Feeds

* Posts by Trevor_Pott

4722 posts • joined 31 May 2010

Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE

Trevor_Pott
Gold badge

Re: Confused?

Microsoft is always correct. If you are dissatisfied, the fault lies with you.

17
1

Elon Musk's LEAKY THRUSTER gas stalls Space Station supply run

Trevor_Pott
Gold badge

Good luck, SpaceX.

8
0

You'd better get out before the sync 'n' share bubble POPS

Trevor_Pott
Gold badge

WD Mycloud. How's that workin' out for ya?

0
0

'China's Apple' heading to Asia and Latin America

Trevor_Pott
Gold badge

Re: If they want to go global...

Aye, the world is filled with xenophobes. I say: let 'em pay more for less. Those without the innate bigotry will benefit, as it should be.

0
0

Microsoft Research adds interactivity to Windows 8 Live Tiles

Trevor_Pott
Gold badge

Re: Anecdotes.

Funny, there are plenty of ways to build an App Store that enhances the install experience without giving Microsoft a means to remotely control your computer, remove applications without warning or delete your data.

A great example would be Ninite Pro. The Ninite One installer is basically an App Store that installs free software and it works like a goddamned champ. It can even push those applications out to every PC on the network, update every PC on the network and more.

And yes, my dear old "Aunt Tilly" does use it, despite never having learned what the right mouse button was for, or how to use a USB key. So take your "on message" bullshit and GTFO.

1
0
Trevor_Pott
Gold badge

Re: @Sandtitz Some nice ideas @poopypants again

How to upgrade to 8.1 when store are broke?

0
0

Obama allows NSA to exploit 0-days: report

Trevor_Pott
Gold badge

Re: Has there ever been a "line"?

The populace has denied both forgiveness and permission. Now what?

1
1

Microsoft TIER SMEAR changes app prices whether devs ask or not

Trevor_Pott
Gold badge

Re: Developers, developers, developers

Funny you should ask. I was thinking about that just yesterday. The answer? When proper engineers are involved and given final say. They manage to build bridges here with no major mistakes all the time. They pave roads, erect skyscrapers and build pipelines that go thousands of kilometers that are well thought out, well planned and work as intended for the intended lifetime of the project (and beyond.)

Now, things do go titsup.com when people do stupid things. For example, running an oil pipeline for 20 years beyond it rated lifespan. But for the most part proper engineering - at least around here - has been free of the kinds of high-profile screwups we so blithely accept in IT.

Engineers build models, simulations, over design and underpromise. They are the antithesis of the kinds of marketdroid beancounting asshats that design software these days and that's precisely the problem.

Software is all about "get it out the door", not "make it work as originally specced." Beta testing on live people is considered acceptable. That attitude is complete shite, and we shouldn't stand for it.

7
0
Trevor_Pott
Gold badge

Developers, developers, developers

Microsoft knows better than it's customers and partners, why not it's developers too?

12
1

Puff on a hybrid – next thing you know, you're hooked on a public cloud

Trevor_Pott
Gold badge

Re: Public cloud barriers

For quite some time to come "100% in the cloud" will be the corner case, not the norm...and the cloud will never fully replace "owning your own gear" for all businesses.

New technologies are a supplement to exiting ones. They don't supplant them.

And bear in mind it's a lot easier to start a brand new - and entirely virtual - company (such as Netflix's VOD offering) as a 100% cloud-based service. Hell of a lot harder for an established business or one of the many that have on-premises needs for IT.

Will 100% cloud be a possibility for some companies? Sure. Will 100% cloud be a possibility for most companies? I doubt it. Will 100% cloud be cheaper than on-premises for any excepting the odd corner case? I sincerely doubt it.

The public cloud is great for (mostly American) companies that will either not exist for long (such as a political campaign) or those (mostly larger) companies whose internal politics is such that buying a capital asset is a miserable pain in the ass, but paying rent is (for now) under the radar. (Though finance people will catch up to covering that in red tape eventually.)

And again, none of your pro-cloud rah-rah even begins to address the issue of sweating your assets. Can't pay your subscription? Fuck you then, go out of business.

No, I think that even if it were cheaper - and it's not - and even if it were feasible - and for many, again, it's not - lots of businesses would chose to avoid putting 100% of their workloads in the cloud.

Boil it all down to it's purest essence and it comes down to risk aversion. Most people who run businesses do so because they want to be in control of their own lives. You'll find a significant % of them don't want anyone's iron-gripped hands around their testicles, regardless of how "household name" the American super-company paying the marketing dollars in question is. When you are 100% public cloud, then a little squeeze and you beg for mercy.

Though, hey, if you like it rough...

0
0
Trevor_Pott
Gold badge

Re: Public cloud barriers

Okay, I need to print 4TB of high-resolution photographs per day at my photolab on printers the size of cars. Please explain how I am going to run all my servers in the cloud and stream the images I need back to my photolab. Consider that the lab in question probably clears about $5M a year and wobbles on the edge of profitability as is. It can't afford a bigger pipe than it has now. What magic do you use to make this work?

Now, let's look at my machinist shop which has the same sort of requirements; data that must be delivered to local equipment in a timely manner from the cloud. The next-generation stuff does a closed-loop between the manufacturing equipment, sensors and analysis software which needs ultra-low-latency in order function properly. Am I going to run all of that in the cloud?

I also have bakery that falls into a similar category. These folks do a million samples a second from their sensors across the whole of the factory then crunch that data in real-time and feed the results back to the machinery for real-time modifications of the environment. Are you going to do that all in the cloud?

I have remote drilling teams that are doing real-time seismological analysis, modelling and simulation based on feedback they receive from on-site sensors. This information helps them decide where to drill, how and when. Their access to the internet is via an orbiting dirigible with an LTE booster. Are you going to put their workloads all in the cloud?

I have a storm chaser that collects over 50 billion samples a minute from over 1000 sensors and crunches that in real time to determine how storms are going to evolve. He is often driving between mountains where even cellular signals won't reach and satellite is thready to the fact that he drives into tornadoes for a living. Are you going to put his workload into the cloud?

I have a journalist that deals with Chinese dissidents, pursues human rights violations by the American government and is currently trying to uncover some unspeakable horror in Burma. Even if you could put all his workloads in the cloud, would you?

I have a fire hall that absolutely has to have the diagnostics and maintenance systems for their equipment running 60/60/24/7/356, no exceptions. They need 100% uptime and access to a number of emergency systems and are increasingly using sensors ranging from deepscan sonar to thermal sense drones to determine safety. Are you going to put their workloads in the cloud?

I could go on and on and on, but suffice it to say you're talking utter fucking bullshit. Some workloads can be put into the cloud because they have no localized mission criticality. Some workloads absolutely can not. Even for SMBs - like my 10 man bakery - there are workloads that will run local and some that could be moved to the cloud.

But the cloud is a tricksy thing. If I have workloads that I must run local - and despite your propaganda this will always be a truth of the world - then I have a floor cost of investment in local IT that I must make. If I am already balls-in on some local IT, then the question becomes "do I have the spare capacity on my local setup to run $_workload or not?"

If I have the spare capacity to run $_workload locally I do. Period. It will be cheaper to do so than farming it out to the cloud. If I don't have the spare capacity to run it locally then I ask myself the next question "what is the cost of running this locally versus the cost of running it in the cloud?" I already have local systems, local nerd and the rest...if the TCO of adding that workload locally is lower than farming it out, it gets added locally.

The cloud is great for DR. That way I don't need to light up a DR site. Provided, of course, that everything is encrypted at rest as well as in flight, and that data sovereignty issues are dealt with. And that I can download the data to my local network - where it will inevitably reside once I light my factory back up - in a quick and financially painless manner.

Some workloads that are finicky and irritating, but not especially mission-critical - like email, instant messaging and so forth - I have no problems putting into the cloud. The world doesn't end if e-mail stops for a day or two because Amazon blew up. My company does stop working if the delicate dance of complex sensor-analysis interactions with the bakery machinery ceases.

And if I can't get the fire alarm notice, why then...people die>.

How about you get "off message" for a little while, stop thinking like a marketdroid and start thinking about the human impact of cloud computing. The cost in lost profits from downtime, the cost in jobs from lost profits or shuttered businesses and the cost in lives if some things go wrong.

Then tell me, with a straight face, that the future is to have all workloads in the cloud. Because if you can actually do so you are going on the blacklist of "IT professionals" that I will never, ever deal with...and association whit you wilt be the viral touch of death for any contracts, vendors and so forth that I deal whit in the future.

You have a whole great big box full of tools at your disposal. Don't keep using a hammer for everything because it's what you have in your hand at the moment.

0
0
Trevor_Pott
Gold badge

Re: Mowing grass

/me shakes broom from rocking chair on porch

1
0
Trevor_Pott
Gold badge

"I had a flash of inspiration today. Hybrid public-private cloud systems are becoming a gateway drug to pure public clouds. Why is this an arguable view?"

Because you miss a few very important things, Chris.

1) The cost of bandwidth. Bandwidth costs much, and - shock of shocks - there are plenty of reasons that companies need to send large quantities of data to manufacturing sites, knowledge worker sites filled with video/photo editing staff and more. The cost of bandwidth isn't coming down for the plebians any time soon, so cloud computing is still "expensive resources on the end of an even more expensive resource.

2) Economic Espionage. NSA, GCHQ et al. I'll leave you to work that one out yourself.

3) Trust. Amazon, Dropbox, and Dropbox again. Microsoft, Microsoft again, and again, and again, and again. Salesforce, and Western Digital and on and on and on. But most of all - above all other examples - Nirvanix.

4) Latency. Tier one apps doing active-active where the speed of light is holding up transactions? Me gusta.

5) Disaster recovery time. Remember that part where folks actually do require onsite data, no matter how much the cloudy providers hope and wish and wail and gnash? Ever tried to suck 1TB down an ADSL connection? How about 10? 15? 100? If ($time_to_recovery > $time_to_customer_loss_during_outage) { run $you_are_fucked; }

6) Cost. "Cheaper than owning and supporting your own kit?" [Hearty belly laugh].

7) Pay or die. Economic downturn = can't pay subscription = "you're fucked". On premises = "you can sweat your assets." You might as well say "renting is such a great idea that nobody in their right mind would buy their own house". I suspect different people have different priorities. Let's talk to San Franciscans about the variability of rent over time, hmmm? All markets collapse into an oligopoly over time. I'll be handing my testicles to Amazon or Microsoft on a garnished platter, thankyouverymuch.

I could go on. And on and on and on and...

Look. The future is emphatically, absolutely, and without question not going to be a pure "public cloud" world. Hybrid? Yes. No technology since the introduction of the mainframe has totally replaced it's predecessors. Supplemented? Yes. Supplanted? No.

And get off my goddamned lawn!

5
0

France bans managers from contacting workers outside business hours

Trevor_Pott
Gold badge

Sadly, Alberta has very few "knowledge workers" in that sense. We've a crazy amount of Structural/Mechanical/Civil Engineers, Geologists and so forth, but if you do IT and you aren't crazy you get the hell out of this province. It sucks that it took me until I was too poor to move to recognize that, but "trickle down economics" absolutely doesn't work.

IT - like many other things including heath care - is viewed as a burdensome cost that employers and citizens alike shouldn't have to pay for. These are people who will gladly spend $200,000 on a kitted out half-ton work truck but balk at the idea of spending $550 to buy a new laptop.

Alberta has a powerful economy with lots of things besides Oil that can and will keep it steaming along for decades...but the culture of Alberta is one of implementers, not innovators. This is not a place to invent new things, to improvise or experiment.

Other places in the world invent things. Then we put manpower together with a willingness to wreck any part of the environment necessary to make money and create fantastic amount of wealth. 90% of which leaves the province to the companies that do all the environment-wrecking resource extraction and the other 10% of which people hoard.

There's lots wrong here, but it isn't the labour laws screwing us up...

0
0
Trevor_Pott
Gold badge

If it weren't Oil it would be our vast mineral reserves, diamonds, uranium, forestry, agriculture, growing educated population or even our limestone deposits. Oil's cheap-and-easy for now, but Alberta is huge. We've got enough environment to ruin that we can keep at this for quite some time.

Hell, we could just sit here, dam up all our rivers for hydro, set up eleventy squillion windmills by Crow's Nest pass, stand up a bunch of nuke plants, sell all the 'leccy to the states and live like kings.

Alberta's problem is now, and has been for decades, inadequate manpower. The socially conservative xenophobes that live in the middle of south buttfuck nowhere are so terrified of furriners that not only will the Tea Party have nothing to do with them the Baptists threw them out! We have low immigration caps and ridiculous barriers to entry directly into the province. This prevents us from growing our workforce and it is the brakes on our economy.

That said, we do indeed have laws here that say things like "thou shalt not contact people out of hours unless you pay them stupendous amounts of money. Certain jobs can be exempted from this if the employee agrees, but you can not discriminate against employees who actually want a work/life balance." We're crying for wetware to weld the pipes and twiddle the knobs and despite this we do just fine with our "draconian" labour laws.

The French have the right of this. And that's with my business owner's hat on; the one that actually does have 24/7 clients to support.

1
0
Trevor_Pott
Gold badge

I believe this is why certain categories of worker are exempt (with the worker's consent.) Alberta's laws are not all that different, and we have one of the most powerful economies in the world. :)

5
0

Russian deputy PM: 'We are coming to the Moon FOREVER'

Trevor_Pott
Gold badge
Pint

Re: @Arnaut the less - @Tom Welsh

(beer)

0
0
Trevor_Pott
Gold badge

Re: @Arnaut the less - @Tom Welsh

"Potts's Nietzschean view"

A) There is no S in my last name

B) Even is there were an S in my last name "Potts's" is all kinds of wrong. Grammer, motherfucker, learn it.

C) If you think I'm a follower of Nietzche, you're an idiot.

One thing we would both agree upon, however, is that the various supreme beings that our species has manufactured over the aeons are nothing more than myths. There are a few other minor points we'd be able to have friendly beers over, but from there he and I would diverge quite significantly.

Now, back in your box. Do 30 laps around your cage before you scream insanely into the aether. We need you tired out by bedtime, because the adults want to actually get some sleep tonight.

2
1
Trevor_Pott
Gold badge

Re: No need to ask permission - @Trevor_Pott

"hyperbolic overestimation of homo sapiens sapiens"

Where did I estimate (over or under) homo sapiens? I said the purpose of sentience was to spread life to the stars. I never once said is was the purpose of sentience to spread sentient life to the stars and certainly not necessarily to spread it's own species to the stars.

I said the purpose of life was life itself. That we as sentients have a duty to spread that life. You inferred that I must mean the spread of our species and of sentient life.

You were also the one prattling on about holy books and theology without actually stopping for a brief moment to ask what I might have meant. I gave you a very well known book by a seminal writer in our history from which at least one part of the quote - the purpose of life is life itself - is derived. From there, you're off on an anti-humanist tear that I think stopped somewhere around the intersection of hope-shattering nihilism, bleak despair, self loathing and evangelical atheism. (Where it isn't enough that you believe there is no supreme being, you must purge that belief from others.)

Quoting one phrase form Nietzsche does not mean endorsing all of his teachings, nor does acknowledging him as one of the pre-eminent philosophers of our history. Our culture and our values are what they are because of the great thinkers of our past as well as those who acted upon those philosophies. Positive, negative, neutral...we are as a species the sum of our predecessors; genetically as well as culturally.

If you want to sit in a corner and whip yourself for the sins of other people's grandfathers, you go right ahead. Have fun with that. You can hang any tag you want on it, I'm going to go with "beating yourself up over 'original sin'" because that's exactly what your tedious antihumanism appears to be from the outside.

Why don't you do you reset your neurotransmitter levels by smoking a huge bowl and just going and getting laid. Chill the fuck out, man. It's only life; noone gets out alive.

5
1
Trevor_Pott
Gold badge

Re: No need to ask permission - @Trevor_Pott

The book I have to back my "theological" claim isn't from the iron age, but it is one of the most celebrated pieces of philosophical writing in all of human history. maybe you should go read it.

And I think Frederich Nietzsche would be a might upset about you calling his writings a work of theology. But hey, have yourself a ball with all that unbridled rage. Just don't break anything important, hmm?

1
1
Trevor_Pott
Gold badge

Re: No need to ask permission

If they can do it, let 'em. Hell, cheer 'em on. Someone should escape this pathetic mudball. If we're not interested, more power to the Russians, the Chinese and anyone else who cares to try.

Quod ad astra. The purpose of life is life itself, and for sentience, to take that life to the stars.

18
0
Trevor_Pott
Gold badge

Re: The race is on!

The problem with the interplanetary hyperloop you suggest is that if we want to launch people along that thing it needs to be a lot longer then the prairies. Length wise, from northwest Alberta to southwest Manitoba might work, but A) you can't build on muskeg and B) the yanks would have some nasty words with us lobbing ballistics over their nation at hypersonic speeds.

That means something long and south. Crow's Nest Pass in southern Alberta to Thunder Bay Ontario, or even the Quebec border. This puts it far too close to the covetous hands of the yanks, which poses all sorts of it's own problems.

Canada absolutely has the technology, the manpower and the money to build such a device, but we never would. The biggest reason being that it would violate all treaties regarding the treatment of international territory and severely weaken our claims to sovereignty in the north. There's a metric "holy shit" worth of unexploited - hell, unexplored - resources up there, and we're just not ready to pass them up in exchange for some airless rock that has fuck all to offer except nickle, silicon and iron.

If you poor buggers really need He3 that much, go hard. We've got enough Uranium to last us the next 10,000 years and when that's up, we'll just build some Lagrangian satellites with massive bussard ramscoops on them rather than trying to "mine" He3 from regolith.

I'm all for space exploration, but #occupyluna is the single stupidest idea I have heard of in my entire life. If you really want to be trapped in a gravity well, choose Ceres. Everything you need is there, including stupendous amounts of water. The gravity well is enough that plants will point their roots downwards when they grow, but easy enough to make getting off the damned thing and exploring cheap and easy.

Fuck Luna. If y'all want it, you can have it. We're Canadian, we need plenty of fresh water and spectacular amounts of valuable resources to make us happy. It's what we know how to work with.

6
0

Top ten biz software vendors reveal Heartbleed exposure

Trevor_Pott
Gold badge

Re: Just think of all those landfill firewall routers and modems out there...

Welp, then you've got bigger problems then someone changing your bittorrent ports.

2
0
Trevor_Pott
Gold badge

Re: Just think of all those landfill firewall routers and modems out there...

Shame, there are plenty of good open source OSes you could run a 54G that would be just fine.

Also: why would you care if your router has an SSL vulnerability? Are you insane enough to leave it's management port open to the WAN? Why the fnord would you do that? Get a real OS on the damned thing, then you can VPN in to your home network for administrative tasks instead of leaving the henhouse tied up with a piece of string and a blinking neon sign visible from space advertising said fact to the local wolves.

12
0

Spy-happy Condoleezza Rice joins Dropbox board as privacy adviser

Trevor_Pott
Gold badge

For the record, just talked to the Sync.com folks. Yes, all client data is in Toronto. The main website proper is on Amazon, but once they have gotten some things sorted locally, that will be going into their refurbed Canadian datacenter too.

2
0
Trevor_Pott
Gold badge

Primary website appears to be in the US. In fact, the site hosting the client download appears to be in the US as well. (CDN, I suspect.) The servers the client talks to after install are in Toronto. (I've been watching them all night.)

1
0
Trevor_Pott
Gold badge

Sync.com is a Canadian cloud storage provider with data stored in a Canadian datacenter. Their client encrypts the data before sending it up to the cloud. They claim not to be able to decrypt the data.

They are still in beta, however, and mobile clients to not exist. It is $50/yr for 500GB. Sync.com now has a new paid subscriber.

Not perfect, but a hell of a lot better than Torture'n'murder's happy fun time NSAbox.

9
0

Budge up VMware, array upstart Tintri's ramming in Red Hat Linux KVM

Trevor_Pott
Gold badge

Re: RHEV / OVirt storage domains are a bit more complicated...

Tintri's market share is a lot bigger than you think.

0
0
Trevor_Pott
Gold badge

Re: Sure . . .

Oh, hey, I'm not knocking the integration with KVM at all. They talk to the hypervisor, pull in stats, marry up the image on their datastore with information from the hypervisor. Someone spent a lot of time in a dark room with a bunch of APIs and they should be proud of what they've accomplished.

My issue is with that one very specific statement. The ability to - for all intents and purposes - recognize extensions on their own datastore tarted up as though it were some kind of superpower. If that is an example of the breathtaking innovation coming out Silicon Valley today that should be getting us all hot-and-bothered, it's time to scour everything within 50km of the 101 right back to bedrock and start over.

0
0
Trevor_Pott
Gold badge

I love Tintri but...

“Red Hat customers can now benefit from the only hypervisor-neutral storage platform with VM-awareness and adaptive learning capabilities to support hundreds of mixed workloads – servers, VDI, dev and test – concurrently on a single Tintri VMstore. Customers can also deploy both vSphere and Red Hat Enterprise Virtualisation on a single VMstore at the same time."

Translates to "our software is able to tell if a folder contains KVM images or VMware images, even when they use the same NFS share. This sounds about as thrilling as "I added a line into my PowerShell script to detect extensions" to the technical nerd, but that's a hell of a great bit of marketing blather.

I mean, I could cheerfully abscond with the label of "smart cross-hypervisor storage" for my mates at Proximal Data and at least feel like I'm being a little more honest in using it. Autocache supports Hyper-V and VMware both, with the "smarts" being "it automatically resizes flash utilization to optimally fit the available flash and the workloads presented". That, and I don't have to redesign my networks to make it go faster. Add flash, install Autocache, walk away. It's a heck of a lot cheaper than the forklift upgrade of a Tintri!

Again, this isn't to say Tintri's bad. They're not. Tintri is amazing, and once you have one you'll soon have another. They have repeat customers for a reason...but I am distinctly not impressed with the marketing philosophy that turns "we can detect which hypervisor generated the virtual image when they use the same NFS share" into 54 words. No! Bad Tintri! Get down, and don't chew on the couch!

To paraphrase Storagebod, are you inexpensive and are you easy to use? Them's the bits we actually care about.

0
0

Internet is a TOOL OF SATAN that destroys belief, study claims

Trevor_Pott
Gold badge

Re: Choose your poison @Trevor Pott

His noodly self says "no more than two fingers a night, suh!"

0
0
Trevor_Pott
Gold badge

Re: Choose your poison @Trevor Pott

Now Talisker I have tried, and compared to Glenrothes it might as well be turpentine.

Next time you're in a decent liqour store, do yourself a favour and buy some Glenrothes.

0
0
Trevor_Pott
Gold badge

Re: Choose your poison

Well, on your recommendation, I shall try it.

0
0
Trevor_Pott
Gold badge

Re: Choose your poison

"fine Irish whiskey"

These exist? I'll take a single malt, please. Speyside or from the highlands. Glenrothes, if you have it...but Glenmorangie will do.

2
0

Insight warns Google embracers of hidden costs in Apps for Biz

Trevor_Pott
Gold badge

Is this the same insight that just hired on a very senior Microsoft trojan horse?

8
0

So you invent a wireless network using LEDs, what do you do next? Add solar panels. Boom

Trevor_Pott
Gold badge
Pint

Zoiks. Over 1Gbit. I remember going this with infrared LEDs and photodiodes when I was in elementary. Built a widget that could do 2400 baud reliably, and eventually got it up to 9600 baud with rather a lot of work. Trying to get the network to go from upstairs where the modem was down to my bedroom. Devilish lot of work that was*, so I've nothing but respect for these chaps. Well done.

*of course, I was like 8, so this might seem somewhat easier to modern day me. Still, don't know as I could exactly design the thing from memory anymore. Research. With books. Dear gods how times have changed...

7
0

The... Windows... XPocalypse... is... NIGH

Trevor_Pott
Gold badge

Re: Why was this rejected El Reg?- 'Put it on its own subnet and VLAN, wall it off from everything'

Well now, that's a larger discussion. I'm not sure how much you know about systems administration, so I have to make a few wild guesses in how to explain it.

I am presuming you know how to put multiple systems on their own subnets or VLANs. (I.E. all Windows XP boxes will be on 10.0.100.0 /24 while you rprimary network is 10.0.1.0 /24). If not, the rest of this comment can't help you as you need a lot more fundemental networking knowledge than I can lay down here. (We're talking "design of your network" level stuff that will probably take a few hours of back and forth.)

Presuming you know what a router is and how subnets and VLANs work, let's look at how you can take a system that's pesudo-isolated via subnet/VLAN and really wall it off from the outside world.

1) The Windows XP firewall of it's own is shite. Ditch it and get something better that lets you lock things down more granularly.

2) Deny all by default, then whitelist IPs you want to allow.

3) Get a UTM that supports a SOCKS proxy. This proxy will be your Windows XP box's access to the outside world (and will have to be whitelisted at the XP box.)

4) Have the UTM block all websites/services/applications except those explicitly allowed. Allow those you really need.

5) If you need to allow services through to this Windows XP box - and not just basic websites - get a Palo Alto Networks box. Nothing else will do.

6) Disable *all* protocols you don't absolutely need. IPX/SPX, NetBEUI, IPv6, etc. Even Microsoft file services. If it doesn't absolutely need to be there, bin it.

What you end up with is a Windows box that can't be easily discovered by a network scan (because it's on a different subnet/vlan and shouldn't respond to pings that don't come from whitelisted partners.) This system will only be able to contact systems you absolutely need it to contact, and if it needs internet access at all if goes through a hardened unified threat management system that not only prevents you from going to Bad Places, it should be able to examine the content being delivered to your system and do things like "strip out malicious javascript, prevent flash" and whatever else is needed.

Garbage in = garbage out. By restricting what can get "in" to that machine down to the very barest minimum core you can minimize the risk of it becoming infected. Frankly, I would bet the security of a Windows XP machine so defended over the security of a fully patched Windows 8.1 machine that is "defended" by nothing more than Antivirus and a NAT box any day.

If you need more help than that, I'd point you at the spiceworks forums, or encourage you to reach out by e-mail. I would be able to either provide you some consulting services directly or get you in touch with a local sysadmin who can do all of the above (and more) to make sure your systems are hardened.

0
0
Trevor_Pott
Gold badge

Re: XP Strategy: ''Put it on its own subnet and VLAN, wall it off from everything'.

Hi there, I use this method in practice with my Windows NT, Windows 98 and Windows 2000 systems. The solution is simple: use a proper IDS+Firewall solution to control the access of this subnet to the net.

If you are impoverished, consider a "unified threat management" device. I've used the Netgear devices to great effect, though I honestly prefer Juniper's boxes. You could always build your edge device from a Linux box running snort and squid as well.

The goal here is to figure out what websites you absolutely need to access and whitelist those sites. Then you monitor absolutely every attempt to reach any other website and set up alerts. You use the UTMs + blacklists to make sure that the worst of the baddies are filtered, and the IDS (or IDS components of the UTMs) to do inline analysis of the stream and check for anything untowards.

If you need internet access - no matter how limited - on your XP box, I strongly recommend heading towards a "read only" XP environment (or at least use Deep Freeze) so that when you get infected (and even with all those defenses, it's a when, not an if) you can revert to a "known good" state.

1
0
Trevor_Pott
Gold badge

Re: Usb dongles?

Where to even begin...

A) Lots of dongles are supplied by the vendor and are parallel, serial or even SCSI (!) only. In some cases the vendor wants several hundred thousand + application upgrade (which doesn't work with the $7M industrial device, natch), and so on to get a USB dongle. In other cases the vendor simply doesn't exist anymore, or no longer supports the application. Your view of this issue is simplistic and small.

B) A VM is not the solution to all ills, no matter how hard you want it to be.

C) Lots of software will detect that you are using a server OS and promptly refuse to work. You can't shim everything.

D) Anything you can disable by GPO I can enable with a virus. You can't "enable" a glued USB port.

Your solutions are all based on the mentality of a whitepaper-wielding MCSE. Sorry, but we're off the reservation as of today.

1
0
Trevor_Pott
Gold badge

Re: Ghostbusters ref?

Get out of my miiiiiinnnnndddd!

0
0

Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed

Trevor_Pott
Gold badge

Internet. Of. Things.

You have been warned.

11
1

'Yahoo! Breaks! Every! Mailing! List! In! The! World!' says email guru

Trevor_Pott
Gold badge

Re: @ xperroni (was: What legit email admin ...)

Beetlejuice...Beetlejuice...Candleja-

3
1

Nothing's as SCARY as an overly aggressive SOFTWARE PIMP

Trevor_Pott
Gold badge
Pint

Re: Try them both on a 13" retina display..."

@hplasm

Sir, I just howled with laughter so hard that tears were streaming down my face. Thank you. I haven't laughed like that in years. God damn, I needed that.

Squid!

0
0

Tamil Nadu's XP migration plan: Go Linux like a BOSS

Trevor_Pott
Gold badge

"is it because they are afraid it would not work? Well, if these other people did it, why can't we?"

Legacy software and/or industry-specific software combine with the back-breaking cost of VDI/VDA/App-V/Thin-App and any other variant on "remotely delivering legacy Windows-based software to non-Windows endpoints.

It takes time, money and expertise to move staff from Windows to Linux, even if you have like-for-like applications across the board. When you have industry-specific stuff dragging you down...

...look, Mainframes are still around for the same bloody reason. Some of them run a dozen layers of emulation so that they can keep an application written in the bloody 60s going, because all the business logic for the entire organization lies in that ancient code. Microsoft will be the same.

The world is moving on. We are moving to newer operating systems and to companies we trust ever-so-slightly more than Microsoft. One Chromebook, iPad, Android all-in-one, Linux desktop and SaaS application at a time.

What you aren't seeing is a wholesale move from Microsoft's Windows to another single platform. Instead, you are seeing a diversity of platforms being experimented with, chosen and carefully refined to meet the needs of the niche that embraces them.

There may never be another "general operating system" like Windows again. The time for a one-size-fits all monopoly is behind us. The future belongs to task-specific devices, operating systems and applications delivered in the manner that best suits the customer, not the developer.

Competition. It's occurring right now, and no matter how much some folks want to desperately deny it, the world has changed forever from the days of Redmondian supremacy.

Microsoft is culturally incapable of making the changes required to foster trust amongst its customer base. That will be its mortal wound. Maybe it will shrink back to a small cluster of die-hard fanboys like Apple, and then come through the looking glass punching above its weight. maybe.

But it won't have the same market conditions Apple did. There won't be just one or two major players to contend with. There will be an army of quality developers catering to every niche, each with a fiercely loyal userbase. It isn't just turning the ship around that's going to be a bitch: the hearts and minds already lost will spread dissatisfaction and affection for the enemy virally. Countering that may not be possible.

2
0
Trevor_Pott
Gold badge

Re: I suspect this is brinkmanship.

"so until that date, (unless there is a hideously bad vulnerability discovered) there is no difference from before."

Pffft. Even *I* have unpatched vulnerabilities for XP in my back pocket, and I'm not a professional black hat by any means. Please...XP is wide open and in a little under 48 hours from now killing it dead will become a bloody sporting event.

0
0

Where the HELL is my ROBOT BUTLER?

Trevor_Pott
Gold badge

Re: maybe (What about our dependence on fossil fuels)

Atoms. You can split them. You can fuse them. Energy is released. With the exception of the overly anxious and the very "special", everyone on this planet is aware that we have the technology to meet our energy needs for some time, but choose not to, because of the meddling influence of special interests.

Fossil fuels are temporary. When the new surge of natural gas supplies in the US is gone, we'll see the pivot towards atomic power. In a goddamned hurry.

2
0

Greenpeace reveals WORLD'S FILTHIEST CLOUDS – and the cleanest may shock you

Trevor_Pott
Gold badge

Re: Real Greens.

Hear, hear!

0
0
Trevor_Pott
Gold badge

Re: Shut the right one down

We have abundant cheap energy. Both in the form of fission for base load and the big ball of fusion in the sky to provide us lots and lots of cheap power (directly, or as wind) for bursty things. All that lovely stuff you want to do that involves neat disposal of waste, extraction, recovery, etc? We can do a lot of that with the "bursty" (I.E. generally available for 8-10 hrs a day) power, whilst using base load for the rest. (Including things like keeping smelters at minimum temperature, etc.)

What it requires is kicking a bunch of NIMBYs in the ASCII and making them realize that without fission, we're all fucked.

0
0

Helpdesk/Service Desk Recommendations

Trevor_Pott
Gold badge

Re: spiceworks

Spiceworks can be extended by add-ons to be actually a lot more useful than the OOBE.

1
0