> In order to ensure that changes to systems can be attributed to responsible individuals, there is usually some kind of system that tracks and audits changes. One person will raise a ‘change record’, which will usually involve filling out an enormous form, and then this change must be ‘signed off’ by one or more other person to ensure that changes don’t happen without due oversight.
And in any other planet, we call that a 'Pull Request.' My first real tech job was a community college that really bought into the whole ITIL framework. Important changes typically had to go through a Change Management Board, which met weekly. Meanwhile, key authentication systems involved passing passwords from PHP to perl to bash to vbscript in cleartext, in such a way that dollar signs and other string interpolation sigils would be processed, and therefore were banned. The person who wrote this kludge is now in charge of IT security for the college. And there was no version control to speak of anywhere, definitely no puppet or chef or ansible. It worked, but there were pretty much monthly fuckups along the lines of 'and then the utility truck backed into our power distribution cabinet' or 'the SAN vendor's technician mentioned this is the third time this week he's been on site with a client to deploy this emergency stability patch,' or 'the new guy upgraded the antivirus running on our databases, and we can't roll back because nobody has the old installer anymore' or my personal favorite: 'this position requires oncall duties 24/7/365.'
My company uses ITIL. Definitely a four letter word. I feel like Peter Gibbons much of the time. For me to deploy a server, I need to create a Change Request, have it reviewed by my local Change Review Board. They know nothing, and are a rubber stamp. Next it goes the the Main Change Review Board. They are higher up, and know even less. I have to have my CR into the LCRB a week before they meet, and then it takes an additional week for the MCRB to approve it. So at least two weeks to deploy a new VM. Retirement can't come soon enough.
And in any other planet, we call that a 'Pull Request.' My first real tech job was a community college that really bought into the whole ITIL framework. Important changes typically had to go through a Change Management Board, which met weekly. Meanwhile, key authentication systems involved passing passwords from PHP to perl to bash to vbscript in cleartext, in such a way that dollar signs and other string interpolation sigils would be processed, and therefore were banned. The person who wrote this kludge is now in charge of IT security for the college. And there was no version control to speak of anywhere, definitely no puppet or chef or ansible. It worked, but there were pretty much monthly fuckups along the lines of 'and then the utility truck backed into our power distribution cabinet' or 'the SAN vendor's technician mentioned this is the third time this week he's been on site with a client to deploy this emergency stability patch,' or 'the new guy upgraded the antivirus running on our databases, and we can't roll back because nobody has the old installer anymore' or my personal favorite: 'this position requires oncall duties 24/7/365.'