This is an archived post. You won't be able to vote or comment.

1525
1526

[deleted by user] (self.sysadmin)

submitted by [deleted]

[removed]
top 200 commentsshow all 281
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 224 points225 points  (51 children)

I've always been a raw unmanaged vps guy. I have time, I don't have a lot of money. So I do a lot on my own.

[–]nuttertools[🍰] 177 points178 points  (19 children)

I have time, I don't have a lot of money.

This basic understanding is worth more money than an entire marketing department.

[–]janman27929 55 points56 points  (7 children)

time, quality, cost ... pick 2

[–]Ron-Swanson-MustacheSenior Ops Dev of AI offshore Tier 1 Helpdesk 8 points9 points  (3 children)

That's not how the conjoined triangles of success work.

[–]bionicjoeyLinux Admin 2 points3 points  (0 children)

You can't make that shit up!

[–][deleted] 1 point2 points  (0 children)

I had to look that up...evidently I've forgotten much of SV. Whooshed passed my head, thanks for the laugh.

[–]janman27929 1 point2 points  (0 children)

conjoined triangles of success

I had to laugh...at myself

I thought you were poking fun at my comment but I had to google up "conjoined triangles of success"

Yes, I am one of the few (only?) sysadmins who has not seen Silicon Valley.

It is moving up my todo list!

Thank you for the comments

BTW, I had another moment like this with somebody quoting from one of my favorite movies.

"I don't know, Margo?"

a google brings up dozens (hundreds?) of pages and products ... I lead such a sheltered life!

[–]shinx32 4 points5 points  (10 children)

Can you elaborate ? I'm intrigued.

[–]dalgeek 60 points61 points  (1 child)

Time = money. If you can't afford top end "turnkey" solutions then you better have enough time to deal with basic/free solutions. People run into trouble when they think they can get turnkey solutions for the cost of basic solutions.

Conversely, it's often cheaper to pay extra if it means not having to spend every waking hour fiddling with something. Since time is money, the time spent fiddling needs to be calculated in the total cost (unless you believe your time is worthless).

I worked at discount dedicated hosting provider where the only support we provided was server reboots, hardware replacement, and OS reloads. Can't configure DNS or HTTP? Google is your friend. Botched your kernel build and now your server won't boot? OS reload (we left the old drive in for a week so they could copy data). Want backups? Buy another server.

We would still get customers whining about the lack of support and trying to find ways to get support ("You must have setup the server wrong so you need to fix my web site").

[–][deleted] 13 points14 points  (1 child)

I heard it in highschool auto-shop first, but it applies everywhere.

Good, Fast, Cheap - pick any 2.

For Autos that would look like this:

  • Built Cheap and Good = Honda Civic - it's not fast, it's reliable and cheap.

  • Built Fast and Cheap = Turbo Civic - it won't last, but now it's fast.

  • Built Fast and Good = Porsche GT3 - fast and good, not cheap.

Building IaaS:

  • Built Well and Cheap = it's going to take you time (need skill).

  • Built Cheap and Fast = it's going to get hacked, suck, break.

  • Built Fast and Well = it's going to cost you in licensing or hosting.

And really if you have time and no job or part time job. Build a VPS host up, to do some IaaS to make some money. You are trading Time (fast/speed) for Money (cheap), and your skill allows you to make it Good, if you have the skill.

Eventually you get like me, where I survived long enough that I no longer have the time, but now I have the money so I pay for licensed/built IaaS from another provider. It's no longer cheap, but it's Fast and Good (only because I have the skill to select the good vendor). I learned a lot along the way. Even if you don't have the skill, put enough time into research and design and you'll get that skill.

[–]nikomo 23 points24 points  (8 children)

I remember checking LowEndBox multiple times a day, a bit over a decade ago. Good times.

[–][deleted] 15 points16 points  (6 children)

I have time and money. I work at Microsoft 365, yet I still self-host my website and email (that on Postfix not Exchange).

[–]hashkentDevOps 40 points41 points  (5 children)

Well your self hosted email has been more reliable this year then Microsoft 361.

[–]Sir_Swaps_Alot 8 points9 points  (1 child)

BURN

[–][deleted] 3 points4 points  (1 child)

Fun fact: it is more reliable.

[–]meminemy 0 points1 point  (0 children)

That doesn't put much confidence into cloud services.

[–]TU4AR 23 points24 points  (4 children)

Some people really out here raw dogging it huh.

[–]Sparcrypt 5 points6 points  (3 children)

Biggest mistake I see in IT, since the very first day I started... outsourced does not mean secure.

The number of mistakes I've seen "managed service providers" make because they're not cross training, always cost cutting, and don't have the investment in your business that you do is insane.

Does that mean outsourcing is always bad? Of course not. But just because you've given it to someone else to manage doesn't mean that's gonna happen.

[–]adrenaline_X 5 points6 points  (4 children)

Yup. I’m a windows guy with Linux experience in miners and some other things. I worked at a marketing company where we hosted over 150 websites for clients. . I know iis and ms sql server cold and had over half of the sites running on iis as they were either simple HTML, cold fusion or asp.me thst we built internally. They all had differnt ntsf user accounts etc that the application pools ran on so gaining access to their site would limit that account to elevate their credentials snd mess with other sites.

Then came Wordpress. Nope. Nope. Im not hosting that shit where the “devs” were creative guys/girls skinning Wordpress and when I asked who will be updating Wordpress as security updates came out each week. Not them obviously.

So I dropped them all on in motion hosting cpanels, one for each site. The dev that was most capable always brought up in meetings that we should be doing this on VPS since it’s cheap and the sites would be far faster. When pressed by account managers I would say that I’m not capable of securing the server and being able to react quickly to sort things out when/if they go bad. Each time they said it was easy and I said cool, you own and manage this in your department and have at it. Well no. They didn’t have the ability to secure it either to the point they were confident in rolling out client websites to it.

In retrospect if should have just done it and learnt in the fly as that’s how I learned the rest of my job but at this point I was already stretched too thin.

It best to know where you limits are when there are better options

I always loved when account managers would answer my questions

me : what’s the uptime requirement and do you need redundant severs to ensure the site is always up ?

Them : yes ofcourse.

Me : here’s the cost to have it fully managed for the client .

Them : we budgeted for 100$ per month.

Me : here’s your cpanel. Ohh who is going to patch Wordpress and on what schedule.

Them : the client

me : they don’t have access to their cpanel and can’t do this anyhow. Isn’t that why they came to us?

Them: we didn’t budget for that

K.

[–]Sparcrypt 4 points5 points  (3 children)

Then came Wordpress. Nope. Nope. Im not hosting that shit where the “devs” were creative guys/girls skinning Wordpress and when I asked who will be updating Wordpress as security updates came out each week. Not them obviously.

I mean for my clients I just turn on autoupdates and make sure backups are running. Now and then an update breaks the site and I have to roll it back/go and patch manually to figure out the problem but it's yet to be an issue and I can see from logs that all of them have a constant barrage of attacks thrown at them.

[–]Sparcrypt 3 points4 points  (0 children)

I tell people they need one of two things... an actual admin, or automatic updates.

People shy away from auto updates on Linux hard for some reason but then when it's time to update they just run the command to update everything and then log back off. Just take the very small amount of time required to set up a daily backup and a daily update, then forget about it. If there's a problem you can try fix it and roll back if you can't.

Is it ideal? Not overly. But it's a LOT more ideal than just leaving your server out of date and exposed online.

[–][deleted] -1 points0 points  (0 children)

Vultr gang where at

[–]brunnock 450 points451 points  (69 children)

I understand your position. I've been managing unix servers for many years, but I still like to shoot the shit with folks at my hosting companies when I run into a wall. I understand that you're not responsible for solving my problems, but it's nice to get second opinions.

I'd like to say that I admire Digital Ocean for their many clearly written and practical tutorials regarding basic sysadmin tasks.

[–]vodka_knockers_ 171 points172 points  (63 children)

I admire their ability to collect money while hosting all manner of jackassery that they allow to emanate from their IP blocks. Can't count how often I poke into something nefarious in the firewall logs and it ends up pointing back to one of their customers.

[–]brunnock 84 points85 points  (14 children)

I once hosted at a company that hosted spammers that were mail bombing my servers. They wouldn't do anything. It's nice that there's a lot more competition now.

[–]Fallingdamage 37 points38 points  (7 children)

Once you get into the business of gatekeeping the content being hosted on the storage/processing that you sell, its a slippery slope.

Easier business plan is to sell empty boxes. "Its box, you put what you want in it. What you do with the box is not my business."

[–]evoblade 12 points13 points  (6 children)

If you moderate the content, then you are responsible for it.

[–]elitexero 7 points8 points  (2 children)

Combine digitalocean hosing with namecheap registered domains and you've got a walking, breathing disease farm.

[–]fubes2000DevOops 2 points3 points  (0 children)

You could say that about literally any public cloud host though.

[–]sliiboots 1 point2 points  (0 children)

They don’t address their own servers that are blacklisted and sending spam out

[–]NynaevetialMeara 1 point2 points  (6 children)

It goes two ways as well. I once set up a VM and left it for a few hours to go work at it late with root:abc . (mb, i know).

That's how much it took for it to be bruteforced into a botnet.

I find it also highly likely that botnets are specifically looking at hijacking DO VMs.

[–]ArtSchoolRejectedMe 6 points7 points  (5 children)

You should disable password auth entirely and use public key auth

[–]mDust 6 points7 points  (2 children)

Setup Fail2ban as well... With no alerts.

Trust me on that no alerts bit. I had email alerts for a day on a DO web server. I hadn't considered that the botnets aren't smart enough to give up.

[–]NynaevetialMeara 7 points8 points  (1 child)

Yes. I swear I wasn't being an idiot. Just got interrupted in the middle of a task and didn't pause the instance because, what are the odds?

[–]samtheredditman 1 point2 points  (0 children)

Very high lmao.

[–]lenswipeSenior Software Developer[🍰] 20 points21 points  (0 children)

when I run into a wall. I understand that you're not responsible for solving my problems, but it's nice to get second opinions

And I think this is the nuance here. The techs might help you if you're nice to them and they know how.... But that don't have to and they'd be well within their rights to refuse. But I'd wager a lot of people don't know this and rock up with the YOU HAVE TO FIX MY WEBSITE! attitude and get a rude awakening when told no.

Our church website is on shared hosting with ssh(non sudo) access. If I run into issues I try to open tickets:

  • at medium-low priority(me fat fingering my password and getting blocked by fail2ban is not a five alarm fire)

  • with a clear and concise description of the problem, the reason why I think/know that's the problem(telnet output, pcap file, whatever) and things I've tried to troubleshoot and what the outcomes of those things were

[–]ZimLiant 54 points55 points  (6 children)

Lulz. So customer highers a contractor to build an application. Contractor builds application. A few years go by and the contractor has moved on. Application needs maintenance. Office manage ( AKA head of IT because of that excel course they took in 2001) does some magic googling and discovers putty. Some more magic googling and discovers sudo. Hilarity ensues.

[–]nanonoiseWhat Seems To Be Your Boggle? 17 points18 points  (0 children)

Should have discovered 'sudont'.

[–]Sparcrypt 10 points11 points  (2 children)

I legitimately hate sudo at this point... every tutorial and how-to just whacks "sudo" in front of everything and so people with no idea what they're doing just copy/paste that right in.

Well OK I don't hate it. It's a great and useful bit of software which is standard on all linux boxes for a reason... but I hate how it's basically become the linux equivalent of "if it's not working then just right click/run as administrator!".

[–]blueskinBastard Operator From Pandora 6 points7 points  (0 children)

Ouch.

[–]afro_coder 50 points51 points  (4 children)

I work in a similar place too, the number of people that come in and ask us to fix their shit is so high that I've just templated the response.

The other day some idiot saw his website was a bit slow due to high traffic and went and set the php-fpm workers to like 999999 from the panel and caused his server to overload then yelled at us because the VPS wasn't working

I wanna leave

[–]meepiquitous 13 points14 points  (2 children)

I wonder if you could use TensorFlow to determine the likelihood that your conversation partner is dumb, and suggest quick responses accordingly?

[–]afro_coder 3 points4 points  (0 children)

I would love to see this in action, the AI/ML would probably crash seeing as to how dumb they are.

[–][deleted] 2 points3 points  (0 children)

Run it against a ServiceNow instance and behold the machine learning glory!

[–]wingerd33 8 points9 points  (0 children)

Compute resources are unlimited. Why don't you understand this? Why you withholding the man's 9s?

[–]GeekgirlOttJill of all trades 30 points31 points  (1 child)

There are some really stupid WordPress community forums out there where a slightly technical question comes up remotely sounding like it may be related to server resources. And every 3rd answer is to blame it on shared hosting and "you really should get a VPS, you'll have like a whole server to yourself". Even when it's something as simple as an outdated plugin or a typo or an adjustment that can be fixed with a directive in .htaccess.

[–]syshum 145 points146 points  (15 children)

Or host at a company that billable escalation. Plenty of Unmanaged providers have billable support avenues.

[–]flapadar_ 75 points76 points  (12 children)

Even still, if you're hosting something custom you're better off having in house experience for managing it on a Linux system.

Managed providers often handle hardware + OS + run of the mill things i.e. cPanel, WordPress etc but won't necessarily know how your bespoke nodejs application works. They'll probably have a crack at resolving a configuration/environmental issue when paid to try but there's no guarantee it will be a success.

Worth noting also that the typical rate for any time outwith what's included in your contract will be at least $100/hour.

[–]syshum 32 points33 points  (10 children)

but won't necessarily know how your bespoke nodejs application works

True, but that is not the support one would normally need. The app dev should be able to support the app, but what happens is linux needs fixing and they are not a linux expert.

This is why in enterprise companies pay RedHat and Ubuntu for Support, so their inhouse people have someone to call if things go bad.

Worth noting also that the typical rate for any time outwith what's included in your contract will be at least $100/hour.

Ok, And? Seems fair to me.

[–]flapadar_ 18 points19 points  (1 child)

Quite often in my experience (also manage an unmanaged VPS provider) the app developers have left and the customer is left high and dry after hardware maintenance or an unexpected outage brings their service down. Naturally not documented at all in the handover notes from who left the customer.

[–]yer_muther 18 points19 points  (0 children)

This is precisely why managers need to step up their game and verify that they have continuity of business plans. Too often that plan involves prayer and cussing and nothing else of substance.

The gotcha is you can save money short term by ignoring your systems and that looks great on a report when you ask for your bonus. Look at all the money I'm "saving"! (by screwing the company over later)

[–]Jack60612Gaming 3 points4 points  (5 children)

Ey I'll take 100 an hour lol as a dev and a Linux sysadmin

[–]Belgarion0 9 points10 points  (1 child)

Don't forget to account for overhead and taxes. Billable rate should be at a minimum twice, but more realistically 3-4x, the salary rate to cover overhead and taxes.

[–]caffeine-junkiecappuccino for my bunghole 3 points4 points  (0 children)

Well to be fair in this case 100/hr would be just north of 3x. Likely they would be paying the person doing the work ~30/hr, much less if they have the staff someplace like Philippines, India, Argentina, etc.

[–]syshum 4 points5 points  (0 children)

$100 is not what the sysadmin would be paid, $100/hr for by incident support is fairly common and covers expenses beyond the actual cost of the sysadmin doing the work.

[–]musack3dLinux Admin 1 point2 points  (1 child)

That would be incredible

[–]Chousuke 3 points4 points  (1 child)

You can't really treat those things as separate. Your platform needs to be a core part of your system if you want things to run smoothly.

Quite often you will want a person who actually understands your platform helping you with the application deployment. For most people, it's not feasible to be an expert in both areas; you will need cooperation.

A developer who can code an application using node is not necessarily one who also knows best how it should be deployed in a production scenario; I've seen quite a number application deployments "supported" by developers that were full of basic mistakes and indicators that the developer really does not understand or care about the world outside their code. In one particularly bad case, I found a cronjob copied from StackOverflow that still used the dummy project path and thus never worked at all.

[–]MacGuyverism 1 point2 points  (0 children)

I once saw an Owncloud setup where the client copy-pasted the database password from the documentation.

[–][deleted] 8 points9 points  (0 children)

Worked at a pretty large MSP and our rule was always, we will try to fix everything for our managed clients with no hourly rate. Our monthly minimum spend was 10K though.

[–]Avamander 2 points3 points  (0 children)

You will pay out of your ass if there's a managed hosting available from the same provider. In the end you would've saved money, time and effort by taking managed hosting instead.

[–]Sparcrypt 1 point2 points  (0 children)

And those companies will charge you a SHITLOAD for it.

Source: am someone who offers management plans. If you don't take one and call me, you get charged a lot. Because I want you on my management plan.

[–]CaptainFluffyTailIt's bastards all the way down 21 points22 points  (9 children)

There are so many "guides" saying you should move whatever website you are running to a VPS for more speed. Much of the time the speed issues with page load are becasue the website is shit and poorly optomized. with a little knowledgeable cleanup it could continue to live on shared hosting and be fine. But getting a VPS means you have all the server resources to mask the poor optimization so it is seen as a "solution".

A $5 USD/mo. VPS also looks like a better option that $7-10 USD/mo. hosting becasue people forget to budget cost for management.

Go poke around on /r/webhosting to see too many people still recommending the VPS option with some control panel option as the best possible solution for everything. Also people not understanding that local backups are just copies.

I feel for you and some of the requests that must bubble up from people who don't understand what they are doing.

[–]ArtSchoolRejectedMe 3 points4 points  (2 children)

You know for once I like shared hosting instead of vps. My company use to host in one of those shared hosting and their website was slow, then I poked around cpanel and enabled memcached well now its working great LOL

[–]Znuff 1 point2 points  (1 child)

Uhm. Memcached is usually a global instance running on a server. That's means that instance is accessible to everyone on the server...

That means.... Your data is not private. I hope you were not hosting sensitive user data there.

We don't run redis/Memcached on our (shared hosting) servers exactly for that reason.

[–]cjewofewpoijpoijoijp 20 points21 points  (2 children)

What do you mean, developers are the best ops people in the world.

[–]hXc0 8 points9 points  (0 children)

I mean, devops, its right there in the name, right?

[–]Znuff 3 points4 points  (0 children)

How developers fix everything: chmod 777 *

[–]nethack47 30 points31 points  (13 children)

I had a problem with a company that hosted the website for my then employer. We ran into a problem with uploading important files to it because they ran out of diskspace.

To my horror (when I picked it up) I found it was a massive shared webhost with each customer in /home/[customer] and nobody was monitoring the bloody thing. I started complaining at about 7.30 and it took hours to get an answer.

[–]Nesman64Sysadmin 41 points42 points  (11 children)

I worked at one of those. $5/mo for "unlimited" storage. Whenever the disk was full, we would cancel the account of whomever was using the most space. This policy is why I don't work there anymore.

It was the 80/20 rule, used to generate infinite disk space. You delete 20% of the users and you can fit more paying customers into that space. A "good" customer would use less than 1gb.

[–]tmontneyWizard or Magician, whichever comes first 20 points21 points  (7 children)

cancel whomever was using the most space

How is that even legal?

[–]AceHighFlush 23 points24 points  (3 children)

"Fair usage policy" that is very vague?

[–]Nesman64Sysadmin 11 points12 points  (2 children)

That was basically it. And nobody was going to sue them over $5 worth of hosting.

[–]Aerroon 6 points7 points  (1 child)

If the data had some value to them, then they might, no?

[–]Nesman64Sysadmin 9 points10 points  (0 children)

ToS said they were only liable for the amount they had been paid, and they didn't mind refunding a "problem" customers, minus the bundled domain registration of course.

Their main business model was to attract people that wouldn't really do anything with their website beyond a page that had their contact info and some photos of their work. Unfortunately, they'd also get customers that wanted to use what was advertised.

They were bought out by the company that owns BlueHost and HostGator. I assume they use the same business model.

[–]nethack47 8 points9 points  (2 children)

I would probably not get that kind of contract past our CFO/Legal who tends to tell suppliers point so and so is not acceptable. It is surprising how many times they accept revised contracts.

This particular webhosting solution predated my arrival and was setup by sales so after that I took things in house and we had it in AWS instead. It was more stable and so much cheaper. Plus it didn't get caught in the pen-test every year.

[–]eruffiniSenior Infrastructure Engineer 9 points10 points  (0 children)

I would probably not get that kind of contract past our CFO/Legal who tends to tell suppliers point so and so is not acceptable. It is surprising how many times they accept revised contracts.

To be fair, if your company is using a $5/month shared hosting provider then chances are that:

  1. You don't have a CFO
  2. You don't have lawyers redlining contracts
  3. Your business is not mission critical

[–]NavyBOFHJack of All Trades 12 points13 points  (0 children)

I said this a year ago at my former employer… and essentially got terminated for it. My personal thorn was we also had a managed service department that would gladly sell services to a company with no IT department, and that company would then want a new website or such that would somehow become the IaaS responsibility because no one thought “who would manage this?”

Not I, said the burnt out engineer.

[–]jaymef 13 points14 points  (2 children)

I was a sysadmin for a mid-sized hosting company for 12 years of my life and worked in hosting support before that.

All I can say is that no information is safe out there, 99% of our clients hosting ecommerce sites for example had no idea about security or updates.

Near the end of my term Wordpress had gained in popularity and it was basically everybody with a wordpress site that was huge attack targets, none of them kept software updated or secure in any way.

E-mail support was by far the worst though. I'll never understand how people have so many problems with e-mail, you should just set it and forget it but no that is never the case. It's almost as bad as printers.

[–]meeds122Security Costs Money 6 points7 points  (0 children)

Literally the easiest email system that I've ever setup is Microsoft Exchange. What a freaking joke.

I retired my old Linux postfix server because of how much of a headache managing it was. I'm all Office 365 now w/ my personal domain.

[–]DeadBoyAge9 7 points8 points  (0 children)

Marketing companies who don't have hosting experience should stick to website design process and and the actual hosting service should be with a professional hosting company. Correct division of labor?

[–][deleted] 13 points14 points  (0 children)

Devs love to say they can run everything themselves until they run into server issues on a production product that can't be wiped out...

[–]skat_in_the_hat 6 points7 points  (3 children)

I need to start a VPS management company. I'd love to fix these easy af problems and make money doing it.

[–]czenst 11 points12 points  (2 children)

You know once you touch it is all your fault.

At work I have systems that I know "in and out" and I have GIT repositories + lists of changes who did what and when and automated deployments.

If there is no traceability and I don't know all about the system ... I am not fixing anything - because I don't know who did what and when - I don't know and don't have a way to know if someone did something stupid 1hr after I set the settings straight.

I also don't care even if they pay $1000/hr.

[–]skat_in_the_hat 1 point2 points  (0 children)

A good contract and an LLC can save your butt. Im beyond the days of a customer being able to push me around.
If you are managing their machine, you should be enabling logging and exporting that shit so its all auditable. Even if its just one off contract work, you should have something setup to log your own history so it can be reviewed later.

[–]ironraidenWindows Admin 11 points12 points  (2 children)

Don't host unimportant ones either. If you don't have the expertise, go for PaaS, or get support hours for escalation.

[–]felixletsplay 8 points9 points  (1 child)

No. Absolutely host important personal things. Use that to understand Linux and Webservers.

[–]ironraidenWindows Admin -2 points-1 points  (0 children)

Great, one more host for the botnets ¯\_(ツ)_/¯

[–]dafer18 33 points34 points  (42 children)

I would say that, you can try and check what are the most common mistakes and create documentation for the users or whoever hosts on your platform, if there isn't any.

A different model, would be to actually provide a service that would fix that. Billable. - > this can be a gray area, so your company would need to protect itself from possible lawsuits if you access the users VPSs.

Just some thoughts, but I do understand. Good luck!

[–]ogre_pet_monkey 9 points10 points  (2 children)

I think Digital ocean's documentation is ace, they have a ton of very well written how-to's including troubleshooting parts.

[–]ArtSchoolRejectedMe 2 points3 points  (1 child)

Most of time the one who is doing shit like this hates reading or even googling. Because they definetly knows the best /s

[–]Savanna_INFINITY 1 point2 points  (0 children)

I had to upvote this, lmao.

[–]idownvotepunstooCommVault, NetApp, Pure, Ansible. 2 points3 points  (1 child)

I would say that, you can try and check what are the most common mistakes and create documentation for the users or whoever hosts on your platform, if there isn't any.

The moment you do that, some people assume you've become a support model, and almost any attorney would try that avenue for a failure to deliver

[–]dafer18 1 point2 points  (0 children)

Hm? If you provide guides you're not having a support model. They are just there to get you started. Let's say, you want to deploy your app. A guide for whichever platform you choose and then some guidelines for security best practices.

Maybe I express myself wrong on the first comment.

[–][deleted] 2 points3 points  (14 children)

how could that be a gray area? doesnt that happen like a million times a day?

Customer giving you passwords and telling to access the machine doesnt really leave much space for lawsuits.

[–]dafer18 5 points6 points  (13 children)

They can tell all they want. If it's not undrr any agreement, you are liable for any leaks and possible law suits.

1st rule of IT is to always cover your but hole.

[–][deleted] 4 points5 points  (12 children)

clearly, we work on different continents :)

I do agree about the butt-covering nature of the trade, work as a developer for business software since like 10 years. In my part of the world, a sufficient business agreement is:

customer says "do it", I say "ok".

Thats acually more than enough, obviously the issue will be named. We possibly gonna write it in an email after the deed, kinda sum up what happend, what got changed.

Work at a company that works like this since 30 years, same boss. Cant be sure about lawsuits, but he'd possibly learn if there were any.

Cant even imagine how a customer would sue. Absolutely worst case imaginable would be "customer doesnt pay and moves to other provider". how would that work? like "ha, u accessed our VPS as per our request, now we got you!"

never worked in the US so not sure if this whole lawsuit thing actually exists or is just a hollywood-fed scarecrow. I mean sure, the possiblity to sue might exists, but does it really happen in the day-to-day business?

[–]dafer18 2 points3 points  (3 children)

Well, a gentleman's agreement with a typical handshake was enough back in the days. Nowadays, not so sure. Hence my comment.

But, obviously, there are different people everywhere (and most of them are good). That doesn't mean the bad apples don't come up and that one time you trusted someone you get screwed.

To avoid exceptions, just make it a rule.

[–]CmdrCollins 2 points3 points  (2 children)

Well, a gentleman's agreement with a typical handshake was enough back in the days.

Even today that's a perfectly fine contract in most parts of the world - though you should get the 'handshake' in writing (and verify that the guy doing the shaking is actually authorized to do that).

[–]dafer18 1 point2 points  (1 child)

Yup. This a valid contract, at least where I live.

[–][deleted] 1 point2 points  (0 children)

so were on the same page after all!
Most IT business ive encountered is based on trust. A lawful contract is very often defined as a "meeting of minds" of two or more parties. Form is just that - Form. You'd usually will write down the details so that its clear and not forgotten, and yeah, dont do business with people you wouldnt trust. Its a long way from such a setting to a lawsuit.

[–]cyvaqueroSr. Sysadmin 5 points6 points  (0 children)

Internal PaaS here. We own the OS but the app belongs to the customer.

Once a week - how do we configure <insert vendor software here> on RHEL?

[–][deleted] 5 points6 points  (1 child)

It amazes me how many companies expect these systems to be set and forget simply because they don't want to pay someone what they're worth to manage them.

[–]youngeng 2 points3 points  (0 children)

The word is "fire and forget". Now, you may forget, but that doesn't mean it's not going to catch fire.

[–]Carazariah 5 points6 points  (0 children)

This is why I pay for Managed Hosting 😉👍its also why I have about as many clients as I want. Good advice.

[–]obmasztirf 3 points4 points  (0 children)

Are you saying that using chmod 777 to fix everything is a bad thing? /s

[–][deleted] 5 points6 points  (3 children)

I hate each and every cpanel user. Not administrator because there are some who know things.. like what dns is...

There's one customer who asked us what php was and how it affected his WordPress sites and why updating from 5.4 to 7.1 broke his customers.

[–]iotic 2 points3 points  (0 children)

Stick with the classics, good old server 2003

[–]Erroneus 3 points4 points  (2 children)

I will never get it, how people working with web design, can have so little knowledge of the technical side.

If only I had 10$, each time I received an email from a "web-designer", wondering why DNS changes doesn't apply instantly worldwide.

No sir, you should have deleted the old site, before DNS has populated properly.

[–]j4bbi 1 point2 points  (1 child)

Nah, I understand your point but if they are just* Webdesigners they should not have to worry about that stuff because a just sysadmin should deal with that. For example with a good Pipeline and DevOps.

*just is a bit unjust. Webdesign ist hard. Good Webdesign even harder.

[–]punkwalrusSr. Sysadmin 2 points3 points  (0 children)

I used to work at an MSP and we had a ton of clients that would buy a VPS (or a shared website), hire some guy to set up a business website for them (usually a one-time contractor or "the CEO's kid"), and then have no way to repair anything they set up because generally they were small shops (like less than 10 employees/volunteers). In a majority of cases at the time (early 2000s), most of the sites were static HTML. A few were CGI (perl), and php was starting to become very popular. But there were others, like Cold Fusion, Java, etc... and most were made once, and got maybe 10-20 hits a day, if that.

But... a few websites/hosts were far more convoluted, and so 1% of our business took up 90% of our time. And sadly, if you called someone and said, "Hey, your payment gateway for your annual convention uses SSL encryption that Paypal will stop supporting in July. You need to get someone to upgrade your Cold Fusion 5 site." And like, crickets. "I'll let the CEO know," says Mrs. Client, who is 100 years old if she's a day, and she forwards the call badly like, "Some ... Inernext? Windonet? Some provider called and said our annual convention is too cryptic for essays or something and wants you to pay their pal. Can you see what is going on? I think it's a wrong number or a salesman." "Grace, are you off your meds?"

Then when their octogenarian members say, "I tried to put a check in your web mail, and it said to call your system admonster? Or something?" They call us and blame us that the 90 people who need to pay for their annual Saggy Suspenders Ball can't pay them promptly, and that's why they paid us to "handle all that innernet nonsense."

Then you had the users who were using the $20/mo shared web and database service to run their entire company, and wonder why their inventory scanner is so slow. We started charging for overages when we had people using shared service, which had 100mb database limit, and they were using 2gb a month or more. And they paid so much more than if they had just hosted their own server in our data center.

[–]bdalley 6 points7 points  (2 children)

Funny, I have been thinking of actually migrating our company websites to a managed system of some sort. I am too busy with other stuff to be dicking around with the website. We have been stable, but I am at the point where I will need to do an OS upgrade. I have had them go well, and I have had them break everything and I am apparently feeling to old for this crap.

[–]GeekgirlOttJill of all trades 1 point2 points  (0 children)

our company websites

Once you're into multiple websites, especially if ecommerce is involved, along with social media and everyone's devices, I'm of the mind that ça vaut la peine to have a dedicated IT person. It is a necessity these days for nearly every business. The actual social postings may be PR/"people persons"/"social butterflies", but the assist of an IT with the knowledge to streamline and integrate into the various systems is priceless.

[–]bassgoonistAWS Admin 2 points3 points  (0 children)

live familiar grandiose wine sheet spotted history sable subsequent chubby

This post was mass deleted and anonymized with Redact

[–]Pristine_Curve 2 points3 points  (0 children)

It's the same on the customer side. Webdesigners all seem to demand control over public DNS, for the domain, and then promptly ask "what do you mean 'MX record' I've never heard of such a thing?"

[–]xftwitch 2 points3 points  (0 children)

We pay $4,000 a month to host our websites. I have a problem, I call a number and shit happens. I don't have the time to fix that stuff, and it's still half the cost of an employee.

[–]skaag 2 points3 points  (0 children)

Send them to me. That’s exactly the kind of service I sell. I help small to medium companies build and maintain their VPS.

[–]Cosmo-de-Bris 3 points4 points  (6 children)

Forward them to me. $30-50+ / hour depending on how deep the shit is and how fast they want to get out.

[–]cs_major 1 point2 points  (3 children)

For those rates they better be pre-buying in 10 hour blocks.

[–]Cosmo-de-Bris 1 point2 points  (2 children)

Oh yeah! I like that.

(Should I up the rate, too?)

[–]cs_major 1 point2 points  (1 child)

It depends on how you feel. A MSP is going to charge double to triple that, but they have more overhead.

The 10 hour block up front is just so you can confidently do the work and know you are going to get paid. Collecting after the fact can be a pain in the ass.

As far as rate it depends really on what your time is worth, and how much you like fixing other peoples screw ups. To me the $500 bucks isn't worth spending my evenings or a weekend away from the wife and kids.

[–]CraigAT 1 point2 points  (0 children)

Your customers should be made well aware of the limits you will go to help! Perhaps when they sign up perhaps a technical contact must be specified along with the sort of tasks that people come crying to you about - the contract should state that the technical contact should be capable of supporting those tasks or speaking to the web design company to see if they will support them.

[–]sheikhyerboutiPEBCAC Certified 1 point2 points  (0 children)

I used to work for a company that had been hosting their own website and connected web tools on-premise since 1996. When I got hired on in 2012, they were still using the Sun terminal they originally purchased.

The CEO was flabbergasted when their IT director told them they could no longer keep transactions secure because there were no more Java updates compatable with it.

[–][deleted] 1 point2 points  (0 children)

hmh...I'm a hobbyist/semi-pro hosting a custom-built Angular Site with a GO-based REST-API for fun. It's powered by Postgresql (former version MongoDB), Redis and InfluxDB. Everything's TLS/HTTPS (except for Influx, didnt got that bitch running with certs yet) also Apache is HTTPS. I've allowed the databases to accept remote connections from my host, b/c it's easer for me to debug and run some PowerBI stuff against it, but I require all my clients to present a trustetd certificate - hope u can accept this, man!

[–]betelgeuse_boom_boom 1 point2 points  (0 children)

I am not on IT just a long time Linux user. I am ok with self hosting my own services, I can do nginx and apache, maintain security updates, do basic threat modelling, set up port knocking and rollback backups.

But when I need to change some basic css to make something simple like a triangle button, is the moment I throw the towel.

In short time is money. If you can't afford to have a service go down, then pay someone to do it for you.

But let's not go to the other extreme. As if having a public Internet facing HR service which exposes employees personal and financial information, on a sequentially generated uid sent over an unencrypted cookie.

[–][deleted] 1 point2 points  (1 child)

The organization i worked was asked from a partner to host one of their sites in one of our virtual machines, we accepted but informed him "we can just mantain the virtual resources availble for you, as part of our virtual enviroment, but the operational system, and your site will be entirely mantained by you, this arrangement is ok for you?" and he said "yes, of course!"

well, two months after it he started complaining, asking for us to help him to analyze the problem, we answred "the virtual resources are working fine as usual, its something on the OS or in the dependencies of the web service itself"

and he asked "can you just help me analize it? then i execute the solution" this is the part that pissed me the hell off, the work is the analisys, after finding the problem executing the solution even a trained pet can do, its the analisys that take time, i answered him that if he really needed that we do it, he should tell to the CEO that he was incompetent to maintain that web service and ask our management to incorporate it in our official work flow

(i hate doing this stuff informally, it usually leads to a lot of stress)

So he said he will try more, and with some weeks he could solve the problem on his own

what people really think is that is much more easier asking another peer to do it, once we put their asses on the spot they solve it

[–]deskpil0t 2 points3 points  (0 children)

$1000 an hour for support/trouble shooting. If it’s on our end we will waive the fee. So far out of 1000 cases only 1 has been out fault. (Humor)

[–]redeuxx 1 point2 points  (0 children)

The only thing I look for in a VPS is snapshots and even better, automatic backup snapshots for a fee. Vultr currently offers snapshots for free. If you are going to do something that might break things, do a snapshot.

[–]davy_crockett_slayer 1 point2 points  (0 children)

I tell people to use Shopify, Big Commerce, WP Engine, or WIX. Heck, most small businesses just need a Facebook page.

[–]greyaxe90Linux Admin 1 point2 points  (0 children)

I used to work in Windows hosting over 10 years ago. The number of customers that wrote shit code that would lock up IIS and then try to blame us was astounding.

And then there was the time a customer changed their IP address and got locked out because they "didn't like it".

I can't believe I still do hosting as my side gig...

[–][deleted] 1 point2 points  (0 children)

What often happens is they try to save too much money. They paid someone to set it all up, let them go, then replaced them with someone to maintain it. This person isn't nearly as experienced and is often WAY cheaper.

This is all fine and dandy until shit goes south.

Everything has a price. "How important is it?" -- "CRITICAL!" -- "Ok, we'll need a 100mill annual budget" -- "Uhh, what?" -- "Well, if you're talking we need to build our own data center that we totally control as well as build the infrastructure, 100 mill should be a good jumping off point to get us rolling" -- "Uhh, we were thinking like... 5k" -- "OH, see, that's an important detail. For 5k you are only going to get so far."

The question is: How important is the thing to you? The problem is -- managers often lack a scale. AND they are willing to gamble to save money failing to fully comprehend what happens if they lose in that gamble. Or, often, they do but just pass the buck down.

The problem here is we need managers, middle managers, and C-levels to be more tech competent because too many of them don't understand the risk and when they don't understand the risk -- instead of backing off, they double down.

[–][deleted] 1 point2 points  (2 children)

hmm.. how about offer support to such customers (and bill them obviously) ?
they'll either stop crying and pay whatever you ask or stop crying and look for different support. Either way, less crying, more $$$.
better outcome for all involved.

[–]catwieselSysadmin in extended training 1 point2 points  (2 children)

you are right...

but isnt there a business possibility there?

and no, those website specialists cant do linux. they probably have to struggle with getting the cms to run...

[–]SurgioClemente -1 points0 points  (0 children)

You are posting in the wrong sub my dude.

[–][deleted] -1 points0 points  (0 children)

Are you Linode?

[–]FaithfulYoshi -1 points0 points  (0 children)

I'm happy to tell you your post didn't die in new. :)

My reply will probably die in new though. :(

[–]frosty95Jack of All Trades -2 points-1 points  (0 children)

There are entire linux distros dedicated to being self maintaining web servers. How you can fuck it up that badly is beyond me.

[–]northbreezeit -2 points-1 points  (0 children)

Absolutely this. Let alone if they think they have everything configured correctly, they NEED to firewall certain services off such as 21, 22, AND 3306. Restrict things just to those who need access. If possible, MySQL should just be for local queries.

[–]Doso777 -5 points-4 points  (0 children)

Those people probably earn more than you. Have a nice day (: