{"id":5504,"date":"2019-10-08T19:20:57","date_gmt":"2019-10-08T19:20:57","guid":{"rendered":"https:\/\/really.zonky.org\/?p=5504"},"modified":"2019-10-08T19:21:02","modified_gmt":"2019-10-08T19:21:02","slug":"reducing-risk-in-system-management","status":"publish","type":"post","link":"https:\/\/really.zonky.org\/?p=5504","title":{"rendered":"Reducing Risk in System Management"},"content":{"rendered":"\n<p>I was reminded of something recently when someone was using a gooey; they hadn&#8217;t made any changes, but clicked &#8220;Ok&#8221; after reviewing something. A bug in the gooey resulted in a whole bunch of DNS CNAMEs being removed.<\/p>\n\n\n\n<p>The fault is of course with the gooey for having a silly bug, but it was also a reminder to reduce risk whenever you have <em>root<\/em> (or equivalent).<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>The &#8220;Ok&#8221; in a gooey should be read as &#8220;Please make the changes I have asked for&#8221;; if you are not intentionally making changes, why click on it?<\/li><li>One of the reasons I switched to <em>zsh<\/em> was that I&#8217;d heard of accidents involving wildcards, so I wanted the feature that expanded wildcards within the shell before activating the command.<\/li><li>If you are looking at a configuration file, why are you using an editor? Use <em>view<\/em> rather than <em>vi<\/em>, and if you are in <em>vi<\/em> quit (&#8220;:q!&#8221;) rather than save and exit (&#8220;ZZ&#8221;).<\/li><li>If you have an account with special rights , don&#8217;t browse the Internet with it. You should have two accounts &#8211; one for ordinary stuff and one used <em>just<\/em> when you need additional rights. That&#8217;s two long and strong passwords to remember; life is hard; get used to it.<\/li><\/ol>\n\n\n\n<p>But this is more than just a few tips for reducing risk; it&#8217;s about an attitude that goes beyond simply being careful and towards designing your work flow in ways that reduces risk.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"695\" height=\"462\" src=\"https:\/\/i0.wp.com\/really.zonky.org\/wp-content\/uploads\/2011-05-08-Old-Metal-3.jpg?resize=695%2C462&#038;ssl=1\" alt=\"\" class=\"wp-image-4908\" srcset=\"https:\/\/i0.wp.com\/really.zonky.org\/wp-content\/uploads\/2011-05-08-Old-Metal-3.jpg?resize=1024%2C681&amp;ssl=1 1024w, https:\/\/i0.wp.com\/really.zonky.org\/wp-content\/uploads\/2011-05-08-Old-Metal-3.jpg?resize=300%2C199&amp;ssl=1 300w, https:\/\/i0.wp.com\/really.zonky.org\/wp-content\/uploads\/2011-05-08-Old-Metal-3.jpg?resize=768%2C511&amp;ssl=1 768w, https:\/\/i0.wp.com\/really.zonky.org\/wp-content\/uploads\/2011-05-08-Old-Metal-3.jpg?w=1280&amp;ssl=1 1280w\" sizes=\"auto, (max-width: 695px) 100vw, 695px\" \/><figcaption>Old Metal 3<\/figcaption><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>I was reminded of something recently when someone was using a gooey; they hadn&#8217;t made any changes, but clicked &#8220;Ok&#8221; after reviewing something. A bug in the gooey resulted in a whole bunch of DNS CNAMEs being removed. The fault is of course with the gooey for having a silly bug, but it was also <a href='https:\/\/really.zonky.org\/?p=5504' class='excerpt-more'>[&#8230;]<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false,"_share_on_mastodon":"0"},"categories":[4],"tags":[1287,1848,1849],"class_list":["post-5504","post","type-post","status-publish","format-standard","hentry","category-it","tag-risk","tag-system-administration","tag-system-management","category-4-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"share_on_mastodon":{"url":"","error":""},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p1f2KI-1qM","_links":{"self":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/5504","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5504"}],"version-history":[{"count":4,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/5504\/revisions"}],"predecessor-version":[{"id":5622,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/5504\/revisions\/5622"}],"wp:attachment":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}