* Posts by Rockets

98 publicly visible posts • joined 9 May 2017


Broadcom terminates VMware's free ESXi hypervisor


Re: Ignore the SMB/homelabber at your peril...

A lot of the hobbyists & home lab type users I come across seem to be enamoured with Proxmox now. And I see numerous people talking about how playing around with Proxmox has lead to them installing it at work and moving production workloads to it there. The home labers that are using VMware now is because they have it work and want to learn it.

Cisco's critical zero-day bug gets even worse – 'thousands' of IOS XE devices pwned


For the Office Extend feature that has remote WAP's connecting to the WLC over the Internet it's going to be internet facing. The web interface isn't required to be accessible for OEAP but the CAPWAP port certainly does. Ideally you'd lock that port down to known IP's but they way that feature is designed it's probably not always possible. IOS-XE under pins the dedicated 9800 WLC's too now.

Microsoft begs you not to ditch Edge on Google's own Chrome download page


Re: Google are no better

Exactly, do a Google search in Safari on iOS and Google is prompting to download their app for a better experience.

Cisco AnyConnect Windows client under active attack


For us there's a few reasons. First is being able to use the VPN over a TLS or DTLS transport which is far friendlier for hotel environments. Secondly it's consistent across multiple OS's Windows, MacOS, Linux and Mobile devices. Thirdly the authentication mechanisms are extremely flexible, I can have certificate authentication for corporate devices, username & password with 2FA for contractors. Lastly on the headend we can have dynamic access policies to allow traffic based on the connection profile & authorization of the user from RADIUS.

Microsoft teases Outlook Lite for Android


Re: The main benefits of Outlook

IMAP & POP3 can be enabled to support OAUTH2 with Exchange & Office 365 which will it it secure but it's extra work for the admins. But it depends on the deployment and what they've setup. If your using MS InTune as a MDM then Outlook with MS Authenticator is pretty much the client to be use to lock it all down as per the MS playbook.

Oracle really does owe HPE $3b after Supreme Court snub


Good - Oracle a Horrible Company

Where I work we were a HP Itanium customer that ran Oracle on the platform. We got bitten badly by Oracle's decisions around Itanium and cost significant amount of time and money to move away from the platform to a x86 infrastructure. Our workloads that would happily run on a single Itanium box had to be scaled out across multiple x86 servers which made them more complex. We also ran Oracle Linux on the boxes because early in the test migrations we ran into a issue and Oracle support was pointing the finger at RHEL that we were initially using and not their own software. Switched a box to OEL and same issue which they then finally resolved while at the same time trying to sell us one of the Exadata storage devices. The head of IT was doing a tour of a Oracle hosting DC around the same time and asked to see a Exadata. They couldn't show him one because they were too expensive for Oracle's hosted operations and there was only 2 in the whole DC that belonged to customers so he couldn't see them. That quickly shutdown any Exadata talk after that.

Help, my IT team has no admin access to their own systems


Been In The Same Boat

I was once sent out to a new client because the company had sacked their previous admin but didn't have the admin password. It was a small shop and this was back in the NT 4 days and the client was running SBS 4.5 server. Before I cracked open the "server" to attach the servers hard drive to another NT4 machine so I could copy off the SAM and run lohptcrack against it, I tried connecting to MS SQL. To my astonishment I connected to MS SQL as sa with a blank password. As SQL 7 was running as the system account on the PDC a quick couple of sql statements & I had a new account with domain admin rights on the network and was in after only being on site for 15 minutes.

Lenovo ThinkPad T14s: Impressively average, which is how corporate buyers like it


Re: Nice set of options, but Ethernet?

Then the T14 Gen 2 is for you. It has a Ethernet adapter built-in, no dongle. This review is of the slightly slimmer T14s variant.

Not that the T14s is all that slimmer WxDxH 327.5 x 224.4 x 16.81 mm vs 329.4 x 227.5 x 17.9 mm for the T14. 1.36 kg vs 1.47 kg.

We get the T14 for our staff. We stopped getting the s variants of the T series when they dropped the ethernet port which was the T480s from memory and there was so little difference between them at that point.

Not just deprecated, but deleted: Google finally strips File Transfer Protocol code from Chrome browser


Re: Soon HTTP as well?

I mostly use FTP with Cisco devices for a number of years now, it's significantly faster than TFTP loading large images to network devices.


Re: git, wget

I'd use command line FTP almost daily doing my job, but that's almost always on the corporate WAN and not over the Internet. I never use git, just because you don't use something doesn't mean that others don't nor there still isn't a place for it. It doesn't really bother me that Chrome killed FTP support either though, I did use it from time to time but most public mirror FTP servers that I'd use it for also support http/https.

Computer scientists at University of Edinburgh contemplate courses without 'Alice' and 'Bob'


I recently read a book where one character was non binary with they/them pronouns. No big deal except the author loved to start a sentence with "They" when referring to the non binary character but in a group situation. Every time the author did that I had to reread the sentence because mid sentence it made no sense because I'd interpret it to mean the group but it was referencing the single character. And to just throw a spanner in the works, the author would use They when referring to the group a few sentences later. A simple fix would to have just used the characters name when starting a sentence rather than the pronoun.

IPv6 still 5-10 years away from mainstream use, but K8s networking and multi-cloud are now real


IPv6 and CPE

Agree with Gartner about IPv6. I mean when we've still got a bug from 2009 in the dhcp6c (wide-dhcpv6) still unpatched on a lot of new model CPE gear from SOHO vendors it's going to be hard to get wide spread adoption. My ISP has deployed IPv6 across their network and they've hit numerous bugs with their Cisco BNG's and various CPE equipment. It's still in a beta state and customers may opt in for it. They use IPoE and they saw some brands over CPE effectively DDoS their DHCP servers due to crap DHCPv6 implementations on customers equipment. I use pfSense their DHCPv6 client for the WAN interface was only recently patched to work properly to the specs if the WAN interface got interrupted for any length of time. Palo Alto don't even support DHCPv6 as WAN interface option. Android for a stupid philosophical reason won't support DHCPv6, only SLAAC. IPv6 seems to be in this perpetual state of catch 22, some vendors don't want to implement it or implement it properly on their gear because there's not wide use of it and wide use will only come from wide implementation.

Western Australia rushes out legislation after cops access contact-tracing data to investigate serious crimes


Re: How's that work?

Correct, there's a paper register. Also the app can let you sign in multiple people. My dad has a Nokia flip feature phone but my mum has a iPhone so when they go somewhere together my mum scans the QR code and selects my dad as a companion in the app. Kids under 16 aren't required to sign in any where.

Network managers think you're coming back to the office. Why else did they go on a Wi-Fi 6 buying spree?


Cisco AireOS Retirement

I wonder how much of the Cisco sales was driven by Cisco's AireOS controllers are being retired and the new IOS-XE Catalyst 9000 series don't support many legacy WAP's?

Australian government fights Facebook news ban by threatening 0.01% of Zuck's ad revenue


Re: Just goes to show how out of touch our politicians are

The other thing seen how many news stories directly link to Facebook or Instgram posts now? Does this work the other way with the news orgs paying Facebook for linking to content on their platforms? Because the news orgs clearly generate revenue going the other direction.

ThinkPad T14s AMD Gen 1: Workhorse that does the business – and dares you to push that red button


Re: What, no Ethernet?

There's is a NIC on board just not the physical port on the T14s, on the T14 there's physical RJ45 port. There's a dongle called "ThinkPad Ethernet Extension Adaptor Gen 2" needed for the T14s. The T490s was the same. I've had the T4x0s models for some time but now the thickness between the s and non s is so minor I've gone away from the slim s series because it does have the ethernet port which as a network engineer is important and there's few less compromises.

Cisco intros desktop switches, one with USB-C to power your laptop


Re: Launched a year too late...

Really depends on your industry. I work in mining and I can see a heap of uses for these switches on our sites and camps where we'd normally deploy a 10 port fanless Cisco 3560C connected back to a distribution switch via fibre. The 3560C's which are way overkill for what we need but the only real option for the use case. Think of a four room demountable housing unit in a camps where we need to deploy network & VoIP phones and these are ideal. Of course it depends on the cost per unit of these. But for most businesses that are cube farms I don't really expect these to take off there.

Barbs exchanged over Linux for M1 Silicon ... lest Apple's lawyers lie in wait


Re: What am I missing here?

"others pondered the apparent lack of a GNU General Public Licence (GPL)" I think this was the source. The code that was released wasn't GPL despite the originators of the code stating they want to upstream it to the Linux kernel eventually.

Roku adds HomeKit, AirPlay2 support as Apple loosens control-freak tendencies in the smart-home world


Neutral Third Party

"Roku actively positions itself as a neutral third party". I really like the appeal of the Roku products because of this yet in Australia Roku have partnered with the largest Telco & ISP, Telstra, to sell their products under the banner of Telstra TV. To use a Telstra TV you have to have a Telstra account and I believe Telstra have hard coded their DNS servers into the devices and they all are quite locked down. So I use AppleTV's but I'd really like to have the choice of using a Roku.

Hmmmm, you know what Azure PowerShell is lacking? Some Predictive Intellisense


Tab Autocomplete

"tab completion has been a thing in PowerShell for over a decade". It has but it sucks. Tab to the next alphabetical option rather than present all the possible options like BASH does is horrible. And why does it feel like to get anything useful done in PowerShell you wind up typing out a paragraph once you pipe through two or three or commandlets.

Cisco penta-gone from Pentagon as Aruba rolls in a new net


HP Procurve

I used to use HP Procurve switches a lot in my previous job and I really liked working with them and I believe that these became the Aruba switches. The reason we used them was because they were cheaper than Cisco, had a lifetime NBD advanced swap out warranty and free software updates. And they just worked. These days I work with Cisco switches and while I like the Cisco switch lines I don't like the price, dealing with SmartNet and new the software subscription model. Also the cost of genuine SFP's are crazy. Some of the bugs we've hit with the 3850 series in IOS-XE are just gobsmackingly bad, we once upgraded a 3850 stack for it not to support any of the Cisco branded SFP+ modules we had in it after the upgrade.

Notepad++ website sent to China's naughty step after 'Stand with Hong Kong' software update


Not Just A Developers Tool

I'm a networking guy and I've used Notepad++ for years mainly because it's such a better text editor than anything included in Windows and with some plugins like compare & custom language files for things like Cisco IOS. It's a great tool and one of the first things I load on a fresh install of Windows.

Twitter Qracks down on QAnon and its Qooky Qonspiracies


Re: bizarre conspiracy theory?

Especially when there's numerous photo's of Trump with Epstein & Maxwell.

Netgear was told in January its routers can be hacked and hijacked. This week, first patches released – after exploits, details made public


Just Another Reason Not to buy Netgear

I've avoided Netgear products for a long time now. The only thing I'd buy from them is a 5 or 8 port unmanaged switch as they seem to be able to make them reasonably well for low cost but there's plenty of other players in that space now too. I had a nasty bug in Netgear ProSmart switches that would let broadcast traffic traverse VLAN boundaries such as DHCP requests, played havoc on a LAN until I found it. Netgears approach to security has always been very ordinary.

Logitech G915 TKL: Numpad-free mechanical keyboard clicks all the right boxes


I've got a HyperX Alloy FPS with Cherry Blue's and the damn thing is solid as a tank and as loud as one too. Can't remember how much I paid for it but it wasn't expensive. Also has a number pad. Why would any one want a TKL keyboard? I use those keys heaps, it's one of the worst things about using a laptop is not having those keys available.

It could be 'five to ten years' before the world finally drags itself away from IPv4


Re: Simple solution?

The technology is mature, tested and in use

From my experience just implementing IPv6 on my home LAN when my ISP started their beta test for it, when they finally got it up and running on their network, that's not quite the case. I'm connected to Australia's NBN network. My ISP hit their first bug on their Cisco ASR BNG's with the IPv6 DHCP having it's CoS hardcoded & not customisable like it was with IPv4 so the NBN network would just drop the DHCP v6 requests as they required the CoS to be set to a particular value. Cisco supplied a hot fix in a few months. The second bug they hit was the DHCPv6 service crashing due to memory exhaustion and only a reboot of the BNG every 15 odd days would resolve it. They received another hot fix from Cisco but when this hot fix was installed it broke PPPoE, so it had to be rolled back. A third hot fix was required before the beta was able to restart proper. During this testing my ISP was also testing the modem that they'd being supplying their customers who didn't BYO, which they fully support to their best effort. They then found the IPv6 implementation on the modem was buggy again and the vendor supplied them with 2 versions before the bugs were ironed out. Next problem, to install the new version of the software it will reset the modem back to factory defaults. That's quite a problem.

In the ISP's IPv6 end user support forum there's many bugs or incomplete IPv6 implementations on various modem & firewall's that end users have hit before they even deploy to their LAN. eg the ISP is using DHCP v6 PD, Palo Alto's don't support it for their WAN interfaces. My ISP supplies a /56 for me to use which I was grateful for because I run a number of VLAN's behind my firewall. My firewall doesn't seem to do prefix delegation 100% of the time if I use 0 for a prefix on a client interface, start at 1 and it works 100% of the time. I wasn't the only one to find this.

When I deployed IPv6 to my LAN, I was using a older L3 Cisco switch behind the firewall for a number of VLAN's & it doesn't support SLAAC RDNSS so I needed to run DHCPv6 on that but Android for a stupid philosophical reason doesn't support DHCPv6. In the end I run a network segment off a subinterface on my firewall to support Android devices specifically as the firewall supports SLAAC RDNSS. Another thing I found was that my firewall's DHCP v6 client isn't as robust as the IPv4 one. So if my ISP goes offline due to maintenance or an outage IPv6 doesn't always come back & I have to manually intervene. The DHCP server & DNS resolver on my firewall support adding DHCP IPv4 static leases to the DNS resolver so I can just type the name on a client and DNS works but it doesn't support that for IPv6 static address. The clients themselves on my LAN that support IPv6 apart from the Android ones seem to have no issues however. So despite IPv6 being mature the various software implementations are far from it if they are even feature complete.

HMD Global pokes head out of quarantine to show off 3 new Nokia mobiles


SD Card & Headphone Jack?

Huh the 8.3 & 5.3 ship with Android One, SD Card expansion slot and 3.5mm headphone jack. If I was in need of a new phone these would be top of my short list.

Open-source, cross-platform and people seem to like it: PowerShell 7 has landed


I haven't had to use Powershell for a while now but I found scripting with Powershell was mostly fine but when using it to interact with systems live for troubleshooting or configuring some advanced option it felt like I was typing an essay to get meaningful data out of it. Plus the tab to autocomplete only choosing the next thing alphabetically drove me nuts coming from BASH. When PowerShell first came out I was heavily using it with Exchange 2007 and then when Exchange 2007 SP1 was released numerous variables changed and with release of 2010 numerous commands completely changed and broke a lot of my scripts that I'd built up.

Apple drops a bomb on long-life HTTPS certificates: Safari to snub new security certs valid for more than 13 months


Re: I can appreciate the security aspect, but...

Been there, done that and have the t-shirt too for the a Oracle application server. The Base OS version OEL openssl didn't support TLS1.2, the app server wasn't officially supported on the next OEL version that did support support TLS1.2. A newer version of the application server wasn't compatible with another application server that was part of our suite. Ah the delights that is Oracle E-Business suite with various bolt on products and customisations of the core ERP product.

'Tens of millions' of Cisco devices vulnerable to CDPwn flaws: Network segmentation blown apart by security bugs


Re: Rule #1 -- Beware of home made protocols

Interesting that IOS & IOS-XE aren't vulnerable according to the CVE which means it's not the actually the protocol but the software implementation of it on other platforms. NX-OS, IOS XR & FC-OS are all Linux based. Where IOS is BSD based and IOS-XE is Linux based running IOS as a process called "IOSd".

Things I learned from Y2K (pt 87): How to swap a mainframe for Microsoft Access


This is why where I work we don't deploy Access in our Office deployments. We've been bitten too many times by the rogue user who sets up a small Access DB to do a task which then becomes important. We had a guy working full time for 2 years on converting some these DB's to SQL with front ends for where we couldn't buy a off the shelf package that did the same task.

The BlackBerry in your junk drawer is now a collectors' item: TCL says no more new keyboard-clad phones


Re: So where does this leave folks like Typo that Blackberry went after in the past?

I'm sure if nobodies making BlackBerry phones any more BB would happily license their keyboard patents to companies that want to try a Typo style device.


Re: TCL=malware

My understanding of the licensing agreements between BlackBerry and the companies that licensed the branding & hardware patents from BlackBerry, there was 3 companies, was that BlackBerry would supply all the software - OS & apps. TCL was the largest of these companies. One was for India and the other for Indonesia, while TCL did the rest of the world. I was a long time BlackBerry user from the first colour screen models right up till the first Android handset they did with the Priv.

Looks like the party's over, folks: Global PC sales set to shrink as Windows 10 upgrade cycle tails off, says Gartner


No Compelling Reason for Most People to Upgrade

PC sales have been falling simply because for most peoples use, especially office workers, a 5 year old PC still can cut the mustard especially if it had a SSD and 4 or 8GB of RAM. We replaced the PC's at my Dad's office recently due to Win 7 retirement and the PC's were well out of warranty. We used i3 NUC's with M2 SSD's and 8 GB and they are plenty fast enough for their use case which is basically Office 2016, MYOB AccountRight and Web apps.

Windows 7 back in black as holdouts report wallpaper-stripping shenanigans


Re: yes, yes...

You don't need to boot from DVD but that is an option. I use the media creation tool Rufus. When you create a bootable USB for Windows 10 you get the option of using GPT or MBR. If the GPT one doesn't work use the MBR option. From my experience if you need to repair the install it's better to just get the data off and do a clean install unless it's just repairing bootmgr. I've always done the Win 7 upgrade to Win 10 to get the license key upgraded. I recover the new key using a tool and then reload the PC clean with Windows 10. Longer but in the long run is a better.

Intel teases NUC-leheads with new desktop-class graphics systems and a fast i9 CPU


Re: Too expensive

I've deployed 6 NUC's over the last few months for family (3) and my Dad's business (3). The i3 Gen8 model is pretty cheap once you put in 8GB of RAM and a 240GB M.2 SSD. For the family build's I get the taller model, only $4 more expensive, which can also take a 2.5" drive which I set up as a backup target. For the web browsing, email, office tasks they are more than enough. The family don't want laptops and their small size everybody likes compared to the ATX towers they had. Only problem is 4 USB ports isn't enough sometimes but a cheap USB 3 4 port hub gets around that easily enough. I've got an old one that I use with LibreELEC as a HT PC and the integrated IR makes it a great fit for that task.

Pentagon beams down $10bn JEDI contract to Microsoft: Windows giant beats off Bezos


Re: What advantage does AWS have

A full working end to end IPv6 stack. Last time I checked this was a preview feature in Azure that had to be turned on.

Four words from Cisco to strike fear into the most hardened techies: Guest account as root


Re: No updates for in-contract non-EOL cisco devices

The ASA 5505 is really odd device support wise. For example the ASA 5510 & 5505 run the exact same ASA OS image file for release but the 5510 was EOL 12 months ago. The 5505 does have 9.2.4 as the latest version available. Wonder if the 9.2.4 will run on a ASA 5510.

How long is a lifetime? If you’re Comcast, it’s until a rival quits a city: ISP 'broke' price promise


Re: Lifetime warranty

Procurve's lifetime warranty is as long as the original owner owns them. I've had HP replace an ancient Procurve switch with newer models. All the years I worked at a company where we supplied and supported Procurves I struggle to remember many failures at all. Work for a company where we use Cisco. They have some models that have Limited Lifetime Warranties that extends till the Last Day of Support date that Cisco sets, typically 5 years after End Of Sale. I've tried to use this in the past and I'm yet to succeed in getting Cisco to replace any failed switches under their LLW, TAC just claims that I need to contact the reseller as I don't have SmartNet and the reseller says contact TAC round and round we go.

Microsoft plays chicken with Extended Support for Exchange 2010 end date and swerves first


Re: Exchange migration

I'm in the same boat for my Dad's business. We've currently got a SBS 2011 server that does everything they need for 6 users. Going to have to push them to Office 365 but we own Office 2016 so only going to get Office 365 Business Essentials which is Exchange, Sharepoint, Teams and OneDrive. We did a TCO of full O365 Business Premium and looked at the EOL for Office 2016. It was cheaper to buy Office 2016 outright. The benefit of O365 for Exchange is I don't have to worry about backing it up any more.

Microsoft's only gone and published the exFAT spec, now supports popping it in the Linux kernel


Re: It's a trap!

And Hyper-V drivers

Lenovo ThinkPad X390: A trusty workhorse that means business but it's not without a few flaws


Re: £1500?

Congrats for listing a feature that this particular laptop does not possess as a positive for owning it!

Yes a feature that a X390 doesn't have but the T490 does and no MacBook has at all.

Ever since Lenovo took over, the build quality and upgradability of ThinkPads has gone steadily downhill to the point where they're no longer worth the premium.

It happening to all brands unfortunately. They are all following a lot of design decisions/trends from Apple and consumers are worse off for it. But the masses are eating it up and us techies who know better get pissed off. I'd love to have a new ThinkPad that had the same keyboard as my old X220 or T420 but I'd take a current ThinkPad over a Apple laptop any day of the week. ThinkPad still have the best keyboard of any laptop but it's true they aren't as good as they once were. If I had to buy a new laptop this week I'd buy a T490. Slim enough but has a RAM slot and a good spread of IO ports including RJ45 and can be docked.


Re: Keyboard

Personally I prefer the Fn to the left of the CTRL key. Horse for courses.


Re: Reducing functionality just like Apple?

I've got three X230's which are predecessors to this new model and they have a full sized SD card reader. They also have a RJ45 port & dual RAM slots. Lenovo have made the X2/3x0 series something it never was. Previously if you wanted supper thin and were prepared to sacrifice some ports and upgrade ability for that thinness you got a X1 Carbon. The X2/300 series used to have dual RAM slots, hot swap batteries and LAN ports which made it a great expandable road warrior laptop. All those features are gone now. I stopped buying the X series when Lenovo halved the maximum amount of RAM it could use to the previous generation. I think that may have be the X240. Been on the T4x0s series since but the new T490s has gone the same path as the X390. Next laptop will probably be a T series rather than a T slim now.


Re: £1500?

Cause ThinkPad's have a keyboard that actually works, can't be failed by a speck of dust and is easily replaceable. SSD & and batteries also easily replaceable. There's also USB type A ports so you don't have to live the dongle life. Some of the latest models also have RAM slots for easy upgrades or a RJ45. It saddens me to see that more and more ThinkPad models are going all soldered on RAM.

Time to Ryzen shine, Intel: AMD has started shipping 7nm desktop CPUs like it's no big deal


Re: Three cheers for AMD.

We'd all be using Intel Itanium. That was Intel's path for 64bit CPU's but AMD64 spoiled those plans in a big way.

There's Huawei too many vulns in Chinese giant's firmware: Bug hunters slam pisspoor code


The Australian Signals Directorate came to the same conclusion as GCHQ after doing red team testing of Huawei gear. I really wonder if the luddite politicians just seized on terms in those reports. eg the report may have said "Software has multiple known vulnerabilities that could be used as a backdoor" and the pollies just concluded "Huawei's software has got back doors in it, must be the PRC governments fault!"

Good heavens, is it time to patch Cisco kit again? Prime Infrastructure root privileges hole plugged


Re: Oh for the love of pizza

PI is the worst piece of Cisco software I use. I bloody hate it and that's before having to patch it to address security bugs, which takes hours. It's an unmanageable monster that consumes so much resources and is unstable. WCS which PI replaced was great, it just worked. PI I truly loathe.

PuTTY in your hands: SSH client gets patched after RSA key exchange memory vuln spotted


I mostly use PuTTY on remote PC's for serial access to network gear and it's great for that job - small single exe. Occasionally I need to use Zmodem transfer and PuTTY's no good for that, so use Extra-PuTTY. But once the device is on the network or it's local to me it's SecureCRT all the way.


Re: Give me a good alternative

Try PACManager. https://sourceforge.net/projects/pacmanager/

It's basically a clone of the commercial package SecureCRT for Linux but supports some extra features that SecureCRT doesn't eg WOL or RDP. Not sure if it supports Z/X/YModem though which you occasionally need working with Cisco devices. I use SecureCRT on Windows for work and I can't stand going back to basic PuTTY. There's SecureCRT for Linux & Mac but it's not free.