Software, technology, sysadmin war stories, and more. Feed
Friday, August 5, 2011

Beware of sysadmins who perpetually do monkey work

Have you ever seen someone with a large repetitive task ahead of them? What about someone who has to do that kind of task on a computer? Anyone who's been roped into sysadmin work has probably had to do something to a large number of computers, users, modems, or other devices at some point in their career. What I've found is that you can learn a lot by observing how they handle it.

One summer, I was doing my school district sysadmin job, which usually meant very little. I had scripts and helper programs which checked things, rotated logs, tweaked this, monitored that, and so on. It was pretty boring much of the time, actually. It was so boring that I wound up writing a bunch of other random amusements to keep me occupied. A fair amount of free software came about this way.

While this was going on, I had the opportunity to observe some student helpers who had been brought in for the summer. One of them spent a couple of days one week perched atop a stool, poking at this one monitor/keyboard/mouse combo the "network engineers" had connected to their massive remote KVM switch. That's how they ran their NT boxes, since remote administration either hadn't been invented yet in that universe, or they didn't know how to use it. All of my Unix boxes (besides my workstation) ran headless, but I digress.

Anyway, I noticed this kid was logged in as their administrator account and was doing stuff in the user manager for their domain. I asked one of the "engineers" about it and found out that he was supposed to be doing it, and it was okay. All right, so we didn't have a security problem, but what was he doing?

Closer examination revealed that he was slowly paging through the list, looking for people. When he would encounter them, he would open up their record and add a single dot (".") to their name. Then he would mark them off a list which was in one of those monitor-mounted sheet holders and move on to the next one.

This kid had been instructed by these guys to take a list and use it to frob every account on that list in some subtle way. I don't even know what the presence or absence of the dot meant, but it doesn't matter. It's unbelievable just how broken this entire scene was.

First, that list wasn't hand written or anything like that. Oh no. It came from the laser printer. That means it had been typed in at some point. That in turn means it was already in the computer. Yep, someone took a list of names in the computer, took it out of the computer, and then fed it back in by way of a human.

Obviously, nobody involved with this had ever heard of admin tools, or scripting, or even just learning the various APIs and writing something to twiddle user accounts for you. Their solution was the worst kind of monkey work: read, find, click, dot, click, repeat. Stupid. Even though it was NT, there were ways to access those things without doing it manually, but it takes a certain kind of ability to do that. My observations suggested that ability was not present.

By way of comparison, I used to write stuff which would take the ad-hoc lists of user creation requests every fall and would parse them out, create accounts, generate initial passwords, and return another list. It was the kind of thing any reasonable person would do.

If you don't automate yourself out of a job every 12-18 months, what are you really doing?