I often feel that the first time I implement anything--be it a file server, web application, or pencil organization scheme--that it won't be done right. The first time is a learning experience where you hack away at things till they work. The second time you just do it right the first time. I've met some sys admins who believe that if it eventually works, great. I prefer to have a nice clean system that's set up right from the start instead of having spare packages sitting around or config files with comments chronicling my mistakes, not to mention the mistakes that aren't commented out. When a system is hacked together like that there's a greater chance for emergent behavior due to strange interactions.
Now, this just means I have to spend some more time on the implementation, and I think that it is worth the stability in the system. However, the one large problem is when the users come to expect some functionality I had in. Often this is temporary logins while I get a centralized login system set up, or SSH tunnels while I'm setting up the VPN. The users have come to expect it, so they complain when it doesn't work. I could always take the hard line and be a good BOFH, but that really isn't my style. So when Joe decides he must have x11 forwarding through a tunnel for his scripts instead of using the VPN, I advise him to use the VPN and then just let him keep his firewall account.
The moral here is just to try to only support the best-class solution from the start. Putting in bypasses while you're setting things up may cause users to become attached to something you don't intend to last. Remind them of their childhood puppy. Johny, all good things must come to an end.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment