^This^ ^is^ ^a^ ^joke,^ ^I^ ^didn't^ ^really^ ^lock^ ^myself^ ^out^
Happened to me once. Had a little Pi at my parent's house and that was a nice excuse to visit them.
Except when you get there and don’t want to talk or do all the meeting and greeting until you know the server still works.
even worse. I regularly have to get up out of my chair and go down 2 stairs.
Also this took a while to find, but : https://sourceforge.net/p/shorewall/svn/HEAD/tree/branches/4.2/Samples/one-interface/shorewall.conf
ADMINISABSENTMINDED=Yes
Is an actual setting in the config for the (now apparently unmaintained) Shorewall Firewall software/tool for linux.
If I remember correctly, it always checks on firewall rule changes if there is an active connection on port 22, and adds a special rule at the end to maintain that connection.
They don't build them like they used to anymore.
They don't build them like they used to anymore.
Well if we did, the way it works would be by telling a chatbot to enable ssh on port 22 at the end.
Doing this is a right of passage.
Believe it or not, "rite" is the, uh, right, word here.
Messing up the spelling is a wrong of passage.
I don't belief it.
Just breath!
deaths
deaths nuths
You have a right to pass once you've done this rite of passage.
Believe it or not, straight to jail
Before you make a change, do this in a screen-session:
sleep 300 && iptables-restore old_fw_rules.bak
permission denied
fuuuu
Found the debian user.
user permissions is a debian thing now?
A long time ago, Debian 8 or so it was a bug with Debian. Something about the command running without root despite the sudo command.
Yeah except it would be iptables-restore < old_fw_rules.bak
Fun fact: When you do iptables-save, you have to redirect the output if you want to save it to a file. But when you use iptables-restore, you don't need to pipe it back in, you can just use the filename!
It wasn't always that way. At one time you had to so I still do.
Real servers have lights out management and management networks.
I'd rather plug in a screen with VGA than deal with HPE iLO 4
Almost the same thing happened to me. I accidentally fucked up the internet connection in my home while in Japan, and I had to video call my mom to have her fix it. It was a pain for both of us, but thankfully it went rather smoothly. Thank you mom!
Do you mind explaining the details? I’m trying to learn as much as possible!
What's really fun is hearing "oh shit" from the UPS maintenance tech followed by darkness and silence.
Classic.
Love Hetzner. If something like that were to happen to me they can hook up a remote console accessible through their web interface.
Many hosting providers have a remote console feature.
Console
Fuck, that is really good wordplay.
Don't practically all commercial hosting providers provide remote console access?
This seems a combo of an extremely newb mistake in an extremely unusual scenario - worthy of Gru I guess.
Physical, on premises servers are still a thing.
Yeah, all the ones I've used had remote access
Most secure box is the one that does nothing.
Since that happens to the best of us, I envision writing a wrapper script around {n,}pfctl that asks for confirmation upon detecting that you're logged in via ssh through a specific port AND detecting that the new rules would block that port.
That the slrpnk.net admins in the picture?
They had a hardware failure but close enough
I'll always be grateful for the firewalls like OpenWRT that will automatically revert any changes if you don't log back in after a few minutes (at least on the web interface). I'm not proud of how many times that's saved me.
This is the NetAdmin's problem. And he's got 3 ways to get into the datacenter, so he goddamn well better have an answer that doesn't involve airfare. Worst case, he's gotta use remote hands, but that would be embarrassing, and I'd not let him forget it. Nobody forgives me when I screw up a server cluster, so he gets no latitude when he takes a datacenter offline.
Does it actually happen to people? All servers I worked with both had a back door (or two), and someone at the data centre (during work hours at least) you could contact in an emergency.
I guess some smaller companies might have simpler setups they self-host
Most data centers have some kind of service where you can request a KVM to be connected to the server. It's not instant as an actual human has to do so but a lot sooner than another human driving long distance. I guess in this case, it's a mid size company that is big enough to have multiple locations yet small enough to still manage to use on-premise infra instead of data centers.
I try to remember to always open two SSH connections when altering iptables or the ssh config - just in case
this sounds like something chip from sales would do
This is precisely the problem that deploy-rs solves!
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.