Posts by Rob F

A famous story from a previous company I worked for

One of the Systems Engineers was a bit of a liability at an MSP I worked for. He was asked to do some work at a customer site and for reasons never clarified he DCPROMO'd the only working Active Directory Domain controller and then, unsurprisingly, everything stopped working.

We thankfully had well implemented backups of the system state and AD and were able to recover from last nights backup.

The customer asked that the System Engineer in question never worked for them again.

An uphill struggle

I was just reading ESET's blog about how to prevent EDR killers and the tasks outlined are pretty significant for a number of businesses.

High-quality EDR is a must – An EDR killer is a sophisticated attack tool; likewise, a cybersecurity solution deployed on the targeted endpoint needs to be top-grade. That means it should have detections for the malicious code abusing the vulnerable driver, even prior to execution. However, due to heavy obfuscation or other evasion techniques, this may not always be feasible.

Tamper protection – This prevents unauthorized users from disabling or modifying the components or capabilities of a security solution.

Blocking vulnerable drivers – This can be achieved through strict policies regarding potentially unsafe applications (PUSA) and file-based detections. To avoid system disruption, consider starting with a “Detect but don’t clean” mode, then adding exclusions as needed, and finally switching to a “Detect and clean” mode.

Vulnerability and patch management – Sophisticated threat actors may try to abuse a vulnerable driver already present on the compromised machine instead of relying on BYOVD. Therefore, having proper patch management in place is another effective method of defense.

Harden Application Control– Improve your defenses via application control. For example via Windows Defender Application Control (WDAC), where you can create a policy that allows only selected drivers to be loaded. Other platforms leverage technologies like ESET’s Host-based Intrusion Prevention System, which uses a “Rule” to block an application.

Limit access to endpoint security settings – Using a strong password to lock these settings adds another layer of protection.

Know your environment – These tools require considerable focus and knowledge of protected systems to avoid interfering with legitimate software and causing business disruptions.

Quite a bit to do.

Misread of sentence still makes sense

I misread a sentence as "Users are speculating that Atlassian is trying to shit professional users to Jira"

Still made sense, in my eyes.

Does anyone recall the downfall of Digg?

It only takes another platform to scale out and take the attention away to heavily disrupt Twitter. The Twitter Infrastructure blog has always had interesting posts on what they've been doing https://blog.twitter.com/engineering/en_us/topics/infrastructure and although they have their secret sauce IP on how things work, it wouldn't surprise me if an equivalent couldn't be quickly brought to compete with it. The bigger problem, if it could be overcome, would be financing it.

Just waiting for Azure to respond to this

with their exorbitant egress fees.

There is quite a bit of discussion with customers about repatriating services and data

We've had quite a few discussions with customers about going into Cloud now in Australia and then bringing those services back to New Zealand when the Cloud Platforms are available. This seems to sit well with a lot of customers, and we've had a lot of commitment on the basis of Azure and now AWS committing to build into New Zealand.

I think interestingly that the Virtual Desktop products are one of the hottest tickets of discussion. I had thought VDI was going away, but it has returned with a vengeance, especially with the extended lockdowns we've had and customers moving into further commoditisation of bring your own endpoint options.

New Zealand has been shown in recent times to be a forward thinking, digital ready market, and I think this is the outcome of this.

Microsoft are famous for backwards compatibility

But I think they've had to change their approach with Cloud because they are such a vector for attack and just have to keep moving forward.

Annoying for people maintaining systems, but potentially a necessary evil.

Australia does seem to have some brown out issues

Which is why the Tesla battery farm in South Australia.

I wonder if there was a surge due to non-consistent supply?

I experienced a similar NAT problem about a decade ago

A security engineer installed a new Barracuda appliance at a community college. The next day I get a call out that their SBS server had crashed and no mail was being sent or received and the SBS was generally not serving requests.

When I looked at the system, the mail queue had 300k objects and I had to halt all services just to stop things crashing. I did a lot of cleanup, which I won't bore you with the details of. I then investigated wtf happened and it turned out that the Barracuda had NATd all public SMTP delivery to appear as an internal IP to the Exchange server. The problem is that the college had previously put in a SMTP relay configuration that trusted all internal IPs. Some spammers had quickly identified this and smashed it to send out their payloads. The public IP finally got blacklisted and I had to then go through the fun of getting them whitelisted through all the PBLs etc.

Security had managed to make the environment worse, but did fix it afterwards.

I thought IPv9 was being ratified

and resolved some of the shortcomings of IPv6. https://www.researchgate.net/publication/340381435_Comparison_Research_on_Future_Network_Between_IPv4_IPv6_and_IPV9

The problem may be that the copyright and ownership is Chinas.

A company I worked for back in the early 2000s

Acquired a business that was owned by a guy that also owned the local video sex shop and was very relaxed on what could be on systems or openly watched.

There was a grace period to get people to clear out anything that breached our business policies, but one guy was too far gone and not only kept about half a terabyte on the file server, but would also openly watch it.

We ended up having to fire the guy after multiple warnings and I don't think he could reconcile that he'd done anything wrong.

I found stuff in folders for months after that.

Mobile tech gets old quickly

I can understand the predicament that vendors have with mobile phones as even though the form factors aren't changing that much, the componentry dramatically changes in new phones across 5 (or even 3 years). We have problems keeping spare parts for enterprise IT equipment for that long because of the supply chain changes. You should see how much HPE charge if you want hardware support beyond those periods.

I'd be of the opinion that vendors should allow you to move to a generic Android or customised ROM once support for your device ends, so you can at least continue to receive software updates.

Going back to the hardware topic, it's possibly an option like what they have done with some OS's to have a long term release version that people can choose to purchase that gives them a longer period of support and parts availability. The question though would be whether it was in anyone's financial interest to do so.

I'm excited about robo-taxis and automated vehicles in general but...

I think somewhere like China had to do it first, for less than ethical reasons.

First is the insurance company model, especially in the West, still hadn't got the situation sorted regarding culpability with incidents with automated cars. Second, China has the kind of control that could strong arm any bad PR off the face of the earth, until robo-taxis become the norm and the bugs are tweaked out of it.

I might be just following the trope of China = bad, but like a few developments in the last decade or so, there's had to be an element of Wild West before things become a bit more established and adhere to protocols etc.

I'm really hoping one day to convince my City of residence, Auckland, to invest heavily in automated vehicles, because we are about 20 years behind schedule infrastructure wise.

I quickly read the Libra White Paper

It is here if you are interested

https://libra.org/en-US/white-paper/

I'd say a decent amount of provisions have been made, like the establishment of an independent subsidiary Calibra.

KYC of all users is required, so I'd say the national security risk excuse is bunk. Could it destabilise established currencies in the future? Possibly, but it is supposed to be a stable coin.

The backing of the currency with assets is something that should help with the coin confidence. https://libra.org/en-US/about-currency-reserve/#the_reserve

To be honest, I understand the concern about anything associated with Facebook being bad news, but if you think about why they would want this to exist, it's just a really great way of removing the barrier to entry for so many commercial platforms. They could effectively wipe away any currency conversion costs that currently cost them money and hassle. No doubt that they could probably drive analytics on your purchase patterns etc. which will be another revenue stream, but the fact that Visa and Mastercard are already on the Libra consortium suggests this isn't going to be something new to them.

Augmented smaugmented

Never mind screen ratios, what is my augmented reality view ratio going to be?

My last two phones have been the Huawei P9 Plus (18:9) and the Samsung S9 Plus (18.5:9) and I really don't notice any difference between them viewing wise, despite the S9 Plus having a 0.7 inch longer diagonal display, despite being only 5% larger length wise. The width of the two devices is identical, any larger and I wouldn't be able to use it as a phone or have it fit in my pocket.

This sent me down a rabbit hole

Some fascinating research from NTT Data about the developing SDM

https://www.ntt-review.jp/archive/ntttechnical.php?contents=ntr201706fa1.html

https://www.ntt-review.jp/archive/ntttechnical.php?contents=ntr201706fa3.html

The exponential growth from Tbps to Pbps doesn't actually seem that far off.

How did they manage to miss this opportunity?

Stop Inspiring Sex Traffickers Act (SISTA) - Fight Internet Sex Trafficking Act (FISTA). Nod to Ali-G.

On a more serious note, places like Australia and New Zealand take a much more pragmatic approach of legalising brothels and escort agencies and aggressively patrol it, rather than forcing it underground. Anyone trying to circumnavigate the rules gets the full force of the law. I believe women (and men) that choose to be involved in the business are vetted to ensure there isn't a coercion underbelly.

I am beyond being surprised that any of the recent legislation coming out of the USA is anything less than a capitalist, oppressor, oligarchical wet dream. Nothing is allowed to hit the Senate or Congress without it being meddled and having cheap shot caveats injected into the legislation. Adding riders is just another unbelievable perversion.

Semantics of a word

The argument I have seen for this is determining what the word unlimited is. To me, unlimited in the context of internet is unlimited bandwidth. I have been led to believe that the industry wants to use it as unlimited availability. It is an easy assumption to make when you have been on a capped service and move to an unlimited service that there is no cap, meaning you have unlimited availability and bandwidth. I don't know why one would be surprised by this confusion? I guess it gives the ISP's an easy out when they say "Oh we meant X, not Y" and then boot people who they perceive are abusing the service, but can still advertise it as just unlimited.

It also gets interesting when they perceive you to be using a home broadband connection for business services. They can get nasty about that too.

The GoPro predecessor was slightly larger than Ted expected.

Here in the land of the long cloud

NZD$649 around USD$10 cheaper than in Australia. https://ebgames.co.nz/featured/playstation-4

In general a 1 to 2 kg device would generally cost NZD$100 to deliver plus import tax for expensive items, so I'm not actually feeling too sore about it.

Citrix

I use Windows/Office very happily on many a fondleslab with Citrix.

Citrix for the home user would be a nice addition.

This is how I see it going

The final block will finally be sliced up and exhausted and then we will be on to the exciting game of highest bidder wins. Like carbon credits, the price will go up as the availability decreases and especially ISP's and hosting companies will have to acquire ranges any way they can. I have already been involved in a project where a company had an entire migration to a managed datacentre for their web-servers (some major clients) which was pretty involved, for the princely sum of a /20 range that they owned.

I also know Universities that have so many public IPs that they use public ranges internally so don't be surprised if they suddenly make a quick buck by selling some of those ranges.

The tipping point is when the price of these ranges changing hands becomes more expensive than just upgrading the infrastructure/using 6to4/etc. The question in my mind is just how quickly these prices go up. If it is reasonably gradual, then the majority will have time to get themselves sorted. If if goes into the stratosphere very quickly, then get out the popcorn because it is going to get interesting.

Offsetting Vodafone's efforts

I'm pretty sure this is a response to Vodafone NZ releasing their Data Angel plan.

Pay NZD$15 when you land in Australia and get 100Mb of data. The same price gets you 40Mb in Europe, Asia and the USA. There are higher data amounts and usage lasts 30 days, which is pretty good.

Beware uninformed customers

I worked for an insurance remediation contractor service in the UK on the IT side. I had to write a number of workflow systems through the CRM system to filter out anything that wasn't a verifiable complaint so it could could be correctly reflected in the reporting system.

People would complain because of things like we couldn't replace the model of sink that was manufactured 20 years ago or because we wouldn't repair beyond "as fit" (as per your insurance agreement). The majority of the real issues lay down to heel dragging on behalf of the insurer, agreed scope of the work and the customers understanding of that (i.e. it may not have been explained well). Most people don't read the fine print in their insurance and get bitten by it. Just because it was the cheapest insurance doesn't equate to equal coverage to a more expensive one.

I am working on a education VDI deployment

on a large greenfield campus. Their preferential vendor was Dell and their core switching is Brocade.

Pricing up the Dell Blades was a strange one because the M620 comes with 10G on the LOM. Additional 10GB Broadcom cards were the same price as 1GB cards and that is before the insane discounts that the education sector gets.

The M1000e was kitted out with 6x IO Aggregators which have QSFP+ on board for a 40GB to uplink. Unless you start spending silly money trying to convert the QSFP+ to optical, you need a SFP+ or QSFP+ capable switch. The one that made sense was the Force10 S2410, but it doesn't exist any more so we had to go for the S4810 which comes in at $30k and then there is the price of the cables. Again education prices made these dramatically cheaper.

Where it got really expensive was the Brocade MLXe 24 port SFP+ modules. Unfortunately the Brocade MLXe doesn't support 40GB QSFP+, but their top of rack switches, the ICX 6615 does. Also Dell were being really fussy about what they would support, so this became a no go.

So really, this reiterates what others have said. Switch prices and options are the problem. I am struggling to justify having 96 SFP+ ports on a two-switch redundancy design, but it was really the only option given to us. When the environment is fully kitted out with SANs, uplinks, connections to the Blade Chassis, we will only need to use 4 per blade chassis, 1 per iscsi SAN and maybe 4 to the core.

Datacentres have a different problem, but environments that are smaller really need some smaller switch options to justify 10GB or a reduced price point.