. By this point my patience is getting thin. I could have sent someone over there to load the OS and configure the firewall in 1/10th of the time that I have spent on the phone with this guy so far. But he eventually gets it setup. Things are fine, for a while.
Then a week or two later my phone rings again. The firewall is acting funny and dropping their internet connection. Both connections are up, but they appear to be losing internet connectivity.
Fucking. Hell.
We go through checking logs. Nothing seems fishy hardware wise. It all seems to be operating fine. I had initially thought that the NIC for the LAN side of things was being flaky, but that was a red herring. I tell him I will stop by and take a look at things.
I dig and dig and chase a few wild geese. Initially I thought he was having an issue with their Domain Controller because in short order I had diagnosed it to be a likely DNS issue. While I could go through the hours of shit that lead me to the final cause, I really don't want to give myself NGPFTSSD.
The linchpin on this one was when I checked the configuration on the Multi-WAN. This was a longshot, because everything there seemed to be working fine. It was external DNS lookups that were failing. It turns out that when he was screwing around with settings (they were all fine to begin with, but if it isn't broken he tends to fuck with it until it is) he looked at the pre-populated field for what IP it occasionally pings to make sure the WAN is still up was one that he did not recognize, so he changed it to something that he did. He changed it to 8.8.8.8 and 8.8.4.4. Google's DNS servers. He also changed it from the default of pinging every 60 seconds to pinging every 6 seconds. More often is better, right? Make it fail more quickly, so that it fails over to the active line. Good thinking, right?
Yeah, you all see where this is heading. He had also set the DNS Forwarder on their server to the same Google DNS addresses. No one does it better than Google, right?
He was simultaneously spamming his forwarder from the firewall, pinging both of his forwarding addresses every 6 seconds while attempting to use them for DNS lookups that his internal DNS server could not resolve. Which caused his internet to appear down, while everything was up and responsive to anything that did not require internal DNS. I admit that one took me longer than it should have to find, because why the fuck would anyone spam their DNS forwarder address to the point that Google starts blocking their requests?
We changed the IP for the pings to the factory default which I think are provided by NethServer and changed them back to a 60 second interval and within an hour or so everything went back to normal.
-
@Polygeekery said in More unintended consequences:
running on copper that has been in place since @HardwareGeek was a youth
This phrase got me to thinking of what "copper that has been in place since @boomzilla was a youth" might mean. I'm pretty sure he pre-dates indoor plumbing by more than that, though, and they were probably using lead back then anyway.
Maybe doing laps around the observation deck of the Statue of Liberty.
-
@Polygeekery said in More unintended consequences:
I do not know him all that well, but somehow I have become the one he calls when he needs answers to things that are above his technology paygrade.
A fatal mistake. Never ever offer help in anything IT. Never ever show that you know anything in the field someone is asking about.
"Not my area of expertise. I could learn about it, but it would be expensive. You know, I'm super busy like that".
-
@MrL said in More unintended consequences:
A fatal mistake. Never ever offer help in anything IT. Never ever show that you know anything in the field someone is asking about.
"Not my area of expertise. I could learn about it, but it would be expensive. You know, I'm super busy like that"."Yeah, I know that I own an IT contracting business and this is what we do every single day, but I am clueless."
It wouldn't really work. Would not be good for the professional image.
In reality though, I help them out because I believe in their mission. But he is stretching the limits of my charity.
-
@Polygeekery said in More unintended consequences:
"Yeah, I know that I own an IT contracting business and this is what we do every single day, but I am clueless."
It wouldn't really work.
You could be suprised how many IT contracting business are clueless.
Would not be good for the professional image.
That I agree
In reality though, I help them out because I believe in their mission. But he is stretching the limits of my charity.
Thank you @Polygeekery for all your help. Here is a small thank you gift
No problem man, call me anytime
-
@Polygeekery you should crosspost some of these to /r/talesfromtechsupport.
-
@pie_flavor meh. I am not a Reddit type person and I don't want that much traffic to my tales.
-
What is a nfp?
-
@marczellm "Not For Profit." That is, a charity sort of organization.
-
@Polygeekery
TRWTF is, why don't they already have a SonicWALL or similar. Ye Olde $300 SonicWALL does multi-WAN just fine
-
@izzion SonicWall is absolute garbage. I would rather tap the info out in Morse Code than use SonicWall.
-
@Polygeekery
I mean, Iâll agree with you in the âwe actually have an IT departmentâ and âour budget is more than a war of chewing gum and a shoelaceâ categories.But if you need business level router capabilities and donât have the time or money to deal with a Cisco ASA or Juniper/HP equivalents, I havenât found anything better than a SonicWALL yet.
For just cost, a Mikrotik RBx011 (whatever iteration theyâre on now) is better still, but managing those is definitely not for the involuntary admin.
-
@izzion I would not turn a plebe loose with a SonicWall. They are so arcane that not even I like to use them. They may have a massive feature set but managing one is almost as bad as a Mikrotik. I would guess that Mikrotik is the only other one I have had experience with that makes it so easy to shoot yourself in the foot.
I have zero love for SonicWall and even less love for their salespeople. It is like Dell hired a bunch of ex buy-here-pay-here salespeople to work that division.
Fake edit: Nifty, they split off from Dell. I did not know that until now.
-
@Polygeekery
I guess I've never had a "shoot myself in the foot" experience (or even a customer that had that experience) with the entry-level TZ series. I haven't really used more of their mid-line stuff, so maybe there's a difference in behavior there?That said, RIP Dell SonicWALL.
-
@boomzilla said in More unintended consequences:
"Not For Profit." That is, a charity sort of organization.
Charities are NFPs, but not all NFPs are charities; the difference is in how taxes are handled (and I think most jurisdictions have strict rules about what are acceptable charitable purposes). Being a simple NFP involves a lot less paperwork as it has very little in the way of tax consequences; it's really just a business that has stated in its rules of association that it is Not For Profit, and will never pay out dividends to its owners (and there's probably also rules for where the money goes if the NFP is wound up). It's not without tax consequences, but they're mostly pretty minor.
Charities usually have strict rules about audit, composition of the governing board, etc. In return, charities have (IME) vastly more advantageous tax situations, though the details vary a lot. Those rules are mostly to make sure that the officers of the charity aren't using it as a way to dodge personal taxes; alas, this is required because of far too many asshats in the pastâŚ
-
@dkf said in More unintended consequences:
Charities are NFPs, but not all NFPs are charities;
I knew someone would be along to say something like this.
-
@boomzilla Happy to supply the
-
@marczellm said in More unintended consequences:
What is a nfp?
A hypothetical nitrogen-fluorine-phosphorous molecule, of course.
-
@boomzilla said in More unintended consequences:
@dkf said in More unintended consequences:
Charities are NFPs, but not all NFPs are charities;
I knew someone would be along to say something like this.
To be fair, in my domain "NFP" is synonymous with "charity". In our business if we say "NFP" we mean "charity", because if we are talking about a NFP we are referring to the fact that they pay a reduced rate.
The NFL is a NFP also but if they want us to do work for them they will not pay the NFP rate.
-
@Polygeekery said in More unintended consequences:
The NFL is a NFP also
-
@TimeBandit yep. It is a NFP, but obviously not a charity.
I mean, it is pretty charitable that they allow the Browns to stay in the league, but that doesn't count.
-
@boomzilla said in More unintended consequences:
@dkf said in More unintended consequences:
Charities are NFPs, but not all NFPs are charities;
I knew someone would be along to say something like this.
That's like our dog club. It's a NFP, but not a charity. Any money we make goes towards supporting the dog sports that don't make money, and towards education things. (And we donate to dog-related charities)
-
@mott555 said in More unintended consequences:
@marczellm said in More unintended consequences:
What is a nfp?
A hypothetical nitrogen-fluorine-phosphorous molecule, of course.
-
@TimeBandit said in More unintended consequences:
@Polygeekery said in More unintended consequences:
The NFL is a NFP also
Because somehow profit isnât its single reason of existence.
-
@mott555 said in More unintended consequences:
@marczellm said in More unintended consequences:
What is a nfp?
A hypothetical nitrogen-fluorine-phosphorous molecule, of course.
I believe that would be PNF in the system usually used for ionic/inorganic compounds â phosphorus is the most electropositive (metal-like) of all those elements, so it's first; fluorine is absolutely the least electropositive, so it's dead last; and nitrogen is in the middle. In the Hall system, carbon and hydrogen, if present, are first, and everything else is in alphabetical order, so FNP.
-
@Polygeekery said in More unintended consequences:
@boomzilla said in More unintended consequences:
@dkf said in More unintended consequences:
Charities are NFPs, but not all NFPs are charities;
I knew someone would be along to say something like this.
To be fair, in my domain "NFP" is synonymous with "charity". In our business if we say "NFP" we mean "charity", because if we are talking about a NFP we are referring to the fact that they pay a reduced rate.
The local game convention for which I occasionally volunteer is a 501(c)(7) not-for-profit. I "got" to help fix their tax filings one year which was a heck of a lot of reading and a little bit of filling out forms. Hopefully they've been keeping on top of it.
-
@dcon said in More unintended consequences:
That's like our dog club. It's a NFP, but not a charity. Any money we make goes towards supporting the dog sports that don't make money, and towards education things. (And we donate to dog-related charities)
You could probably make the push to being a charity⌠if you wanted to deal with that much IRS paperwork and audit BS and so on. That'd let donations become tax deductible.
It's a lot of effort to make the step. I can totally understand the
-
@HardwareGeek said in More unintended consequences:
I believe that would be PNF in the system usually used for ionic/inorganic compounds
In the system for inorganic compounds, it'd depend on how they are bonded. But since F only ever makes one bond except under the most exotic of environments, the order NFP is⌠rather unexpected and the compound would be quite unstable.
-
@dkf said in More unintended consequences:
@HardwareGeek said in More unintended consequences:
I believe that would be PNF in the system usually used for ionic/inorganic compounds
In the system for inorganic compounds, it'd depend on how they are bonded. But since F only ever makes one bond except under the most exotic of environments, the order NFP is⌠rather unexpected and the compound would be quite unstable.
This would definitely be an unintended consequence.
-
@dkf Upon further research, both NF4+ and PF6- are things that exist, so NF4PF6 is a plausible thing that could exist. It
would not be a pleasant thing to encounterseems unlikely that you would profit from an encounter with it.
-
@HardwareGeek That's a lot of fluorine.
-
@HardwareGeek said in More unintended consequences:
@dkf Upon further research, both NF4+ and PF6- are things that exist, so NF4PF6 is a plausible thing that could exist. It
would not be a pleasant thing to encounterseems unlikely that you would profit from an encounter with it.It apparently does, and someone's already patented a way of making it.
-
@PleegWat Yes. Yes, it is. And both tetrafluoroammonium and phosphorus fluoride compounds are rather unpleasant. Related compounds PF5 and PF3 are described as "toxic" and "highly toxic," respectively. Tetrafluoroammonium likes to decompose into NF3 (which is surprisingly "safe" â it's only "immediately dangerous" at concentrations above 0.1%) and H2F+ ( â HF + H+ ), which does nasty things to living tissue.
-
@HardwareGeek said in More unintended consequences:
it's only "immediately dangerous" at concentrations above 0.1%
That's a relief
-
@e4tmyl33t You might profit financially from making or selling it, but you, as a living organism, wouldn't profit from a personal encounter with it.
-
@HardwareGeek said in More unintended consequences:
@dkf Upon further research, both NF4+ and PF6- are things that exist, so NF4PF6 is a plausible thing that could exist. It
would not be a pleasant thing to encounterseems unlikely that you would profit from an encounter with it.Okay, I'm finally excited for quantum computing. I'd love to play some kind of sandbox game that lets you create any chemical you want, such as this, and have it accurately simulate its effect on a sandbox world of some kind.
-
@mott555 said in More unintended consequences:
Okay, I'm finally excited for quantum computing. I'd love to play some kind of sandbox game that lets you create any chemical you want, such as this, and have it accurately simulate its effect on a sandbox world of some kind.
I believe that's called "The Matrix"
-
@mott555 said in More unintended consequences:
simulate its effect on a sandbox
I don't think NF4PF6 would have much, if any, effect on a sandbox. For that, you want FOOF; that will have a very exciting effect.
-
-
@PleegWat said in More unintended consequences:
@HardwareGeek said in More unintended consequences:
FOOF
Or possibly ClFâ?
Dammit, now I have to go back and re-read all of the Things I Won't Work With entries.
-
@mott555 said in More unintended consequences:
@HardwareGeek said in More unintended consequences:
@dkf Upon further research, both NF4+ and PF6- are things that exist, so NF4PF6 is a plausible thing that could exist. It
would not be a pleasant thing to encounterseems unlikely that you would profit from an encounter with it.Okay, I'm finally excited for quantum computing. I'd love to play some kind of sandbox game that lets you create any chemical you want, such as this, and have it accurately simulate its effect on a sandbox world of some kind.
-
@mott555 I tried to make a fluorine buckyball but that software is awful stuff and deserves its own entry on this site.
-
@HardwareGeek said in More unintended consequences:
H2F+ ( â HF + H+ ), which does nasty things to living tissue.
Most of that is actually due to the way it strips calcium ions out fast (because CaF2 is highly insoluble). They're important for a lot of ion pumps, but most especially for neurons and muscles, such as you have in your heartâŚ
-
@mott555 said in More unintended consequences:
That diagram terrifies me. Radon bonded to fluoronitrate? :DONOTWANT.BAS:
-
@dkf Now I am become Death, the destroyer of worlds.
-
@mott555 said in More unintended consequences:
Now I am become Death, the destroyer of
worldschemistry labs.FTFY
-
@dkf said in More unintended consequences:
@HardwareGeek said in More unintended consequences:
H2F+ ( â HF + H+ ), which does nasty things to living tissue.
Most of that is actually due to the way it strips calcium ions out fast (because CaF2 is highly insoluble). They're important for a lot of ion pumps, but most especially for neurons and muscles, such as you have in your heartâŚ
Yes, I know that. (I still remember a TV medical drama many years ago, an episode of which featured a firefighter who had been exposed to HF in a chemical explosion and the unsuccessful attempt to keep him alive long enough for his family to arrive.) But it also does a pretty effective job of being very corrosive on direct contact.
-
@HardwareGeek said in More unintended consequences:
But it also does a pretty effective job of being very corrosive on direct contact.
IIRC, it's technically less corrosive than hydrochloric acid but way more âfunâ in other ways. Like being happy to etch through glass and catastrophically decalcify your body fluids. I'm happy to never go anywhere close to the stuffâŚ
-
@dkf I've been told that at normal concentrations, a dime-sized drop on your hand is survivable...with immediate medical attention involving horse-medicine-sized syringes full of a calcium solution and tons of pain. Or immediate amputation.
Anything more? Nope. You dead.
-
@dkf said in More unintended consequences:
@mott555 said in More unintended consequences:
Now I am become Death, the destroyer of
worldschemistry labs.FTFY
I would not be surprised if an Earth shattering kaboom would result from trying to make that. Whether from the chemistry or from the Maker(s) realizing what a mistake They have made and putting a stop to it.