|
poo poo that pisses me off: If I'm not listening to music while working, I'll occasionally find the spawn Lum's unholy DJ work flitting around my brain. I don't have brain bleach potent enough for this.
|
# ? Oct 3, 2013 20:36 |
|
|
# ? May 4, 2024 14:45 |
|
anthonypants posted:Some outside vendor is trying to SSH in, but they're getting blocked and don't know why. According to our UNIX/Linux guy, incoming connections are limited during tax season, that they'll just have to keep trying, and there's nothing we can do about it. Errr... What?
|
# ? Oct 3, 2013 20:38 |
|
fivre posted:Errr... What?
|
# ? Oct 3, 2013 21:11 |
|
Good news everybody!quote:Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html
|
# ? Oct 3, 2013 21:53 |
|
So not only are they awful at writing software (specifically installers), they also appear to be unable to keep a website secure. Nice going Adobe.
|
# ? Oct 3, 2013 21:58 |
|
anthonypants posted:Yep. But it's not tax season?
|
# ? Oct 3, 2013 21:59 |
|
baquerd posted:But it's not tax season? Actually, it's almost always tax season-- apparently this time of year is the tax time for people who put off their stuff in April.
|
# ? Oct 3, 2013 22:08 |
|
baquerd posted:But it's not tax season?
|
# ? Oct 3, 2013 22:10 |
|
roflsaurus posted:I figured this was one of the better threads to ask, but feel free to redirect me if I'm wrong. The way I've done file server migrations (P2V, P2P, V2V) without mucking with VHDs: - Create new 2012 VM and join it to the domain as Server2 - Robocopy all data from Server1 to Server2 preserving all security attributes (with the /SEC or /COPYALL flag) - Use this registry export/import technique to copy the share information from Server1 to Server2 - Kick everyone off on a Friday night - Remove server1 from AD and shut it down - wait until AD change has propagated - Rename Server2 to Server1 - restart the lanmanserver service on the new Server1 Protip: You should master this technique by building a test 2003 file server and a test 2012 server and practice with some scratch data on a few test shares. Agrikk fucked around with this message at 22:13 on Oct 3, 2013 |
# ? Oct 3, 2013 22:10 |
|
Maneki Neko posted:Good news everybody! Well, that's consistent with the level of work quality I've come to expect from Adobe.
|
# ? Oct 3, 2013 22:24 |
|
Yet another security system compromised. Same poo poo different day. I swear it's nearly guaranteed to happen to every company at some point. At least the numbers were encrypted. They didn't say anything about passwords so I guess it's just sales data?
|
# ? Oct 3, 2013 22:32 |
|
the littlest prince posted:Yet another security system compromised. Same poo poo different day. No, they got encrypted passwords too.
|
# ? Oct 3, 2013 22:41 |
|
Maneki Neko posted:No, they got encrypted passwords too. Here's what I worry about : with all of the revelations about what the megalomaniacs at the NSA have been up to (potential backdoors inserted into industry standard NIST algorithms, or even deliberately compromising the design from the outset, etc) exactly how long is it going to be until someone figures out how to exploit those same weaknesses? I reckon there's going to be a point in the next couple of years where anything encrypted with one of those algorithms today might as well be in pain text. I know someone's going to say "but password encryption should be one way only" (i.e. hashed) and I agree, it should, but this is Adobe we're taking about so it probably isn't. Plus the credit card numbers definitely won't be.
|
# ? Oct 3, 2013 22:54 |
|
anthonypants posted:I'm not a tax guy, but it is about six months after, so maybe six-month extensions need to be filed in a couple weeks? But between the "tax season" thing and the "limiting incoming connections while incoming connections are important" thing, I think the second thing is much worse. I used to do IT at a tax consulting firm that handled corporate taxes (and some businesses like partnerships and sole proprietorships that go on the individual's taxes). You've got it right. Corporate tax = 3/15 Individual tax = 4/15 Corporate tax extensions = 9/15 Individual tax extensions = 10/15 "Tax season" for us was pretty much February 1 through April 15, and August 1 through October 15. Meant there were about five months out of the year that vacations and whatnot were frozen out
|
# ? Oct 3, 2013 23:18 |
|
You can also optionally file quarterly, I believe, which would mean around now.
|
# ? Oct 3, 2013 23:24 |
|
rolleyes posted:Here's what I worry about : with all of the revelations about what the megalomaniacs at the NSA have been up to (potential backdoors inserted into industry standard NIST algorithms, or even deliberately compromising the design from the outset, etc) exactly how long is it going to be until someone figures out how to exploit those same weaknesses? I reckon there's going to be a point in the next couple of years where anything encrypted with one of those algorithms today might as well be in pain text. I don't think the problem is as bad as you make it out to be. I mean, AES has been studied and poked and prodded for over a decade now and still can't be reliably cracked. There is a good block of text about this from GigaOM via Businessweek about this exact issue in the context of Silent Circle changing their crypto. I am by no means any sort of crypto expert though, so I'm just relying on Professor Alan Woodward knowing his poo poo in this case.
|
# ? Oct 3, 2013 23:26 |
|
Maneki Neko posted:Good news everybody! I didn't think it was possible to hate Adobe more than I do already, but there you have it.
|
# ? Oct 3, 2013 23:39 |
|
Maneki Neko posted:Good news everybody! Couldn't you have said "everyone"? You caused me to start hearing that in Professor Farnsworth's voice, and then it kind of squeaked out into a body. I demand a refund on my hearing-this-in-my-voice experience, please do the needful.
|
# ? Oct 3, 2013 23:50 |
|
Agrikk posted:The way I've done file server migrations (P2V, P2P, V2V) without mucking with VHDs: Thanks! Share information and permissions are not particularly important, there's only two shares (which I can recreate). And permissions I can reapply manually if need be. I just wasn't sure how gracefully AD handles a new server with the same name as an old (albeit removed) server.
|
# ? Oct 4, 2013 00:14 |
|
incoherent posted:I'd rather take the poo poo and get the org on a DFS share with a move to 2012 than continue the same infrastructure. Theoretically, you should be ok. Here is to hoping nothing is calling on the specific SID of that server! Absolutely this. Set up DFS, add the current server to it, switch everyone to use the DFS shares (which should just be as easy as changing GPO mappings - if it isn't.....fix that). Then set up the 2012 server, add it to the DFS shares, replicate, turn off old server. I've done about four or five complete overhauls this way of clients' fileserving infrastructure. By this I mean upgrades of fileservers in multiple locations, with absolutely no downtime whatsoever. None. DFS has its faults, but what it does it does really well, when it works. These days I'll set it up even at clients where there's only one fileserver and there'll only ever BE one fileserver, specifically so that when they need to upgrade, they can just set up the new server, let DFS replicate, enable referrals to the new server, and turn off referrals to the old server. Only issue is Macs - they supposedly added DFS support in 10.7, but it's janky and unreliable to say the least. So far we've been testing DAVE from Thursby Software, and it seems to solve most of the issues. Edit: also, you should hold off until Oct 18 if you can so you can use Server 2012 R2. So far in my testing of it, they seem to have done some of the same thing they did with Server 2008 R2, where it had the final level of polish on top of Server 2008 so it was actually usable (i.e. ask me about wiggling a mouse in the lower right hand corner of a GODDAMN RDP WINDOW MICROSOFT YOU FUCKS. YES I KNOW I CAN HIT ALT-HOME, THAT'S STILL RETARDED). Ahem, what I'm saying is that a start button, if it still takes me to Metro, is loving useful as poo poo. gently caress hot corners. And you can set it to boot to desktop without third party software, etc. SyNack Sassimov fucked around with this message at 06:22 on Oct 4, 2013 |
# ? Oct 4, 2013 06:11 |
|
The following was inspired by things I had my customers either demand I allow on their boxes, or things i've had to fix after they've broken them. I'm a bad admin (I don't care) (to the tune of "I'm so bad, baby I don't care) I telnet to the box as root I pull the power to reboot I run my cables above the lights I give my users admin rights no ids, no virus scan I edit passwd file by hand I cat files with a pipe to more I store my passwords in a drawer AD's broke, profiles roam rm -rf on /home I'd like to think i'm a bofh but i'm a bad admin, I don't care
|
# ? Oct 4, 2013 14:43 |
|
Maneki Neko posted:Good news everybody! Guarantee this is because someone at adobe didn't update flash, and had their machine compromised.
|
# ? Oct 4, 2013 16:42 |
|
anthonypants posted:Some outside vendor is trying to SSH in, but they're getting blocked and don't know why. According to our UNIX/Linux guy, incoming connections are limited during tax season, that they'll just have to keep trying, and there's nothing we can do about it. quote:The [tax] systems are currently unavailable due to required backups being run for the current tax processing season.
|
# ? Oct 4, 2013 18:26 |
|
roflsaurus posted:I just wasn't sure how gracefully AD handles a new server with the same name as an old (albeit removed) server. Just as long as you give AD time to replicate changes between steps you'll be fine. I did a migration like this in a hurry one time and things got a little hinky for a while because I didn't give AD enough time to propagate the "delete old server info" step before the "create new server as old server name" step. Replication finally sorted itself out after a little bit, but during that time there were authenticated user access issues.
|
# ? Oct 4, 2013 18:49 |
|
nitrogen posted:I edit passwd file by hand Does that include vipw? Because I use that to edit passwd daily....
|
# ? Oct 4, 2013 21:23 |
|
Agrikk posted:Just as long as you give AD time to replicate changes between steps you'll be fine. code:
|
# ? Oct 4, 2013 21:34 |
|
This happens maybe 75% of the time when a new user account is created:
I don't know how or why this happens, I just know it happens to new accounts the most. Sometimes it happens to existing employees.
|
# ? Oct 4, 2013 22:18 |
|
feld posted:Does that include vipw? Because I use that to edit passwd daily.... Nah, vipw is cool, just like visudo is. It wont let you save it if you gently caress up. I had someone try to comment out an entry in the passwd file to disable a user once...
|
# ? Oct 4, 2013 23:31 |
|
That's a nice UX horror.
|
# ? Oct 5, 2013 00:33 |
|
MrMoo posted:That's a nice UX horror.
|
# ? Oct 5, 2013 01:02 |
|
rolleyes posted:Here's what I worry about : with all of the revelations about what the megalomaniacs at the NSA have been up to (potential backdoors inserted into industry standard NIST algorithms, or even deliberately compromising the design from the outset, etc) exactly how long is it going to be until someone figures out how to exploit those same weaknesses? I reckon there's going to be a point in the next couple of years where anything encrypted with one of those algorithms today might as well be in pain text. People pretty much always use inappropriate algorithms to hash/encrypt passwords anyway. If you've got a long, completely random password, you might be okay, but 90% of those passwords might as well be plaintext.
|
# ? Oct 5, 2013 16:31 |
|
anthonypants posted:Copyright (c) 1997-2007 Novell, Inc. That's also your answer to why it happens.
|
# ? Oct 5, 2013 23:15 |
|
Started a new job last week and the change from working in the private sector to working at the county admin building has been a shock. Like having to use Groupwise for everything. I understand legacy systems, entrenched, etc. but isn't Exchange somewhat a standard? Adding to that, what the job listing and what I was told in my interview is just a tiny bit different than what I'm actually going to be doing. I thought it was a maintenance position and would be assisting someone else while the county TV station upgrades to HD. Turns out, I'm in charge of everything having to do with the station. I'm still trying to wrap my brain around that since I had no power/position at my old station and I considered myself a glorified helper monkey. "Here's a list that a consultant made four years ago with recommended items. He's working on another one that we will actually use for the purchasing plan." "Great, I'll look it over." I don't recognize any of these brands and they all look way overpriced. "Hey, we used to get the Pentagon channel a couple years ago on the sat dish but its gone now. Could you find it again." "OK, let me find a page that translates the acronyms that the dish controller uses into actual sat names. Found one, damm I didn't know tripod still existed." 20 minutes later "Cool, got the signal. Dammit, they aren't broadcasting due to the shutdown of the federal government." But I'm trying to look at it in a positive way. I'm going to be in charge of every aspect, from systems to buy to the color of individual wires. So I'm gonna be documenting the hell out of everything; labels, Visio, MS Project, etc. I figure I do good here and I can write my ticket elsewhere.
|
# ? Oct 6, 2013 08:49 |
|
anthonypants posted:This happens maybe 75% of the time when a new user account is created: Does your org have Universal Passwords enabled? If so, you have to ignore that entire page in ConsoleOne as UP supersedes netware/simple passwords; use iManager to set their password. It sounds to me as if some of your admins/account creators aren't aware that UP is enabled and that isn't being taken into account when the users are set up. What version of the client are you using on the desktop; is it configured for passive logon(aka "non-novell credential provider")?
|
# ? Oct 6, 2013 12:53 |
|
diremonk posted:Adding to that, what the job listing and what I was told in my interview is just a tiny bit different than what I'm actually going to be doing. Do your title and pay reflect your new found responsibilities?
|
# ? Oct 6, 2013 14:29 |
|
Volmarias posted:Do your title and pay reflect your new found responsibilities? What, do you think he's a business major or something?
|
# ? Oct 6, 2013 14:57 |
|
diremonk posted:Like having to use Groupwise for everything. I understand legacy systems, entrenched, etc. but isn't Exchange somewhat a standard? No.....not really. Especially in older organizations. This sounds like a fantastic opportunity, not something that should piss you off.
|
# ? Oct 6, 2013 16:31 |
|
Motronic posted:This sounds like a fantastic opportunity, not something that should piss you off. It really doesn't piss me off too much. I'm actually excited by the opportunity. I just wish I had known that I would be what is basically a chief engineer instead of just a grunt. Plus I wish I was getting paid a bit better too for this, it's still very good but less than what I know other people with the same sort of responsibility get.
|
# ? Oct 6, 2013 18:25 |
|
diremonk posted:It really doesn't piss me off too much. I'm actually excited by the opportunity. I just wish I had known that I would be what is basically a chief engineer instead of just a grunt. Plus I wish I was getting paid a bit better too for this, it's still very good but less than what I know other people with the same sort of responsibility get. Let's double-schedule everything. First in Outlook and then again in Podio or whatever collaboration tool we're using this week. Bonus points if the time/dates/location aren't the same between two identical events.
|
# ? Oct 7, 2013 14:12 |
|
|
# ? May 4, 2024 14:45 |
|
Haha, our place can be so petty. They're spending goodness knows how many tens of thousands of pounds doing a refurb job, but in the canteen are notices that the drinks facilities are for staff only, not for the contractors. Sorry builder boys, you're gonna have to sort out your own goddam tea! A mug of that stuff costs us like £0.10, we're not made of money! To add actual IT content, erm.. unpredictable backups-to-tape running on an ancient version of Backup Exec on ancient unpredictable hardware. Will it take 4 hours today or 8? Only way to find out is wait for the results!
|
# ? Oct 7, 2013 15:31 |