* Posts by Rockets

40 posts • joined 9 May 2017

Docker invites elderly Windows Server apps to spend remaining days in supervised care

Rockets

Re: Nothing is new

This doesn't fix the NT (!!!!) or Windows 2000 boxes (one of each), but at least we can focus on those separately.

What we did with these applications is to firewall them off from the rest of the network and use a VDI client to run the application with the most modern desktop OS we could. These VM's were firewalled too. Users don't really like having to use VDI to get to these apps but they are typically not used much and mostly read only legacy data.

We had one production system though. We'd being pushing to get it migrated etc for years. Six months of having to use VDI and the money and will from that department to migrate to something modern suddenly appeared. Funny how that happens.

1
0

Strewth! Aussie ISP gets eye-watering IPv4 bill, shifts to IPv6 addresses

Rockets

CG-NAT Will Be Opt Out

Aussie broadband will allow opt out of CG-NAT for people that need a public IPv4 address on their router. Aussie has been wanting to go dual stack for some time but they've been held up in their IPv6 deployment for NBN due to software issue on their Cisco ASR9K's. NBN requires QoS set to 0 for ICMP & DHCP. For the ASR9K's IPv4 would allow Aussie to set the QoS to 0 and respect it, for IPv6 it was ignoring the interface QoS value setting of 0 and setting it to 6 so NBN would drop the packet. Cisco has now addressed this problem for them so they can move forward with their planned deployment.

1
0

'Surprise!' West Oz gummint is hopeless at information security

Rockets

Having been through a audit like this the auditors typically want an offline copy of the AD database etc and then use tools to extract the password hashes and run other tools like hashcat against them testing against the dictionary.

I once failed an audit because the server rack doors weren't locked. Even though the rack cabinets all had the same key out of the factory. The server room itself had much better security but the auditors don't care.

4
0

Facebook Messenger backdoor demand, bail in Bitcoin, and lots more

Rockets

Re: Govt Shenanigans

Haha - oops. I did mean steganography not stenography. In my defence I do have brain damage to my language centre after I had a brain tumour removed which was the size of a lime.

2
0
Rockets

Govt Shenanigans

We've got end to end encryption now on messaging systems because various Governments proved that they couldn't help themselves by breaching the privacy of everyone to snoop on a few miscreants. If the Govt gets what they want who's to say that the determined crims or terrorists won't just fall back to older forms of encryption such as one time pads, stenography etc. American prison gangs seem to be able to communicate at will between inside & outside the jails using old fashioned ciphers & other techniques. Rather than SIGINT perhaps the governments invest more in HUMINT.

4
0

'Oh sh..' – the moment an infosec bod realized he was tracking a cop car's movements by its leaky cellular gateway

Rockets

Why an Internet APN?

I find it interesting that these cellular gateways were connected to a APN that was public Internet. I would have though that the police & fire departments would connect these devices to a APN that connected them to a private network that only those departments could access.

This is what we do with our WAN routers which have 4G failover for the primary MPLS connection. The 4G IP addresses are routable via the MPLS the telco provides us. The PPP AAA from the 4G interface is even routed to our own RADIUS servers so I can set the username, password, IP address the interface gets as well as defining static routes via RADIUS for these connections. We also have some sites that 4G is their only connectivity and they connect this way too. It took a little bit of effort to set this up with the telco in the beginning but it's one of their standard offerings for enterprise customers so it wasn't that hard either. Not exactly rocket science, but we change the default credentials too and apply security updates when required.

2
0

Greybeard greebos do runner from care home to attend world's largest heavy metal fest Wacken

Rockets

Don't fear the Reaper

I gotta have more cowbell!

5
0

Porn parking, livid lockers and botched blenders: The nightmare IoT world come true

Rockets

Re: You're Doing Corporate WiFi Wrong

Any sane company has at least two wifi systems: one for user's own phones / visitors / IoT crap / etc, and a 2nd (or more) that is more locked down and only for approved corporate devices that need to access internal systems.

Most corporates would use controller based WAPs solutions from companies like Cisco, Aruba etc that support multiple SSID and security deployments with AP groups and have a profiling tool that can send a RADIUS CoA to the controller when a rogue device is detected. Even SMB's have products that are affordable while being able to support different security requirements. Ubiquiti Unify, Foritnet or Draytek WAPs with their own firewall products give controller like experience as well as being able to firewall traffic.

Have a SSID for your corporate devices using EAP-TLS for security. Mobile devices should be provisioned by an MDM so they get the correct certificates to use. If you can't afford a MDM or don't have the staff to deploy an internal CA infrastructure then use a PEAP secured SSID and firewall it. Mobile devices could be firewalled off and on a separate SSID depending on your use case.

Another SSID for guest access that is on separate VLAN & firewalled off with P2P disabled. Use a PSK or Captive Portal for security. I prefer Captive Portal so you can see who's connected to the guest WiFi. Any IoT crap gets it's own SSID, VLAN and firewalled off & P2P disabled again. If you have to use a PSK with these devices, only IT & application support get to know the PSK and you'd restrict the devices access to the bare minimum for them to work on the firewall so you don't any free loaders on this SSID.

Security is hard and you need to spend some money but a competent network admin should be able to deploy a reasonably secure WiFi solution no problem at all.

Probably more a case of the line manager insisting on you doing WiFi security right (from the point of view of his convenience).

IT staff shouldn't report to a line manager for security related items. If the manager has a problem they can take it up with who's responsible for IT security or my boss. As IT staff I'll happily work with the line manager to be able to accommodate his requirements but only in a secure fashion and I'll be completely up front about it. If it's a rush I'll do my best to help them out as quick as I can but if I need extra hardware then he's going to have to wait. If my boss tells me to cut corners for a deployment, I'll do it but then my boss most likely wouldn't ask anyway because at the end of the day it'll be his name on a incident report if something happens and that's the last thing he wants.

1
0
Rockets

You're Doing Corporate WiFi Wrong

"It only takes a line manager to buy and plug in a new piece of kit and then type in the office's wireless password for a security hole to be opened up."

If this is all it takes to get a device on your corporate WiFi network then you're doing WiFi security wrong.

23
3

Here we go again: Monopoly case another round in Arista vs Cisco

Rockets

Re: Cisco cli is messy

if you manage 1000 switches, then having 100 with one CLI, 27 with a second one, and 4 with a third is most definitely a barrier to fleet maintenance, which is why many companies go with a single vendor for networking, big part of the motivation to go with the Gorilla.

Even between IOS 12 or 15 there's difference's. Not wildly different but different enough to be annoying. I'm constantly trying to pipe to section on IOS 12 and it drives me nuts when it fails because begin or include don't always get the information. Then there's configuration differences for RADIUS or EIGRP. Then if you move to NX-OS it's quite different again. I love in NX-OS that you can do a show run from config mode with out having to use do, but I'm always careful to make sure that I'm using copy run start least I stuff up. Throw in ASA's where you have to use write terminal. Having a completely Cisco network doesn't mean the command line is 100% the same across all of your devices.

0
0

Facebook deletes 17 accounts, dusts off hands, beams: We've saved the 2018 elections

Rockets

Facebook will take advertising dollars from anyone and are completely shameless about it. If they were serious about cleaning up their platform they'd be stricter on advertisers. You can report an ad for being inappropriate with adult content or you can block the ad from your feed by marking it as a scam but not for other reasons. They are going to keep getting targeted until they clean up their advertising.

9
0

In Microsoft land, cloud comes to you! Office 365 stuff to be bled into on-prem Office 2019 Server

Rockets

Re: Reality

I work in mining. Office 365 is useless if your on a satellite connection like some of our sites are. Other cloudy services for process control networks that are firewalled off from the rest of the network are pretty useless too.

4
1

Notes/Domino is alive! Second beta of version 10 is imminent

Rockets

Domino on AIX?

No mention of Domino being supporting on AIX/POWER. Wonder if that's still supported.

0
0

Huawei won a contract in Oz. Of course there's a whispering campaign

Rockets

Re: Mixed Messages

But the state Government ran the ability to use Huawei past the Feds twice. Both times the Feds gave the OK.

1
0
Rockets

Mixed Messages

The Aus Federal Government is really sending mixed messages here. Huawei bad for NBN & 5G but fine for rail projects. Hmmm don't know what to think. I know I see alot of companies deploying Huawei Enterprise routing & switching gear in Western Australia. So companies seem fine to the "risk".

Then there's another part to this story about how Huawei won the contract. Did free all expenses trips & gifts to government ministers when in opposition help grease the wheels?

https://www.perthnow.com.au/news/wa/wa-government-denies-conflict-over-huawei-trip-ng-b88893766z

1
0

Vodafone drank Facebook's network Kool-Aid … and LIVED!

Rockets

Re: Means watch your vendors

Good data centres will have multiple points of entry for carrier cables & POP rooms for redundancy. When we established our dual data centres we linked them via two dark fibres. We had the carrier supplying the dark fibres provide path diversity into the data centres and the cable paths. Our carrier was able to supply us with maps of the paths our cables took including the entry points to the data centres & results of the fibre test results.

1
0

Buttonless and port-free: Expect the next iPhone to be as smooth as a baby's bum

Rockets

MFi & CarPlay

I can't see Apple removing the lightning port anytime soon. A couple of good reasons off the top of my head are MFi & CarPlay.

Apple make a shit tonne of money through MFi certification for Lightning products. Why kill that golden goose for Qi which they'd make practically nothing off. I think they've only just started supporting Qi because customers really pushed for it's inclusion and it's omission was a negative on side by side comparison in device reviews with Android devices that do have it.

Most CarPlay device out there require a lightning connection. iOS has supported wireless CarPlay since version 9 but there's still only a handful of cars with it factory fitted (only Mercedes & BMW last time I checked) and number of after market units.

1
0

VPNFilter router malware is a lot worse than everyone thought

Rockets

Re: Dg834

That works on the DGN series too. Geez I knew Netgear stuff was crap but that takes it to a new level. I once had a number of Netgear business model switches on a clients LAN that would leak broadcast traffic across VLANs. Even though there was a firmware update to address it they got replaced in short order with some HP Procurves.

4
0

Apple MacBook butterfly keyboards 'defective', 'prone to fail' – lawsuit

Rockets

Re: The only Mac I ever owned had the worst keyboard I've ever used

My daughter has the latest MacBook Air as it was on her school list and my son has an older MacBook Pro 2012 that I was given & use when I need to test something from a Mac. Both the keyboards are horrible compared to the other laptops I have in the house. Albeit they are all Thinkpad's - T410, T420, 3 X230's, Gen1 X1 Carbon & a T460s. The MacBook keys feel sloppy and have quite a bit of play in them (they wobble) and the typing experience isn't pleasant at all. I've also comapred to a Surface Pro 4 type cover and a new Asus Vivobook and they all beat the MacBooks.

3
0

Collateral carnage as ZTE sanctions see Australia’s top telco dump mobe-maker

Rockets

Re: Not quite

@Mark Exclamation

I have found their customer service to be damn good

You're trolling surely. I've dealt with just about every level of Telstra sales and support for mobile, landline & data services with in Telstra there is. The only decent support is their Enterprise data support but other telcos do it better there too. The worst is their BigPond & home phone support. I know I need to set aside 30 minutes on hold before I get to speak to some level1 script reading puppet in a 3rd world country that can't do stuff all except reset passwords or perform speed tests & then maybe escalate.

2
0

Apple somehow plucks iPad sales out from 13-quarter death spiral

Rockets

Re: iPad user here

While you're at it, perhaps you could explain the difference between a Scotsman and a True Scotsman...

A true Scotsman wears nothing under his kilt......

6
0

FTTP NBN gone from draft Australian Labor Party policy platform

Rockets

Re: No FTTC for you, Sangropers!

Yet again WA getting screwed over by the east. WA will have the highest amount of FTTN out of the whole country. Secession now!!

1
0

Hawaii Live-Go! Microsoft launches Honolulu admin tool for cloud and on-prem

Rockets

The last time Windows truly had a all in one admin single interface for management was just before Exchange 2007. You could have a custom MMC with everything you needed with Mailbox and IM controls on the user account properties in AD.Then Exchange & Lync went to their own Silverlight based management interfaces and suddenly you had to use three interfaces to manage your users. PowerShell, while powerful, is such a god damn awful mess. To get anything useful done the command gets so damn long by the time you use pipe to link three commands together. PS's tab to auto complete is horrible, who ever thought alphabetically cycling the available options was better than presenting all possible options with a double tab Unix style had rocks in their head.

2
0

Why a merged Apple OS is one mash-up too far

Rockets

Re: Two words:

I think you're on the money here. Apple will kill off the ageing and no longer loved, by Apple, Macbook Air and replace it with a ARM powered Apple Netbook/Chromebook competitor that will have a cut down version of Mac OS on it that can run iOS apps as there's heaps of those for education.

2
0

Java-aaaargh! Google faces $9bn copyright bill after Oracle scores 'fair use' court appeal win

Rockets

Re: so it's a win

There's a third thing that Oracle knows how to do and that is to bleed customers dry with expensive licensing and support contracts while providing as little support as possible.

22
0

Oracle sued over claims of shoddy service, licensing designed to force adoption of its kit

Rockets

Typical Behaviour

Typical behaviour from that One Rich Asshole Called Larry Ellison. How else is he going to pay for his Americas Cup campaigns?

11
0

Dolby sues Adobe for dodging license fees

Rockets

Adobe are only happy to audit their customers looking for clients being under licensed and handing customers a bill for outstanding licenses, good to see the shoe on the other foot for a change. Adobe audits can be brutal.

1
0

Too many bricks in the wall? Lego slashes inventory

Rockets

Set Prices

Lego is often criticised for the set prices but I think there's a significant amount of royalties being paid by Lego to companies to use their brands in sets - especially Disney. When you compare a Friends set to a Star Wars or Marvel set, Friends is quite a bit cheaper. A medium or large tub of the Classic brand is even cheaper still. The quality of the knock brands such as Lepin has gotten better but it's still quite inferior to Lego. I don't mind paying the price of Lego for my kids as I know I can sell it later 2nd hand as there's huge demand for old Lego sets or even just a bunch of random bricks. Or I'll store it away for the later generations as it will last.

2
1
Rockets

Re: Lego Classic boxes?

Yep Lego Classic kits are for those pining for old school Lego building. I've seen Lego Classic kits in the stores just a few weeks ago. The Lego Classic Large box 10698 has 790 pieces in 33 colours with a variety of brick shapes. RRP £39.99. My only complaint about these is the 33 colours, I'd rather a reduced colour palette.

My son is wanting to buy some of these so he can just free build his own stuff. He's got a tonne of Lego which are mostly Star Wars kits which he generally displays but he regularly tears them down to either rebuild them or free build stuff out of the parts. I miss the old Space range of my childhood like the Galaxy Explorer & Galaxy Voyageur. These days I've got numerous large UCS Star Wars sets (Millennium Falcon, Slave I & Star Destroyer) and some Technic cars like the Porsche GT3 RS

2
0

Samsung left off Google's new official Androids-for-biz list

Rockets

"Oh and Blackberry is still a Canadian company headquartered in Canada."

BlackBerry Limited, formerly RIM, exited the handset market in 2016. BlackBerry Mobile which is TCL now makes BlackBerry branded handsets. The KeyOne & Motion are the first BlackBerry Mobile devices. TCL as you'd know is Chinese.

"Nokia is owned by Microsoft and they may just kill the phones."

Nokia Android devices are made by Foxconn for the Finish HMD which bought the Nokia feature phone division from Microsoft Mobile in 2016.

And Google sold Motorola Mobility to Lenovo in 2014.

0
0

Cisco surges after pricing switches-plus-subscriptions just below old hardware prices

Rockets

Re: It's another rip-off in the making

The Cisco ONE licenses for Catalyst 9K's are subscription only. The feature set licenses have been reduced to just two variant's - Network Essentials & Network Advantage. Essentials is equivalent to LAN Base and Advantage to IP Services. Want to only buy IP base then you're S.O.L, pay more for the Advantage subscription. If your subscription expires the hardware won't stop working but you can't access any software upgrades either.

See the 11 page FAQ if you really want to know more, page 6 for switching. https://www.cisco.com/c/dam/en/us/products/collateral/software/one-wireless-subscription/q-and-a-c67-739601.pdf

1
0

Suspicion of villainy leads Facebook to ban cryptocoin ads

Rockets

Re: Selective clean-up

Facebook really need to more about the really low quality of ads of Facebook and some of the blatant knock offs being flogged by dodgy retailers. eg I get ads for Calvin and Hobbes merch regularly but I know that the author, Bill Watterson, doesn't license Calvin & Hobbes merch at all. Heaps of Star Wars knock off products and LEGO knock off's like Lepin being advertised. Seems most of the time as long as your cheque doesn't bounce Facebook are all too happy to run your ads.

1
0

Half a terabyte in your smartmobe? Yup. That's possible now

Rockets

When my iPod Classic 7th Gen hard drive failed a little while ago I considered a whole bunch of different Portable Media Players like the Fiio, Sony Walkman, JRiver, Astell & Kern etc but the one thing that didn't make me buy one is car integration. Just about every semi modern car supports iPod to some degree via the USB interface with the ability to control from the head unit itself. All other PMP's seem to just use a line out and with the police cracking down on mobile usage in cars, touching the PMP could lead to fine. In the end I went with a new iPhone replacing my 2 year old Android phone.

0
0

SAP customers won't touch the fluffy stuff... so here's another on-prem HR data tool

Rockets

Maybe SAP clients aren't moving because SuccessFactors is a horrible product to use. I hated it when I had to use it at a company I worked at. Maybe it was our HR department's use of it but doing our yearly performance reviews & goal setting through it was not an experience I'd like to ever repeat, it was that bad.

1
0

€100 'typewriter' turns out to be €45,000 Enigma machine

Rockets

Re: There is quite a bit of that floating around Eastern Europe

"You think I know fuck nothing, but I tell you I know fuck *all*"

That exact line appeared in the 1999 Australian movie "The Wog Boy".

Another ripper from that movie was: "I'm half-Serbian, half-Croatian. I wake up in morning, I want to kill myself!"

5
0

The life and times of Surface, Microsoft's odds-defying fondleslab

Rockets

ACer said don't build it

Acer chief exec JT Wang advised their partner not to do it, saying: "It is not something you are good at so please think twice."

Could say the same thing about Acer, their hardware is cheap garbage. Admittedly I haven't tried anything from Acer in the last couple of years but a number of years back I did some work for a client who had all Acer hardware - servers, PC's & laptops. The server would rebuild it's RAID array on every reboot, a firmware update would fix this but also destroy all the data. The PC's had enough USB power to run a USB thumb drive but not an external 2.5" USB drive from a single USB port. The laptops were so flimsy they'd bend by just looking at them.

Last time I touched an Acer was when a family member bought a cheap Acer laptop and asked me to set it up for her. So riddled with bloatware from the factory it was ridiculous. Never seen anything like it. Format C: and reload Windows from scratch was the best cure.

0
0

Wi-Fi Dream Home Of The Future™ gets instructions for builders

Rockets

Re: Lucky me

We completed a major renovation of a house we bought last year. Part of the renovation we had the electrics completely rewired as the house was built in the early 80's. The electrician also rang 20 CAT6 data points through out the house for me in conduits in the wall as it's a full brick house. This way I can upgrade the cabling at any point easily or add extra cables. These go back to a patch panel in a 6RU wall mounted rack cabinet. I've got a 28 port Cisco 2960S PoE+ switch in the rack & 3 x 1142N AP's throughout the house. I've only enabled the 5Ghz radios in the Cisco WAP's. I've also got 3 10 port 3560CG Cisco PoE+ switches in places where I need a lot of connections like my home office, home theater room & lounge room. I'm planning to upgrade the WAP's when I get more 802.11ac devices.

As plumbers used to say "do it proper, do it with copper".

3
0

'The internet is slow'... How to keep users happy, get more work done

Rockets

Satellite

"Internet connectivity is ridiculously cheap"

Maybe for most locations in cities but not when you start going into regional areas. Tell that to people where their only connectivity is via satellite, people who are on a RIM (pair gain), people who only have 3G coverage or dialup (like parts of Seattle).

I know of a location where satellite is their only connectivity and that runs at around $45k USD per month for a 8MB service.

For a enterprise that takes security seriously every Internet ingress/egress point will need firewall's, web filtering and IDS/IPS services. All those cost money to license & maintain.

1
0

Plutus Payroll says deal with Australian Taxation Office may be close

Rockets

Government departments should not take a course of action that blocks an employee receiving their due wages ever. They are the innocent victims in this. I was involved in something similar with a former employer and due to bad timing I am still owed $21K by the company which I'm never going to see.

The company went into administration when I was serving out my notice period so I didn't qualify for any government entitlement protection schemes because I didn't loose my job due to the administration. The NSW treasury put a garnish on the companies bank accounts, due to outstanding payroll tax, after they had signed a Deed Of Company Arrangement which took any money they made and the company went into liquidation soon after. As there was nothing left of the company any creditors with out insurance got screwed. The major suppliers to the company which all had insurance were the ones that pushed for liquidation so they could get they money back via the insurance. The payroll tax issue was because the NSW government wanted payroll tax for every employee of the company not just he ones based in NSW which was pretty dodgy to say the least. In the end they didn't get much of the tax anyway because the garnish made it impossible for the company to function so they cut their nose off to spite their face.

0
0

Foxtel emits new sueballs, this time targeting TV streamers

Rockets

Re: Thanks Foxtel

Using a VPN also allows you to give the middle finger to the governments meta data logging laws to boot

2
0

Forums

Biting the hand that feeds IT © 1998–2018