It's in the Cloud
so who cares where the data goes or comes from. Just be impressed Dell uses the word cloud. It proves they are on top of things and up to date-ish.
Dell forgot to re-register a domain name that many PCs it has sold use to do fresh installs of their operating systems. The act of omission was spotted by a third-party who stands accused of using it to spread malware. The domain in question is www.dellbackupandrecoverycloudstorage.com, which offers anodyne information about …
Why do companies register entirely new domains for crud like this rather than using a subdomain - what would've been wrong with backupandrecoverycloudstorage.dell.com? Presumably they'd put more effort into ensuring dell.com remained live. There's something like this comes up at least once a year!
> Why
Credit card? 20 seconds. Filling in online request forms to IT, then back-and-forward with managers/directors to get permission? Much longer.
And this is how shadow IT was born. Because of these sorts of tensions. You'll have one business team who go 'I just need x' and an IT team who have to try to keep everything stable and working...
>And this is how shadow IT was born.
And how Microsoft grew so rapidly in the 80's and early 90's, which in turn changed the role of IT departments...
Nothing wrong with working in the shadows, just you need to be able to manage the successful (skunk works) projects into primetime IT systems...
If IT says "no" to supporting a piece of software that the business bundles, you have much bigger problems. I can't believe Michael Dell wouldn't just summarily fire anyone who would flat out refuse to support a legit business need.
Some manager in the chain probably got a bonus from giving the support contract to a third-party and saving Dell from having to hire or buy anything, though.
Re: "Why do companies register entirely new domains for crud like this rather than using a subdomain "
I agree, but I suspect the reason is that it was easier for the Application Developer to request a new domain, and purchase it directly rather than go through the sys admin who has access to create subdomains on dell.com, and explain why he needed a subdomain.
That is the whole problem - they don't think.
Management these days is not able to manage, it is just there to give orders and take paychecks.
True management would have a clue about what is going on, what needs to be done and a plan to get it done that is written on something other than a paper napkin.
...and a plan to get it done that is written on something other than a paper napkin.
Up vote for the reference to "The Back of the Napkin" and the management school of thought arising from not reading the book and relying on materials developed by management consultants who also haven't read the book..
How is it possible to let a domain name expire (unnoticed). I administer a lot of domain names for customers and they NEVER expire. They are automatically renewed (for .com domains I receive a notification of renewal) and I have to actively terminate them. This is the second time this week I read about this:
https://www.theregister.co.uk/2017/10/20/ibm_failed_to_renew_three_domain_names/
Curious
It happens all the time (I worked for years at an MSP looking after SMEs and several very large UK businesses).
It is almost always one or another or both of these things:
1 - company credit card used to buy the domain has expired that year
2 - Person who registered the domain has left or been fired and reminder notices goto their email address.
Person who registered the domain has left or been fired and reminder notices goto their email address.
Why does this keep happening? There is no way that anyone with half a working brain cell uses a personal email address for significant notifications - you never use john.blogs@bigcompany.com for this - it should always go to domains@bigcompany.com which is aliased at the main server to whoever's employed to handle it.
Further evidence (if any was needed) that Dell is asleep at the wheel again ... or maybe just texting while admin'ing.
Not a security person eh?
You don't register everything under the same domain, it's a security failure waiting to happen.
Then there is the difference between internal and external production systems and their protections.
On top of a company which likely has more than 10,000 individual internal servers and likely just as many if not more external facing systems.
If you have ever worked for a large corporation, the amount of internal VLANs alone can become confusing, let alone adding a bunch of external facing domains which all have to have their own protected databases.
Then just think of any one of these having a vulnerability allowing access to active directory or DNS or Web services.
You want to alias everything? This isn't just a DNS nightmare, its a web server nightmare attempting to port and forward everything. If you think troubleshooting one web system is a horror show, try having to troubleshoot 3000+ on the same domain. It would be stupid.
I can go on and on, but you get the picture.
There is also cost. The amount for a wildcard certificate to cover an entire domain is ridiculous, when you can get by with 10-20 individual certs. There is also a security issue with this as well, but why continue to explain.
C'mon; most of you are smart enough to figure this out. Just think through it for 10 minutes instead of spewing out silly things.
"it should always go to domains@bigcompany.com which is aliased at the main server to whoever's employed to handle it."
1. Assumes that company policy allows names to be set up in this way.
2. Assumes someone is (still) employed to handle it.
BigCos, especially BigCos intent on becoming LittleCos (tto many of them these days) can be their own worst enemies.
Obviously never worked for a mega-corp. The 'official' process where the names are monitored are usually a PITA to use so a lot of names are registered at department level using company credit card. Then the person leaves or the card expires and the names which by then have become critical expire. Happens all the time.
Also happens a lot in small businesses.
With MS SMB Server editions (the ones that bundled Exchange) you were effectively limited to 25 user accounts/mailboxes because of the way things had been integrated. So I often came across companies that did have generic mailboxes such as Accounts@, IT@ mailboxes using personal mailboxes.
I'ver seen the same recently with cloud services where people object to paying the additional subscription for another mailbox, spam filter user etc.
The fun and games start when they discover a security breech (typically via an old or little used account for which they forgot to disable login on), among the actions typically taken to clean up the mess is to delete the account, resulting (with one client) in nearly all the third-party IT admin accounts (Microsoft, Dell, ISP etc. becoming locked as the responsible IT person had got into the habit of forgetting passwords and thus relying on the reset your password email...
Domains expiring, what about auto renew and expiry notifications?
'The site is also used by an app called the “Dell Backup and Recovery Application”, a program bundled with Dell PCs and which the company bills as “a safe, simple, and reliable backup and recovery solution that can protect your system (OS, applications, drivers, settings) and data (music, photos, videos, documents, and other important files) from data loss.'
Would you trust Dell to backup your important data if they can't even do something as simple as renew a domain? Thought not.
I now feel even more justified in automatically removing the Dell backup and recovery software from every PC I deal with... who'd want to reinstall a Dell factory image anyway? It's quicker to deal with missing drivers etc on a bare Windows install than to sit and uninstall 20,000 pointless bits of bloatware (and 7 different versions of MS Office in foreign languages.)
If you mean Windows 10 then the licence is tied to the device (embedded in BIOS/EFI); if the machine has ever had Windows 10 installed then it will automatically activate if you install the same version (i.e. Home/Pro), it doesn't have to be from the OEM image and it doesn't have to be the same release of Windows 10 as was previously installed.
For Windows 7 you will mostly need to go through activation by phone carry on if you install from standard install media but it'll almost always be successful.
If you use OEM master product key (not the key on the sticker) then you don't have to use phone activation at all. You can activate it with slmgr.vbs -ipk command. Provided that you have suitable SLIC key in the BIOS.
That's how Dell preload works, one W7Pro64 product key is used for all Dell machines that have W7Pro64 SLIC in them. Key itself is not secret, they are in a text file somewhere on the preload disk.
My Dell here has a fresh flash drive and a stock image of Windows. You can download the Windows image from MS. Then choose your drivers from Dell by hand if something does not work right. The licence is baked into the replacement for BIOS whatever it is called these days.
Because cloud..
Cloud is sexy cloud is shiny cloud is what people do now instead of that terribly old fashioned and appallingly stoneaged recovery partition.
I mean, why break something that was perfectly good like that partition?
Mind you - whatever happened to recovery DVD's..... remember them?
Cloud is sexy cloud is shiny cloud is what people do now instead of that terribly old fashioned and appallingly stoneaged recovery partition.
Well, they must still have a recovery partition of some sort - how else do they load enough network stuff to get the recovery working? I hope they don't have too many customers with a link like mine - slow and sometimes quite expensive :(
Mind you - whatever happened to recovery DVD's..... remember them?
Seeing my nephew take a much favoured disk and place it face-down on the carpet in between games ended my liking of that media PDQ :)
40 years of Home and SME computing (Commodore Pet and Apple II) and 'we', most of the General Public and hardware manufacturers still can't get Backup 101 straight in our brains.
The Public are excused, to some extent, but Hardware manufacturers are not.
Fortunately, our saviours started Software companies dedicated to solving the problem.
Macrium, Easeus, Acronis etc
Find them. Learn them. Use them.
If you go to a PC and Laptop stores these days, the sales people put a truckload of refurbished laptops on display without any display of shame on their faces, with prices only slightly less than 100 bucks below brand-new laptop editions. The real reason behind this seems to have been that with the start of Windows 7 and above, built-in back-doors for national security were demanded by the NSA which in part were also implemented in hardware. In addition in the opensource kernel developers scene several strange things could be observed, like the inserting of kernel patches enabling entire backdoor suites inside the Linux kernel, where at the same time strangely enough inside major Linux distributions, like Ubuntu, openssl packages were lacking support for SSLv3 in contradiction with OpenBSD and FreeBSD. To play it safe I then would routinely install older editions of popular Linux distro's, which of course require older hardware. In turn the refurbished marketplace was given a significant boost. Then again, Why would someone NOT purchase a refurbished laptop which can run Windows 7 ?
--
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org stock@stokkie.net