|
Methanar posted:Love to submit 5 trivial PRs to fix small things and get bullshit nitpick NEEDS WORK comments on all of them because somebody's always got to have some 'contribution' I need to figure out a good way to mark a PR with something like "I don't know if this is a problem or not, and I trust your judgment as a co-worker, but please take a look at this before you hit merge" Bitbucket has an option that prevents merges with open tasks, so I think I'm going to start creating little tasks on my comments with the above phrasing, then approving
|
# ? Jul 10, 2020 02:10 |
|
|
# ? May 29, 2024 19:15 |
|
GnarlyCharlie4u posted:wait is it actually a problem to have an internal-only website that can only talk to authenticated sessions on the remote landing pad? it depends - some places have a separate policy/zone for services VPN users access, primarily because people lose their creds all the time and often VPN access comes from untrusted machines. Usually this gives them access to a subset of hardened internal services, or for the more hardcore, a duplicated set of services living in a proto-DMZ. i.e say a user wants to work on a file remotely. The org has a file server that exists in a "DMZ" which is accessible from the VPN and from the internal network, but cannot talk directly to the internal network. If your VPN device gets crypto-lockered or worse, the external file server is vulnerable but not the internal resources. Further, there is often data governance policy around what can be put on that DMZ file server so users are more aware about the risks of making things accessible to remote users. So to answer your question, it can be a problem and depends on the strength of; * the authentication system that backs your remote access * the policy between your remote users and the internal system * the quality of the services themselves i.e patching, hardening, etc. I'm a big believer that VPN should look exactly like on-prem, but it should be tough/impossible to break into without exploiting a 0-day which means generally 3-factor auth - machine cert, user/password, and MFA. You probably validated all that stuff already so it sounds like the guy was just flexing in your case but he probably saw the firewall rules or whatever and freaked out
|
# ? Jul 10, 2020 02:45 |
|
We have VPN for only devices issued by us. For everything else there's the Guacamole which is just a Pulse Secure appliance that spits everyone out onto an internal server so they can have a "desktop" on the network. This server is what is so locked down that users can't even change their password. Which is dumb considering it still has full access to all the file shares and whatnot but at least we are less likely to be crypto'd because of some user's home PC being infected. I would say Pulse Secure is pretty good but they recently had a vulnerability that hackers took advantage of to steal credentials from us and attempt to sell them on the internet. Pulse Secure has also been a pretty attractive target for hackers, and continues to be apparently. CISA even did a write up after they investigated our hack that pretty much covers the exploit and includes a link to a useful tool: https://us-cert.cisa.gov/ncas/alerts/aa20-107a Our DMZ unfortunately is not used in such a manner that would protect our files. It's pretty much where we just put anything externally facing, which is kind of dumb but better than nothing I suppose. We use 2FA but not for Pulse Secure, just for the direct VPN connections which also is silly. The network engineer sat in on the change control meeting and agreed to everything beforehand, then saw the traffic afterwards and gave it the axe without confirming what it was. But he also didn't tell anyone, and here we are 2 days later and the password change website still doesn't work anymore.
|
# ? Jul 10, 2020 06:16 |
|
Yesterday I had to make a change on our web proxy (I don't do it often, as I just deputise for when the normal guy isn't around, but there was a fishing attack) I made a slight error and accidently blocked google for a bit That confused a few people.
|
# ? Jul 10, 2020 10:27 |
|
Ah cool, the intuitively named Windows update 2004 managed to disable 90% of my company's laptop webcams. They already loving did a webcam breaking update a few years back and haven't learned yet?
|
# ? Jul 10, 2020 19:11 |
|
Zero VGS posted:Ah cool, the intuitively named Windows update 2004 managed to disable 90% of my company's laptop webcams. They already loving did a webcam breaking update a few years back and haven't learned yet? I'm an admitted MSFT homer, but QA (and documentation) went out the loving window when Satya took over. I'm not on the end user compute team, but we run a full patch behind because of their crap. They count on insiders running preview builds to report problems now, but you know that already so I guess I'm just bitching along side you
|
# ? Jul 10, 2020 19:32 |
|
I have "Windows Update For Business" setup via GPO to defer feature updates for quite a long period. Every feature update I have some machines for some reason ignore the deferral settings. 2004 was no different. I have had 7 machines download and install the update even though the deferral settings are present in the registry and have been since the introduction of WUfB. Edit: OK, only 6 machines, but still. Why have the settings if the OS is just going to ignore them sometimes. stevewm fucked around with this message at 20:28 on Jul 10, 2020 |
# ? Jul 10, 2020 19:40 |
|
Zero VGS posted:Ah cool, the intuitively named Windows update 2004 managed to disable 90% of my company's laptop webcams. They already loving did a webcam breaking update a few years back and haven't learned yet? Windows 10 Anniversary Update dropped support for MJPEG and H.264 codecs for cameras with AFAIK no prior notice. Post-update only YUY2 encoding was supported for camera devices. quote:with the Anniversary update there are new scenarios for applications to be able to access the webcam and the MJPEG or H264 encoding processes could have resulted in duplication of encoding the stream (poor performance) so the company limited the input methods to stop this from happening. "Rather than devise a sane solution for cases of duplication of encoding, we decided to make tens of millions of your devices worthless because gently caress you."
|
# ? Jul 10, 2020 19:56 |
|
Nobody really uses webcams, and they're really cheap to replace right now, anyway, so I don't see what the big deal is? Thank God Microsoft is saving all that money on QA.
|
# ? Jul 10, 2020 19:59 |
|
Sheep posted:Windows 10 Anniversary Update dropped support for MJPEG and H.264 codecs for cameras with AFAIK no prior notice. Post-update only YUY2 encoding was supported for camera devices. You can circumvent that by setting the intuitive regedit string HKEY_LOCAL_MACHINE > SOFTWARE > WOW6432Node > Microsoft > Windows Media Foundation > Platform > EnableFrameServerMode to 0 Still a poo poo move tho.
|
# ? Jul 10, 2020 20:14 |
|
Thanatosian posted:Nobody really uses webcams, and they're really cheap to replace right now, anyway, so I don't see what the big deal is? I use mine like all day every day? Also a single webcam is cheap. A thousand webcams are not. Plus even as recent as a month ago our CDWG literally laughed when we said we wanted to order webcams. As if they were never going to be in stock again. I think they only have one model available at the moment afaik.
|
# ? Jul 10, 2020 20:47 |
|
We're waiting on like 40 webcams. Can't loving get them. If you have 200 people that has never worked from home before, bosses are asking for them to have webcams. No, they don't have laptops.
|
# ? Jul 10, 2020 20:50 |
|
GnarlyCharlie4u posted:I use mine like all day every day? I believe
|
# ? Jul 10, 2020 20:51 |
|
Thanks Ants posted:I believe I got wooshed.
|
# ? Jul 10, 2020 22:08 |
|
GreenNight posted:We're waiting on like 40 webcams. Can't loving get them. If you have 200 people that has never worked from home before, bosses are asking for them to have webcams. No, they don't have laptops. On one hand we've got an order for 250 webcams which are just getting to be shipped out, on the other hand our workstation supplier narrowly avoided destruction because the warehouse next to them loving exploded and burned to the ground, 2020 is the year that never stops.
|
# ? Jul 10, 2020 22:10 |
|
I've finally had to speak to my line manager about a coworker and the total lack of care and effort they put into their work, which then requires me to get involved with and fix. I could probably have put up with it for a bit longer if they'd shown any signs that they were learning or were willing to try and learn, and if it wasn't starting to take up so much of my own time that it was impacting on what I was needing to get done. The final straw came this week when he worked with one of our sales guys to put a proposal together for a customer, developed the whole schedule of work, got it approved and then turned around to me and asked for help with every aspect of the project which was planned like poo poo anyway. Sorry but I can't do your job as well as mine and make it all fit into a schedule that you've pulled out of your arse, based on claims you've made about a set of products that you know nothing about. This is the worst possible time for someone to go through any sort of disciplinary process but the guy has brought the whole thing on himself, it still feels a bit like making GBS threads on your own team though.
|
# ? Jul 10, 2020 22:17 |
|
Super Slash posted:our workstation supplier narrowly avoided destruction because the warehouse next to them loving exploded and burned to the ground, 2020 is the year that never stops. We get most of our computers from Dell Refurb, it felt nice to be mostly insulated from the laptop shortage back in March until a tornado literally hit their distribution center.
|
# ? Jul 11, 2020 00:27 |
|
klosterdev posted:We get most of our computers from Dell Refurb, it felt nice to be mostly insulated from the laptop shortage back in March until a tornado literally hit their distribution center. 2020! (We need a 2020-emote in the same style as at some point...)
|
# ? Jul 11, 2020 02:02 |
|
Super Slash posted:On one hand we've got an order for 250 webcams which are just getting to be shipped out, on the other hand our workstation supplier narrowly avoided destruction because the warehouse next to them loving exploded and burned to the ground, 2020 is the year that never stops. My vendor called me to tell me he finally got some Logitech C930e like I wanted in stock for $120 a pop, cool, order me ten. Calls me back two days later "uh yeah actually some lady in the other department canceled your order and sold them to a hospital instead. No one likes her." I got a hearty lol outta that one. Was probably a for-profit hospital too I bet. Zero VGS fucked around with this message at 09:16 on Jul 11, 2020 |
# ? Jul 11, 2020 09:10 |
|
Looking for some input on this as I've not been a hardware guy for a long time. I have a situation where the server spec is being questioned. It's a SQL server running on a VM and has been allocated 4 single cores, but the project called for 2 dual cores. My gut tells me that dual core is better for multitasking and Windows handles resources better than just single cores. Thoughts?
|
# ? Jul 11, 2020 15:27 |
|
At lower core counts like that I expect it probably doesn’t matter at all in practice. If your database is having bad performance issues, flipping that switch is like 50 items down the list of things to do. But you can read a bunch of words about the difference here https://blogs.vmware.com/performance/2017/03/virtual-machine-vcpu-and-vnuma-rightsizing-rules-of-thumb.html Docjowles fucked around with this message at 16:04 on Jul 11, 2020 |
# ? Jul 11, 2020 15:58 |
|
Bonzo posted:4 single cores, but the project called for 2 dual cores Edit: shouldn't matter in your case much at all
|
# ? Jul 11, 2020 15:59 |
|
Thanks Ants posted:it still feels a bit like making GBS threads on your own team though. You don’t have a team. You have a bunch of people working together, helping each other out in a reciprocating fashion, who trust each other to do the work, and who look out for each other. Then you have this person who is a time sink, an energy sink, who you don’t trust, who is incompetent in the role, and with whom you dread working. Sack this person and then you can start being a team again.
|
# ? Jul 11, 2020 16:11 |
|
Bonzo posted:Looking for some input on this as I've not been a hardware guy for a long time. Check with your team on the sql server version, older versions were licensed by socket so going 2 socket/2 core was cheaper than the default 4 socket/1 core
|
# ? Jul 11, 2020 17:31 |
|
Bonzo posted:Looking for some input on this as I've not been a hardware guy for a long time. If you have some reason not to give it to them, ask for a benchmark query to test the performance both ways. They probably won't be able to give you one where it actually matters.
|
# ? Jul 11, 2020 18:22 |
|
Appreciate the replies, keep 'em comin!Docjowles posted:At lower core counts like that I expect it probably doesn’t matter at all in practice. If your database is having bad performance issues, flipping that switch is like 50 items down the list of things to do. But you can read a bunch of words about the difference here Yeah I'm down to this point in my argument. I know there's blocking, but the app guys swear its not them. Fragmentation isn't an issue, snapshot isolation is on, etc. I'm not even seeing RAM or CPU pegged at 99% in task manager. There's another environment where this works and the only differences we can see is that the server with the issue is single core.
|
# ? Jul 11, 2020 19:05 |
|
Agrikk posted:You don’t have a team. Thanks for distilling why I've been unhappy with my job for the past year into a single sentence.
|
# ? Jul 11, 2020 19:17 |
|
Agrikk posted:You don’t have a team. Well I can't disagree with any of that
|
# ? Jul 11, 2020 20:09 |
|
Bonzo posted:Looking for some input on this as I've not been a hardware guy for a long time. Push back regardless, whether or not the value is all that much. Otherwise you'll be doing this on every project.
|
# ? Jul 12, 2020 09:13 |
|
Neddy Seagoon posted:Push back regardless, whether or not the value is all that much. Otherwise you'll be doing this on every project. This. Especially if you can't articulate a concrete reason why deviating from the published project specifications is acceptable, follow the specifications so that it isn't your rear end on the line if/when things don't work properly because the specifications weren't followed. You give up a lot and gain nothing by giving on something like this.
|
# ? Jul 12, 2020 10:51 |
|
Thanks. I did not build or spec these systems and all involved know that.
|
# ? Jul 12, 2020 15:30 |
|
Bonzo posted:Thanks. I did not build or spec these systems and all involved know that. Then it's all the more important you push back, because they think you're the way to circumvent whoever DID spec those systems.
|
# ? Jul 12, 2020 18:33 |
|
Also I would bet that as soon as there's a performance issue someone is going to suggest to try running it on a dual core VM, which is gonna mean a bunch of re-work anyway
|
# ? Jul 12, 2020 20:23 |
|
Gealar posted:It never ceases to amaze me the things I find out during the conversations that go on here. I could never figure out why the first hour or so of our xen desktop machines would be horrible and then settle back to normal. Probably never would have since I moved us away from it because of the weird crap like this. Whats bad is, if it got better after an hour that means whoever set up the environment didn't actually optimize to best practices and just turn off windows search (which really only turns off building the search index) or having a solution to roam the search index/cache. If they didn't do that they probably messed up a bunch of other things that would make the VDI experience much better as well. Not surprised you ended up moving away from it, done right VDI can be really really close to a normal desktop experience but most people don't do things right and it quickly becomes at best an annoyance, at worst a nightmare for the user.
|
# ? Jul 13, 2020 01:22 |
|
Methanar posted:Love to submit 5 trivial PRs to fix small things and get bullshit nitpick NEEDS WORK comments on all of them because somebody's always got to have some 'contribution'
|
# ? Jul 13, 2020 03:14 |
|
We got emailed a speadsheet. "Hey our script disabled some PCs, if a user calls and their PC is on the list, move it back to the right OU." There's 7,500 rows on this sheet, and we only employe ~5k people. Hell of a script.
|
# ? Jul 13, 2020 22:03 |
|
Jack B Nimble posted:We got emailed a speadsheet. "Hey our script disabled some PCs, if a user calls and their PC is on the list, move it back to the right OU." I sure hope that there were just a whole bunch of old PCs in AD they needed to clean up. Otherwise, that's gonna be a rough day for helldesk.
|
# ? Jul 13, 2020 22:09 |
|
I think "most" were but clearly some weren't, and this is a reeaally big starting number to "oopsie" 10% of.
|
# ? Jul 13, 2020 22:11 |
|
Last minute all staff meeting today in which we were told Tata is taking over infrastructure services, and office locations will be consolidating. Might be laid off, might not. Fun!
|
# ? Jul 14, 2020 00:41 |
|
|
# ? May 29, 2024 19:15 |
|
Woof Blitzer posted:Tata
|
# ? Jul 14, 2020 00:43 |