What a fiasco today!!
It's been a fun day dealing with this. Thankfully this was posted on Reddit way before Microsoft finally admitted this fiasco via the office 365 admin portal.
28 publicly visible posts • joined 30 Aug 2018
I have a feeling since these are first batch at launch they're waiting to see if any hardware bugs crop up before committing to large quantity in manufacturing for the masses. It's one of the reasons why I didn't order the RaspberryPi 5 at launch. I just placed a new order for the Pi 5 8 gig along with five Pico 2s to try out. A side note I did pre-ordered the Pi 4 at launch and a few months later they did a revision for a faster clocked CPU as they tweaked the power supply design. I was a bit miffed at that because how expensive these Pi's are these days.
Considering how cheap these Picos are if bugs do creep up it's not too big of a deal to buy the updated ones if I need to.
Cool to see NASA is able to repurpose this aircraft to be a weather station. Makes me wonder how long will it last before the solar panels are completely covered in dust? It was relying on flights to dust them off.
One of the reasons why recent probes now use nuclear battery for power.
Either way hats off to the little guy!
Good luck getting any big money (credit) back from your cloud providers. When they do it's not much compared to your loss of productivity and downtime which can cost the company big bucks. I know there's always a risk of losing access to these services but it's supposed to be extremely rare given all the redundancy that's out there. Ah well. I guess the system admins these days just don't have what it takes to really build a solid infrastructure. Microsoft is no exception.
Broadcom was hoping their customers will just suck it up and pay the increase even at a certain percentage should switch to another product. At this point we have no idea what that percentage is. Even at 20% that is large chunk of their customers leaving. Broadcom might find that acceptable loss.
Backups via ZFS are usually pretty quick BUT the restores are painfully slow. But it's manageable if something should happen to the VM / Containers that I needed to restore. Most of the restores can take 30 to 45 mins which is acceptable for our use. I know for some it's not but least I don't have to completely rebuild the VM in an emergency. The restores simply just works.
The biggest issue I have with Fortinet is that they're releasing FortiOS with new features before it's ready. Now we have like 4 trains of FortiOS and all of them have bugs one way or another. Lucky for us I turned off SSL-VPN back in December when Fortinet tech support refused to issue a patch on an older FortiOS V6.0 as I wasn't ready to upgrade from V6 to V7. Ironically enough they did released a patched version of FortiOS v6.0 the other day for this vulnerability which I was able to apply.
If Fortinet keeps this up and with their ever high prices of their security subscriptions I will be forced to look for alternatives.
I've deployed several Netgate's pfsense appliances for remote offices and been happy with them. I use pfSense at home as well on repurposed Dell desktop PC.
I am using Linux Mint on my laptop as well and my version of FF is showing v.95. However, being Mint for what it is they probably grabbed the latest version from Mozilla and compile it to make it work with with Mint.
I will have to check my Debian 11 with KDE workstation later to see what version of FF is installed.
If you manage a large vmware infrastructure you're in for LONG hours in patching all those vmware appliances such as vCenter and vReplication Appliance. Currently vmware don't have a patch available so have to use command line workarounds.
So far the only saving grace is that the vsphere exsi host servers aren't affected by this.
Lucky we're still on 7.0 Update 2d despite the warning of security issues and wanting us to upgrade to U3. I held off on the upgrade as was dealing with odd vCenter SSL cert issues and the stupid failed update from the previous version. Lucky it was an easy fix but made me weary of upgrading to anything new right now.
There are free open source solutions to this if companies don't want to pay $$$ to Microsoft. Hell, you can run a dedicated print server running Linux with CUPS. Windows, Mac and Linux workstations won't know the difference.
One company I've worked for did have print services on DC then later separated that out onto it's own server leaving DC strictly for domain controller functions along with DNS and DHCP.
If you use Remote Desktop Gateway server you can actually disable clipboard, printer and shares. I've tried using Fortigate's web-based RDP which does not support multi-monitors so had to build a Remote Desktop Gateway server and create policies. Then it connects to a real remote desktop server. The idea behind that is VPN client is not needed. They just use the gateway settings in Microsoft's native RDP client and boom you're in.
I've set up restrictions to only allow access to certain resources and the remote desktop servers. So if the hackers tried using an account that does not have the permissions to access the RDP servers they won't be able to log in.
I get it why you use your firewall's own SSL-VPN with RDP feature to limit your exposure to Microsoft servers to the internet. Sometimes it limits the users too much from what they need to do.
QUOTE:
"The downside is that there is no possible integration with the local PC so local devices like printers can't be mapped across if you needed to do this."
There is actually no practical excuse for not patching personal computers and servers. Most of our machines are windows based and for the most part patches have gone without issues. Although I would have to say July 2018 patches are without problems which gave us grief for awhile. I had to suspend patching the machines for July and August to give Microsoft enough time to fix their screwups.
Don't get started on the WSUS server. I've rebuilt that POS thing so many times that I care to count. Will have to fork out some $$$ for a real patching server. Lucky for us, however, we already have endpoint security installed on all the machines that we can monitor and take immediate preventive measures if necessary.
There are some critical applications that can break after an update which is any IT's nightmare if patched on a large scale. However, it goes back to my original statement there is no reason NOT to patch at all.