I'm an idiot



  • One of our sites uses SSL, and our security certificate is for www.mysite.org - not a wildcard certificate, so mysite.org, http://www.mysite.org, www.mysite.org/ are all invalid and cause browsers to throw up security warnings about a certificate mismatch. Fairly tame standard stuff. Not the best situation, but not the end of the world and certainly not a WTF. Set up a url rewrite in IIS so all requests go to the proper URL and everything is hunky dory.

    A few days ago, that rewrite suddenly stopped working, or at least I noticed a few days ago that it wasn't working. I log on to the web server, fire up IIS and start poking around. Figuring that the bonehead* who preceded me had screwed something up somewhere, I start looking at the rewrite rule regexes - but strange... they actually seem to be written properly. Hmm. Some strange IIS bug? Some other esoteric setting that I've never heard of before interfering somehow? That seems most likely, because if there was a way for said bonehead to do something in 17 steps instead of one he'd always use the most complicated solution. I'm not sure what the problem is, I just know that it's not working the way it's supposed to, and that makes me sad.

    So I start googling. Other than learning about 94 other, more complicated ways of handling said redirect, after about 45 minutes I'm at a loss, and the fucking redirect still isn't working. Log back into web server to check something else, when I happen to notice the rewrite rule is suspiciously grey.

    The rule wasn't turned on. Clicking "Enable rule" solved everything.

    *Actually, he was a decent guy. Just very misguided about his skills.


  • Considered Harmful

    @mikeTheLiar said:

    www.mysite.org/ are all invalid and cause browsers to throw up security warnings about a certificate mismatch

    A trailing slash would be part of the path and shouldn't be considered as part of the authority. Even if you omit the slash, it's implicitly part of the path (your browser still sends GET /).



  • @joe.edwards said:

    @mikeTheLiar said:
    www.mysite.org/ are all invalid and cause browsers to throw up security warnings about a certificate mismatch

    A trailing slash would be part of the path and shouldn't be considered as part of the authority. Even if you omit the slash, it's implicitly part of the path (your browser still sends GET /).

    Truly, I am TRWTF.



  • @mikeTheLiar said:

    A few days ago, that rewrite suddenly stopped working, or at least I noticed a few days ago that it wasn't working.

    @mikeTheLiar said:

    ...I happen to notice the rewrite rule is suspiciously grey.

    The rule wasn't turned on. Clicking "Enable rule" solved everything.

    So... how did it get switched off? I ask because that should lead us to part of the WTF. Also my sub-par admin skills are with apache more than IIS, so use small words.



  • @Shoreline said:

    So... how did it get switched off?

    It's a mystery. Wish I had a better answer. With my sub-par admin skills, I don't know how to check. If anybody knows of a log somewhere that I could find that info, I'd be happy to share it.



  • @mikeTheLiar said:

    @Shoreline said:
    So... how did it get switched off?

    It's a mystery. Wish I had a better answer. With my sub-par admin skills, I don't know how to check. If anybody knows of a log somewhere that I could find that info, I'd be happy to share it.

    You could check the Event Viewer's Application Log, though I don't know if the enable/disable of rules is logged there or not, but it's the most likely place for that to happen in Windows.



  • @mikeTheLiar said:

    for www.mysite.org - ...mysite.org... are all invalid

    Any decent certificate vendor will create the cert for the root domain plus one subdomain (in this case, www). Get a better vendor.

     



  • @Mr. DOS said:

    @mikeTheLiar said:

    for www.mysite.org - ...mysite.org... are all invalid

    Any decent certificate vendor will create the cert for the root domain plus one subdomain (in this case, www). Get a better vendor.

     

    I've found that to be a new thing even. For the longest time, Trustwave (the SSL provider that a lot of people use, as it's integrated into WHM) issued you whatever cert you requested. Now they've changed and will issue both right away.



  • @mikeTheLiar said:

    One of our sites uses SSL, and our security certificate is for www.mysite.org - not a wildcard certificate, so mysite.org, http://www.mysite.org, www.mysite.org/ are all invalid and cause browsers to throw up security warnings about a certificate mismatch. Fairly tame standard stuff. Not the best situation, but not the end of the world and certainly not a WTF. Set up a url rewrite in IIS

     

    No amount of URL re-writing is going to help with connections over https to a different hostname which resolves to the same IP. someone going to https://mysite.org will need to negotiate the SSL handshake before the rewrite is triggered, so the user is still going to get a certificate error.

    And if people going to http://www.mysite.org get a certificate error, then you need to put the webserver down and walk away before you fuck it up even more than you already have.

    Zadkiel

     



  • @Zadkiel said:

    And if people going to http://www.mysite.org get a certificate error, then you need to put the webserver down and walk away before you fuck it up even more than you already have.

    Presumably he set up a simple http -> https rule that doesn't also remove the www. To which the solution is: fix your rule.



  • @rad131304 said:

    @mikeTheLiar said:
    @Shoreline said:
    So... how did it get switched off?

    It's a mystery. Wish I had a better answer. With my sub-par admin skills, I don't know how to check. If anybody knows of a log somewhere that I could find that info, I'd be happy to share it.

    You could check the Event Viewer's Application Log, though I don't know if the enable/disable of rules is logged there or not, but it's the most likely place for that to happen in Windows.

    Didn't find anything noteworthy. A bunch of "Process 1234 timed out after x minutes due to inactivity, will be restarted when needed."



  • @mikeTheLiar said:

    @rad131304 said:
    @mikeTheLiar said:
    @Shoreline said:
    So... how did it get switched off?

    It's a mystery. Wish I had a better answer. With my sub-par admin skills, I don't know how to check. If anybody knows of a log somewhere that I could find that info, I'd be happy to share it.

    You could check the Event Viewer's Application Log, though I don't know if the enable/disable of rules is logged there or not, but it's the most likely place for that to happen in Windows.

    Didn't find anything noteworthy. A bunch of "Process 1234 timed out after x minutes due to inactivity, will be restarted when needed."

    You can check the security log and look for people who logged onto that machine.  If you don't know when it was, though...



  • @blakeyrat said:

    @Zadkiel said:
    And if people going to http://www.mysite.org get a certificate error, then you need to put the webserver down and walk away before you fuck it up even more than you already have.

    Presumably he set up a simple http -> https rule that doesn't also remove the www. To which the solution is: fix your rule.

    @mikeTheLiar said:

    One of our sites uses SSL, and our security certificate is for www.mysite.org



  • @Sutherlands said:

    @mikeTheLiar said:
    @rad131304 said:
    @mikeTheLiar said:
    @Shoreline said:
    So... how did it get switched off?

    It's a mystery. Wish I had a better answer. With my sub-par admin skills, I don't know how to check. If anybody knows of a log somewhere that I could find that info, I'd be happy to share it.

    You could check the Event Viewer's Application Log, though I don't know if the enable/disable of rules is logged there or not, but it's the most likely place for that to happen in Windows.

    Didn't find anything noteworthy. A bunch of "Process 1234 timed out after x minutes due to inactivity, will be restarted when needed."

    You can check the security log and look for people who logged onto that machine.  If you don't know when it was, though...

    You need to set up configuration auditing http://blogs.iis.net/webtopics/archive/2010/03/19/iis-7-5-how-to-enable-iis-configuration-auditing.aspx. The process is, obviously, different if you're not using IIS 7.5 and IDK if it existed before IIS 7.



  • @rad131304 said:

    Filed under: why am I trying to offer helpful solutions in the side bar? I think I need a beer

    Because hopefully we can reduce the level of WTFery in the world. As noted: sub-par admin skills - I AM A GOOD CODER RUB MY TUMMY. Yet, sadly, my job is basically "computer stuff." While the bulk of my duties are development, I am semi-frequently called upon to handle support/admin duties. So I do my best and try not to fuck anything up. And we've finally gotten to TRWTF.



  • @mikeTheLiar said:

    Yet, sadly, my job is basically "computer stuff." While the bulk of my duties are development, I am semi-frequently called upon to handle support/admin duties. So I do my best and try not to fuck anything up. And we've finally gotten to TRWTF.

    If it makes you feel any better, that's pretty much the "job title" I have at the moment. Which is why people always complain that I should just "not use Linux if I don't like it!" Which annoys me because if it had been my project from the start, I guarantee Linux would be nowhere near it.



  • @mikeTheLiar said:

    I'm not sure what the problem is, I just know that it's not working the way it's supposed to, and that makes me sad.

    So I start googling. Other than learning about 94 other, more complicated ways of handling said redirect, after about 45 minutes I'm at a loss, and the fucking redirect still isn't working. Log back into web server to check something else, when I happen to notice the rewrite rule is suspiciously grey.

    The rule wasn't turned on. Clicking "Enable rule" solved everything.

    And now you're responsible if there turns out to be any undiscovered bug in the rule, because by enabling it you're the last one who touched it.

     



  • @mikeTheLiar said:

    Yet, sadly, my job is basically "computer stuff." While the bulk of my duties are development, I am semi-frequently called upon to handle support/admin duties.

    Wait a minute pal. You are actually in one of the best spots you can be, because as developers pour out of college (and boats) and infrastructure is outsourced to Bangalore, one of the most rare and valuable skill set for the next foreseeable future is exactly what you do: sysadmin coder (or DevOp developer or whatever the name). You should start spinning your job description that way; read about DevOps, read that book to get your thinking right, and start pushing for as much cloud/SaaS initiative as possible at your company so you get to learn about all the cool stuff that is out there (Azure, AWS, OpenShift, Skytap, etc). If you play your cards right your next job could be a lot more interesting.



  • @mikeTheLiar said:

    The rule wasn't turned on. Clicking "Enable rule" solved everything.

    You know, I honestly don't know that assuming the rule did not get disabled, makes you an idiot.



  • Never assume anything. Ever. First rule of troubleshooting.



  • @blakeyrat said:

    Never assume anything. Ever. First rule of troubleshooting.

    Hey, I wholeheartedly agree; except I think implicit assumptions, for human beings, can be unavoidable. One sometimes assumes things without knowing it; does that make one an idiot? Not always, is all I'm arguing. It's probably not like OP made a checklist in his head and went, "hang on, is the rewrite rule even active? no, I'll just assume it is and try all the complicated stuff first".



  • @toon said:

    Hey, I wholeheartedly agree; except I think implicit assumptions, for human beings, can be unavoidable.

    Oh. Well good thing I'm a lizard-person from the planet Haguor wearing a human suit.



  • @blakeyrat said:

    @toon said:
    Hey, I wholeheartedly agree; except I think implicit assumptions, for human beings, can be unavoidable.

    Oh. Well good thing I'm a lizard-person from the planet Haguor wearing a human suit.


    I'm not attacking you or questioning your humanity, Blakey. I'm just saying OP's not an idiot: surely we can agree to disagree.



  • Being a lizard-person I also don't understand the concept of "joke".



  • @toon said:

    Hey, I wholeheartedly agree; except I think implicit assumptions, for human beings, can be unavoidable.

    For example... you've been working on some large ASP.NET application with your team, and something goes wrong with it.



    It's not unreasonable to assume the application is still an ASP.NET application, and hasn't suddenly become the smell of fried onions near Paddington station.


  • Trolleybus Mechanic

    @blakeyrat said:

    Never assume anything. Ever. First rule of troubleshooting.
     

    Prove it.



  • @Lorne Kates said:

    @blakeyrat said:

    Never assume anything. Ever. First rule of troubleshooting.
     

    Prove it.


    You're assuming he can just prove that. It's an easy trap to fall into, young padawan.



  • @toon said:

    @Lorne Kates said:

    @blakeyrat said:

    Never assume anything. Ever. First rule of troubleshooting.
     

    Prove it.


    You're assuming he can just prove that. It's an easy trap to fall into, young padawan.

    All of you are assuming there are rules to troubleshooting or that you should follow them.


  • Considered Harmful

    @blakeyrat said:

    @toon said:
    Hey, I wholeheartedly agree; except I think implicit assumptions, for human beings, can be unavoidable.

    Oh. Well good thing I'm a lizard-person from the planet Haguor wearing a human suit.

    I knew it!!!

    @blakeyrat said:
    Being a lizard-person I also don't understand the concept of "joke".

    Oh.


  • Trolleybus Mechanic

    @joe.edwards said:

    @blakeyrat said:
    @toon said:
    Hey, I wholeheartedly agree; except I think implicit assumptions, for human beings, can be unavoidable.

    Oh. Well good thing I'm a lizard-person from the planet Haguor wearing a human suit.

    I knew it!!!

    @blakeyrat said:
    Being a lizard-person I also don't understand the concept of "joke".

    Oh.

     

    WTF? You assumed Blakey was hiding the fact that he was a lizard-person?

     



  • @Lorne Kates said:

    @joe.edwards said:
    @blakeyrat said:
    @toon said:
    Hey, I wholeheartedly agree; except I think implicit assumptions, for human beings, can be unavoidable.

    Oh. Well good thing I'm a lizard-person from the planet Haguor wearing a human suit.

    I knew it!!!

    @blakeyrat said:
    Being a lizard-person I also don't understand the concept of "joke".

    Oh.

    WTF? You assumed Blakey was hiding the fact that he was a lizard-person?

    I'm assuming he's hiding the fact that he's actually from the planet Smurf.



  • @Lorne Kates said:

    @joe.edwards said:

    @blakeyrat said:
    Oh. Well good thing I'm a lizard-person from the planet Haguor wearing a human suit.

    I knew it!!!

    WTF? You assumed Blakey was hiding the fact that he was a lizard-person?

    Edwards, for crying out loud! Don't you know what assume makes of you and me?

  • Considered Harmful

    @toon said:

    Don't you know what assume makes of you and me?

    I don't assume it makes us anything.



  • @blakeyrat said:

    Being a lizard-person I also don't understand the concept of "joke".

    So you're Humor Impaired is what you're saying?



  • @blakeyrat said:

    Being a lizard-person I also don't understand the concept of "joke".
    Well . . . Duh . . . we already knew that.



  • @flabdablet said:

    @Lorne Kates said:
    @joe.edwards said:
    @blakeyrat said:
    @toon said:
    Hey, I wholeheartedly agree; except I think implicit assumptions, for human beings, can be unavoidable.

    Oh. Well good thing I'm a lizard-person from the planet Haguor wearing a human suit.

    I knew it!!!

    @blakeyrat said:
    Being a lizard-person I also don't understand the concept of "joke".

    Oh.

    WTF? You assumed Blakey was hiding the fact that he was a lizard-person?

    I'm assuming he's hiding the fact that he's actually from the planet Smurf.

    I always thought Blakeyrat was like that guy from Beakman's World:



  • @stinerman said:

    I always thought Blakeyrat was like that guy from Beakman's World

    Nah, based on the amount of vitrol he is constantly hurling about he's way more likely to be a lizard-person (I mean look at the number of venomous things in the two groups).



  • @Ben L. said:

    All of you are assuming there are rules to troubleshooting or that you should follow them.

    I know you are young but you really need to learn the basics.



    The CompTIA Six-Step Troubleshooting Process

    It is necessary to approach computer problems from a logical standpoint. To best accomplish this, PC technicians will implement a troubleshooting methodology (or maybe more than one). CompTIA has included a six-step process within the 2009 A+ objectives. Memorize the steps listed in Table 1-1.

    <colgroup align="left" span="2"><col width="100"/><col width="500"/></colgroup>
    Table 1-1. The Six-Step CompTIA A+ Troubleshooting Methodology
    StepDescription
    Step 1Identify the problem
    Step 2Establish a theory of probable cause (question the obvious)
    Step 3Test the theory to determine the cause
    Step 4Establish a plan of action to resolve the problem and implement the solution
    Step 5Verify full system functionality and, if applicable, implement preventative measures
    Step 6Document findings, actions, and outcomes




  • @Ronald said:

    @Ben L. said:
    All of you are assuming there are rules to troubleshooting or that you should follow them.
    I know you are young and I am really hard of thinking so I missed what you were doing.

    FTFY



  • @Ronald said:

    Step 2 Establish a theory of probable cause (question the obvious)

    I can't decide if the solution was obvious or not. It kinda seems like one of those "are you sure it's plugged in" situations to me.



  • @locallunatic said:

    @Ronald said:

    @Ben L. said:
    All of you are assuming there are rules to troubleshooting or that you should follow them.
    I know you are young and I am really hard of thinking so I missed what you were doing.

    FTFY



  • @Ronald said:

    The CompTIA Six-Step Troubleshooting Process
     

    That list can't be complete.  I don't see "Set up conference call for everybody involved and at least three levels of management above them", "Write something pithy on the whiteboard", or "Look for the most competent person you can find and stand directly behind them, offering theories based on something unrelated that happened sixteen years ago, and demand to know why they haven't fixed it yet."

     

     



  • @DCRoss said:

    @Ronald said:

    The CompTIA Six-Step Troubleshooting Process
     

    That list can't be complete.  I don't see "Set up conference call for everybody involved and at least three levels of management above them", "Write something pithy on the whiteboard", or "Look for the most competent person you can find and stand directly behind them, offering theories based on something unrelated that happened sixteen years ago, and demand to know why they haven't fixed it yet."

     

     

    The list is part of the A+ training documentation, which is designed for support staff. What you describe is instead in the MBA training documentation:

    How to Delegate Tasks among Employees

    No manager can do everything alone, MBA or not. Delegating is an effective tool that business managers can use to achieve goals. If you delegate work, responsibility, and authority to employees, you'll increase the amount of work accomplished and often with better results. Delegation is a great management tool when done right, so follow these steps to help:

    1. Communicate the task.

      Describe to your employees exactly what you want done, when you want it done, and the end results you expect. Be clear and unambiguous and encourage your employees to ask questions.

    2. Furnish context for the task.

      Explain to your employees why the task is important, how it fits into the overall scheme of things, and any possible complications that may arise during its performance. Encourage employees to ask questions, and don't get defensive if your employees push you for answers (someone always will).

    3. Determine standards.

      Everyone needs to know when they cross the finish line. Agree on the standards that you'll use to measure the success of the task's completion. These standards should be realistic and attainable, and you should avoid changing them after performance has begun.

    4. Grant authority.

      Empower your employees with the level of authority required to complete the task. They can do without constant roadblocks or standoffs with other employees.

    5. Provide support.

      Determine the resources (money, training, manpower, advice, and so forth) your employees require to complete the task and then provide them.

    6. Get commitment.

      Don't assume that your employees will automatically accept the assignment; you must make sure that they do. Reaffirm your expectations and confirm your employees' understanding of the commitment to completing the task.

    </div>
    


  • @stinerman said:

    I always thought Blakeyrat was like that guy from Beakman's World:

    I liked his old stuff better than his new stuff.



  • @flabdablet said:

    @stinerman said:

    I always thought Blakeyrat was like that guy from Beakman's World:

    I liked his old stuff better than his new stuff.

    That is a lot of "acid".



  • @morbiuswilters said:

    @flabdablet said:
    @stinerman said:

    I always thought Blakeyrat was like that guy from Beakman's World:

    I liked his old stuff better than his new stuff.

    That is a lot of "acid".

    I've often thought that after reading a blakeyrant.



  • @flabdablet said:

    @stinerman said:

    I always thought Blakeyrat was like that guy from Beakman's World:

    I liked his old stuff better than his new stuff.

    I actually love his older stuff.



  • @Ronald said:

    That's just unpossible. Nothing is faster than stupid. In my experience, stupid is so fast that whereever you go, stupid was there first. In fact, I suspect stupid travels at infinite speed, which means it's everywhere in the entire universe at the same time



  • @Anonymouse said:

    That's just unpossible. Nothing is faster than stupid. In my experience, stupid is so fast that whereever you go, stupid was there first. In fact, I suspect stupid travels at infinite speed, which means it's everywhere in the entire universe at the same time

    Yeah... if you ever manage to out-run stupid, they'll just invent a faster idiot.



  • @eViLegion said:

    @Anonymouse said:
    That's just unpossible. Nothing is faster than stupid. In my experience, stupid is so fast that whereever you go, stupid was there first. In fact, I suspect stupid travels at infinite speed, which means it's everywhere in the entire universe at the same time

    Yeah... if you ever manage to out-run stupid, they'll just invent a faster idiot.

    I love how you ship stuff to the customer, and they'll find bugs you didn't, because they did stuff that makes you go, "okay it's a bug, but, but, but why the fuck would anyone even do that?".


Log in to reply