* Posts by DougMac

248 publicly visible posts • joined 16 Jul 2013

Page:

Broadcom terminates VMware's free ESXi hypervisor

DougMac

ESXi Free Version was too restricted

Too limited and too restricted to do anything interesting, let alone not having vCenter pretty much made it a nonstarter for anything interesting.

I don't think its a big loss, any of the competitors would be better suited for most people.

Windows Server 2022 patch is breaking apps for some users

DougMac

Re: Using a browser vs browsing

And many "local admin app" might just be an electron wrapped web page as well.

Which depends on Chromium, which is one affected app..

Broadcom ditches VMware Cloud Service Providers

DougMac

Re: The End

Proxmox VE has an okay management interface.

There are things you have to do on the CLI.

Probably the biggest thing preventing service providers from looking at it seriously is so many products that work with VMware do not work with Proxmox VE. (especially backup software).

I wouldn't count a tar file of the disk image files to be a proper backup solution (ie. built in Proxmox VE backup).

The networking is pretty simplistic, although I haven't really experimented with the new virtual network features of 8.1 much.

The API is pretty light weight.

One thing I encounter that bugs me to no end is that an NFS passthrough into a container doesn't "register" with the system for the first 5-8 minutes of uptime. Thus the container they are passed through to won't start in any reasonable time after host reboot.. I set a cronjob for 10 minutes post-boot to CLI bring up that container, and that seems to do the trick. Could just be my setup, but this seems to be consistent for me in multiple installs.

Steam client drops support on macOS, but adds it on Linux

DougMac

The bigger problem with MacOS is that Apple also cut off support for older machines for upgraded MacOS versions, so it may be a hardware (artificial) limitation preventing the upgrade as well.

(I know there are ways to make newer OS versions force upgrade on older hardware. )

I generally treat each generation of machine I get as a time capsule, that if I want to use this set of software, I need to keep that system as is. There are so many programs that would die off if I force upgraded it beyond its' means.

But the hardware still is completely usable for what it has. Ie. 98% of what I do can still be covered by my white MacBook (after I put in the SSL proxy software to allow modern crypto), and it is still as speedy as it was back in the day, still runs all my old software.

OOTH, I do have latest hardware, almost none of those old games can run, and even in emulation, do not run half as well as running on my ancient white MacBook.

Two new versions of OpenZFS fix long-hidden corruption bug

DougMac

coreutils 9 isn't part of the problem, it just allows an easier way to trigger the bug in ZFS.

There were other programs that dealt with sparse files that triggered the problem in the past that didn't involve coreutils.

Scribbling limits in free version of Evernote set to test users' patience

DougMac

I already reconsidered my relationship with Evernote long ago, and they and I parted ways after the first few stumbles.

How can they possibly have any users left to get that kind of coin from any longer?

Backblaze starts tracking hot drives as world preps for rising global temperatures

DougMac

Could be...

It could be that those drives run hot because the bearings are on the process of going out.

So because the drive is at the tail end of working right because the bearings no longer work at 100%, it heats up, causing the drive to malfunction even more.

I think a lot of processes like this are a viscous cycle.

But if it gives them insight into drive failure predictability, I think it would be worth tracking.

Myself, I have smartd track drive failure notices, and can start to plan on replacement when I have say more than x # of bad sectors or so. Seems to work for me.

Raspberry Pi 5 revealed, and it should satisfy your need for speed

DougMac

Re: Analogue audio jack

Anybody doing "real" audio on them already are probably using a DAC HAT anyway.

Plenty of solutions out there for that.

Microsoft calls time on ancient TLS in Windows, breaking own stuff in the process

DougMac

As the article stated, many versions of SQL server will break hard from my testing.

My application doesn't officially support newer versions of SQL server. So, its either run unsupported SQL version and hope it works 100% correctly, keep the old version, and disable Microsoft's force changes, or replace the whole thing at some unknown cost, and unknown amount of migration and dev work.

In my testing, Microsoft's TLS patches for SQL don't work reliably. The only fix is to do major version upgrades.

I've also got old network devices online. They right now have their management links isolated, but now we'll have to keep out-of-date desktops around so that they can still be managed.

Rip and replace is the only option. Otherwise, operationally they work totally fine for our needs. Its not a security application, but just because the UI was written long ago the whole thing needs to be tossed.

Why securing East-West network traffic is so important – and how it can be done

DougMac

Re: bad example

>> PCI (I think PCI existed back then) has pretty strict rules about limiting access

Yes, PCI existed long before then.

I think PCI is applied unfairly overall. Huge corporations seem to get free passes at doing horrible PCI violations, while small and midsized get raked over the coals.

I believe it was shown that Target & TJ Max (another credit-card breach due to wifi based roaming cash registers) were keeping way more data than allowed by PCI, such as the CVV and other data they should not have been.

DougMac

Re: bad example

It was widely discussed in the news around the original Target breach story.

It probably is embedded into many people's minds.

Douglas Adams was right: Telephone sanitizers are terrible human beings

DougMac

There are little red caps you are supposed to use on 66 blocks for data lines, especially things like 56k DDS and T1 lines. To prevent this very thing.

Of course most techs (especially any of the crews in the last 25 years) didn't know what the red caps signified, and once the data line is dead, it just sits there taking up room anyway.

I've been in closets that have many many dozens of T1 NIU cabinets without a single lit line in them. Because who gets a T1 any more (for voice or data).

Alpine Linux 3.18 fixes DNS over TCP issue, now ready for all the internet's problems

DougMac

DNS over TCP is used anytime the response is over 512 characters.

With DNSSec, SPF records, DKIM records, large MX record sets, etc. all being over 512 characters, not being able to receive a DNS packet response over TCP is a severe deficiency.

If all you are doing is looking up web site addresses, it might not be such an issue, but if you are doing email in what-so-ever fashion, most likely things were failing left and right for Alpine users.

An important system on project [REDACTED] was all [REDACTED] up

DougMac

Security Systems look ancient when you install them out of the box, let alone how long they keep them running.

The one that controls my floor has a software interface looks like it was written in TurboPascal, and I know it was installed 25 years ago...

I'm shocked the drive hasn't fried itself yet.

VMware’s vSphere 8 Update 1 debuts under revised product release regime

DougMac

I'm guessing that IA/GA dance was to make atone for the showstopping bugs found in vSphere 7.0, vSphere 7.0U1 & vSphere 7.0U2 releases.

Thankfully 7.0U3 seems pretty stable overall from the getgo.

All of their releases used to be GA releases, they only started the IA recently.

8.0U1 should be the first milestone patch release of 8.0 (which has been good to us as well so far). Its not like a major new version.

Techie called out to customer ASAP, then: Do nothing

DougMac

Re: Sounds like the same contract people where working at last weeks on call

> I used to work where we had a 4 hour fix contract ...

Yeah, all of those are now 4 hour response, and best effort to fix.

We'll guarantee you get an initial response from T1 support via email within 4 hours. You may get parts by the end of day. Maybe tomorrow. Maybe nextweek depending where we have them.

Defunct comms link connected to nothing at a fire station – for 15 years

DougMac

Telco billing... Bah..

IMHO, telco billing is the 3rd ring of hell.

I would wager that they have categories in yearly reporting of services they know are supposed to be cancelled, have cancel orders pending that never clear, or are outright abandoned that are a huge line item on their list. But of course gets covered up because they can't show such blatent scamming of customers.

Back when I had to do that, it was cancel service. Check the next n months; complain to telco monthly that they haven't disconnected the circuit yet. Once it is finally off the billing 8-14 months later, then you start the process to grab back the money paid out (unless AP is on the ball and is discounting it's payment and dealing with the dunning notices because the telco is going to be putting you to the debt collectors for money it shouldn't even be collecting).

This wasn't an isolated incident, nor any one company.

It was _every_ single time. Every telco company known.

I'd estimate that at least 30% of telco revenues come from disconnect services that just keep auto billing and being auto paid.

Don't worry, that system's not actually active – oh, wait …

DougMac

Halon doesn’t displace oxygen. It is safe to be around. That is a total myth that never dies. It functions chemically to prevent combustion from occurring.

The biggest dangers are what is described above, a huge inrush or gas will blow everything around violently.

Think floor tiles launching. What ever is on the ceiling. Etc.

Also if there is a fire, the stuff burning will be incredibly toxic. Halon can decompose in the fire to unpleasant chemicals you don’t want to breath either. The respirators are there for the output of a fire. You really don’t want to be around anything burning in a data center.

Zoom chops president it hired less than a year ago

DougMac

They make one product, that Microsoft essentially gives away for "free" to the same market audience..

I'd say 7% post COVID growth against something already bundled in by your biggest compitior is fairly decent.

But I'm sure they want to grow by COVID numbers again, and that just ain't going to happen.

Zoom: The sound of web chat biz's annual profits nosediving

DougMac

Re: Randomly

Zoom used to be king of the hill, but Teams being bundled into O365 subscriptions is eating their lunch.

Just like Zoom beat up Webex. Zoom will soon be in Webex's spot.

Its too bad, because I have way more issues on Teams than on Zoom.

Meta sees off another logo complaint from blockchain player Dfinity

DougMac

Lets rewrite this..

We aim to create a 'blockchain singularity' in which so many buzzwords exist, the angel investors will surely drop 9 figures on us.

We're just shouting into the void, says US watchdog offering cybersecurity advice

DougMac

Re: Same old same old

It has been 35 years since the Morris Worm (1988).

I'd say that was one of the first wake up calls that security is important and should be followed.

Basecamp details 'obscene' $3.2 million bill that caused it to quit the cloud

DougMac

And how much is the bill for the electricity, cooling, datacenter infrastructure, security, compliance, local sys admin staff that you also get in the cloud bill?

An IT emergency during a festive visit to the in-laws? So sorry, everyone, I need to step out for a while

DougMac

Re: No visit, just a (lost) long week-end

Possibly Exchange EDB?

Loads of fun dealing with corrupted EDBs..

To protect its cloud, Microsoft bans crypto mining from its online services

DougMac

Sometimes, the miners setup shop by squatting in some building nobody cares about, and steals power.

On the 12th day of the Rackspace email disaster, it did not give to me …

DougMac

"In ransomware attacks, data recovery efforts do necessarily take significant time, both due to the nature of the attack and need to follow additional security protocols."

Yes, it may take a couple years to infinity for the security engineers to reverse engineer the decryptor without paying the ransom.

Intel reveals pay-to-play Xeon features with software-defined silicon

DougMac

I'm not a heavy CPU user...

But I wouldn't consider even using any of these features on my servers, let alone pay for them.

I wonder if the market is just the sort of IT boss that buys the biggest they can just to spend money on "the best" not knowing what it even is. "Just in case".

How Wi-Fi spy drones snooped on financial firm

DougMac

Alright, finally something that Mr. Robot didn't already cover exactly.

Although Screaming Fist is a Neuromancer reference..

Oracle VirtualBox 7.0 is here – just watch out for the proprietary Extension Pack

DougMac

Re: Steam Deck

Maybe VMs are going away in your world, but are the only thing looked at in my world.

Containers don't offer many of my customers the platforms they need.

Everybody has different requirements, and nothing is ever going to go away, just shift around as requirements change.

Fortinet warns of critical flaw in its security appliance OSes, admin panels

DougMac

Who??

Who leaves their FW admin interface open to exploit?

Fortigate from the start has options to lock down the "admin IP addresses" that can access any admin protocol (ie. SNMP, GUI, SSH), just like any FW vendor..

At a minimum, lock it to your inside addresses, although would be better to restrict it just the internal IPs your network admins use.

Thats been SOP from the start for us using Fortigate. Still, something else can be used to springboard off to the device, but if your restricted IP range of who can even touch the box is a tiny footprint, the chance of exploit is greately reduced.

Also, to the Reg, FortiSwitchManager is a smashup of two different products.

There is a PSIRT for FortiSwitch when they are in a security fabric with FortiGate.

And there is a separate PSIRT for FortiManager for certain versions. They generalliy aren't mentioned together in the same breath.

Loads of PostgreSQL systems are sitting on the internet without SSL encryption

DougMac

Recommended Approach...

I figure that 819,900 of those open servers are from admins that don't have a clue what they are doing, followed some recipe somewhere, and now they have data leaks.

Echoing from above, don't have things listening on the Internet that you don't need to, firewall them off. AND TEST YOUR EXPOSURE.

Its a rare sysadmin I've met that actually tests what is listening outside to the world, and sees what traffic they've let in.

Covert malware targets VMware shops for hypervisor-level espionage

DougMac

>> discovered a "never-before-seen technique" that used malicious vSphere Installation Bundles ("VIBs") to install multiple backdoors.

Seems obvious that is how you'd need to install a backdoor on ESXi.

One could run only with VMware signed VIBs and not allow anything else, but too bad the real world kicks in and generally any installation needs 3rd party VIBs to function in an enterprise environment.

Bad UI killed the radio star

DougMac

Re: Kids these days.....

I read that, and was trying to imagine 7" tall tape running through their editing bay.

The largest I've seen is 2" tape.

Backblaze thinks SSDs are more reliable than hard drives

DougMac

Re: Not quite.

Tried doing SD card boot for VMware.

I had to replace the cards about ever 4-6 months.

Gave up and spec'd out systems with local SSD boot after that.

Granted, other brands of server hardware seem to do better than others, but it was of no surprise to me that VMware unspec'd SD card boot off the HCL.

OVHcloud opens up Bring Your Own IP service for IPv4 failover

DougMac

Re: No thank you

This must be the reason for offering such a service.

As somebody that plays in that space, there aren't alot of cloud customers that potentially have their own IPv4 blocks sitting around.

The only reason I could see it is if some cloud customer is really tied to OVH, and they want to get away from the absolute shit reputation that OVH IPv4 address space has that gets blocked quite often elsewhere, enough so they go get some rando IPv4 block off an IP broker.

A refined Apple desktop debuts ahead of Wednesday’s big iThing launch

DougMac

Re: 64K

They were probably referring to the Apple II+ picture shown. With the II+, you got a language card which held the top 16k of RAM if you wanted to hold your basic or whatnot in it and bank switch in RAM.

Otherwise, you had the lower 48k for program RAM, and the top 16k for ROM and I/O space.

The 6502 could address the full 64k, but the top space was ROM and I/O and gaps.

Discord details how it dodged latency with a super-disk made in the cloud

DougMac

Because they auto-remap the bad sectors behind your back.

Now the remapped sector has to have an additional lookup command adding latency.

You can run out of the spare sectors that they hide from you as well.

This is one reason that disk wipe software had to develop special methods dealing with SSDs, because wiping all *active* sectors doesn't wipe *all* data off the disk.

Warning: Apple 'could very easily' cripple Jamf

DougMac

Re: Apple could very easily cripple jamf...

Apple's complete history has been to ignore the enterprise space with prejudice.

Google's ChromeOS Flex turned my old MacBook into new frustrations

DougMac

Not sure what was expected..

To me, ChromeBooks already seem like fisher-price systems to give to the kids to write their school report in Google Docs on and nothing else.

Not sure why anybody would expect more out of it than that.

Fights, floods, and fortunes when cloud giants roll into town

DougMac

Jobs jobs jobs

I love the "it'll bring so many jobs" for datacenter work.

You bring in a ton of construction from out of town, they work for the year it takes, and then gone.

A datacenter employees typically about 100 employees on an ongoing basis.

I know of grocery stores that employee more people, let alone a target or walmart of that ilk.

Ex-Coinbase manager charged in first-ever crypto insider trading case

DougMac

>> first-ever cryptocurrency insider trading scheme in the US.

You surely mean the first one caught and scheduled to be tried.

Cryptocurrency is one big huge insder trading scheme to begin with.

Getting that syncing feeling after an Exchange restore

DougMac

Re: Exchange

And anything before that was guaranteed downtime rebuilding all the time.

My favorite was the _bug_ that made a reboot a 5 hour affair on an exchange server.

That didn't get fixed for half a decade.

DougMac

In that time frame, there were *lots* of calendaring options.

It just that all of them sucked so bad nobody wanted to use them. The users all demanded the wonky-ass Outlook calendaring as the only option they'd ever consider, hell to all the others.

I never found the facination with Outlook. Still don't. Its like here, have a program that you'll beat yourself over the head with a brick with, and you'll *insist* its the only one you'll use.

Ditching VMware over the Broadcom buy? Here are some of your options

DougMac

Seems like lots of choices missing.

The two biggest ones I think are Azure Stack and AWS Outposts.

I don't think even Microsoft itself believes in Hyper-V on its own, or with VMM as a viable solution.

Cloudflare's outage was human error. There's a way to make tech divinely forgive

DougMac

Rollback...

Apparently the author didn't read the indepth Cloudflare analysis.

But, they already _had_ a known good config fallback.

The biggest problem came about when different engineers kept falling back to different known good config states.

More than $100m in cryptocurrency stolen from blockchain biz

DougMac

Re: Slush fund for hostile nations Vs ...

Is that about cryptobros or GOP bros?

Mars Express orbiter to get code update after 19 years

DougMac

Re: It never ceases to amaze me ...

In the 70's, you'd be extremely lucky if your car lasted until 100,000 miles. Either the engine blown or being shaken apart/rusted through. Most people replaced cars well under that limit. I remember my dad welding sheet metal on the floor pan of his truck so his foot stopped going through the floor.

Now-a-days, it is routine to drive cars well past 100,000 miles.

512 disk drives later, Floppotron computer hardware orchestra hits v3.0

DougMac

Re: tonal range

Not sure he (or anybody) would be willing to pay $200 and up for working 5 1/4" and 8" floppy drives.

Anything less than usually is "untested parts only".

How one techie ended up paying the tab on an Apple Macintosh Plus

DougMac

And O and 0 interchanged quite often.

DougMac

The early days of the world wide web you mean..

And it didn't take FrontPage to produce all the hideous homepages. Most people did it by hand.

Although one could tell instantly if it was a frontpage site just to the hideous layout methods used.

Page: