* Posts by casperghst42

25 publicly visible posts • joined 8 Sep 2015

China is likely stockpiling and deploying vulnerabilities, says Microsoft


Exactly my first thought.

Why the Linux desktop is the best desktop


I got an Apple Macbook Air 11" from 2011 (i5) which is too slow for macos to be intersting, but it runs Ubunto Desktop 20.04 LTE without problems. What is intertsting is that the Apple TB1 GbE adaptor works without a flaw .. also it's nice to have an linux when the rest does not want to do what you want it to do.


Re: Linux "Desktop"

I've been around long enough to see AD and Group Polices to evolve and for someone who work with Directories for a living, I mush say that AD suck - it was basically a wrapper around NT domains, these they have changed alog but still, it's a horrible design.

Group Policies is a blatent mess and no one with a sane mind would ever venture into it, but it's what Microsoft gave people and they have to live with it.

How legacy IPv6 addresses can spoil your network privacy


Re: I don't care what the experts say....

There is no NAT for ipv6.

Another Debian dust-up with Firefox dependencies – but there is an annoying and awkward workaround


And that is why…

I’d would never use Debian in the desktop (GUI), server yes.. desktop no. There Ubuntu would be a better choice.

I think therefore IAM: It's not cool, it's not sexy, but it's one of the most important and difficult areas in modern IT


Interesting read from a write which misses the most obvious about IAM and why it is so difficult do right. The tool of the trade is mostly something like NetIQ Identtity Manager (I do not work for the company) (or something else which can be changed to fit the organization), then this is connected to something like Okta for provisioning (and authorization) , Okta is then using the on Prem-AD (or Office 365) for Authentication.

And as a previous comment said; all identities start from the HR system ... and nothing should be done manually - people make mistakes (often).

RBAC can be done with online tools like NetIQ Identitty Application or Sailpoint - does not matter as long as it's online and that users can request access (roles/premissions) which are granted "now".

Any organization who is using tools like Excel for RBAC administration will at some point end up in a management nightmare.

The biggy, which no one talks about is "red button", if an employee is let go, then the identity needs to be locked down immediately, which only works with systems which act on events - which many of these systems do not.

And lets not forget about Access Governance ... reporting, a tool which suck out all the information and will report if there are things (rights) which should not be there, and especially if they are assigned to people who should not have them.

IAM is complicated, and require knowledge not only about the choosen tool, but also about all the systems which you connect it to (AD, LDAP, SQL, Unix, Cloud, REST, SOAP, etc, etc, etc.).

But it's madly fun to do....

Microsoft releases command-line package manager for Windows (there are snags)


There are tools to help with that. When you remove and .app use something like App Cleaner and it’ll do a very good job out of removing files left in ~/Library - of cause logfiles and datafiles will not be cleaned up, but that is the same with what ever OS you choose.

IBM creates a COBOL compiler – for Linux on x86


Micro Focus will not be happy

Micro Focus will not be happy as Cobol is their bread and butter.

Apple suffers setback in epic Epic Games games fight: Federal judge zaps damages counterclaim


Fight for Survival

What many don‘t remember is that the AppStore made Apple a wealthy company. The iPod made them richt, the AppStore and iPhone/iPad made them filthy rich.

If they loose part of the income from the AppStore then suddenly they will no longer make billions every quarter, and that is for them not acceptable.

I done feel sorry for Epic Games, but for the humble developer, who maybe sell a few thousand apps on the app store for less than 5$ a pop, having the Apple tax being lowered will make a serious change.

No Huawei out: Prez Trump's game of chicken with China has serious consequences


5G patents....

What is interesting is that Huawei got some fundamental patents in connection to 5G, without licensing these patents there will be no 5G role out, and Nokia and Ericsson are at least 1 year behind Huawei in development of 5G ...

This is political, and is being used by Trump to get China to move on the Trade agreement, which he want to "fix", but it might end up causing the rollout of 5G to be delayed by years.

IPv6: It's only NAT-ural that network nerds are dragging their feet...


Overly complicated

I still remember when IPv4 started becoming popular back in the early/mid 90's, back then it was wooooo complicated - especially for the people who came from DEC, IPX or what ever was used back then (IPX over routers was basically crap), but I guess we all more or less mastered IPv4 reasonable fast.

Over the years I've been trying to ger my head around IPv6, and I am still not able to find a IPv6 for Dummies which can explain me the basics in a reasonable easy and understandable way - I do this for fun, not for work...

They have made IPv6 overly complicated, it's like you have to know more or less everything, before you start with the stuff, otherwise you'll end up having a network which might work, but you don't know why - and if you connect it to the internet you can't hide behind a NAT'd firewall - which is really really bad.

And don't get me started on the notation, I've entered thousands of IPv4 address on my keyboard, on a numeric keyboard everything is there 0..9, and a '.' - everything which is needed. Try that with an IPv6 address ... right... see, got my point.

I guess the universe is waiting for the next IP stack, which probaly will be an IPv16, which will be fully automatically discoverable, and have a functional (and understandable) security build in. Well I can always hope.

IPv6 is there, but how many people know enough to implement it securily...


I have a static IPv4 which blows the boat out of the water, as my IPS can't figure out how to allow my modem to have a dual stack ... my router (pfSense) can do it just fine.


Re: "the world is clinging stubbornly to IPv4"

Any ISP who has IPv4 only Routers has not upgraded their hardware since before 2012 ... the question is if they have current code on them, and if they have the latest IPv6 stack. But any serious IPS can support IPv6 on the router side, and any homeuser should have Routers which support IPv6.

The butterfly defect: MacBook keys wrecked by single grain of sand


Re: Apple are shit nowadays

Ive has some great ideas about design, but he should never be allowed to make the final decision on anything which is mechanical. For that one need engineers who know how to build shit.

Plans for half of Europeans to get 100Mbps by 2020 ain't gonna happen – report


When one thinks that in Germany the norm still is 15mb/s for anyone who live outside larger population zones, then yes, the 200mb/s would be impossible to reach.

In some countries is the "normal" minimum speed 100mb/s; try to discuss that with German Telekom - they still live in the last century. They are quite proud of them self, as they are now upgrading to a minimum speed of 50mb/s ..... and the prices are almost 2x to what it cost in countries like The Netherlands and Scandinavia.

Adobe, 'hyper personalisation' and your privacy


Saying that they provide the tools for customers (businesses) to use, and they will store the data for them, might not be enough to be GPDR compliant. Just wait until the EU is getting around to audit them ..

Petty PETA rapped by judges over monkey selfie copyright stunt


Jimmy Wales and PETA are so full of it.

And if the monkey would have been the copyright holder of the photo, who would have collected the royalties - PETA?

They are as shitty and corrupt as everyone else..

The Java release train is moving faster, but will developers be derailed?


And this new release approach, will make it better and easier for people to use Java ... I guess these people are doing thier best to discourage people from using Java, and by that Oracle has won.

And we return to Munich's migration back to Windows – it's going to cost what now?! €100m!


I read somewhere the migration to Windows is mainly driven by Office. If that has changed I do not know.

The future of Python: Concurrency devoured, Node.js next on menu


I do use python, but I still find it very silly that they refuse to implement a switch .. case statement, it causes one to end up with very clunky code.

VW Dieselgate engineer sings like a canary: Entire design team was in on it – not just a few bad apples, allegedly


One of the reasons why Ford introduced the SUV was that it's a mini-van/truck not a car, and therefor is not tested to the CARB standard ....

Your colleagues will lie to you: An enterprise architect's life


Authentication services / Identity Management ....

There is nothing worse than using diffrent Authentication Services where the password is not synchronised ... Why on earth does organisations no have a proper solution in place to handle identities and passwords ... it's not that difficult. And that also moves the discussion into identity / access management life cycle management.

US govt OKs handover of internet's control panel to ICANN


Why a private company, why not a non-for-profit organization. IANA is a cross country organization, and we all know how a for-profit org would work .. badly.

Bundling ZFS and Linux is impossible says Richard Stallman


Looks like there still is a reason to use Solaris / BSD and not Linux.

Google Adblock shock a load of cock – users mock post hoc


It's not only Chrome which have the problem, also Safari.... So it looks like Google have found away around AddBlock ...