|
We're a strict linux-only group and an experiment needed a windows system to run some kind of precision measurement tool as that's the only OS it ran on. For other stupid reasons they insisted they needed root and the people that bring in grant money always win those arguments. So when we told them no on windows they installed a windows VM on one of the linux boxes and told no one. It ran like that for 5 years before the hard drive died with no backups and they wanted us to help get the VM running again.. sorry, nope. You wanna do shadow IT you get to see it to the end.
|
#
?
Apr 9, 2024 19:13
|
|
|
|
| # ? May 20, 2024 10:40 |
|
|
Internet Explorer posted:On a more serious note, yeah, "PCs that are hooked up to specialized lab equipment" and are only used for that one specific purpose is a perfectly valid reason to use LTSC/LTSB. But how many computers are we talking about here and what portion of your fleet? Anything not hooked up to a mass spectrometer or whatever and just used for normal end-user stuff shouldn't be on LTSC/LTSB. At my site, about 1500 machines out of around 20,000 total PCs including people's laptops. I do quarterly security patching with end-user control of when the reboot actually happens. Our compliance isn't great, but we do try, and Security Governance knows those machines are snake's nest so we get some latitude. We're rolling out network micro-segmentation this year, so I can start putting more controls in place. Oh, and we found a Win2K system in use last week. Instrument software can be amazingly bad. I've got one vendor who insists that UAC be disabled. Those machines are super firewalled. In my experience, the Venn diagram between people who are well-versed in Windows software development best practices and people who know what a mass spectrometer even is, is an infinity symbol. You get better control of the instrument by finding a chemist that can code than teaching a programmer how to do mass spectrometry. Your software is, in general, gonna suck, but it will do science.
|
|
#
?
Apr 9, 2024 19:24
|
|
|
Submarine Sandpaper posted:We still have win7 machines in our fleet so we can use tls1.0 That's pretty amazing.  I thought TLS 1.0 was still supported on Windows 10/11, is it not? Also I'm curious to hear why you're stuck using it. Certainly someone could at the very least stand up a proxy or something?
|
|
#
?
Apr 9, 2024 19:24
|
|
|
mllaneza posted:At my site, about 1500 machines out of around 20,000 total PCs including people's laptops. I do quarterly security patching with end-user control of when the reboot actually happens. Our compliance isn't great, but we do try, and Security Governance knows those machines are snake's nest so we get some latitude. We're rolling out network micro-segmentation this year, so I can start putting more controls in place. Oh, and we found a Win2K system in use last week. I've done a good bit of supporting machines that are instrument machines, but not at that scale. I'm curious, what percentage of those would you say use LTSC? And is your group responsible, is there a specific end user computing group assigned at that scale, or do vendors manage their own devices? Always seems impossible to say one size fits all with that stuff. Micro-segmentation seems worthwhile for sure. Are those machines on their own VLAN now, with less access? Do end users use those machines for general purposes stuff, or is it purely locked down to just running the instrument and exporting results, etc.?
|
|
#
?
Apr 9, 2024 19:29
|
|
|
Internet Explorer posted:I've done a good bit of supporting machines that are instrument machines, but not at that scale. I'm curious, what percentage of those would you say use LTSC? And is your group responsible, is there a specific end user computing group assigned at that scale, or do vendors manage their own devices? Always seems impossible to say one size fits all with that stuff. I'm not sure of the percentages of LTSC, probably in the 60-80% range. We are the end-user computing group. Vendor techs have to do a lot of stuff, but day to day support is on my team. The networking situation is sub-optimal, everything is on the general corporate network. I am not at all happy that a malicious thumb drive dropped in a parking lot on a different continent could compromise my lab systems. We do sometimes have vendors refuse to allow a domain join or AV software installation, we put those behind a gateway system - our firewall people won't support that many small firewalls. Microseg is going to be a godsend in security terms.
|
|
#
?
Apr 9, 2024 19:49
|
|
|
Yeah if you for some reason have some software that must run on a client Windows version and must never be interrupted under any circumstances, then you isolate the gently caress out of that machine. Put it on its own network segment with the only thing it can talk to being some jump host that can be used to pull data off the critical system, and never allow it to access the internet in any way.
|
|
#
?
Apr 9, 2024 20:54
|
|
|
mllaneza posted:The networking situation is sub-optimal, everything is on the general corporate network. Yikes! How are you microsegmenting it? We have 2000+ OT devices across 100+ sites in a metro area and went with SPB and layer 2 e-tree for the stuff we absolutely need to lock down, but can't easily renumber.
|
|
#
?
Apr 9, 2024 21:11
|
|
|
We've got a team in Networking that has already installed new switches in campus, and we went live with the first two buildings last week. We should get the next two buildings switched over late April or early May. Then I start writing firewall rules; I've actually got some already built that I can use as templates. Oh, and Internet access? I'd love to kill that entirely, but there are license servers, remote support from vendors, cloud-based interactions, and just way too much to be able to easily write one set of rules.
|
|
#
?
Apr 9, 2024 21:24
|
|
|
So have people started solidifying around a new open source VM solution since ESXi is getting Broadcom-ed and hyper-v 2019 and earlier got Microsoft-ed? It seems like ProxMox is filling in the that space but I don't have a home lab to spin it up in our anything.
|
|
#
?
Apr 9, 2024 21:26
|
|
|
We have a Nutanix stack we're migrating everything to. It's very expensive though.
|
|
#
?
Apr 9, 2024 21:28
|
|
|
Proxmox and XCP-ng are the two main alternatives, there are pros and cons for both...
|
|
#
?
Apr 9, 2024 21:32
|
|
|
GreenNight posted:We have a Nutanix stack we're migrating everything to. It's very expensive though. Yeah don't see how Nutanix solves the problem. Hyperconverged is a narrow focus, it's not like they have the best reputation, and their licensing is also expensive Rumours have swirled for some time that they want to sell too. I don't find them particularly compelling. For better or worse, we're probably sticking with VMware by purchasing licences through some other larger company, at least for now. I can't stomach a migration away from VMware right now, that's a ton of work to essentially degrade the datacentre. Who wants to work that way? Do a bunch of poo poo to build something worse? Ugh. I'm sure the open source alternatives will improve massively now there's some serious incentive to do so, and in a few years the landscape will be very different HalloKitty fucked around with this message at 21:47 on Apr 9, 2024 |
|
#
?
Apr 9, 2024 21:45
|
|
|
If you have both ESX and Nutanix, moving everything to Nutanix solves your vmware problem. We have a big Citrix environment on Nutanix and a few nodes moved in from an acquired datacenter. Our Nutanix isnt going anywhere but gently caress VMWare.
|
|
#
?
Apr 9, 2024 21:49
|
|
|
Taking a long overdue vacation starting... nowish. Flying to NOLA tomorrow, wife is going to a conference, I'm just along to eat good food and drink for 5 days straight. Looked up the weather today, we're flying into tornado style weather, gently caress, doesn't bother me but the wife is very anxious about flying in general and now it's dialed up to 100. Oh yeah, we just got it dropped on our lap that they're launching a new website in 3 weeks (less actually). Ok, no problem we'll get DNS setup and all that jazz. Part of the email chain mentioned handing over site maintenance and on-going support after the contract with the web dev is done; first question I ask "so, have you decided who from your team (i.e. not the IT infrastructure team) is going to be handling the site updates after you no longer pay the vendor" that was met with a lot of uhhhh. Yeah, gently caress you for being 6 months into a project (3 weeks from deploying) and just now looping our team in; not that we would have done site management anyway but you would have had a bit more time to figure it the gently caress out. MF_James fucked around with this message at 23:30 on Apr 9, 2024 |
|
#
?
Apr 9, 2024 23:27
|
|
|
Hope you aren't or she doesn't notice the Boeing plane you fly on.
|
|
#
?
Apr 9, 2024 23:29
|
|
|
GreenNight posted:Hope you aren't or she doesn't notice the Boeing plane you fly on. oh lol we're also flying on southwest so that's definitely not helping her anxiety.
|
|
#
?
Apr 9, 2024 23:30
|
|
|
Internet Explorer posted:That's pretty amazing. You may be able to force it, but then there's also access 2003 DBs stored on the NAS that are load bearing. Throwing OSes on its own subnet may be easier than tracking random machines. I think we finally got rid of all 2003 servers that support it, but still have some 2008 nonR2
|
|
#
?
Apr 9, 2024 23:34
|
|
|
MF_James posted:oh lol we're also flying on southwest so that's definitely not helping her anxiety. Prepare for humidity
|
|
#
?
Apr 9, 2024 23:57
|
|
|
jaegerx posted:Prepare for humidity When the windows blow out in the middle of cloud cover
|
|
#
?
Apr 10, 2024 00:14
|
|
|
klosterdev posted:When the windows blow out in the middle of cloud cover I was referring to New Orleans, not the Boeing planes. Sorry for not being clear. New Orleans is absolutely miserable. https://www.wunderground.com/weather/us/la/new-orleans 86% humidity
|
|
#
?
Apr 10, 2024 00:25
|
|
|
Goddammit, three weeks in to my new awesome job and my boss who also has ADHD and is the first boss I've ever had that I seem to actually vibe with of course has taken another position in the company. He'll still be around for a bit and will be in the same building after the transition, but he really seemed good at both managing our team and keeping us safe from outside forces, so now things are less certain and it's making me feel quite disregulated and oh wait this isn't the autism thread. E: I suppose it's AN autism thread, to some degree...
|
|
#
?
Apr 10, 2024 00:30
|
|
|
It’s quite incredible how many companies think a website is a one-off cost. If you don’t plan on regularly updating it then get a static single page business card style thing made and call it a day.
|
|
#
?
Apr 10, 2024 00:37
|
|
|
Organic Lube User posted:Goddammit, three weeks in to my new awesome job and my boss who also has ADHD and is the first boss I've ever had that I seem to actually vibe with of course has taken another position in the company. He'll still be around for a bit and will be in the same building after the transition, but he really seemed good at both managing our team and keeping us safe from outside forces, so now things are less certain and it's making me feel quite disregulated and oh wait this isn't the autism thread. at this point just have the NTs reveal themselves and we'll assume everyone else is on one spectrum or another
|
|
#
?
Apr 10, 2024 01:14
|
|
|
tokin opposition posted:at this point just have the NTs reveal themselves and we'll assume everyone else is on one spectrum or another <crickets>
|
|
#
?
Apr 10, 2024 01:16
|
|
|
mllaneza posted:<crickets> 
|
|
#
?
Apr 10, 2024 01:21
|
|
|
Whew, got hired. It's an MSP, but in my case all is good. I need to prove I am employable in this industry. Got interview, hired, and started working all on the same day. Bit of a whirlwind.
|
|
#
?
Apr 10, 2024 01:29
|
|
|
jaegerx posted:I was referring to New Orleans, not the Boeing planes. Sorry for not being clear. New Orleans is absolutely miserable. lol that’s cute to the Florida people ITT
|
|
#
?
Apr 10, 2024 02:18
|
|
|
jaegerx posted:Prepare for humidity Yeah, I mean, I've been there a bunch and, while Chicago typically isn't that bad, it still gets pretty fuckin humid here. Wife is doing her hair all nice and I'm just shaking my head thinking "all that work is gonna be hosed 5 minutes after we land"
|
|
#
?
Apr 10, 2024 02:26
|
|
|
Anybody else in Vegas for Google NEXT? Thoroughly bored by hearing execs talk about how much they love Google products.
|
|
#
?
Apr 10, 2024 03:37
|
|
|
Vile_Nihlist666 posted:Whew, got hired. It's an MSP, but in my case all is good. I need to prove I am employable in this industry. Got interview, hired, and started working all on the same day. Bit of a whirlwind. Sucks that your career of a signal mechanic didn't work out but glad you found something seemingly impossibly fast. Getting interviewed and hired same day sounds rare in IT
|
|
#
?
Apr 10, 2024 04:00
|
|
|
CommieGIR posted:Anybody else in Vegas for Google NEXT? Thoroughly bored by hearing execs talk about how much they love Google products. I had a ticket and everything but then considered that driving nails into my eyes and ears would be more enjoyable. Corey Quinn covered everything I needed to know anyways: https://twitter.com/QuinnyPig/status/1777730922382786596
|
|
#
?
Apr 10, 2024 04:43
|
|
Cat Army
|
The Iron Rose posted:I had a ticket and everything but then considered that driving nails into my eyes and ears would be more enjoyable. This accurately reflects what I saw today, thankfully I played games and went back to the hotel rather than continue to listen to utter garbage. More tomorrow though.
|
|
#
?
Apr 10, 2024 04:59
|
|
|
I wish I had a job that sent me to conferences  I love free food and lodging
|
|
#
?
Apr 10, 2024 05:01
|
|
|
MF_James posted:Yeah, I mean, I've been there a bunch and, while Chicago typically isn't that bad, it still gets pretty fuckin humid here. It's mellowed out a lot the past ten years. Winters are significantly warmer and the summers are a little bit dryer. Someone used to the southwest might not see it that way but a long time midwesterner will be all "this is nice my shirts aren't soaking through like they used to"
|
|
#
?
Apr 10, 2024 05:08
|
|
|
i miss being flown to montreal for work 
|
|
#
?
Apr 10, 2024 05:08
|
|
|
The Iron Rose posted:I had a ticket and everything but then considered that driving nails into my eyes and ears would be more enjoyable. Yeah this is basically every conference at the moment, went to a little lovely security conference and literally every talk was about AI except the one by security fanatics or whatever they are.
|
|
#
?
Apr 10, 2024 05:25
|
|
|
jaegerx posted:I was referring to New Orleans, not the Boeing planes. Sorry for not being clear. New Orleans is absolutely miserable. I miss it dearly.
|
|
#
?
Apr 10, 2024 05:36
|
|
|
Hotel Kpro posted:Getting interviewed and hired same day sounds rare in IT That's almost how it happened for me. I get the call Thursday, meet with the client Tuesday noon, ask them that if I know fast it would be ideal (my deadline to renew my current contract was that Thursday), MSP calls on the bus home, meet with them Wednesday noon, I had the job offer Wednesday afternoon. But I was told it wasn't always that fast, I just appreciate the expediency
|
|
#
?
Apr 10, 2024 05:44
|
|
|
How long is this Google event going on for as I am as in Vegas. Is it free?
|
|
#
?
Apr 10, 2024 06:34
|
|
|
|
| # ? May 20, 2024 10:40 |
|
|
MF_James posted:Yeah this is basically every conference at the moment, went to a little lovely security conference and literally every talk was about AI except the one by security fanatics or whatever they are. They gave airtime to the security people? That seems like a mistake. The AI will secure things, for sure! /s
|
|
#
?
Apr 10, 2024 06:39
|
|