|
Subjunctive posted:What should they use instead? openldap? NIS+? Azure AD
|
#
?
Jan 23, 2017 15:30
|
|
|
|
| # ? May 15, 2024 20:12 |
|
|
ate all the Oreos posted:a custom handmade implementation designed by 8 different contractors whose only contact with each other is via semaphore flags, you know like all government contracting you forgot the part where any contractors that finish on time and on budget get rewarded by not getting more time and more budget
|
|
#
?
Jan 23, 2017 15:43
|
|
|
Isn't there a limit to the number AD users and groups?
|
|
#
?
Jan 23, 2017 15:47
|
|
|
LeftistMuslimObama posted:i bet it was really someone's big ole donger. some guy on the plane had to buy another seat in which to sling his truly gargantuan and yet somehow tenderly beautiful meat monster and the captain radioed down to the tarmac "houston we have the biggest drat darn ding donger i ever did see were gonna need to burn some fuel so we can get this elegant creature there iykwim"
|
|
#
?
Jan 23, 2017 15:49
|
|
|
Jewel posted:
oh cool! a way to change someone's Real And Legal Name™ by messing around with a misconfigured Outlook client
|
|
#
?
Jan 23, 2017 15:49
|
|
|
OSI bean dip posted:Isn't there a limit to the number AD users and groups? depends, which samba version is it running on?
|
|
#
?
Jan 23, 2017 15:50
|
|
|
Westie posted:oh cool! a way to change someone's Real And Legal Name™ by messing around with a misconfigured Outlook client You joke and yet
|
|
#
?
Jan 23, 2017 16:00
|
|
|
Jewel posted:"A Reddit posting says the Australian Government may be looking at Active Directory to authenticate 28 million Australian citizens in a future public-facing website." NOICE 
|
|
#
?
Jan 23, 2017 16:02
|
|
|
OSI bean dip posted:Isn't there a limit to the number AD users and groups? theoretically theres no limit to objects you can store, but there are limits around SID generation for new objects on a per domain controller level.
|
|
#
?
Jan 23, 2017 16:13
|
|
|
ate all the Oreos posted:for sale: used jet fuel, never flown
|
|
#
?
Jan 23, 2017 16:22
|
|
|
My guess would be they'd be using ADFS and not direct ldap authentication to AD since it would be far more flexible. Azure AD would be a better choice since it has a lot of hardening and handles password resets and the like.
|
|
#
?
Jan 23, 2017 16:24
|
|
|
lol hosting an entire country's worth of people on ms azure ad what would that cost like $1 bil/mo?
|
|
#
?
Jan 23, 2017 16:53
|
|
|
assuming 30mil users 180mil/mo for p1, 270mil/mo for p2 @ retail prices so probably less for enterprise agreement pricing. if you're actually gonna have people in there and using it all the time then it makes sense, otherwise self hosting would probably be cheaper.
|
|
#
?
Jan 23, 2017 17:00
|
|
|
BiohazrD posted:lol hosting an entire country's worth of people on ms azure ad what would that cost like $1 bil/mo? australia has 23 million people so unless they get special pricing microsoft would charge anywhere between $23 mn USD to $138 mn
|
|
#
?
Jan 23, 2017 17:02
|
|
|
I imagine they would be offered quite the discount for something like that.
|
|
#
?
Jan 23, 2017 17:02
|
|
|
$30 mn to $180 mn AUDChalks posted:I imagine they would be offered quite the discount for something like that. well yeah. it could be a negative discount too all things considered
|
|
#
?
Jan 23, 2017 17:02
|
|
|
Chalks posted:I imagine they would be offered quite the discount for something like that. enterprise agreements that anyone can get are like 30% off for a 1 year sub so I would bet Microsoft would be willing to give them something even better to be able to brag about hosting the identity management for the worlds largest prison.
|
|
#
?
Jan 23, 2017 17:04
|
|
|
Shaggar posted:enterprise agreements that anyone can get are like 30% off for a 1 year sub so I would bet Microsoft would be willing to give them something even better to be able to brag about hosting the identity management for the worlds largest prison. i dont think the refugees trapped in australias island death camps are going to be included in this AD install
|
|
#
?
Jan 23, 2017 17:05
|
|
|
well the majority of the criminals are on the main island so I think it still stands.
|
|
#
?
Jan 23, 2017 17:06
|
|
|
part of me wishes the US would standardize national identity management, but the other part knows they'd just gently caress it up horribly.
|
|
#
?
Jan 23, 2017 17:07
|
|
|
Assuming MS is interested in hosting it they'll probably just offer them a competitive price. It doesn't sound like the most horrendous idea when compared to some monolithic bespoke project - as long as MS are confident they could handle it smoothly.
|
|
#
?
Jan 23, 2017 17:13
|
|
|
Chalks posted:Assuming MS is interested in hosting it they'll probably just offer them a competitive price. It doesn't sound like the most horrendous idea when compared to some monolithic bespoke project - as long as MS are confident they could handle it smoothly. Unfortunately ability to handle a project isn't part of the rubric of enterprise project management. In fact I'd say the only metric they use is number of billable hours.
|
|
#
?
Jan 23, 2017 17:45
|
|
|
ate poo poo on live tv posted:Unfortunately ability to handle a project isn't part of the rubric of enterprise project management. In fact I'd say the only metric they use is number of billable hours. I dunno, having an entire nation locked into their cloud platform certainly feels very Microsoft. Windows XP for submarines, AzureAD for nation states.
|
|
#
?
Jan 23, 2017 17:47
|
|
|
imagine if they tried to upsell them on Office 365 for everyone.
|
|
#
?
Jan 23, 2017 17:47
|
|
|
Shaggar posted:part of me wishes the US would standardize national identity management, but the other part knows they'd just gently caress it up horribly. the us can't do poo poo like that it'd get bogged down by politics and terrible contractors
|
|
#
?
Jan 23, 2017 17:48
|
|
|
yeah its the worst. theres so much good that could come out of the federal government but its doomed to eternal failure.
|
|
#
?
Jan 23, 2017 17:49
|
|
|
Ur Getting Fatter posted:http://edition.cnn.com/2017/01/22/travel/united-grounds-domestic-flights-because-of-it-issue/index.html?adkey=bn Fuzzy Mammal posted:my latest flight was delayed because they overloaded the plane and we needed to sit there and burn off exactly 140l of fuel.  Jewel posted:
Migishu fucked around with this message at 17:53 on Jan 23, 2017 |
|
#
?
Jan 23, 2017 17:49
|
|
|
Also while Azure AD would be a decent choice, price concerns notwithstanding, Australian citizens might object to hosting their PII in the US or on systems possibly controlled by a US company under the Patriot Act. Although Australia being a FVEY member that might be less of an issue. e: I know the average EU citizen would probably flip their poo poo about hosting their government PII in the US. (Even though most of them share everything anyway through social media.) spankmeister fucked around with this message at 18:07 on Jan 23, 2017 |
|
#
?
Jan 23, 2017 17:52
|
|
|
spankmeister posted:Also while Azure AD would be a decent choice, price concerns notwithstanding, Australian citizens might object to hosting their PII in the US or on systems possibly controlled by a US company under the Patriot Act. Yeah, but they have azure datacenters in the EU so that we don't need to worry about that so much. Apparently they have two datacenters in Australia as well from looking at their regions list.
|
|
#
?
Jan 23, 2017 17:57
|
|
|
They could host it in the arms-length German facility.
|
|
#
?
Jan 23, 2017 17:58
|
|
|
spankmeister posted:Also while Azure AD would be a decent choice, price concerns notwithstanding, Australian citizens might object to hosting their PII in the US or on systems possibly controlled by a US company under the Patriot Act. My guess would be that it would be hosted in Australia with the US zones as backup. they could probably negotiate for aus only hosting if they really wanted.
|
|
#
?
Jan 23, 2017 17:59
|
|
|
and idk about Australians, but Id be more worried about my government hosting it than Microsoft. my state's tax filing system stores passwords in reversible (probably plaintext) form
|
|
#
?
Jan 23, 2017 18:04
|
|
|
Yeah for all my governments failings they do have actual standards and laws and stuff for storing and processing data.
|
|
#
?
Jan 23, 2017 18:06
|
|
|
Chalks posted:Yeah, but they have azure datacenters in the EU so that we don't need to worry about that so much. Depending on your interpretation of the Patriot Act, the US government could compel Microsoft to hand over data stored in foreign countries.
|
|
#
?
Jan 23, 2017 18:07
|
|
|
Shaggar posted:My guess would be that it would be hosted in Australia with the US zones as backup. they could probably negotiate for aus only hosting if they really wanted. someone will realize it's a stupid project that funnels lots of taxpayer money to a known incompetent foreign company and try to kill it by adding lots of expensive requirements that will cause the project to blow past its budget but nobody will ever straight up cancel it before it hits tres comas
|
|
#
?
Jan 23, 2017 18:20
|
|
|
spankmeister posted:Depending on your interpretation of the Patriot Act, the US government could compel Microsoft to hand over data stored in foreign countries. Fortunately that's not the EU data protection law's interpretation, for whatever that's worth. I think in this case it's probably good enough. We store our data in Azure EU datacentres for this very reason. Edit: Also stuff like this indicates that the US courts broadly agree: http://www.theregister.co.uk/2016/07/14/microsoft_wins_landmark_irish_warrant_case_against_usa/ Chalks fucked around with this message at 18:56 on Jan 23, 2017 |
|
#
?
Jan 23, 2017 18:52
|
|
|
https://www.extremetech.com/internet/243202-symantec-caught-improperly-issuing-illegitimate-https-certificatesquote:According to security researcher Andrew Ayer, Symantec has issued 108 credentials in violation of strict industry guidelines that the organization agreed to abide by when it made this mistake back in 2015. Nine of the certificates were issued without the permission or knowledge of the affected domain orders, while the other 99 were issued to companies with obviously faked data, Ars Technica reports. Ayer writes: “I doubt there is an organization named “test” located in “test, Korea.”
|
|
#
?
Jan 23, 2017 19:16
|
|
|
Subjunctive posted:https://www.extremetech.com/internet/243202-symantec-caught-improperly-issuing-illegitimate-https-certificates maybe its time to untrust symantec root? lol what would that break, like 50% of the internet?
|
|
#
?
Jan 23, 2017 19:46
|
|
|
Subjunctive posted:https://www.extremetech.com/internet/243202-symantec-caught-improperly-issuing-illegitimate-https-certificates Nice! symantec guy posted:The listed Symantec certificates were issued by one of our WebTrust audited two strikes and you're out right? though they're kinda too big to fail...
|
|
#
?
Jan 23, 2017 19:48
|
|
|
|
| # ? May 15, 2024 20:12 |
|
|
BiohazrD posted:maybe its time to untrust symantec root? 
|
|
#
?
Jan 23, 2017 19:54
|
|