Exactly my first thought.
Posts by casperghst42
25 publicly visible posts • joined 8 Sep 2015
China is likely stockpiling and deploying vulnerabilities, says Microsoft
Why the Linux desktop is the best desktop
I got an Apple Macbook Air 11" from 2011 (i5) which is too slow for macos to be intersting, but it runs Ubunto Desktop 20.04 LTE without problems. What is intertsting is that the Apple TB1 GbE adaptor works without a flaw .. also it's nice to have an linux when the rest does not want to do what you want it to do.
Re: Linux "Desktop"
I've been around long enough to see AD and Group Polices to evolve and for someone who work with Directories for a living, I mush say that AD suck - it was basically a wrapper around NT domains, these they have changed alog but still, it's a horrible design.
Group Policies is a blatent mess and no one with a sane mind would ever venture into it, but it's what Microsoft gave people and they have to live with it.
How legacy IPv6 addresses can spoil your network privacy
Another Debian dust-up with Firefox dependencies – but there is an annoying and awkward workaround
I think therefore IAM: It's not cool, it's not sexy, but it's one of the most important and difficult areas in modern IT
Interesting read from a write which misses the most obvious about IAM and why it is so difficult do right. The tool of the trade is mostly something like NetIQ Identtity Manager (I do not work for the company) (or something else which can be changed to fit the organization), then this is connected to something like Okta for provisioning (and authorization) , Okta is then using the on Prem-AD (or Office 365) for Authentication.
And as a previous comment said; all identities start from the HR system ... and nothing should be done manually - people make mistakes (often).
RBAC can be done with online tools like NetIQ Identitty Application or Sailpoint - does not matter as long as it's online and that users can request access (roles/premissions) which are granted "now".
Any organization who is using tools like Excel for RBAC administration will at some point end up in a management nightmare.
The biggy, which no one talks about is "red button", if an employee is let go, then the identity needs to be locked down immediately, which only works with systems which act on events - which many of these systems do not.
And lets not forget about Access Governance ... reporting, a tool which suck out all the information and will report if there are things (rights) which should not be there, and especially if they are assigned to people who should not have them.
IAM is complicated, and require knowledge not only about the choosen tool, but also about all the systems which you connect it to (AD, LDAP, SQL, Unix, Cloud, REST, SOAP, etc, etc, etc.).
But it's madly fun to do....
Microsoft releases command-line package manager for Windows (there are snags)
IBM creates a COBOL compiler – for Linux on x86
Apple suffers setback in epic Epic Games games fight: Federal judge zaps damages counterclaim
Fight for Survival
What many don‘t remember is that the AppStore made Apple a wealthy company. The iPod made them richt, the AppStore and iPhone/iPad made them filthy rich.
If they loose part of the income from the AppStore then suddenly they will no longer make billions every quarter, and that is for them not acceptable.
I done feel sorry for Epic Games, but for the humble developer, who maybe sell a few thousand apps on the app store for less than 5$ a pop, having the Apple tax being lowered will make a serious change.
No Huawei out: Prez Trump's game of chicken with China has serious consequences
5G patents....
What is interesting is that Huawei got some fundamental patents in connection to 5G, without licensing these patents there will be no 5G role out, and Nokia and Ericsson are at least 1 year behind Huawei in development of 5G ...
This is political, and is being used by Trump to get China to move on the Trade agreement, which he want to "fix", but it might end up causing the rollout of 5G to be delayed by years.
IPv6: It's only NAT-ural that network nerds are dragging their feet...
Overly complicated
I still remember when IPv4 started becoming popular back in the early/mid 90's, back then it was wooooo complicated - especially for the people who came from DEC, IPX or what ever was used back then (IPX over routers was basically crap), but I guess we all more or less mastered IPv4 reasonable fast.
Over the years I've been trying to ger my head around IPv6, and I am still not able to find a IPv6 for Dummies which can explain me the basics in a reasonable easy and understandable way - I do this for fun, not for work...
They have made IPv6 overly complicated, it's like you have to know more or less everything, before you start with the stuff, otherwise you'll end up having a network which might work, but you don't know why - and if you connect it to the internet you can't hide behind a NAT'd firewall - which is really really bad.
And don't get me started on the notation, I've entered thousands of IPv4 address on my keyboard, on a numeric keyboard everything is there 0..9, and a '.' - everything which is needed. Try that with an IPv6 address ... right... see, got my point.
I guess the universe is waiting for the next IP stack, which probaly will be an IPv16, which will be fully automatically discoverable, and have a functional (and understandable) security build in. Well I can always hope.
IPv6 is there, but how many people know enough to implement it securily...
Re: "the world is clinging stubbornly to IPv4"
Any ISP who has IPv4 only Routers has not upgraded their hardware since before 2012 ... the question is if they have current code on them, and if they have the latest IPv6 stack. But any serious IPS can support IPv6 on the router side, and any homeuser should have Routers which support IPv6.
The butterfly defect: MacBook keys wrecked by single grain of sand
Plans for half of Europeans to get 100Mbps by 2020 ain't gonna happen – report
When one thinks that in Germany the norm still is 15mb/s for anyone who live outside larger population zones, then yes, the 200mb/s would be impossible to reach.
In some countries is the "normal" minimum speed 100mb/s; try to discuss that with German Telekom - they still live in the last century. They are quite proud of them self, as they are now upgrading to a minimum speed of 50mb/s ..... and the prices are almost 2x to what it cost in countries like The Netherlands and Scandinavia.
Adobe, 'hyper personalisation' and your privacy
Petty PETA rapped by judges over monkey selfie copyright stunt
The Java release train is moving faster, but will developers be derailed?
And we return to Munich's migration back to Windows – it's going to cost what now?! €100m!
The future of Python: Concurrency devoured, Node.js next on menu
VW Dieselgate engineer sings like a canary: Entire design team was in on it – not just a few bad apples, allegedly
Your colleagues will lie to you: An enterprise architect's life
Authentication services / Identity Management ....
There is nothing worse than using diffrent Authentication Services where the password is not synchronised ... Why on earth does organisations no have a proper solution in place to handle identities and passwords ... it's not that difficult. And that also moves the discussion into identity / access management life cycle management.