* Posts by J. Cook

591 posts • joined 16 Jul 2007

Page:

Microsoft's Windows 10 Workstation adds killer feature: No Candy Crush

J. Cook
Bronze badge
Flame

Cores n sockets and a license to print money...

Microsoft has stated that they are switching to a "per core" licensing model.

Not "Per Socket".

So that five year old, four socket, 6 core per socket machine (24 cores total) you've just EOL'd and replaced with a brand new, two socket machine with 14 cores per? it's gonna cost more to run yer stuff on it. And IIRC, that's physical cores, NOT vCPU (for you Hyper-V/vmware kids)

Got a single VM running SQL enterprise on it, which is taking up 4 vCPU? Guess what, you have to pay for 28 cores worth of SQL Enterprise as opposed to the previous pricing, which was only four cores. (aka bend over and prey they have lube)

At least that's what I've been led to believe- we can't seem to get a straight answer from our TAM or any of the licensing 'experts' they have access to...

4
3
J. Cook
Bronze badge

Re: I thought there was no consumer junk?

Even better, it's lurking about in Server 2016, which is a bit of a pisser.

9
0

OpenSSL alpha adds TLS 1.3 support

J. Cook
Bronze badge
Paris Hilton

Re: "A grand redesign"...

Well, if it involves using the lava lamp wall in Cloudflare's SFO offices.... possibly.

Sadly, I'm not joking.

(Article here: https://blog.cloudflare.com/randomness-101-lavarand-in-production/)

1
0

Who wants dynamic dancing animations and code in their emails? Everyone! says Google

J. Cook
Bronze badge
Mushroom

NO. Just NO NO NO NO NO.

We have *quite* enough problems at [RedactedCo] with the _normal_ trickle that manages to get past the spam filters. I really don't have enough bandwidth to write a content filter that drops anything AMP enabled, but sure as death and taxes, I'll do it if it keeps my mail servers from getting that much more larded up.

And before I read the article, I thought it was talking about Cisco's Advanced Malware Protection (AMP) which is already a feature on their security appliances....

0
0

It's official: .corp, .home, .mail will never be top-level domains on the 'net

J. Cook
Bronze badge
Boffin

@Lee D:

The formal name for the 'hack' is called "Split DNS", and if you've had to deal with Exchange, you will be very, very familiar with it.

example: owa.redacted.com internally resolves to the load balanced IP address of the exchange client access servers, whereas on the outside, it resolves to an external IP address which points at the same load balancer through a firewall, which is also doing NAT at the same time. This way, you only need to configure a single name, and for the execs and sales people (and others with laptops that tend to unchain themselves from the desk) as long as Exchange and outlook are configured for RPC over HTTPS, it will just work.

1
0

Intel adopts Orwellian irony with call for fast Meltdown-Spectre action after slow patch delivery

J. Cook
Bronze badge

Re: Open source hardware needed ?

... And have you *seen* how much the Power9 kit is?

0
0

BOFH: We want you to know you have our full support

J. Cook
Bronze badge

Re: >KZZZZZZEEERRRRRRT!<

@hplasm, re: Thwack.

I see what you did there. (and their software is maddenly annoying to use as well...)

1
0
J. Cook
Bronze badge

Compleately off topic, but the band Neuroticfish did a cover of that song on their album Gelb; it's actually pretty good. (as is the original version from 1966...)

4
0

Now that's taking the p... Sewage plant 'hacked' to craft crypto-coins

J. Cook
Bronze badge
Facepalm

This surprises me in what way, again?

Someone needs to break out the chalk and write 100 times on the board "SCADA systems should never be granted internet access".

Either that, or send Vinne and Guido over to break some fingers.

4
0

Beware the looming Google Chrome HTTPS certificate apocalypse!

J. Cook
Bronze badge
Go

Re: Class Libel Suit anyone ?

Certificates are typically used to secure the connection to the site, not the data the site stores.

That's a different drum of bees entirely.

And Certificate Authorities are entirely about trust, and reputation- I'll trust Let's Encrypt and Digicert (oddly enough) before I'd trust other companies like Comodo and the (soon to be dead) Symantec with trusting them to act responsibly.

I lost faith in Verisign back when the internet was still young, because they made the (terrible) decision to sell their domain registrant lists to marketing companies. (This was before such services as domain registration privacy were even conceived!)

Being a commercial CA means, to me at least, that your company behaves in a certain manner to the best of it's ability and does not, for example, intentionally issue wildcard certificates for domains you don't have any control over or a traceable request from the domain's actual owner to anything connected anywhere *near* the public internet. That's what killed Symantec's CA trust- they issued a wildcard certificate for google without google's permission, which got out on the public internet and them claimed that it was for a 'test lab' when google (quite rightfully) called them out on it.

5
0

Infinidat techie: Let me tell you a thing or two about ruler-format SSDs

J. Cook
Bronze badge
Trollface

Re: More dinosaurs

I keep hearing that about tape, too; Except that I just got a quote from our vendor for a 20 pack of LTO5 tapes that was under a thousand bucks, and if I'm willing to wait for our decrepit library to fill all twenty tapes (~4-5 days under optimal circumstances) that gives me between 30 and 60 TB of storage that can survive a fall off my desk. AND it's cheaper than the equivalent amount in flash, too.

Troll icon for obvious reasons. :D

5
0

Dell goes swimming in Skylake to source 14G server line

J. Cook
Bronze badge

Re: just be prepared to wait if you want SSDs

"The Dell-EMC config tool has fun quirks like that. Alternatively talk to a Dell-EMC (or HPE) partner and have them do the configs and transaction for you."

This. Had to do that with the last dell server I bought at [RedactedCo].

0
0

Skype for Biz users: Go watch nature vids. Microsoft wants you to get good at migration

J. Cook
Bronze badge

Re: Good Riddance to bad rubbish

Complete agreement.

About the *only* thing that changed between Lync 2013 and SfB was the name; everything else remained the same. Hell, the SfB client even cottens on if you are trying to connect to a Lync server and adjusts itself appropriately.

3
0

Forget cyber crims, it's time to start worrying about GPS jammers – UK.gov report

J. Cook
Bronze badge

Re: Big Brother is Watching You

... Are you channeling aManFromMars?

0
0
J. Cook
Bronze badge
Go

Re: UK Priority on emergency networks

FWIW, that happened on 9/11 in NYC; the cell network decided to have a bit of a tea break when everyone on the island either tried to make, or receive a cell call within minutes of each other. The land lines faired slightly better, at least.

1
0

Johnny Hacker hauls out NSA-crafted Server Message Block exploits, revamps 'em

J. Cook
Bronze badge

Re: Whoah

Sadly, yes. For the large part, it's SMB v2 (or 2.5, 3, 3.12, 3.flavor of the day, etc.) and smb v1 should be firmly turned OFF.

Also, who the hell exposes the SMB port to anything external?

5
0

Scammers become the scammed: Ransomware payments diverted with Tor proxy trickery

J. Cook
Bronze badge
Trollface

Go industrial grade or go home

Netapp snapshots are immune to being corrupted by ransomware, primarily because while it *does* act at a shadow copy to a mundane windows machine, it's an entirely different beast behind the curtain.

While I've not actively *tested* it (no safe environment *to* test in ATM), As long as the ransomware is not executing directly on the file server, I want to say that shares using shadow copies are safe as well. YMMV, not actively tested, do not take this as ironglad, no warrenty implied, etc etc etc.

0
0

STOP! It's dangerous to upgrade to VMware 6.5 alone. Read this

J. Cook
Bronze badge
Pint

Re: Another gotcha with 6.5 VCSA...

That having been said, the actual *process* for deploying a VCSA is nicely streamlined, along with the 6.0 U2 installer. (the earlier installers were... less than helpful regarding the order of what needed to be done.) The deployment wizard, while not very verbose, is straightforward enough, and the vCenter installer is very straight forward about what you need to do.

The Update Manager installer still sucks, though.

I also found that if one is using the embedded database for Update Manager, then it should probably go on it's own machine (NOT! the external PSC!), at least for a moderate deployment such as ours (~20 hosts and ~400 or so vms)

YMMV.

1
0
J. Cook
Bronze badge
Pint

Another gotcha with 6.5 VCSA...

... is that it *requires* a properly functioning DNS in order to not mess it's pants halfway through the install; if one is doing a bare metal build, one has to either use IP addresses for everything, or manually build a DNS server that is authoritative for the address it's living in.

This week saw me trying three times to get the appliance to install to some old hosts for a test lab that [RedactedCo] is building for a major application update, and I had to port a copy of the production domain controller into test so that I had DNS of 'some form' operational. (I'll spare you the shenanigans of finding out that the flash-based site needing a fully patched and updated workstation to keep from crashing and a patently useless HTML 5 client for such things as setting up permissions; fair to say that it took me about two days of actual time spent to get the thing stood up to the point of being able to start building actual infrastructure in the test environment.)

1
0
J. Cook
Bronze badge
Boffin

Yep, that bit [RedactedCo] hard two weeks ago; we kept wondering why vCenter would randomly stop responding on the web client, and we'd have to re-boot the vCenter machine. This all started after we upgraded the 6.0.[mumble] to 6.0U2 some months previous. It got to the point where none of the services would start, and I called in VMware on a 'OMGMAYDAY' priority ticket. (because not being to manage the environment actually *IS* an emergency around here...)

Turns out, 6.0U2 with an embedded PSC *and* a linked vCenter (also with an embedded PSC) is not a supported configuration. Your Humble poster got to build a new external PSC, A new vCenter, restore the vCenter database (after bodging the broken machine up far enough to get a database backup!) so that Distributed vSwitch would continue working, then re-connect hosts..

That was the main site; the second site that had the linked vCenter got a similar treatment (external PSC and new vCenter).

Thankfully, the only downtime we endured was having no automated HA or DRS shuffling while that was taking place, no granular backups of the environment, and our DR solution broke horribly as well, requiring a full reinstall. The business never noticed anything was wrong, and none of the applications they used skipped a beat.

0
0
J. Cook
Bronze badge
Thumb Up

Re: Upgrading?

@ Locky:

"For major versions in VMware, I find it's rarely worth it.

Build new and migrate."

THIS TIMES MANY MILLIONS.

We did that going from 4.1 to 5.0, then to 5.5, and then again to 6.0.

It's a pain in the tuckas having to re-build the clusters (unless you are also doing hardware upgrades concurrently), but it's certainly cleaner.

2
2

IT 'heroes' saved Maersk from NotPetya with ten-day reinstallation bliz

J. Cook
Bronze badge
Pint

Re: I hope

I've (thankfully) never had to restore AD from a backup, and Bog as my witness, I hope to never need to.

Pulling the plug on a DC was *definitely* a heroic measure- even if it's not a FSMO, if it's a global catalog server, it can be promoted to one and used to rebuild from.

0
0

Samba 4.8 to squish scaling bug that Tridge himself coded in 2009

J. Cook
Bronze badge
Joke

Re: "....get Samba working on HP-UX....."?

@Diodesign: When I read that, I went 'wait, HP-UX is still around?!?!?!' :D

0
0
J. Cook
Bronze badge

Re: Samba is still relevant?

Indeed- [RedactedCo] has a requirement of 'corporate data can be stored ONLY on servers located on-prem'.

Does Microsoft have a version of OneDrive that's not cloud connected and is on-prem only? (and presumably sucks less than the file sharing services/DFS bodge they've been using for the past decade)

1
0
J. Cook
Bronze badge

Re: Samba is still relevant?

Bloooooooooody hell this.

*remembers the multi-hour deathtrap that was standing up a sharepoint 2013 installation, and the 15+ step scripted process that, if ONE THING BROKE, meant the entire process had to be scrapped and started over from the beginning.*

2
0

Electronic voting box makers want kit stripped from eBay – and out of hackers' hands

J. Cook
Bronze badge

Re: Admin passwords in the user manual

"Seems like common sense."

Common sense, sadly, is not so common anymore.

2
0

Serverless: Should we be scared? Maybe. Is it a silly name? Possibly

J. Cook
Bronze badge

Re: Problematic

At [RedactedCo], we've been largely resistant to anything 'cloud'-esque for a while now, primarily because most of the data we deal with is company sensitive and under the ever watchful eye of the regulator that allows us to operate.

6
0

'The capacitors exploded, showering the lab in flaming confetti'

J. Cook
Bronze badge
Flame

Re: Improbable

Putting voltage on the Ground plane does.... interesting things to computers.

I trashed my old Commodore 128 by putting 9VAC on the ground plane for the CMOS and TTL logic chips, and blew most of them. How did I do this? By putting a RS232 converter on the expansion port upside down....

And then there's the time that one of the clients for a company I was working for had an electrician who managed to put 208 on the neutral line and blew up (flames and everything!) two brand new computers. Fortunately for the client, the server was on a UPS which merely went into isolation when it saw voltage where voltage ought not to be...

4
0

Playboy is suing Boing Boing over Imgur centrefold link

J. Cook
Bronze badge

Re: OMG that video

It *is* a classic; the later ones are... worse.

1
0

Cisco can now sniff out malware inside encrypted traffic

J. Cook
Bronze badge

Re: Content Filters?

If I understand the article correctly, it doesn't perform a MITM attack and looks at the traffic pattern instead of the actual traffic itself. (that's what the websense/Ironport WSA/ barracuda/etc. do when you boil it down.)

It's annoying as hell, but I'll keep my transparent https proxy; it's saved our bacon quite a few times.

0
0
J. Cook
Bronze badge
Boffin

Re: Yes, there are concepts for that...

that requires setting up full auditing on the database servers, which usually are dealing with a good load already; having it log every single query and transaction puts a fairly good dent in performance, not to mention that you will then need to put all that extra data somewhere, run an analysis against that data set to look for those patterns, eliminate false positives (admins checking things, poorly designed applications inflicting brute force and ignorance queries on the engine, etc.) and then look at the 'interesting' ones closer.

that can be a significant amount of overhead for what may essentially be nothing.

I'm not saying that it's not possible, I'm saying that it's expensive.

2
0

Spectre and Meltdown fixes: How will they affect storage?

J. Cook
Bronze badge

Re: EMC would theoretically be affected

Not just EMC, but any storage appliance that uses dedicated software/firmware on it.

This would impact Netapp and Nimble as well, IIRC; they run intel on their controllers.

0
0

Pickaxe chops cable, KOs UKFast data centre

J. Cook
Bronze badge

Re: Not entirely true

AGM's also don't generally like being charged all the time, either- that's what usually kills the battery packs on the APC units. Generally what happens is one or more of the batteries in the pack get tired of dealing with the overcharge and go dead open, at which point the pack stops charging entirely, and you lose protection entirely. Given the prices that APC charges for replacement battery packs, I'm more fond of buying a set of replacement batteries and re-building the packs- the downside to that is that you void the connected equipment coverage by doing that. I'm not quite certain what the big 3-phase Emerson-Liebert beasts we use at RedactedCo use, but I don't have to worry about it because we have them on a maintenance contract, and the company we are using is quite reliable..

0
0
J. Cook
Bronze badge

Re: UPS and power shenanigans...

@Roland6: It's usually only a problem when it's intentionally done by an electrician who got the bill for the outage they caused to the businesses in that office complex, *and* our bill for the replacement of hardware, technician labor, call out, etc. :)

If I recall correctly, said electrician shorted the 220V line in to the something- now that I'm thinking, it might have been the neutral line and not the ground line. (US uses hot, neutral, and earth ground for most things) In any case, two of the workstations did not like whatever they did and the capacitors in their power supplies blew up rather messily. the UPS did exactly what it was supposed to do- isolated the load entirely, then shut down.

It was fun walking into the shop in the mornings and smelling freshly cooked power supplies.

0
0

To Puerto Ricans: A Register apology

J. Cook
Bronze badge

Re: Forgot to show up

Bold claims- post proof please. (and by proof, meaning you list your sources instead of quoting World Nut Daily, Faux News, or the other tinfoil sites.)

5
2

VMware: Sure, you might run our stuff on bare-metal Azure, but we don't have to like it

J. Cook
Bronze badge
Joke

But will we be able to run a Hyper-V instance on top of this VMware instance on top of the Azure instance?

(bonus points if you can manage to run a VMware instance inside of all that, for full on inception mode. :))

1
0

Magic Leap blows our mind with its incredible technology... that still doesn't f**king exist

J. Cook
Bronze badge
Holmes

Easy answer for lawsuits...

... declare bankruptcy and fold the company. If it's done right, the CEO scam artist walks away with the boodle and rides off into the sunset on some island with non-existent extradition laws.

2
0

Mailsploit: It's 2017, and you can spoof the 'from' in email to fool filters

J. Cook
Bronze badge
FAIL

Re: the only reason why I've not gotten around to setting up DMARC

"a) Ah, the greybeard sysadmin that refuses to learn anything introduced past the 1970s, and uses the 'I don't want to break things' as the main excuse."

HAHAHAHAHAHAHAHAHA *Falls out of chair laughing* You verry funny person! (It's more of "we don't have a test environment set up to _properly_ test things before whopping it on production" sort of excuse. Also, the stuff I've been using is a touch more modern than sendmail. (which I've never admin'd, I'll add- postfix (iirc) and exchange, and some really oddball windows smtp server app which I've forgotten the name of)

Also, I have no beard. :P)

"b) Aren't you paid to ensure your systems are using the best solutions and practices?"

Yes, but that's job number.... well, not job #1. or #2. Maybe job #7 or 9, but it's in the top 20, I assure you. (I like using standards and best practices; less documentation for me to write, and if I get hit by a bus, whoever steps in can get up to speed a bit quicker.)

"c) better protecting your messages from spoofing is not important?"

Lately, we've been more concerned with incoming messages rather than outbound messages- but that's on the list as well.

2
0
J. Cook
Bronze badge
Go

Re: the only reason why I've not gotten around to setting up DMARC

Thanks for the *helpful* information (unlike the anon cow-ard who was probably the downvote source)

The SPF wizard does appear to work nicely; I just have to go 'round and see what all else decided to bypass our mail gateways (including a handful of external services!) so I can put in something that's 'correct enough'. Same with DMARC.

Our mail gateways have a toggle and setup for DKIM, I just have to review the documentation in my copious free time (which may happen next week, TBH) and make sure I've got all the parts ready for it.

2
0

'Please store the internet on this floppy disk'

J. Cook
Bronze badge

Re: I'm not sure what's worse

GODS YES. Our front line support minons do this ALL THE TIME. Our helpdesk software will accept *any* file for attachment to the tickets, but nope- gotta paste a screen shot of the two-monitor wide image into a portrait oriented word document...

6
0

Ugh, stupid power supplies hogging server density, who needs 'em?

J. Cook
Bronze badge
Boffin

RE: -48V...

I can tell you that having the ground lug brush against the live lug produces pretty blue sparks. :D (Yeah, I should have wrapped that lug with electrical tape prior. I was stupid back then.)

I can also tell you that shorting the -48 plane of a PDC to the ground plane with an uninsulated nut driver is a very good way to get forcibly removed from the data center it's installed at. (Not me, but someone else- I was told that story when I asked about the 1/8" notch in the 1/4" thick copper backplane at that data center...)

0
0

HMS Queen Elizabeth has sprung a leak and everyone's all a-tizzy

J. Cook
Bronze badge
Boffin

Re: Aren't those fighters going to get a bit dated?

Um...

Well, the US has a couple:

B-52: in service since 1955

F-4 Phantom/Phantom II: In service from 1960, finally retired by US in 2016 (other nations are still flying them)

that's off the top of my head, with a little help from wikipedia. I'm sure the some of the propeller heads around here can rattle off a few more.

7
0

Android trojan has miner so aggressive it can bork your battery

J. Cook
Bronze badge
Trollface

Re: can't blame the malware

"if the components of a phone are capable of overwhelming the passive cooling ability of the battery, that is a failure of engineering of the mobile phone itself if it does not step down the performance to keep the heat in safe operational bands."

Yes, that's called 'value engineering', and it's done primarily by middle managers who are trying to squeeze every last cent of build cost out of the thing by using components that are ok for normal use, but are inadequate if the thing needs to run at full power for anything longer than short bursts.

7
0

'I knew the company was doomed after managers brawled in a biker bar'

J. Cook
Bronze badge

For me, it was a 2 liter soda bottle, ~1 square foot of tinfoil, and muratic acid. fold the the tinfoil and slide in the neck of the bottle, add ~2 inches of acid, cap tightly, and throw as far away as you can, and avoid the giant white cloud of gas when it finally blows.

There was some lesson to be learned after that, but I don't rightly remember what it was. (it was an allegory or something- this was a sunday school lesson at the church I used to attend.)

1
0
J. Cook
Bronze badge
Pint

Dereck Lowe (he of "sand won't save you" fame via his blog "in the pipeline") has some amusing commentary regarding LN2 tanks and what happens when you intentionally disable the safety features:

http://blogs.sciencemag.org/pipeline/archives/2006/03/08/how_not_to_do_it_liquid_nitrogen_tanks

And one for LOX:

http://blogs.sciencemag.org/pipeline/archives/2010/03/10/how_not_to_do_it_liquid_oxygen_cylinders

2
0

5 reasons why America's Ctrl-Z on net neutrality rules is a GOOD thing

J. Cook
Bronze badge

Re: Bombastic Bob

"Are you saying that BB is not only a bot, she's a Fembot?"

Great, now I have Frau Farbissina screaming "SEND IN THE FEMBOTS!" in my head.

(funny movie series, although the 'coffee' scene in the second one was a little too far over the top for my taste.)

2
0
J. Cook
Bronze badge
Coffee/keyboard

You owe me a new chair- I laughed so hard at this article I peed myself and ruined my shiny new office chair.

(In all seriousness, though- this might just be the end times upon us all.)

27
0

Funnily enough, no, IT admins who trash biz machines can't claim they had permission

J. Cook
Bronze badge
Black Helicopters

Re: Intent not proven, just "reasonably" assumed

"As it's pretty bloody unlikely that even the thickest of managers are going to give those particular instructions"

My previous manager did exact that; I refused, with the grand-manager on CC, which is my usual reply when I'm being ordered to do things that will damage the company or give grounds for me to be canned.

A good solider knows when his orders are full of s&^t.

4
0

Murdoch's Fox empire is set to become a literal Mickey Mouse outfit

J. Cook
Bronze badge

Re: No need for Disney to buy Fox News

At least there's be something approaching competition for a little bit. In my area, I can either have mostly reliable broadband with a 1 TB month cap and a promised guarenteed speed rate for under one hundred american notes, or something approaching the same speeds without any promises that I'll actually get it (aDSL), no reliability guarentee (oh a bird sat on the line and you lost your internet? sucks to be you!), the same data cap, for about the same price. I've not even looked at wireless internet for the house, except that while it's not great (worse than a hard wired connection), it's at least not Canada's wireless arrangement. (Pay by the BYTE, and crap service at that.)

1
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018