* Posts by reub

12 publicly visible posts • joined 4 Nov 2014

VMware security advisories now behind bureaucratic Broadcom barricade

reub

HOWTO: Buy a Business Then Screw Everything Up About It (Including Customers)

This whole VMware/Broadcom acquisition leaves me with a mucky dirty feel that makes me want to wash my hands until there's no trace left.

I've got a VMUG subscription so I can use and enhance my skills with VMware. But with all the customers now bailing out it seems like working skills in VMware won't be much sought after in the marketplace anyway.

I am considering attempting a migration to Proxmox sometime soon, because not only is it unlikely that I will renew, but it's looking like high risk that even things like VMUG will still be around when it comes up for renewal early next year. And in the process of migrating I'm going to get skills that probably are more in demand right now, namely "migration from vsphere".

With this latest change to the portal system, all of my links to software, release notes, KBs and things I'd use are now all broken. I might as well start afresh with all of those. 404 Page Not Found.

I don't have a Site ID so I can't add entitlements to anything and I can't get to the original download pages on VMware anymore.

I became subscribed to an ESXi community group (at some point in the distant past) and started receiving daily digests of all the posts since the migration. Whatever setting was there in VMware somehow has been changed during migration so I've had to go in and figure out how to unsubscribe from something I was never getting from the first place.

Now, even security notices are being hidden behind a login screen, seemingly for no good purpose.

All in all, I am just seeing breakage of previously useful things, carnage of productive resources, pointless inconvenience to me as a tech, and agro for no real purpose other than "Broadcom". The VMware name is now just becoming trash sucked up by an organisation which seems to operate some sort of twisted business model where it looks like they have no qualms about pissing people off and don't see that that their current approach is not going to help them make money and will simply destroy all goodwill.

Someone needs to tap people at Broadcom on the shoulder and remind them that they bought a business that while certainly needed changes, was worth what they paid for it because some things it did generated money. It makes no business sense at all to crap all over the things that made VMware valuable in the first place - least of all customers.

Cisco promises to unify its net management silos in the next three to five years

reub

Re: Best thing about fabric is…

I happen to work in manufacturing and logistics for a business that has multiple different business units all with different operational requirements. Not as easy as cookie-cutter retail. I've also just completed an advanced Meraki training course today :-)

What Meraki features do you think Cisco wireless is absorbing? The Catalyst wireless platform today has well and truly surpassed the capabilities of Meraki wireless, although it'd be a hard sell to claim that Cisco wireless is easier to use.

While yes the Meraki UI is good and so is the provisioning process, it's not all as easy for everything as just do a template and it works. Templates work very well in MR space, but they are practically unusable in MX space as they fail to scale in a meaningful way especially once you end up with per-site variation in the firewall rulebase. You also run into these highly irritating limitations around things like being unable to add custom rules per site once you do templates. Or... if you don't templatise the firewall rules for 60 sites and run them as standalone and you need to push an update in the rules out to 24 of them (which then become nonstandard with the other 36) you've just created a big unmanageable mess. Or one of those sites with a template that needs a special variation for a unique issue (eg local change to enable temporary access to something).

To get around that you end up driving it all via API. But then you're not using the UI at that point anyway so whether the UI is any good becomes a rather moot point.

reub

Re: Pull the other leg, son.

It's marketing speak for "customers don't like what we did last time" so they are turning it into an opportunity to say "see...we are listening!" and "we are making it better so come talk to us". Notwithstading everyone was telling them their licensing was a problem right from the start. Trying to make a Mea Culpa problem look good.

reub

Re: Best thing about fabric is…

Yes - I've been working with Cisco gear for almost as long.

I think Cisco has missed the boat in so many regards. Hardware is becoming more and more commodity and cheaper and Cisco still wants to aim for the high end and charge a premium for everything. The only area they are still doing quite well in is wireless.

Routing devices are horrendously overpriced compared to competition, switching for straightforward deployments involves silly things like paying for a DNA license even though the customer doesn't even have a DNA centre. Firewall? The technology they have is long overtaken by Palo Alto and ASA just doesn't stack up. I've done ASA to PA migrations in every job I have had in the last 8 years (and these haven't all been my decision).

Meraki? Good, but very very feature limited and just as expensive as Cisco Enterprise over 5 years (but with a reasonable cloud based UI).

Monitoring? DNA centre has never been even remotely within reach of any organisation I have ever worked with. I tend to work for small-medium sized organisations (up to 200 sites) and they just cannot justify the cost of a management platform (hardware, software, support) that costs more than a body on a seat each year. A DNA-Express option might fly in some places (just like Callmanager Express - although while that was good there was no upgrade path from Express to Full)

Cloud? Networking in the DC is moving all virtual, and the organisation now is moving from on-prem into Azure with Azure networking so Cisco don't get a look in there. In fact DC Cisco hardware will be decomissioned along with everything else when we finally move out.

So disappointing. I suppose when you are the undisputed leader in something, there's only one way you can go - and that's down.

Australia asks Twitter how it will mod content without staff, gets ghosted

reub

Re: Those funds are needed, in part, because Twitter is moderating less content

What if you don't actually operate any business out of the country? You're still accesable over the Internet regardless of where your business is physically registered to.

reub

What if Twitter continues to ignore the Australian Government? Ban the Twitter packets as they come in through Border Control and refuse them entry?

It sounds a lot like they're trying to do something that worked in the pre-Internet era but is completely unachievable in the world of Internet and global communication.

Australia wants Google to jump higher and sweat before it can buy Fitbit

reub

Does this opinion from the ACCC really matter? I mean Google can do whatever they want without bending over to some lame regulator here in Australia who thinks it has teeth but really can't do anything to a foreign owned and controlled company. Am I missing something?

VMware's flagship vSphere now in never-ending beta, if you're up for it

reub

I sure hope they have worked out a better mechanism now than they did in the past with regards to beta version upgrades going forward. In previous times gone by you had to completely destroy and rebuild your entire setup every time a new build came out, as they did not support upgrades from beta to beta, nor ugprades from beta to final. The installer enforced this so technically it wasn't (easily) possible to do nor can you upgrade by saving the config and re-importing it.

No sane person is going to want to recreate their entire lab and rebuild vCentre (with dvSwitches etc) every few weeks for each new build. People who are *that* into it have paid jobs to do and won't waste hours and hours of time rebuilding their environment to help VMware for free (it's also as boring as all get-out to do). And it's certainly questionable if people will want to ever put a real workload on such a temporary setup.

I have never figured out if VMware understand the practicalities of this but this is just a token gesture to indicate they are "community friendly", or if they genuinely believe people are prepared to spend their waking hours testing their software for free.

Stop us if you've heard this: Cisco Aironet has hard-coded passwords

reub

And this one too:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-aironet

Cisco emits new branch box

reub

Re: Sales pitch

The throughput listed is guaranteed regardless of the features enabled. That's why they are so 'underspecc'd' in the data sheets - they build so much fat into the numbers.

Personally I hate the way they now market the ISR4ks based on restricted performance. It makes sense that they can guarantee the speeds regardless of the features enabled, but it really sucks hard that now you have a box that is actually capable of much faster speeds with no features enabled, that sits idle under max rated throughput because it is now crippled by a license.

Cisco cops to enterprise IOS XE vulnerability

reub

Re: Audit? Nah...

I was the customer who discovered it.

I didn't need any sort of vulnerability scanner - I just needed a Nexus 1000v switch which had (surprise surprise) CDP enabled. There appears to be a bug on the N1kv which means it sends out CDP with all zero's as the mac address, which caused the Cat3k to crash within seconds of booting up.

Australia Post goes a little bit grey with parcel forwarding service

reub

The small print states that:

---

All ShopMate orders require a signature on delivery from the buyer. This offers greater protection in the event that an unauthorised person attempts to accept your parcel. For this reason, ShopMate will not deliver to PO Box.

---

My local Post Office regularly (often weekly) card things in my PO box which means I have to go to the counter to sign for the parcels before handing them over. Does Australia Post not trust Australia Post Outlets to do the right thing?