what did you learn today? (part 2)

[Technarch]

Had a ticket come in today titled: KASPERSKY maybe a virus would be better?

Gave me a good laugh. They might be right.

They are right. I installed Kaspersky on a lab machine just to see what was up. IT rushed into my office a couple of days later demanding to know why my machine was communicating with a Chinese server. Guess where Kaspersky's malware update servers are?

Meanwhile it never seemed to do anything useful, it just put up a huge, gaudy "scanning" app and ate CPU.

 

[Technarch]

Don't star studded cults charge their members a significant amount for membership, "training", and other "reeducation"?

 

[Technarch]

I can't say I ever really disliked Sun, but we never really had the cash to go proprietary with much of anything. I do miss them now, Oracle pretty much destroyed everything good that came out of Sun. To think that neither Sun nor Oracle could figure out how to make Solaris + ZFS some kind of marketable storage appliance kind of blows my mind.

Yeah, talk about missed opportunities. I was on a call with their storage team where I told them that they'd finally, finally come out with a decent storage solution with Thumper, all they had to do was put a web GUI on it. They said they were working on it, and then the Oracle buy happened like two months later. And Oracle really, really does not understand hardware. Really.

 

[Technarch]

And Oracle really, really does not understand hardware. Really.

I'm under the impression that Oracle just ruins everything they purchase.

If Oracle purchases a product that you use, you can look forward to two things, even if they don't touch it.

1) Increased cost
2) Decreased support quality

The Sun purchase was the only one I saw up close. It reminded of the Iraq war--no one thought about planning for the aftermath. Suddenly in possession of a hardware company, Oracle quickly found it had no clue about development, distribution, inventory, OEMs, the channel, the competition, the customers, hardware support, most of Sun's IP including Java, or how to spin any of it in the media.

 

[Technarch]

Today I was reminded that when a non-trivial amount of money is involved in an RFP, vendor sales people can get pretty pushy.

That's because non-trivial dollar amounts in Salesforce attract all kinds of counterproductive attention from PHBs.

edit: True story: When NetApp rolled out one of its revs of its config tool, one of the sales engineers in my department put in a bunch of ersatz configs while he was figuring out how to use it. What we didn't know was that it was also the channel opportunity tracking tool, so the billion-dollar "opportunities" he entered quickly rocketed to the top of the daily pipeline reports that highly placed NetApp people were getting. Then, hilarity.

 

[Technarch]

dlp[/url]":18mpx2z6]
Out of curiosity, what does URL filtering do against viruses? Seems like a case of "If you don't know what to block, you can't block it."

Is firewall AV scanning more effective than local scanning? More so, it seems like every local scanner will miss the latest and greatest even when getting updates, would a firewall have better detection than that?

URL filtering prevents users from inadvertently (or advertently) connecting to hostile websites that perform drive-by downloads or otherwise hijack the browser.

Firewall AV scanning can be more effective than local scanning. There is signature-based malware filtering, of course, but some NGFWs can also send copies of suspicious documents up to a cloud-based analysis center where they are 'detonated' in a virtual environment and their behavior is examined. If it does bad things, a signature is developed that is then forwarded to all such NGFWs. Still not perfect, but it's the only way I know of that might stop a brand new zero-day threat.

You still need AV on the endpoint though, since there are many ways to get malware on a laptop that don't traverse the firewall.

 

[Technarch]

Only 4x? You must be pretty good.

 

[Technarch]

WingMan[/url]":w707vh35]

Altiris and work properly are oxymorons. It's gotten worse since Symantec took it over.

++ Pre-Symantec, we tried setting up Altiris in the lab as a trial. It just wouldn't work. We called the Altiris rep and said, "It's not working." Rep said, "Okay." No attempt to get us support or anything, it was like he knew it was doomed to fail.

Supposedly there are working Altiris installs in the city, but I haven't actually laid eyes on them.

 

[Technarch]

Cookie.Monster[/url]":1j3qy2ra]That Microsoft just released a 314 page best practice guide for securing Active Directory.

The impossible, in only 314 pages!

 

[Technarch]

KD5MDK[/url]":1cjchrgw]Hire a flunky to deliver printouts from the copy room.

Better yet, institute a companywide health improvement campaign that encourages employees to get up and walk.

Then, remove all printers from the building and set up a corporate account with the nearest Kinko's.

 

[Technarch]

Digitlman[/url]":3gvj3pjk]A Lannister always lets others find the bugs first:


https://blogs.vmware.com/kb/2013/04/ale ... Yjo_MrvZ8E

I note that the bug report doesn't come with a workaround.

 

[Technarch]

Frennzy[/url]":3goondf3]TIL that InfoSec will, literally, spend 12-16 months struggling with a broken tool, trying to make it not suck completely, only to abandon said tool at the last minute.

...and demand an alternate solution from engineering, to be completed within 6 weeks.

What tool are we replacing?

 

[Technarch]

akro[/url]":18egahqn]
I am in HP presales afterall and that is my job.

HP presales who actually know what they are doing are worth their weight in gold. The number of times I got erroneous HP configs back from HP is annoyingly high.

Even better were the times when they'd actually argue with me about the mistakes.

"This server is supposed to have 24GB in it, not 32."

"DIMMs have to be installed in pairs, so it has to be either 16GB or 32."

"This is a triple channel architecture now."

"So? DIMMs have to be installed in pairs."

"..."

 

[Technarch]

hutchingsp[/url]":298vdpa1]That according to some vendors the 10GbE ports on their switches apparently "care" whether they are being used as uplink ports or for endpoint connectivity and are happy as uplinks but not with endpoints connected.

Whaaa...?

 

[Technarch]

w00key[/url]":26goftvx]RAM is cheap. DDR3-1333 16GB Reg ECC is €140 per stick (not even no-name, part# from compatibility list), I remember paying this much for a stick of 2 or 4GB FBDIMM. The best part of this upgrade is that it pays itself in a few months of power (over)usage by decomissioning a few old PE 1950's.

I remember getting chewed out and written up for losing a 256MB DIMM out of a set of 8 for a Sun E4000. It was like losing a $500 bill. We used to joke that Sun RAM was worth more than gold and possibly as much as uncut diamonds, by weight.

 

[Technarch]

YIL that Amazon EC2 does not maintain a consistent kernel base across zones. This causes "interesting" problems when one attempts to launch an AMI in a West region that was developed in an East region.

 

[Technarch]

TIL that converting a few hundred Windows boxen to speak WMI and SNMP is nowhere near as easy as the outsourcing management firm thought it would be. I, personally, am hardly surprised, but did anyone listen?

 

[Technarch]

euri[/url]":3p39ato7]

cwbecker[/url]":3p39ato7]TIL: Our helpdesk interns can look directly at a desktop printer sitting 1' from a laptop and claim the user has no local printer. It actually caused me to bluescreen when they said it. By the time my mouth started working again, they had wandered on to the next cubicle to continue their IT hardware inventory. I had to bring them back to the cube and point directly at it before it registered. :facepalm:

I found the problem.

Why is helpdesk treated as an intern-level position? The technical and people skills required for the job suggest that it be rather more respected and compensated. Is it because people that are actually good at helpdesking are too rare?

 

[Technarch]

Danger Mouse[/url]":27apfn1f]

Technarch[/url]":27apfn1f]TIL that converting a few hundred Windows boxen to speak WMI and SNMP is nowhere near as easy as the outsourcing management firm thought it would be. I, personally, am hardly surprised, but did anyone listen?

Pray tell, the GPO or GPP couldn't do it? That would be after publishing the correct updates via sccm or scripted install somehow?

Give some details please

GPP can do it, the problem seems to be that the target devices only refresh once a day, which is an issue when you need multiple trial-and-error policy revs pushed out within 24 hours. (I confess I am hardly qualified to be a Windows admin, but my spider-sense still starts tingling when the consultants say "400 machines? Sure, no problem, it's easy").

 

[Technarch]

I actually didn't mind that about SEP, because when it decides to run a scan, it takes all the CPU and RAM as well as focus, so I'm not going to get anything done anyway. In some respects it's good that it takes focus, because it saves me a click when I go to cancel the scan.

What was really fun was having SEP and FireAMP stepping on each other all the time, shouting that they'd found eicar.txt in each other's quarantine folder. That went on for a couple of months before I figured out how to get SEP to play nice.

 

[Technarch]

Ardax[/url]":14eny0kc]Theoretically, the video should compress really well, though it may need a teensy bit of smoothing. Unless the subject moves a whole lot.

That's interesting, you could look at the file sizes of the compressed vids and diagnose who isn't sleeping well.

 

[Technarch]

chalex[/url]":12omgs4y]

RicDavis[/url]":12omgs4y]According to http://www.wdc.com/en/products/resource ... atibility/ , SATA connectors are designed for 50 insertion/removal cycles.

Still an improvement over some internal SCSI connectors I've experienced. They seemed to be designed for zero insertion/removal cycles.

 

[Technarch]

Fulgan[/url]":xrobazew]TIL that, according to our maketing dep, our SaaS service has actually "migrated to a private vCloud infrastructure". I'm not sure what it means (if anything) but that's apparently how they translated "we moved from using our own servers to using VMs rented from an IaaS that uses VMWare and vCloud director".

Lost in translation indeed.

This is exactly why I enjoyed doing marketing on the side while acting as a sales engineer. Seriously, if I'm going to have to rewrite all the copy myself, I might as well just do it myself and save everyone some time and money. Beats the hell out of having a customer wave a piece of collateral in your face saying "but this clearly says you can host infinite virtuals on a single CPU partition!"

 

[Technarch]

That's the one my boss learned, apparently.

 

[Technarch]

hawkbox[/url]":3lj0jgmr]
Well this was willingly and without negotiation. They literally were shown the list price and said "Ok".

My sales rep friend would very much like the contact info for your department.

 

[Technarch]

ronelson[/url]":19ekf0vj]Fortinet doesn't honor DNS TTL values

 

[Technarch]

TIL that the Palo Alto CNSE exam has a strong emphasis on all the things I didn't study: Panorama, GlobalProtect, User-ID agent configuration, PBF, hairy NAT whatifs, and captive portal.

Still passed, but it was ugly.

 

[Technarch]

PaveHawk-[/url]":22lhvztx]
Was it worthwhile? I went to the courses ages ago c/o my disti. I never did sit the exam though.

Well, if I had a complaint, it's that many of the questions seemed to deal with cases that you'd almost certainly never encounter IRL. But it wasn't riddled with typos and mistakes (Veritas, Symantec), nor did it require a photographic memory (VCP4); if I'd known I needed to study the areas I listed above, I'd have done much better. I was still able to muddle through by at least knowing what they were talking about and applying lodgick.

Don't think the cert is going to have the recruiters busting my door down, but you never know.

 

[Technarch]

Once again I find myself doing bugfixes for a vendor that doesn't know how to fix their own product.

At least it's a Linux "virtual appliance" so it's not completely impossible.

 

[Technarch]

ImRaptor[/url]":jdk4eam7]

VMWare's tests kind of bug me, much the same way as Cisco ones do, in that the questions seem to really have a lot of edge scenario involved knowledge. I completely understand the reasoning behind it as predominantly contractors are the ones getting the certification and those are the guys you want to have that edge case knowledge, so the exams make sense in their structure. Doesn't mean I like it though.
Now RedHat exams I do like the way they are setup, at least the lower level ones. Not sure how their more specialized ones are, but the starting cert. exams are purely objective based. They don't care how you get it done, just get it done in the time given. Hate GUI and want to go pure CLI? Go for it. Don't know the CLI, use the GUI. In the end as long as it works and gives them what they want the means don't matter. And I didn't find anything to an obscure task in the exam, very much typical real world usage.

The VMware exam was a bit arcane, but at least the VCP5 is focused on management and troubleshooting. VCP4 had a large memorize-these-numbers component that was extra special because of course the numbers change with each point release.

Of course, after my experience with Veritas and Symantec exams, I'm just happy if the test isn't full of egregious grammatical and content errors.

 

[Technarch]

ambit[/url]":11c83u56]We're still waiting on root cause from EMC but they're saying its a hardware issue, and there is a 'patch' (??) coming for our other 3 VNX's.

Sounds like firmware, not hardware. I've seen firmware incompatibilities do bad things to storage arrays in the past.

 

[Technarch]

dlp[/url]":1laxqqhv]I dunno about 3 or 4, personally. My users still act pretty dumb, and any paid antivirus doesn't seem to be worth much so enterprises get stuck. Heck, my most effective AV seems to be the Barracuda Spam & Virus filter we use.

Signature-based antivirus isn't enough any more. Polymorphic malware is getting too common. Sandboxing is better (eg FireEye or Palo Alto Wildfire), but already we're seeing malware that checks to see if it's in a sandbox before detonating. Behavior-based advanced malware detection is currently the best way to go, in my opinion.

 

[Technarch]

kperrier[/url]":1op3oso9]I just installed half a dozen new rhel 4 servers to support our meaningful use 2 compliance. :facepalm:

I truly hate healthcare IT.

Is virtualization an option?

 

[Technarch]

Phiber[/url]":ena3k7a2]

The guy in question (and one of his peers) are notorious for this kind of behavior. Luckily it is a well known fact in my department.

How can work be done with someone whose every spoken word might be an egregious lie? "I don't know, I will have to look that up" is surely better than sending someone down a rabbit hole that ends in a pond seething with hungry pacus.

 

[Technarch]

ferzerp[/url]":3a3xea30]We can thank the overly vocal anti Microsoft zealots for the travesty that is vCenter 5.1

I think Microsoft deserves more of the blame. Between the ongoing train wreck that is Windows 8, and Windows licensing driving up the cost of virtualizing infrastructures, I can see why VMware would want to get away from that as much as possible.

Doesn't excuse the poor implementation though. Rather the opposite in fact.

 

[Technarch]

TIreL that I can read an Oracle page describing an Oracle middleware, and understand every word and sentence, and still have no idea what that middleware does, how it works, how to install it, or what it costs.

 

[Technarch]

Use the Force, flameboy!

 

[Technarch]

euri[/url]":1etfvmiw]Sysadmin tip of the day: Set your monitoring solution to forward any capacity-related alarms to your purchasing department until they buy you more hardware.

And then put purchasing dead last on the capacity prioritization list. Oh, are you guys out of space again?

 

[Technarch]

Black_Obsidian[/url]":2et2oox1] In my past dealings with them, HP would always come out like 30% higher-priced than Dell (often for poorer configs), and in one particularly entertaining instance, managed to top Cisco pricing by 15%.

Pricing was never really my problem with HP. Accuracy was. I don't know if they outsourced their inside sales team or what, but I used to have to kick their quotes back to them at least twice before they'd quote me a correct configuration.

It didn't help that their quote turnaround time was usually about two weeks.

 

[Technarch]

I spent about fifteen minutes trying to reach various pages at NIST and NASA this morning before I realized there was an Excessive GOP error in one of the main DC buildings.