Posts by Griffo

Aussies up early too

Supposedly NBN is going to move up to 100k users currently on their GEO sats over to Kuiper. This was supposed to happen in 2026.

Must be a hell of a lot of launches planned.

First time failure

Look, many of us don't manage to last long our first time.

Although 14 seconds.. dude. Just pretend it never happened, and keep going.

Vlan Issues? Then Dell right?

Dell switches I take it. Vlan issues and buggey webUI sound like Force10.

Salty Tears

So what do they actually want? Microsoft to not have a Directory Service?

You aren't "forced" to use anything over and above the free edition in order to provide authentication. If you want to use Okta, or DoubleSecret whatever or any other home grown authentication offering, you are free to interface with it using industry standard authentication protocols.

Of course Microsoft have versions with more features for a cost. Do people want them to stop adding more advanced security features for their willing clients?

Once again Google self Interest

It sounds like the whole DHCPv6 vs SLAAC shit again, where a single dev at Android is basically holding the world to ransom because he doesn't beleive in the need for Enterprise customers to have better control of clients on their networks. It's crazy!

Had the same thing!

We had the exact same thing happen, except in our case it was during the handover from the supplier. He was demonstrating the yellow "disable" button by pressing it.. and boom off it went.

We had to clear out the 20+ story building and basically it was shut down for the day until the floor was sufficiently vented.

Sometimes interpreted correctly

Back when I worked for CSC (now DXC) we had a junior engineer start with us fresh out of uni. Two weeks in, he hacked the payroll system, but took that information and how he did it to the new head of infosec. A week later he was no longer a shit-kicker but was a junior infosec analyst. Correct reaction from management there.

Or is it?

There's actually a bit of conjecture in the infosec forums on whether this is in fact a real vulnerability, or just new malware that exploits an existing vulnerability that was patched 6 months ago... watch this space I guess.

Interesting

I remember a similar pitch from Alteon. Remember them? Great technology, had a few bugs but was a great packet mangling ASIC.

Then Nortel bought them. Remember them?

Buyer Beware

When Microsoft talks about Extended Security Updates, the really do mean Security Updates. Do not be fooled into thinking this means "Support".

We had the fun and joy where a bunch of 2008 servers that had been migrated to Azure became unmanageable because while 2008 has Security Updates, that does not mean that Microsoft guarantees their own products will confinue to support it. In this case, one of the Azure Product managers decided to drop 2008 support as is no longer on MS's supported OS list. Mull that for a minute.

It also doesn't mean 3rd parties will support it either - you may find your backup or AV vendor no longer provides support either.

In short - just take the pain now and upgrade to a supported platform.

Additional Revenue

I wonder which bucket they are writing audit fines to? They seem to have been on a bit of a COBOL licensing audit spree lately. I'm sure that helps fill the coffers.

He's a Marketing Guy

C'mon AWS. It's not like he's an engineer or product manager who knows stuff in intimate detail. He's a marketing guy who is whiteboard-deep in his knowledge of products engineering.

I dunno what the issue is. I mean, sure, Android doesn't support DHCPv6, Cisco gear still has major memory leaks with their DHCPv6 implementation, there's no hostname registration in DHCPv6 so you have to chase down MAC addresses and hope the client registered themselves in DNS.. It's just so easy to administer.

C'mon Ed.

If you're gonna explain that "The issue is most likely caused by a CPU feature called BD PROCHOT, which stands for bi-directional PROCHOT. " you might want to explain what PROCHOT is too.

Mirror ain't backup

I went out to visit a new client to get an overview of their infrastructure, and to perform a quick health check. This was a largish architecture firm, I think they had about 200 architects, designers etc.

Their "backup" system comprised of the owner pulling out 1/2 of a mirrored set of disks each night. He'd take it home, then bring it back in the morning and let it re-sync.

Yes.

Really.

I spent a month trying to convince him that that this was a recipe for disaster and that he needed to spend a relatively small amount ($5k or so) on a backup system. He refused, and we pretty much parted ways.

Fast forward 3 months, he calls us in tears. All his data was gone. Every client drawing ever produced had gone "poof" one morning when he plugged the disk back in and things didn't go well.

I didn't give him much time, asked him how expensive that $5k backup system sounded now, and told him to go try ring someone else. I have zero regret in refusing to help him.

I had something similar happen

Back in the early naughties, one of our cusotmers was a name-brand diamond reseller, who was at the time setting up an early B2B diamond marketplace, hosted on our kit.

Given the size of any potential fraud, they sent in a set of security auditors to check out our setup. All good, I spent the day with them in our datacenter which was at the time pretty advanced. Think guards behind bullet proof doors, multiple man traps etc.

Problem was, on the second day, I was badly delayed due to a car accident (mine!) and turned up around 3 hours late. At this point I found the auditors had

a) convinced the guard to let them in seeing as "they were here yesterday"

b) used a boot disk and snagged a copy of the SAM DB from the NT4 severs

c) scampered with that file to try their hand with l0phtcrack to try to break any weak passwords

Needless to say, we failed the audit.

Devops

It's all about providing more tools to enable Devops on Azure cloud. That's all. They want a reliable well established code and packaging source to encourage more automated / serverless / devop oriented workloads on Azure.

Talk About an Own Goal

I'm just going to leave this here..

https://www.citrix.com/blogs/2019/04/04/security-best-practices-multi-factor-authentication/

Once became an accidental peer

One time in the early 2000's we screwed up the BGP config on our edge routers. We'd just installed a bunch of 155MB/s links to various ISP's for redundancy. At the time in the wonderful land down under, flat rate links were pretty much impossible to buy, so we were on metered connections.

Unfortunately due to our screw up, we became a peer between the ISP's and started paying for the privilege of shuffling packets between the ISP's. We ran up $40k in traffic charges before someone noticed that the traffic seemed pretty heavy for a couple of routers with nothing behind them yet...

Hmm

While I have no doubt that Oracle and a bunch of munts who have screwed over their staff, $11m over 6 years is a pretty low figure for an enterprise sales reps. With the amount that Oracle pay their sellers i'd expect them carry at least $5m in target per year,

Who feels sorry for Oracle? No Really

Oracle's just upset that nobody want to use their shit cloud that can only provide 2012 level basic IaaS services. I think Gartner recently rated it as having "minimum viable features".

I fact I just found it and I quote:

"Oracle's second-generation product, named Oracle Cloud Infrastructure (OCI), was launched in November 2016. A year-and-a-half later, however, Gartner says it "remains a bare-bones 'minimum viable product,' and it is arguably too minimal to be viable for a broad range of common cloud IaaS use cases.""

Transactional Tax

Is this another reason for countries to look more seriously at shifting to transactional taxes?

Tax the transaction, in the country it's made, at the time the transaction is made. The ability to funnel transactions to low-tax jurisdictions could be severely curtailed if not stopped entirely.

Stab in the dark guess

Lost a server or storage group.

Discovered backup junk

Recovering emails from a journal, which means that it needs to process every mail, decide whether to restore it, and insert it back into the users (now empty) mailbox.

Talk About an Own Goal

Lets hope that the Cray Shasta is more successful than the Alteon product of the same name.

Lost all a CIO's emails during an Exchange Migration

I once had to complete an AD and Exchange migration for a company. I don't recall the reason why exactly, but they needed to move to a new AD so a full migration was necessary.

When I configured the new Exchange environment, I set up some basic policies - you know, like remove all mail from the Deleted Items folder after 30 days etc.

A week or so after the migration was completed, I got an urgent "please explain" email from the CIO, he wanted to know why I was so incompetent that I had managed to lose all his emails.

Naturally I went straight to the logs to see that yes all X number of items had copied across, so I went to question him as to what emails he was referring to. At which point I learnt that he, no shit, stored every single email he wanted to come back to in the 'Deleted Items' folder. On their previous server they had no policies so they stayed there until he deleted them a second time. I never could get my head around his logic that this was a good place to store them..

Anyway, luckily I still had a PST of his old mailbox, so disaster was averted. But what a muppet.

I've often had the same

I too have the "curse" of an email address that many people seem to think is theirs. Mostly, it's easy to correct, but memorable is a software company that kept sending me the software license key for their wares. I spent maybe 2 years forwarding it back to their support department before someone with more than one brain-cell picked up the ticket and actually fixed it.

I too was unleashed untrained on a Netware 3.11 network. I was given the admin doc and the SYSADMIN password and unleashed. I didn't even know what IPX was for gods sake.

Somehow, I survived, although I do think I had about 6 weekends of major rebuilds due to earlier poor planning decisions. Name everything the same and everything would work just fine come Monday morning.

Poor Handling

One of my co-workers had their data slurped via this attack. He had to cancel his card obviously, but luckily BA sent him a nice email with a free offer to a 12 month subscription for a credit monitoring that would look for attempts to leverage the information that was stolen.

Only issue was.. the offer was only valid for UK residents. So basically, if you used BA, got hacked, and were not a UK resident, then they effectively said "screw you".

Say what you will

I know on this site that a large portion of the participants are Microsoft haters. But you have to admit that the founders have been some of the most philanthropic people in history. Compare that to Bezos or Ellison or Zuch who horde their billions like some modern age Scrooge McDuck.

Vale Allen.

Backwards Compatibility

Say what you will about MS, they are normally overly focused on software backwards compatibility. Often to their own commercial detriment. I wonder if a security flaw with the old authentication method was found that forced their hand.

It would be great

It would be great if MS actually enabled this technology on all their partner portals as well. You know, the ones that let us modify customers products and subscriptions and get into their tenancies.

There's been a few cases of partners credentials being hacked - to date mostly so people can spin up Azure for free crypto, however the fact that most of these portals still cannot enable 2FA is criminal.

Great

So after years and years of teaching users to check the full URL.. Google decide to start obfuscating it so they can turn it into another search bar with zero thought about the repercussions. Guess it's back to Firefox then.

I doubt there's any BV code in there

From what I understand AAD was a ground up clean sheet modern directory written specifically for multi-tenant web scale identity requirements. Compatibility with Windows AD obhects was added afterwards, and AD services have been slowly bolted on, but again are clean room implementations. I doubt there's much if any code in AAD taken from Windows AD.