|
Internet Explorer posted:If this is directed at me, the software requires SMBv1 for pretty much everything. Not sure what you mean by "let the admin install and enable," unless you mean that Windows Server should install with SMBv1 disabled by default, in which case I would agree. Yeah, that's what I mean.
|
# ? Jun 28, 2017 22:43 |
|
|
# ? May 30, 2024 13:49 |
|
Subjunctive posted:Yeah, that's what I mean. I think they really should do that with any older components. If you have a new version of something, allow and support old versions on some lifecycle timeline, but users should have to go out of their way to turn on the old stuff.
|
# ? Jun 28, 2017 22:49 |
|
Can't a GPO be put in place to disable it, then you'd manually turn it on on servers that *actually* need it? Genuinely wondering, I know nothing about AD administration.
|
# ? Jun 28, 2017 22:50 |
|
Furism posted:Can't a GPO be put in place to disable it, then you'd manually turn it on on servers that *actually* need it? Genuinely wondering, I know nothing about AD administration. Oh yeah, you absolutely can. In my specific case this is a main line of business app and if the server gets hit we're pretty much down anyways. Needless to say the app has been on my "to replace" list since I started working for the company.
|
# ? Jun 28, 2017 22:52 |
|
Ganson posted:...I'm not trying to pick a fight with you, where's the anger coming from? I realize there are regular dangerous vulnerabilities in Linux (we don't use Samba). We have an aggressive patching program and various other layers of defense in depth I'd rather not announce on an open forum. Please quit your job as a sysadmin if this is how you think. You'd be better off serving tacos to me during lunch than being in control of a corporate network.
|
# ? Jun 28, 2017 23:21 |
|
Ganson posted:We have an aggressive patching program and various other layers of defense in depth I'd rather not announce on an open forum. lol please elaborate cos this sounds like comedy gold
|
# ? Jun 28, 2017 23:26 |
|
Rufus Ping posted:lol please elaborate cos this sounds like comedy gold http://strongdigitaldefense.tripod.com
|
# ? Jun 28, 2017 23:29 |
|
Good news is the next big Windows 10 update in the fall will be disabling SMBv1 by default. Hopefully there'll be a similar change in a contemporary Server 2016 update.
|
# ? Jun 28, 2017 23:30 |
|
Internet Explorer posted:If this is directed at me, the software requires SMBv1 for pretty much everything. Not sure what you mean by "let the admin install and enable," unless you mean that Windows Server should install with SMBv1 disabled by default, in which case I would agree.
|
# ? Jun 28, 2017 23:30 |
|
anthonypants posted:I thought SMBv1 was disabled by default in 2012R2? But maybe not? It's supposed to be removed from some flavors of Windows 10/2016 as of the Creators Update release, according to a blog post from last year. Not by default, no.
|
# ? Jun 28, 2017 23:36 |
|
Kazinsal posted:Good news is the next big Windows 10 update in the fall will be disabling SMBv1 by default. Hopefully it won't introduce other dumb issues like "DHCP breaks" or "your webcam doesn't work anymore" and what not that we've seen with random patch Tuesdays/new builds with 10.
|
# ? Jun 28, 2017 23:45 |
|
Sheep posted:Hopefully it won't introduce other dumb issues like "DHCP breaks" or "your webcam doesn't work anymore" and what not that we've seen with random patch Tuesdays/new builds with 10. I really hope disabling SMBv1 breaks something completely unrelated, actually. Discover random dependencies the fun way.
|
# ? Jun 29, 2017 00:16 |
|
Disabling SMBv1 now enables ransomware
|
# ? Jun 29, 2017 16:06 |
|
Cup Runneth Over posted:Disabling SMBv1 now enables ransomware Cool thanks for the link and explanation.
|
# ? Jun 29, 2017 16:08 |
|
Internet Explorer posted:Cool thanks for the link and explanation. Disabling SMBv1 now also disables your ability to get jokes.
|
# ? Jun 29, 2017 19:13 |
|
I'm angry about Windows! (Sorry, I'm dumb.)
|
# ? Jun 29, 2017 19:19 |
|
Internet Explorer posted:I'm angry about Windows! We all are, friend. We all are
|
# ? Jun 29, 2017 21:52 |
|
Windows makes me want to defenestrate my computer.
|
# ? Jun 30, 2017 01:52 |
|
Double Punctuation posted:Windows makes me want to defenestrate my computer. This should be standard practice at least once every few years
|
# ? Jun 30, 2017 02:03 |
|
Windows is good and cool.
|
# ? Jun 30, 2017 02:17 |
|
CLAM DOWN posted:Windows is good and cool. For throwing Microsoft products out of. Also apple products and linux systems.
|
# ? Jun 30, 2017 02:23 |
|
Give everyone just switches to control a CPU manually.
|
# ? Jun 30, 2017 02:55 |
|
Lain Iwakura posted:Give everyone just switches to control a CPU manually. Yeah but Minecraft runs on a computer already so what do you suggest?
|
# ? Jun 30, 2017 03:05 |
|
SeaborneClink posted:Yeah but Minecraft runs on a computer already so what do you suggest? Babbage difference engines in every home!
|
# ? Jun 30, 2017 05:31 |
|
All firewalls should run on Minecraft Redstone. It's the only layer abstract enough.
|
# ? Jun 30, 2017 06:18 |
|
Internet Explorer posted:All firewalls should run on Minecraft Redstone. It's the only layer abstract enough. People brag about making computers inside Minecraft, but who has managed to make malware?
|
# ? Jun 30, 2017 09:20 |
|
At least one Minecraft modder, I'm pretty sure.
|
# ? Jun 30, 2017 10:49 |
|
I'm pretty sure Minecraft is the malware.
|
# ? Jun 30, 2017 12:15 |
|
SeaborneClink posted:Yeah but Minecraft runs on a computer already so what do you suggest? uhhh ~~nintendo switch~~
|
# ? Jun 30, 2017 13:43 |
|
Kassad posted:At least one Minecraft modder, I'm pretty sure. I do remember reading about a Minecraft mod author who left a backdoor in their mod that would give them admin access, which was discovered when they used it to unban themselves from some other person's server. I don't remember any names though.
|
# ? Jun 30, 2017 18:46 |
|
Kassad posted:At least one Minecraft modder, I'm pretty sure. I was well aware that this incident would be brought up but I meant inside it. Making malware for Minecraft is like making a computer for Minecraft, instead of inside it. Not as impressive, and probably not the kind of guy you want to hang out with.
|
# ? Jun 30, 2017 19:02 |
|
Probably a dumb question but here goes. I run a AWS EC2 instance running Moodle. I want to enable HTTPS with SSL cert. I've consulted the documentation for my image. Now, the simplest route that I can see is to buy a yearly SSL cert from something like this and then follow the directions in the docs to copy the cert, enable permissions, etc. Is this correct? Is there another option I should be looking at?
|
# ? Jun 30, 2017 19:30 |
|
SnatchRabbit posted:Probably a dumb question but here goes. I run a AWS EC2 instance running Moodle. I want to enable HTTPS with SSL cert. I've consulted the documentation for my image. Now, the simplest route that I can see is to buy a yearly SSL cert from something like this and then follow the directions in the docs to copy the cert, enable permissions, etc. Is this correct? Is there another option I should be looking at? https://letsencrypt.org/ e: Specifically, certbot should help with the installation of the certificate and automating renewals. Plus it's free.
|
# ? Jun 30, 2017 19:35 |
|
There should be a note about Let's Encrypt in the OP, besides the link with outdated text that says nothing about what it does. Never spend money on DV certificates.
|
# ? Jun 30, 2017 19:38 |
|
Perfect, thanks yall.
|
# ? Jun 30, 2017 19:45 |
|
If you put your instance behind CloudFront then you can use a free AWS cert.
|
# ? Jun 30, 2017 20:23 |
|
Thanks Ants posted:If you put your instance behind CloudFront then you can use a free AWS cert. Yeah, but then you still need to encrypt the CloudFront->EC2 connection, which happens over the public internet. AWS's cert management is great if it matches what you want to do, and don't mind the lock-in, but it is very opinionated about where you terminate SSL.
|
# ? Jun 30, 2017 20:58 |
|
Or behind an Elastic Loadbalancer, which is easier (and I think comparably cheap). You just have to prove you own the domain (easiest way is to have a postmaster@domain.com address to get an email on). e: Also yes that would terminate SSL on the load balancer, same as the Cloudfront version.
|
# ? Jun 30, 2017 20:58 |
|
What does this mean, which is the advice given by WhatsApp when backing up to Google Drive: "Important: Media and messages you back up are not protected by WhatsApp end-to-end encryption while in Google Drive." Also found on this page: https://faq.whatsapp.com/en/android/28000019 Does it mean that WhatsApp are simply no longer in control of the encrypted message archive that Google now holds, or does it mean that Google now has an archive of the messages in plaintext? EDIT: --- apropos man fucked around with this message at 10:48 on Jul 1, 2017 |
# ? Jul 1, 2017 10:43 |
|
|
# ? May 30, 2024 13:49 |
|
apropos man posted:What does this mean, which is the advice given by WhatsApp when backing up to Google Drive: Messages are backed up in plain text iirc
|
# ? Jul 1, 2017 11:23 |