* * * * *
I wonder what's actually worse—going nuclear or going postal?
It was supposed to be a simple task. Take The Company (formerly known as The
Company> [1]) trouble ticket system, move it to a new server (so it's not
running on the same server as the main website) and upgrade to the latest
version of the trouble ticket system. The thing was—I already did this a few
weeks ago, although it ended up on the same physical server as the new
company website. I expected the whole operation to take maybe an hour at the
most (which included installing and configuring a new server install).
Only it didn't go as expected. The simple operation of changing the IP
(Internet Protocol) address of support.XXXXXXXXXXXXXXXX wasn't so simple. Of
the approximately 1,000 domains we have, one one uses dynamic DNS (Domain
Name System). And of course it's the new Company domain, which uses a
completely different mechanism for updating domain information. Our knowledge
base wasn't quite clear on the whole process (it left out that as of then,
you could only dynamically update the site from certain servers, which
excludes the actual DNS server).
I ended up going quite nuclear, which isn't all that rare for me actually. It
was just another case in a long line of cases where something which should be
rather simple and straightforward wasn't and I get sidetracked on some wild
goose chase solving issues that have little to do with what I was trying to
do in the first place. It's that whole “for want of a nail we all died a
horrible death [2]” thing.
That was pretty much my Friday right there.
Fast forward to Sunday.
For no particular reason, other than “because I can” I decided to set up my
webserver to authenticate users via signed certificates. This is something
that is a bit more involved than just moving a website from one server to
another. Let's see … I had to set up a certificate authority that could sign
certificates, generate two certificates to be signed (one for the web server,
another for me as a user), get them signed, and install the various signed
certificates in the appropriate places (one for use by the web server, and
one in Firefox).
The whole process took probably just as long as the mess on Friday, maybe
even longer. It was more complex, as I had to reconcile the instructions in
Network Security with OpenSSL [3] with an online guide [4] and had to start
over several times, as well as revoke several certificates (hey, if I messed
one up, why not learn how to revoke signed certificates while I'm at it?).
But not once did I go nuclear (and I got the user authentication via signed
certificates working; I also learned how to install the certificate for my
own certificate authority for Firefox, Lynx and Apache).
I think I finally realized why I didn't go nuclear—one, I had no time frame
for this and I knew it would take several hours. I might not even get it
working, so my mindset going in was I've never done this before, I have no
idea what I'm doing, this might not be easy, and it might take a long time.
And two, no one was relying upon my getting this done and consequently, there
was little pressure to actually get this done. So even though I had setbacks
and had to restart several times over, I felt no pressure and could “enjoy”
the process.
Which, when I get right down to it, is another data point on the “Sean
doesn't handle stress [DELETED-well-DELETED] at all” graph.
Another thing, mostly for Smirk, is that when I call in a panic that I can't
get something done or something isn't working right, that I'm really just
looking for a cardboard programmer [5] who will just listen to my [DELETED-
rantings-DELETED] ravings just long enough for me to realize the solution.
Oh, and to blow off steam when I'm going nuclear.
[1] gopher://gopher.conman.org/0Phlog:2008/09/02.1
[2] http://en.wikipedia.org/wiki/For_Want_of_a_Nail_(Proverb)
[3] http://www.amazon.com/exec/obidos/ASIN/059600270X/conmanlaborat-20
[4] http://www.cafesoft.com/products/cams/ps/docs30/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html
[5] http://mail.c2.com/cgi/wiki?CardboardProgrammer
Email author at sean@conman.org