Docjowles posted:Related, The Infinite Hows (or, the Dangers Of The Five Whys) by John Allspaw is a great (if very long) blog post on the topic of building a healthy culture around outages and mistakes. Thank you for posting this. My last job had a boss who did just this and it wasn't just him - whenever something failed, or whenever a change went wrong, it was a witch hunt. Since the company still had pensions and there was a very real Warsaw Pact-ish environment between ops and engineering (Engineering being the USSR, Ops/Helpdesk and other internal IT groups being Poland, Lithuania, etc.) there was always an attempt at a blame game to pin it on some other gomer below you, or someone else, and to ensure that they got the scutwork of cleaning things up to prevent Rare Issue X from ever occurring. It's good to know that other methodologies exist - we don't do this kind of blame-pinning where I am, but we have other organizational problems. Either way, promoting this kind of thinking - "how" vs. "why" - is a very good thing.
|
|
# ? Dec 18, 2014 16:54 |
|
|
# ? May 13, 2024 06:55 |
|
Does anyone have any experience working for a National Laboratory / Department of Energy? I got a message from a recruiter about a job at Argonne and I've been really interested in working at National Lab for a long time.
|
# ? Dec 18, 2014 17:49 |
|
mayodreams posted:Does anyone have any experience working for a National Laboratory / Department of Energy? I got a message from a recruiter about a job at Argonne and I've been really interested in working at National Lab for a long time.
|
# ? Dec 18, 2014 20:43 |
|
Has anyone read about the technical-side of the Sony hack? Was their IT Department terribly run and cut too many corners when they shouldn't have or was this something amazing like Stuxnet?
|
# ? Dec 18, 2014 20:54 |
|
Tab8715 posted:Was their IT Department terribly run and cut too many corners when they shouldn't have or was this something amazing like Stuxnet?
|
# ? Dec 18, 2014 21:00 |
|
Tab8715 posted:Has anyone read about the technical-side of the Sony hack? I did read something about text files with passwords so I assume it wasn't really mission impossible stuff.
|
# ? Dec 18, 2014 21:10 |
adorai posted:If I were to guess, they had little security once you were inside, and someone fell for a social engineering ploy. What I want to know is where did North Korea get anyone with experience in disparate networks outside the country? Do they have people they trust enough to be doing IT for the government that could go into pentesting/actual penetration well enough to pull this off? Or did they somehow get China to loan them the technical corpus to pull it off?
|
|
# ? Dec 18, 2014 21:27 |
|
NK has a tech arm of the government that is segregated from the local public and treated like kings. There's also the possibility of someone external finding access and selling a map and how-to to NK. There aren't any details either way as yet.
|
# ? Dec 18, 2014 21:31 |
|
MJP posted:What I want to know is where did North Korea get anyone with experience in disparate networks outside the country? Do they have people they trust enough to be doing IT for the government that could go into pentesting/actual penetration well enough to pull this off? Or did they somehow get China to loan them the technical corpus to pull it off?
|
# ? Dec 18, 2014 21:31 |
|
Tab8715 posted:Has anyone read about the technical-side of the Sony hack? The CIO was quoted as saying that he wouldn't spend 10 million to protect 1 million. http://mashable.com/2014/12/05/sony-hack-infosec-comments/ And they're saying the hack could cost $100 Million after the $171 Million loss on the playstation hack. http://blogs.wsj.com/cio/2014/12/10/the-morning-download-sony-breach-could-cost-100-million/ I'm not sure the measure of the damage done to the relationships with Sony. Things like calling Angelina Jolie a spoiled brat now being public: http://www.usmagazine.com/celebrity-news/news/sony-hack-key-events-from-leaked-emails-terror-threats-20141812 Griffon fucked around with this message at 21:37 on Dec 18, 2014 |
# ? Dec 18, 2014 21:33 |
|
I'm significantly more interested in what NK Hadn't yet released that caused Sony to cave.
|
# ? Dec 18, 2014 21:43 |
|
psydude posted:What. People will dig in and stay put in every job in every industry. I have no idea about application development because my experience with developers is limited to yelling at them for making their applications insecure as gently caress, but moving up rapidly in the networking world is insanely easy because there's such a huge demand for the skillset relative to the labor supply. In the end, it comes down to what you want to do: if you're interested in development, then obviously pursuing a development position makes sense. If you like networking, then pick up the CCNA book and start cranking. But get it out of your head that there's "little room for advancement" anywhere in this industry. It just takes you getting out of your comfort zone and being open to moving between companies and even geographic locations. Can confirm there's an insane amount of career advancement in the network side.
|
# ? Dec 18, 2014 21:47 |
|
Sounds like it was more of combination of a massive government and a poorly run IT Department. Sounds like they'll have some job openings. I did see some mentions of storing plain text passwords but all the Sony Leak discussion has been mostly removed from reddit.
|
# ? Dec 18, 2014 22:13 |
|
Am I the only one that's skeptical that it's the real NK making these threats
|
# ? Dec 18, 2014 23:19 |
|
Ugh. I forgot about all the stupid "Come sell our bullshit insurance!" hits I'd get once I posted my resume. angry armadillo posted:Am I the only one that's skeptical that it's the real NK making these threats Nope. That was my very first thought.
|
# ? Dec 18, 2014 23:20 |
|
angry armadillo posted:Am I the only one that's skeptical that it's the real NK making these threats I'm skeptical about this attack being perpetrated by the NK gov't on account of it being quite a bit more than their usual saber rattling. That said, I am not skeptical of NK's ability to perpetrate complex cyberwarfare attacks. The NK gov't is not poor, and they spend a shitload of cash on a cyberwarfare program that includes putting the members up in luxury accomodations after they come back from 1-2 years of hands-on training with Chinese/Russian criminal hacker rings. Last year their attacks on SK businesses cost the SK economy $800M that we know of. The assymetric nature of cyber warfare makes it a great place to spend money, and they are actually doing it with great focus.
|
# ? Dec 18, 2014 23:32 |
|
Colonial Air Force posted:Ugh. Yeah, but those knives basically sell themselves.
|
# ? Dec 18, 2014 23:35 |
|
My last day has arrived. Feels good. I will miss the work social group, tomorrow is going to be a very bad hangover.
|
# ? Dec 18, 2014 23:38 |
|
This is awesome, live hacking attack map: http://map.ipviking.com/?_ga=1.98376799.153405815.1403529861 Right now you can see people hammering St. Louis, even their computers can't catch a break.
|
# ? Dec 19, 2014 00:29 |
|
anyone doing cool stuff with Logstash? I am mostly interested in how you collect data in a meaningful way when it comes from a variety of disparate sources? Do you try to sort out everything with input rules and match statements, or do you just say gently caress it and run multiple collection servers?
|
# ? Dec 19, 2014 02:05 |
|
Zero VGS posted:This is awesome, live hacking attack map: http://map.ipviking.com/?_ga=1.98376799.153405815.1403529861 [Nuclear launch detected] Kinda coasting right now, reaching out to Sysadmin positions on Indeed and seeing if anything sticks.
|
# ? Dec 19, 2014 02:18 |
|
MagnumOpus posted:I'm skeptical about this attack being perpetrated by the NK gov't on account of it being quite a bit more than their usual saber rattling. That said, I am not skeptical of NK's ability to perpetrate complex cyberwarfare attacks. The NK gov't is not poor, and they spend a shitload of cash on a cyberwarfare program that includes putting the members up in luxury accomodations after they come back from 1-2 years of hands-on training with Chinese/Russian criminal hacker rings. Last year their attacks on SK businesses cost the SK economy $800M that we know of. The assymetric nature of cyber warfare makes it a great place to spend money, and they are actually doing it with great focus. Why not just physically cut the cables leading to the country at that point?
|
# ? Dec 19, 2014 02:40 |
|
Got a random LinkedIn message from a company my coworker recently left for. I love pretty much everything about my current job and employer. But said coworker gave me some info on his new compensation package and I'd be insane not to talk to them. It would be for a corporation at least 2 orders of magnitude larger than anywhere I've ever worked (startup lyfe ) which makes me nervous. Current job offers extreme schedule flexibility which is worth a lot to me in the "having babies" phase of life. On the flip side my wife mostly stays at home so a major pay bump would really make a difference. Surprise YOTJ in 2015? We shall see.
|
# ? Dec 19, 2014 03:25 |
|
Methanar posted:Why not just physically cut the cables leading to the country at that point? NK situation is politically complex and volatile. That said, NATO just this past September released a new "enhanced" policy that specifically includes cyberwarfare within the definition of armed attacks that allow for Article 5 to be invoked. That's the one where NATO is required to go all-in with the attacked member state if war is declared. So like, who knows what will happen. I assume that a lot of NK physical infrastructure routes through China though so they'd have to be in on it to completely shut out NK. Then there's still options on the black markets and with shady private companies that would be willing to give them access outside access via satellite or other means. NK can pretty much do any kind of shady poo poo they want because they are a rogue nation with a gun to the head of a western ally, and the US and China are stuck forever bargaining to keep them from pulling the trigger.
|
# ? Dec 19, 2014 03:38 |
psydude posted:What. People will dig in and stay put in every job in every industry. I have no idea about application development because my experience with developers is limited to yelling at them for making their applications insecure as gently caress, but moving up rapidly in the networking world is insanely easy because there's such a huge demand for the skillset relative to the labor supply. In the end, it comes down to what you want to do: if you're interested in development, then obviously pursuing a development position makes sense. If you like networking, then pick up the CCNA book and start cranking. But get it out of your head that there's "little room for advancement" anywhere in this industry. It just takes you getting out of your comfort zone and being open to moving between companies and even geographic locations. Ah, I should have been more precise instead of rambling like I did. I was referring to network jobs within this particular account. Obviously I would do far better on the open market. However, I like where I'm at because the people are likable and the drama is minimal. Tab8715 posted:Huh? They absolutely are going to train me, though my would be predecessor found the training and support to be lacking, especially at first. After talking with my manager about it, I'm going to give it a shot. They made it very clear that I'm not expected to take the position simply because it's offered. She also said the networking manager likes me and wouldn't mind having me on the team once things settle down . I'd obviously need to get educated before any of that happens, but it's nice to know I'm making a good impression overall.
|
|
# ? Dec 19, 2014 09:24 |
|
adorai posted:anyone doing cool stuff with Logstash? I am mostly interested in how you collect data in a meaningful way when it comes from a variety of disparate sources? Do you try to sort out everything with input rules and match statements, or do you just say gently caress it and run multiple collection servers? On the other hand, if your applications have the ability to log structured JSON in the first place, you'll do much better. For this reason, Logstash seems to work a lot better with in-house apps than off-the-shelf stuff. For random unstructured logs from every device in your infrastructure, I'd shell out the money for Splunk if it was important.
|
# ? Dec 19, 2014 09:36 |
|
Che Delilas posted:You've expressed some incredulity that this kind of stuff is a real job that you get paid relatively decent money for. I'm going to try and shed some light on this for you, because people like us (techs, nerds, smart people) tend to get down on themselves for not knowing enough and don't appreciate that they have real skills. The TLDR is that we have internalized a lot of little things that allow us to work with computers on a level that most people never get to. I just started reading this thread and I know it's from way back but I just want to say that this is wonderful post. Thanks!
|
# ? Dec 19, 2014 10:58 |
|
Misogynist posted:It depends on how your data is coming in. If you're mostly dealing with bog-standard UDP syslog and trying to make it act like Splunk with rules and matchers, good luck. Generally, you'll have much better luck running the agents where you need them and making sure the data coming into Logstash is structured JSON to begin with. Talking about Logstash: Anyone know how to get ElasticSearch to format the time right? It is always two hours off. I've tried transforming it with the Logstash config and if I configure it to output to the console it transforms it to the right time, stuffing it into ElasticSearch it does not transform the date to add the two hours. I've searched around and it seems I am not the only one with this problem but so far a solution has not been forthcoming.
|
# ? Dec 19, 2014 11:05 |
|
Mr Shiny Pants posted:Talking about Logstash: Anyone know how to get ElasticSearch to format the time right? It is always two hours off. I've tried transforming it with the Logstash config and if I configure it to output to the console it transforms it to the right time, stuffing it into ElasticSearch it does not transform the date to add the two hours.
|
# ? Dec 19, 2014 11:08 |
|
Misogynist posted:I'm not really following, so I'll need a little more information: where is the data coming from, what is Logstash showing you, what is Elasticsearch showing you, how are you viewing what's coming back from Elasticsearch, and what are you expecting to see? Data is from the Windows eventlog. It comes in as a JSON string that gets handled by Logstash. In my configuration I have told logstash to not do anything to the data and stuff it right into Elastic Search. This results in the time from the events being two hours off from our local timezone. So after some searching I've told logstash to transform the date by adding two hours on top of the one it gets. Effectively compensating for Eastic Search's time being off. If run Logstash in this configuration and tell it to output to stdout and also ElasticSearch the output to stdout is correct but the date that goes into elastic search is not transformed. This is from memory, the configuration is at work. I'll see if I can get them this afternoon. Thanks. I checked the ES dates with Kibana and also with Curl. I might be misremembering some things, it's been awhile. The machine has the right timezone though. Mr Shiny Pants fucked around with this message at 11:22 on Dec 19, 2014 |
# ? Dec 19, 2014 11:18 |
|
Mr Shiny Pants posted:I just started reading this thread and I know it's from way back but I just want to say that this is wonderful post. Thanks! You're welcome. I enjoy this kind of analysis, and people in general have a lot of problems putting themselves in someone else's shoes and looking back at themselves objectively. In the case of IT people, we're so good wit computer that we lose our appreciation for how significant it is.
|
# ? Dec 19, 2014 14:04 |
|
That flowchart from xkcd is magical. I don't know how I've never seen it, so thanks!
|
# ? Dec 19, 2014 15:14 |
|
Zero VGS posted:This is awesome, live hacking attack map: http://map.ipviking.com/?_ga=1.98376799.153405815.1403529861 I want to make this into a live wallpaper, this is neat looking E: Ah hahaha if you switch tabs in Chrome, when you switch back it will 'catch up' with all the attacks and mostly just looks like a crazy deluge on St. Louis E2: I think something broke : http://i.imgur.com/msZbVsT.jpg CloFan fucked around with this message at 15:55 on Dec 19, 2014 |
# ? Dec 19, 2014 15:30 |
|
Misogynist posted:It depends on how your data is coming in. If you're mostly dealing with bog-standard UDP syslog and trying to make it act like Splunk with rules and matchers, good luck. Generally, you'll have much better luck running the agents where you need them and making sure the data coming into Logstash is structured JSON to begin with. I just set up Logstash and this is what I don't get. They created a product that can do the job of Splunk with some tweaking, but seem utterly baffled when people choose to use it that way (not literally, but the documentation is geared towards Lumberjack only and basically ignores syslog). I mean I get it, its better for custom stuff where you can create JSON before sending to Logstash, but syslog is a thing that exists already. The filters I've found online for Cisco ASA syslogs don't work (grok failures), but that could be Cisco's fault for not being consistent I guess. I really don't know what my point is other than it's so close to being a Splunk replacement, but is determined to do its own slightly different thing.
|
# ? Dec 19, 2014 16:19 |
|
QuiteEasilyDone posted:[Nuclear launch detected] How about a nice game of chess?
|
# ? Dec 19, 2014 16:59 |
|
Dark Helmut posted:That flowchart from xkcd is magical. I don't know how I've never seen it, so thanks! I hate xkcd, I think it's an unfunny comic for elitists. That said, I printed out that flowchart, pinned it up next to my mother's computer and said I wasn't going to help her with any issues unless she had exhausted each step. She hasn't had to call me since.
|
# ? Dec 19, 2014 17:18 |
|
Inspector_666 posted:I hate xkcd, I think it's an unfunny comic for elitists. Good, I'm not alone
|
# ? Dec 19, 2014 18:01 |
|
I was definitely in the camp that thought there was no chance North Korea was actually behind the Sony hacks. It just seemed like too convenient of a scapegoat, and too batshit crazy even for NK. Welp. The FBI posted:As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions.
|
# ? Dec 19, 2014 18:18 |
|
ElGroucho posted:Good, I'm not alone Yes but http://goatkcd.com/sfw (still kinda ) is the best webcomic ever
|
# ? Dec 19, 2014 18:20 |
|
|
# ? May 13, 2024 06:55 |
|
We are having some email challenges with vendor and customer email getting caught in our filtering appliance. Some VP's in Canada start bitching and put in a request to white list a few vendors. Since my coworker's didn't recognize the domain name, we whitelisted rogers.com. So now I have to remove it and tell the bitchy VP's that we cannot, in fact, whitelist 1/3 of Canada's home email address.
|
# ? Dec 19, 2014 18:23 |