SD Card & Headphone Jack?
Huh the 8.3 & 5.3 ship with Android One, SD Card expansion slot and 3.5mm headphone jack. If I was in need of a new phone these would be top of my short list.
72 posts • joined 9 May 2017
I haven't had to use Powershell for a while now but I found scripting with Powershell was mostly fine but when using it to interact with systems live for troubleshooting or configuring some advanced option it felt like I was typing an essay to get meaningful data out of it. Plus the tab to autocomplete only choosing the next thing alphabetically drove me nuts coming from BASH. When PowerShell first came out I was heavily using it with Exchange 2007 and then when Exchange 2007 SP1 was released numerous variables changed and with release of 2010 numerous commands completely changed and broke a lot of my scripts that I'd built up.
Been there, done that and have the t-shirt too for the a Oracle application server. The Base OS version OEL openssl didn't support TLS1.2, the app server wasn't officially supported on the next OEL version that did support support TLS1.2. A newer version of the application server wasn't compatible with another application server that was part of our suite. Ah the delights that is Oracle E-Business suite with various bolt on products and customisations of the core ERP product.
Interesting that IOS & IOS-XE aren't vulnerable according to the CVE which means it's not the actually the protocol but the software implementation of it on other platforms. NX-OS, IOS XR & FC-OS are all Linux based. Where IOS is BSD based and IOS-XE is Linux based running IOS as a process called "IOSd".
This is why where I work we don't deploy Access in our Office deployments. We've been bitten too many times by the rogue user who sets up a small Access DB to do a task which then becomes important. We had a guy working full time for 2 years on converting some these DB's to SQL with front ends for where we couldn't buy a off the shelf package that did the same task.
My understanding of the licensing agreements between BlackBerry and the companies that licensed the branding & hardware patents from BlackBerry, there was 3 companies, was that BlackBerry would supply all the software - OS & apps. TCL was the largest of these companies. One was for India and the other for Indonesia, while TCL did the rest of the world. I was a long time BlackBerry user from the first colour screen models right up till the first Android handset they did with the Priv.
PC sales have been falling simply because for most peoples use, especially office workers, a 5 year old PC still can cut the mustard especially if it had a SSD and 4 or 8GB of RAM. We replaced the PC's at my Dad's office recently due to Win 7 retirement and the PC's were well out of warranty. We used i3 NUC's with M2 SSD's and 8 GB and they are plenty fast enough for their use case which is basically Office 2016, MYOB AccountRight and Web apps.
You don't need to boot from DVD but that is an option. I use the media creation tool Rufus. When you create a bootable USB for Windows 10 you get the option of using GPT or MBR. If the GPT one doesn't work use the MBR option. From my experience if you need to repair the install it's better to just get the data off and do a clean install unless it's just repairing bootmgr. I've always done the Win 7 upgrade to Win 10 to get the license key upgraded. I recover the new key using a tool and then reload the PC clean with Windows 10. Longer but in the long run is a better.
I've deployed 6 NUC's over the last few months for family (3) and my Dad's business (3). The i3 Gen8 model is pretty cheap once you put in 8GB of RAM and a 240GB M.2 SSD. For the family build's I get the taller model, only $4 more expensive, which can also take a 2.5" drive which I set up as a backup target. For the web browsing, email, office tasks they are more than enough. The family don't want laptops and their small size everybody likes compared to the ATX towers they had. Only problem is 4 USB ports isn't enough sometimes but a cheap USB 3 4 port hub gets around that easily enough. I've got an old one that I use with LibreELEC as a HT PC and the integrated IR makes it a great fit for that task.
The ASA 5505 is really odd device support wise. For example the ASA 5510 & 5505 run the exact same ASA OS image file for 188.8.131.52 release but the 5510 was EOL 12 months ago. The 5505 does have 9.2.4 as the latest version available. Wonder if the 9.2.4 will run on a ASA 5510.
Procurve's lifetime warranty is as long as the original owner owns them. I've had HP replace an ancient Procurve switch with newer models. All the years I worked at a company where we supplied and supported Procurves I struggle to remember many failures at all. Work for a company where we use Cisco. They have some models that have Limited Lifetime Warranties that extends till the Last Day of Support date that Cisco sets, typically 5 years after End Of Sale. I've tried to use this in the past and I'm yet to succeed in getting Cisco to replace any failed switches under their LLW, TAC just claims that I need to contact the reseller as I don't have SmartNet and the reseller says contact TAC round and round we go.
I'm in the same boat for my Dad's business. We've currently got a SBS 2011 server that does everything they need for 6 users. Going to have to push them to Office 365 but we own Office 2016 so only going to get Office 365 Business Essentials which is Exchange, Sharepoint, Teams and OneDrive. We did a TCO of full O365 Business Premium and looked at the EOL for Office 2016. It was cheaper to buy Office 2016 outright. The benefit of O365 for Exchange is I don't have to worry about backing it up any more.
Congrats for listing a feature that this particular laptop does not possess as a positive for owning it!
Yes a feature that a X390 doesn't have but the T490 does and no MacBook has at all.
Ever since Lenovo took over, the build quality and upgradability of ThinkPads has gone steadily downhill to the point where they're no longer worth the premium.
It happening to all brands unfortunately. They are all following a lot of design decisions/trends from Apple and consumers are worse off for it. But the masses are eating it up and us techies who know better get pissed off. I'd love to have a new ThinkPad that had the same keyboard as my old X220 or T420 but I'd take a current ThinkPad over a Apple laptop any day of the week. ThinkPad still have the best keyboard of any laptop but it's true they aren't as good as they once were. If I had to buy a new laptop this week I'd buy a T490. Slim enough but has a RAM slot and a good spread of IO ports including RJ45 and can be docked.
I've got three X230's which are predecessors to this new model and they have a full sized SD card reader. They also have a RJ45 port & dual RAM slots. Lenovo have made the X2/3x0 series something it never was. Previously if you wanted supper thin and were prepared to sacrifice some ports and upgrade ability for that thinness you got a X1 Carbon. The X2/300 series used to have dual RAM slots, hot swap batteries and LAN ports which made it a great expandable road warrior laptop. All those features are gone now. I stopped buying the X series when Lenovo halved the maximum amount of RAM it could use to the previous generation. I think that may have be the X240. Been on the T4x0s series since but the new T490s has gone the same path as the X390. Next laptop will probably be a T series rather than a T slim now.
Cause ThinkPad's have a keyboard that actually works, can't be failed by a speck of dust and is easily replaceable. SSD & and batteries also easily replaceable. There's also USB type A ports so you don't have to live the dongle life. Some of the latest models also have RAM slots for easy upgrades or a RJ45. It saddens me to see that more and more ThinkPad models are going all soldered on RAM.
The Australian Signals Directorate came to the same conclusion as GCHQ after doing red team testing of Huawei gear. I really wonder if the luddite politicians just seized on terms in those reports. eg the report may have said "Software has multiple known vulnerabilities that could be used as a backdoor" and the pollies just concluded "Huawei's software has got back doors in it, must be the PRC governments fault!"
PI is the worst piece of Cisco software I use. I bloody hate it and that's before having to patch it to address security bugs, which takes hours. It's an unmanageable monster that consumes so much resources and is unstable. WCS which PI replaced was great, it just worked. PI I truly loathe.
Try PACManager. https://sourceforge.net/projects/pacmanager/
It's basically a clone of the commercial package SecureCRT for Linux but supports some extra features that SecureCRT doesn't eg WOL or RDP. Not sure if it supports Z/X/YModem though which you occasionally need working with Cisco devices. I use SecureCRT on Windows for work and I can't stand going back to basic PuTTY. There's SecureCRT for Linux & Mac but it's not free.
The thing is, we are talking about PLC or ICS hardware, so it should already be isolated from the rest of the "office" network, let alone the internet.
Having seen the state of lots of process control networks I couldn't agree more with this. The PLC tech's love their Moxa devices too. If I had a dollar for every Moxa device I've seen on a process control network that is in the default state I'd be a rich man. But these guys are mostly electricians so I can see why they are in this state. I saw a Moxa pair of devices that was being used from remote blasting of explosives with the default passwords etc.
"Personally, I use Office 365 Home because it covers the whole family"
I'm the same. There's 5 of us and it covers all our devices - 3 Windows PC's, 3 Mac's and 8 iOS devices. Sure I could use something free but my wife is familiar with Office and uses Excel heavily and she's familiar with it and she doesn't deal well with change. I want my kids to use Office as most of the corporate world uses it so they will have better prepared for a job if they have Office skills.
My dad has a small business and they were still running Office 2007 last year and have a local Exchange server. I looked into Office 365 for them, looked at the declared support lifetimes and we did the maths. For him it worked out cheaper to buy Office 2016 for the 7 Office PC's & laptops as they'll keep using it for as long as they can. They aren't power users at all but use most of the features of Exchange. The only reason we upgraded Office 2007 was because it was no longer supported.
Later this year we'll replace the local Exchange server (SBS 2011) with Office 365 Business Essentials which is only Exchange, Teams, OneDrive and SharePoint. We are only going this way because MS doesn't sell Small Business Server any more so a full license of Exchange, CALS and a server to run it on is more expensive than O365. Also means we don't need to back it up any more. We'll get a small server to run Windows Essentials for their AD, file & print sharing and Direct access.
Is there anyone, anyone at all who does serious work in Excel or Access on a phone?
I use Excel from a iPad or iPhone quite often to update my time sheets and a few other things from OneDrive. Is it serious work - well it's the basis of how I get paid so I consider it serious enough. Is it something that I could do with Google Docs etc sure but I need to forward the time sheets to a accountant who requests them in Excel format based on a template they use. If by serious work you mean complex formulas and dozens of rows and columns then it's not.
I'm not a fan of the chiklet keyboard either. I have a couple of old T420 & X220 in my collection of 9 ThinkPad models of varying age, these being the oldest. The X220 with SSD and 8GB of RAM is still great device for basic use. These two were the last series to have the regular keyboards instead of the chicklet keyboards that came on the 30 series and boy are they are delight to type on. Going to a newer X230, X1 Carbon or T460s and the keyboard just isn't the same. Still the Lenovo chicklet keyboards are truckload better than the last gen Apple Macbook Air keyboard that my daughter has, that thing is mushy as. The newer Macbook butterfly switches are just as bad. My old man has an Asus laptop with a chicklet keyboard and I was pretty impressed with it, pretty close to a ThinkPad, as it's a much cheaper laptop than a ThinkPad.
The biggest complaints I have about ThinkPad's is the screens, most models have god awful ones. That's one thing that the Gen 6 X1 Carbon finally fixed, it's got a excellent screen.
I'd love to see a ThinkPad without a touchpad and only the "Gspot" TrackPoint. It's far more efficient and accurate in use. My first laptop was a lovely Toshiba Portege which only had a TrackPoint and I've used the TrackPoint on various ThinkPad's since then. I always disable the touchpad in software, I can't stand them and hate when I have to use one on a laptop that's only got it as an option but I know we are in the minority with most users hating the TrackPoint.
Lenovo sell 8 different docks and docking stations that are compatible with the previous X1 Gen 6. 5 are the brick style "dock" shown in the article, 3 are the more traditional style "docking station" where you sit the laptop on it and they've got varying degrees of ports on the back. These three docks don't use the bottom docking connector any more, they have a slide mechanism on the left that has two USB-C ports and a third propriety ethernet connector which you slide into the laptop. Looking at the new X1 Gen 7 the ports on the left side of the laptop are the same as on the Gen 6 so I'd think that the older docks would still be compatible. Thinkpad's typically support the same model docks & power bricks for a number of generations.
My old boss did a tour of the Oracle data centre when he was in the US a number of years back. I think it was a co-location facility or hosted services, before Oracle launched their Cloud offering. At that time Oracle were trying to sell us a Exadata for our E-Business Suite environment. When he asked where any Exadata's were in the facility so he could see one he was told - "We don't have any of our own, they're too expensive. We have a few customer owned ones but we can't show them to you." Says it all about Oracle.
This doesn't fix the NT (!!!!) or Windows 2000 boxes (one of each), but at least we can focus on those separately.
What we did with these applications is to firewall them off from the rest of the network and use a VDI client to run the application with the most modern desktop OS we could. These VM's were firewalled too. Users don't really like having to use VDI to get to these apps but they are typically not used much and mostly read only legacy data.
We had one production system though. We'd being pushing to get it migrated etc for years. Six months of having to use VDI and the money and will from that department to migrate to something modern suddenly appeared. Funny how that happens.
Aussie broadband will allow opt out of CG-NAT for people that need a public IPv4 address on their router. Aussie has been wanting to go dual stack for some time but they've been held up in their IPv6 deployment for NBN due to software issue on their Cisco ASR9K's. NBN requires QoS set to 0 for ICMP & DHCP. For the ASR9K's IPv4 would allow Aussie to set the QoS to 0 and respect it, for IPv6 it was ignoring the interface QoS value setting of 0 and setting it to 6 so NBN would drop the packet. Cisco has now addressed this problem for them so they can move forward with their planned deployment.
Having been through a audit like this the auditors typically want an offline copy of the AD database etc and then use tools to extract the password hashes and run other tools like hashcat against them testing against the dictionary.
I once failed an audit because the server rack doors weren't locked. Even though the rack cabinets all had the same key out of the factory. The server room itself had much better security but the auditors don't care.
We've got end to end encryption now on messaging systems because various Governments proved that they couldn't help themselves by breaching the privacy of everyone to snoop on a few miscreants. If the Govt gets what they want who's to say that the determined crims or terrorists won't just fall back to older forms of encryption such as one time pads, stenography etc. American prison gangs seem to be able to communicate at will between inside & outside the jails using old fashioned ciphers & other techniques. Rather than SIGINT perhaps the governments invest more in HUMINT.
I find it interesting that these cellular gateways were connected to a APN that was public Internet. I would have though that the police & fire departments would connect these devices to a APN that connected them to a private network that only those departments could access.
This is what we do with our WAN routers which have 4G failover for the primary MPLS connection. The 4G IP addresses are routable via the MPLS the telco provides us. The PPP AAA from the 4G interface is even routed to our own RADIUS servers so I can set the username, password, IP address the interface gets as well as defining static routes via RADIUS for these connections. We also have some sites that 4G is their only connectivity and they connect this way too. It took a little bit of effort to set this up with the telco in the beginning but it's one of their standard offerings for enterprise customers so it wasn't that hard either. Not exactly rocket science, but we change the default credentials too and apply security updates when required.
Any sane company has at least two wifi systems: one for user's own phones / visitors / IoT crap / etc, and a 2nd (or more) that is more locked down and only for approved corporate devices that need to access internal systems.
Most corporates would use controller based WAPs solutions from companies like Cisco, Aruba etc that support multiple SSID and security deployments with AP groups and have a profiling tool that can send a RADIUS CoA to the controller when a rogue device is detected. Even SMB's have products that are affordable while being able to support different security requirements. Ubiquiti Unify, Foritnet or Draytek WAPs with their own firewall products give controller like experience as well as being able to firewall traffic.
Have a SSID for your corporate devices using EAP-TLS for security. Mobile devices should be provisioned by an MDM so they get the correct certificates to use. If you can't afford a MDM or don't have the staff to deploy an internal CA infrastructure then use a PEAP secured SSID and firewall it. Mobile devices could be firewalled off and on a separate SSID depending on your use case.
Another SSID for guest access that is on separate VLAN & firewalled off with P2P disabled. Use a PSK or Captive Portal for security. I prefer Captive Portal so you can see who's connected to the guest WiFi. Any IoT crap gets it's own SSID, VLAN and firewalled off & P2P disabled again. If you have to use a PSK with these devices, only IT & application support get to know the PSK and you'd restrict the devices access to the bare minimum for them to work on the firewall so you don't any free loaders on this SSID.
Security is hard and you need to spend some money but a competent network admin should be able to deploy a reasonably secure WiFi solution no problem at all.
Probably more a case of the line manager insisting on you doing WiFi security right (from the point of view of his convenience).
IT staff shouldn't report to a line manager for security related items. If the manager has a problem they can take it up with who's responsible for IT security or my boss. As IT staff I'll happily work with the line manager to be able to accommodate his requirements but only in a secure fashion and I'll be completely up front about it. If it's a rush I'll do my best to help them out as quick as I can but if I need extra hardware then he's going to have to wait. If my boss tells me to cut corners for a deployment, I'll do it but then my boss most likely wouldn't ask anyway because at the end of the day it'll be his name on a incident report if something happens and that's the last thing he wants.
"It only takes a line manager to buy and plug in a new piece of kit and then type in the office's wireless password for a security hole to be opened up."
If this is all it takes to get a device on your corporate WiFi network then you're doing WiFi security wrong.
if you manage 1000 switches, then having 100 with one CLI, 27 with a second one, and 4 with a third is most definitely a barrier to fleet maintenance, which is why many companies go with a single vendor for networking, big part of the motivation to go with the Gorilla.
Even between IOS 12 or 15 there's difference's. Not wildly different but different enough to be annoying. I'm constantly trying to pipe to section on IOS 12 and it drives me nuts when it fails because begin or include don't always get the information. Then there's configuration differences for RADIUS or EIGRP. Then if you move to NX-OS it's quite different again. I love in NX-OS that you can do a show run from config mode with out having to use do, but I'm always careful to make sure that I'm using copy run start least I stuff up. Throw in ASA's where you have to use write terminal. Having a completely Cisco network doesn't mean the command line is 100% the same across all of your devices.
Facebook will take advertising dollars from anyone and are completely shameless about it. If they were serious about cleaning up their platform they'd be stricter on advertisers. You can report an ad for being inappropriate with adult content or you can block the ad from your feed by marking it as a scam but not for other reasons. They are going to keep getting targeted until they clean up their advertising.
The Aus Federal Government is really sending mixed messages here. Huawei bad for NBN & 5G but fine for rail projects. Hmmm don't know what to think. I know I see alot of companies deploying Huawei Enterprise routing & switching gear in Western Australia. So companies seem fine to the "risk".
Then there's another part to this story about how Huawei won the contract. Did free all expenses trips & gifts to government ministers when in opposition help grease the wheels?
Good data centres will have multiple points of entry for carrier cables & POP rooms for redundancy. When we established our dual data centres we linked them via two dark fibres. We had the carrier supplying the dark fibres provide path diversity into the data centres and the cable paths. Our carrier was able to supply us with maps of the paths our cables took including the entry points to the data centres & results of the fibre test results.
I can't see Apple removing the lightning port anytime soon. A couple of good reasons off the top of my head are MFi & CarPlay.
Apple make a shit tonne of money through MFi certification for Lightning products. Why kill that golden goose for Qi which they'd make practically nothing off. I think they've only just started supporting Qi because customers really pushed for it's inclusion and it's omission was a negative on side by side comparison in device reviews with Android devices that do have it.
Most CarPlay device out there require a lightning connection. iOS has supported wireless CarPlay since version 9 but there's still only a handful of cars with it factory fitted (only Mercedes & BMW last time I checked) and number of after market units.
That works on the DGN series too. Geez I knew Netgear stuff was crap but that takes it to a new level. I once had a number of Netgear business model switches on a clients LAN that would leak broadcast traffic across VLANs. Even though there was a firmware update to address it they got replaced in short order with some HP Procurves.
Biting the hand that feeds IT © 1998–2020