|
Super Soaker Party! posted:Sure, there's certainly reasons to hold off on upgrading to a brand new platform, it just seems like if you're not someone to upgrade vSphere really frequently (5.5 is from 2013), you may as well wait a little longer and go to the most current release. '2013, whats wrong with that. It's not like it's from 2006' 'oh'
|
#
?
Apr 16, 2020 22:17
|
|
|
|
| # ? May 31, 2024 08:43 |
|
|
Super Soaker Party! posted:Eh? If you upgrade this infrequently, why are you not giving it a month or two to make sure there's no huge bugs and upgrading to vSphere 7? Seems a little silly to "upgrade" to a two year old platform. If it were my call to make, we would be. I have been BEGGING to upgrade for at least 4 years. I think my boss is just terrified of moving to a linux virtual appliance for no good reason. We were forced into upgrading (thankfully) because we couldn't receive support on 5.5 and we are doing a whole bunch of poo poo that required support. I think what finally broke my boss into upgrading was that he purchased like 16 new mezzanine adapters for the chassis' and they won't work on 5.5.
|
|
#
?
Apr 17, 2020 05:19
|
|
|
A friend of mine wanted to try jamming over the internet using JamKazam so I set it up ahead of time, but I ran into a problem where the JamKazam app wouldn’t detect their network test servers. So I started futzing with my network, and tried and failed to get it working through three different firewalls (thank goodness for VLANs). It turned out to be that JamKazam has shut down all the test servers because they kept breaking... But I ended up with a neat little pFSense firewall all configured in my lab environment and it wouldn’t take much to make it my primary firewall and send all my two dozen IPSec tunnels to it instead of my NSA4500. The problem is that my VMware environment has dedicated storage and clusters and 10g fiber switches whereas my NSA is a simple device that I can power up independently of everything else. So hmmm... keep the NSA4500 or go with a virtual pFSense VM?
|
|
#
?
Apr 17, 2020 06:31
|
|
|
Agrikk posted:A friend of mine wanted to try jamming over the internet using JamKazam so I set it up ahead of time, but I ran into a problem where the JamKazam app wouldn’t detect their network test servers. Keep the NSA for general routing, use the pfSense VM for your VM cluster's internal poo poo?
|
|
#
?
Apr 17, 2020 07:27
|
|
|
Shove the NSA4500 on eBay and see if you can buy a nice Netgate appliance with the proceeds
|
|
#
?
Apr 17, 2020 16:48
|
|
|
SlowBloke posted:Question is genuine and your idea/answer is wrong. Digital signatures services require a list of public CA (for instance all european EIDAS CA can be found here https://webgate.ec.europa.eu/tl-browser/#/ ) and in order to successfully verify any sign you need to add the signature provider CA to adobe(and/or windows). No need for "Adobe CA" But after having a meeting about it, it is not as bad as I originally suspected. We aren't trying to become a CA, and she will do the leg work of reaching out to providers on the AATL. Initial discussions seemed to indicate that we would use our existing CA for this instead of paying for certificates, but that wouldn't even solve the problem she encounters unless we become a trusted provider ourselves which is a laughable idea. But my biggest gripe with implementing is still a problem; supporting 200 people across like 6 different versions of adobe on how to create and use verified esignatures. Also, what about people using other PDF products? I don't even know how well those integrate. Adobe creates .fdf files that as far as I know are only supported by Adobe and Foxit, not Javelin, Nitro, Bluebeam... etc, which we also use. AFAIK there's just no good solution to that except "just make everyone use Adobe." The reason I want to tell them all to gently caress off is that there's really no reason for any of this. It's because people are being lazy and not entering their own invoices into our ERP themselves, like they're supposed to. Instead they're just signing PDF's and forwarding them to finance to figure it all out. I feel like it would actually be a lot easier and more efficient to just force each department to maintain their own budgets and handle their own invoices, then remaining complacent and forcing one department to do their jobs for them and dragging ITS down along the way. This is not an IT problem. This is a laziness problem.
|
|
#
?
Apr 17, 2020 17:14
|
|
|
GnarlyCharlie4u posted:This is not an IT problem. This is a laziness problem. At least most of these problems at my job have been shoveled into the backburner pit, because now we have Real poo poo to Worry About. Like how to get computers to users. And how to unfuck the VPN client patching just hosed up.
|
|
#
?
Apr 17, 2020 18:09
|
|
|
Dirt Road Junglist posted:At least most of these problems at my job have been shoveled into the backburner pit, because now we have Real poo poo to Worry About. Like how to get computers to users. And how to unfuck the VPN client patching just hosed up. Same, and everyone seems to get that lately. Which is why it is so odd that this request cam in at all, let alone with such a short deadline "because it should be easy." I mean ffs we are right in the middle of a crisis just trying to keep up with and figure out what seem to be daily changes to WFH policy and practices let alone all the major infrastructure work that is being done. Digital signatures have probably been an issue for you for how many years? How the gently caress could you be so bored as to FINALLY decide that now is an appropriate time to start a new project?
|
|
#
?
Apr 17, 2020 18:26
|
|
|
GnarlyCharlie4u posted:Same, and everyone seems to get that lately. Which is why it is so odd that this request cam in at all, let alone with such a short deadline "because it should be easy." Wait, they thought certificates were going to be easy?  We've been working on that for YEARS now.
|
|
#
?
Apr 17, 2020 18:40
|
|
|
Dirt Road Junglist posted:Wait, they thought certificates were going to be easy? That's why I just pointed them to Adobe's cert program and told them to gently caress off. If they want to pay $30/user then fine, I guess. But also we are on a budget freeze so that is never going to happen. I'm not getting rope-a-dope'd into some bullshit non-problem with all the other poo poo I have going on.
|
|
#
?
Apr 17, 2020 19:20
|
|
|
nominal posted:My boss: Oh, it's DEFINITELY going to eat up a lot of time. They're going to be stuck with that loaner PC for AGES waiting for it to get shipped out, looked at, and then finally come back. We might even sit on it for a while after that. Then, we're going to nail that user's rear end to the wall. That's not petty, to me. That's fighting basic sociopathic, unprofessional behavior If a user hosed up, I'm much more likely to cut them some slack. You lie to me, and you're now my absolute lowest priority. Mistakes and accidents happen, and I can forgive that - bullshitting me is a (bad) deliberate choice. We will likely find out what you did, and the repair vendor definitely will.
|
|
#
?
Apr 17, 2020 20:29
|
|
|
I was SO happy to have someone else be responsible for SSL at my current job. The number of times that I had to track down approvals for hosted sites (because sales argued it was a value add for us to do SSL for everything including discounted Windows Shared Hosting) when I worked at the ISP is probably in the hundreds if not over a thousand.
|
|
#
?
Apr 17, 2020 22:27
|
|
|
I like SSL and certs. It’s all PKI at heart and people look at you like you’re a loving wizard
|
|
#
?
Apr 18, 2020 00:38
|
|
Cat Army
|
I just got a ticket for a user that "can't remember their phone PIN" after we sent out a message requiring Duo 2FA beginning tomorrow. I looked up the device and this phone has literally NEVER been used for anything since it was deployed. 0 minutes, 0 data, email is not enrolled, it's not in Airwatch, his Google account has never been signed into. So glad we've been paying for that phone for 3 years.
|
|
#
?
Apr 21, 2020 18:44
|
|
|
An email came in from a user complaining that he can't get an internet connection on his "personal music device" and asking if we know why that is. He also knows "that normally [his] internet service gets its connection via one of the office machines in [his] area." Sorry, user, we can't help you connect a personal device to the department network. Also, the gently caress?
|
|
#
?
Apr 21, 2020 19:37
|
|
|
dragonshardz posted:An email came in from a user complaining that he can't get an internet connection on his "personal music device" and asking if we know why that is. I had one today with a user complaining how our VPN prevents him from browsing a hardware store website, and that we should correct it so that he doesn't need to disconnect the VPN to shop for his patio repairs. I was this close to remotely loving with his hosts file to make it even more difficult for him.
|
|
#
?
Apr 21, 2020 21:50
|
|
|
Attestant posted:I had one today with a user complaining how our VPN prevents him from browsing a hardware store website, and that we should correct it so that he doesn't need to disconnect the VPN to shop for his patio repairs. This, but, “Why won’t my wifi printer work when I’m on VPN?” Do not ask me about such things as split tunneling or whatever. I don’t care. Not my department.
|
|
#
?
Apr 21, 2020 23:05
|
|
|
Dirt Road Junglist posted:This, but, “Why won’t my wifi printer work when I’m on VPN?” It’ll work if you do spl- quote:Do not ask me about such things as split tunneling or whatever. I don’t care. Not my department. Lol
|
|
#
?
Apr 21, 2020 23:07
|
|
|
Even with split tunneling, if your wifi printer is 192.168.0.100 and your company's DC is also 192.168.0.100, printing won't work until you disconnect from VPN.
|
|
#
?
Apr 22, 2020 00:10
|
|
|
GreenNight posted:Even with split tunneling, if your wifi printer is 192.168.0.100 and your company's DC is also 192.168.0.100, printing won't work until you disconnect from VPN. When I did small business consulting I got to redo a company’s internal network just for this reason.
|
|
#
?
Apr 22, 2020 00:12
|
|
|
Yeah, there is a handful of users in this boat. Our company line is if you want to print, disconnect from VPN.
|
|
#
?
Apr 22, 2020 00:13
|
|
|
I hope this episode gets people to realise that VPNs are terrible and to look for alternative ways to secure access to corporate data
|
|
#
?
Apr 22, 2020 00:28
|
|
|
Thanks Ants posted:I hope this episode gets people to realise that VPNs are terrible and to look for alternative ways to secure access to corporate data Copy the company database to thumbdrives and distribute to the employees?
|
|
#
?
Apr 22, 2020 00:35
|
|
|
Open RDP to the public? Manually setting up NAT forwarding so that every workstation has its own port? Letting the domain controller have 3389?
|
|
#
?
Apr 22, 2020 00:40
|
|
|
The Fool posted:Open RDP to the public? I just got faux-cancer from the mere thought of these.
|
|
#
?
Apr 22, 2020 01:02
|
|
|
GreenBuckanneer posted:I just got faux-cancer from the mere thought of these. "I believe in open source administration. Open up ssh and rdp, and eventually someone will get mad at how badly things are set up and fix it."
|
|
#
?
Apr 22, 2020 01:09
|
|
|
GnarlyCharlie4u posted:I just got a ticket for a user that "can't remember their phone PIN" after we sent out a message requiring Duo 2FA beginning tomorrow. no mobile device administration tracking data/enrollment use? 
|
|
#
?
Apr 22, 2020 01:25
|
|
|
GnarlyCharlie4u posted:it's not in Airwatch Why is an assigned mobile resource not already in airwatch regardless of them having used it before? Why are devices not being checked if they're being used on a regular basis?
|
|
#
?
Apr 22, 2020 01:28
|
|
|
The Fool posted:When I did small business consulting I got to redo a company’s internal network just for this reason. When I ran IT for a small business I got to redo their internal network just for this reason.
|
|
#
?
Apr 22, 2020 02:02
|
|
|
GreenBuckanneer posted:Why is an assigned mobile resource not already in airwatch regardless of them having used it before? He got it before we even had Airwatch. Airwatch is dead now anyway because it broke and we stopped paying for support. My boss has refused any of my suggestions for a replacement, so we just have no MDM again. At least I got KME setup, but nothing to point it to for enrollment so in a year when we finally decide on another lovely platform that isn't MobileIron or Maas360 or Google then I will get to nuke everyone's poo poo and listen to relentless bitching about ~~MY FILES~ Also, GreenBuckanneer posted:Why are devices not being checked if they're being used on a regular basis? You're loving hilarious. Like I have time to babysit 200 devices to make sure they didn't download candy crush saga. I inherited a completely hosed deployment and did what I could with what I had while working like 80 hours a week on actual important poo poo for 2+ years. All my calls to do it right fell on deaf ears. e: if it makes you feel better I just cancelled like 30 devices from our verizon account that haven't been used in... I couldn't even tell you how long. Like iPad 2's and poo poo. 3G devices that can't even get service now that verizon has ended it. GnarlyCharlie4u fucked around with this message at 02:20 on Apr 22, 2020 |
|
#
?
Apr 22, 2020 02:14
|
|
|
GreenNight posted:Even with split tunneling, if your wifi printer is 192.168.0.100 and your company's DC is also 192.168.0.100, printing won't work until you disconnect from VPN.
|
|
#
?
Apr 22, 2020 03:42
|
|
|
Let me tell you the story of a very very very large Korean electronics manufacturer who's internal IP space to this day sits on ranges owned by Egypt. Actually I'm not going to tell you it's too depressing.
|
|
#
?
Apr 22, 2020 04:35
|
|
|
We still have some critical plc infra running in a Siemens-defined lab subnet from the 90s... Thankfully its a completely separate redundant fibreoptical network, but still!
|
|
#
?
Apr 22, 2020 05:24
|
|
|
Mustache Ride posted:Let me tell you the story of a very very very large Korean electronics manufacturer who's internal IP space to this day sits on ranges owned by Egypt. I want 2 know. Without getting into specifics, we do this too, but it was put together by a team much smarter than me in a time that IPv6 wasn't really a thing, and the needs of our industry warrants several million private IP addresses that a single /8 can't cover. It's never been a problem and the current system Just Works so I can understand whey there's been no push into converting to v6 and the massive amount of retraining that comes with that.
|
|
#
?
Apr 22, 2020 12:22
|
|
|
Mustache Ride posted:Let me tell you the story of a very very very large Korean electronics manufacturer who's internal IP space to this day sits on ranges owned by Egypt. How long before someone starts a war to get hold of an IP-address block? After all, as resources go, they are currently more valuable that oil.
|
|
#
?
Apr 22, 2020 12:30
|
|
|
GreenNight posted:Even with split tunneling, if your wifi printer is 192.168.0.100 and your company's DC is also 192.168.0.100, printing won't work until you disconnect from VPN. this is why i assign random, odd net numbers to my various networks, rather than going with the classic 0.0/24 or 1.0/24 saved my rear end a couple times so far
|
|
#
?
Apr 22, 2020 13:26
|
|
|
I think one of our office networks is still using the netblock assigned to Iran or North Korea. I'm sure one of our former employees did it for the lulz at some point.
|
|
#
?
Apr 22, 2020 13:36
|
|
|
Truga posted:this is why i assign random, odd net numbers to my various networks, rather than going with the classic 0.0/24 or 1.0/24 Same here.. Setting up our servers, I went with a scheme that was unlikely to be used by a home user. Our VPN Pool also uses an atypical scheme.
|
|
#
?
Apr 22, 2020 13:47
|
|
|
Our new networks are like 10.99.99.*, 10.99.98.*, etc. Just migrating the old ones are a big ol' hassle and we don't want to do it.
|
|
#
?
Apr 22, 2020 14:14
|
|
|
|
| # ? May 31, 2024 08:43 |
|
|
Shut up Meg posted:How long before someone starts a war to get hold of an IP-address block? i don't know but it sounds like a job for tom clancy's net force
|
|
#
?
Apr 22, 2020 14:47
|
|
