IT BS thread

You are making my day, not feeling like the old fart that I am. I've always been the one driving my teams to adopt the latest stuff out there and pushing the limits. Things move so fast these days, you better embrace them and learn how to make them work well. My team at my last job was dead-set on using dedicated hardware because they didn't trust the virtual infrastructure group (for good reasons). I said nope, virtualize it all and help them get better, and learn something in the process.

I came into my new job and heard they had PaaS capabilities and was asking which route they were going, CloudFoundry or container-based like with K8s or OpenShift. Turns out they were calling their VM automation stuff a "platform." I have been fighting that since, but at least they are embracing K8s now and admitting that what they have is just automated IaaS capability. I came from a shop that was embracing CloudFoundry and drinking the cult Kool-Aid -- it has its place, but it is also limited and best suited for small to medium web-tier apps. I'm no longer at the level that I need to know the details, thank goodness. I'd be in trouble then. Now we're looking at blockchain (like everyone else) and GPU use cases.

 

Training is probably the biggest reason they stall adoption. This client moved to 365 in October, but has failed resisted using anything other than email and Skype. I harp on Sharepoint and OneDrive, but they never seem interested. I guess from the user perspective, "Don't fix what ain't broken."

Just when I feel like my job has hit the max level of ridiculous, something else comes up. Flood waters aren't currently rising, but there is a ton of rain forecasted through the weekend and they want to evacuate just in case, so I'm going down tomorrow morning with waders and john boat to remove their rack from the building.


I'm sure this will end well......

 

Haha, I've been there too. Our old location flooded every couple years because the river went over the banks, so we had to move inventory off the floor on pallets. Spent a few nights there doing that, sleeping in my car because couldn't get out. Now, the place we moved into a few years ago had a defective roof install when built, and we get leaks from above when it rains hard. Can't win.

O365 training... yes, I fear we won't attempt to fully utilize what we are paying for because we don't know what we were missing. I'm keeping the issue at the front though... after all that work migrating, damned if I'll settle for just fancy new email and word processing GUI's.

 

How strong does your password need to be?

I went to an IT conference a few weeks ago and the security presenters were preaching a new tune on passwords. They have a dedicated brute force password cracker using off the shelf hardware that can get any 8 digit password, regardless of complexity, in under 10 hours. Their advice is: length is king and complexity is pointless. They, the security guys, are saying passphrases are the new way to get length in a way that users can remember.

I've been playing around with the web site https://howsecureismypassword.net and based on the 9 hour estimate it gives for the 4Xd$94kw password I'm going to go with it being a fair representation of reality. A simple english sentence like, My dog's name is Sue. as a passphrase is so easy for a user and literally impossible for a computer. (and yes 596 QUINTILLION years is impossible in my book )

Are any of your companies pushing passphrases? Just courious.

 

That's a trip, we're living in very similar worlds sir.

The next emerging tech item being thrown at us is serverless architecture/functions as a service and the whole IoT thing are both coming in hot and heavy.

There's absolutely no shortage of things coming out that I will never be an expert of.

 

Yes, pushing them because they are both more secure and easier for the user to remember.

 

No more passwords - 2-factor authentication. We also use vaults for any admin accounts, and you have to 2FA into the vault before you can check out access to the server.

At home, I use long passphrases. I was cracking 8 and 9 character complex passwords in under 12 hours 5 years ago - it's got to be faster now. I dare you to figure out my 28-character Wi-Fi password.*





*which is a cast-iron bitch to program with a regular TV remote into my 5 year-old Sony TV that doesn't do WPS.

 

Other than the nerd factor, which I totally get, is there any point to a password that long? 53 decillion years to break your wifi password is not a challenge that I'm going to accept. Besides I already know you spend all your time on Tacomaworld.

For my organization I'm thinking about providing the guidance of a minimum three word pass sentence. Besides IMO when many users are a sucker for social engineering, brute forcing a password seems to be a waste of time.

 

I entered the same password several times, and kept getting different estimates. Shortest was 36 quintillion years.

My password isn't quite as tough, but I also use MAC filtering. I suppose anyone dedicated or smart enough to break into my network will be disappointed though.

 

I set a personal rule for myself to not use anything less than a 28-character passphrase. Every time I'm on a call to a vendor or some other department, I expect to hear, "what was that? Was that your password?" . This is coming from people who have elevated rights to my desktop since I'm just an engineer who has nerfed permissions to my box (damn straight that makes me bitter), or consultants helping me configure software that manages credit card data.

 

OK since everyone here is an admin that has the keys to the kingdom, I'm going to change the question. How secure do your users' passwords need to be and why?

 

(Not going to debate what he's done. He's a smart dude who probably made some bad choices, so let's leave it at that.) But there have been some arguments that the (in)famous MargaretThatcheris110%SEXY passphrase suggested by Snowden really isn't that secure.

https://www.wired.com/2015/04/snowden-sexy-margaret-thatcher-password-isnt-so-sexy/


I still like passphrases and force them on our sales monkeys, but I like 2FA even more and use it when it makes sense. At least until the battery on my phone dies and I want to log into something......Or I'm stuck in a data center that doesn't have cell coverage and really need the 2FA email for an application, but also need a 2FA SMS to get into my email. I'm pretty sure that equals 4FA and a bunch of wasted time to go stand in the parking lot where I can get the txt message and useable LTE.

 

Interesting read, but it leaves me with more questions than answers. The premise seems to be that a dictionary attack can beat any password, but the math doesn't work out. In the article is suggests that a dictionary of 4000 words can generate a secure password with 4 words, but if I'm doing the math correctly a 4 word password with a known 4,000 word dictionary has 2.56e+14 different combinations. At a trillion 1.00e+12 guesses per second that works out to 256 seconds or 4 minutes to crack. Hardly secure.

But in real life the dictionary of all words is around 15 million. Add another million for common typos and sessy instead of sexy and a 4 word passphrase gives 6.55e+36 combinations. At a trillion guesses per second that's 2 quadrillion years give or take a milenia. And if I was clever and included a word not in the dictionary, in 2 quadrillion years you can start the brute force attack.

It's stuff like this that leaves me questioning security advice. I get that english majors write these articles, but can't they get their nerd friends to check the math?

I'm working on a new password recommendation for my users and that's going to move a WHOLE bunch of cheese. I'm leaning toward a minimum 3 word pass sentance (upper, lower, spaces, punctuation) with a 1 year life. (security is important, but we are not dealing with state secrets. And the system admins should be doing 2FA and are not part of this) So, as they say on the internet, roast me. Is my math, logic, assumptions, or something else wrong?

 

This is about right

 

I FUCKING HATE WINDOWS IMAGING

Give me a network, server, storage, ... anything but desktops/laptops.

I can't wait for my desktop guy to get back from vacation.

 

Your desktop guy must not have a good process in place.

We boot to usb login, select OS, it does the rest including o365. Then sccm takes over for update. Forget it an let it bake we call it.
Once crispy, login add the user, boot and done.

 

He doesn't. But then again this place didn't have very good anything when I started last Sept.
I have focused mainly on the network and server infrastructure as there were a bunch of unfinished projects that had been started years ago.

While he is out on his honeymoon I have to cover for the desktop side and I haven't done desktop support in near a decade. It does give me a good view of whats happening and I do need to focus on it now that the rest of the stuff is straightened out.

Just frustrated how hard it seems to sysprep, create an unattended file, and image windows 10 compared to how it used to be.

My unattended file hosed my image i created and ended up causing a perpetual loop so I had to start over.

Built a Windows Deployment Server and installed Microsoft Deployment Tools on it.

When I left today I at least got it to install Windows 10, join the domain, bypass the annoying setup wizard, so I made progress.

 

Any of you guys pretty familiar with cable testers? I need one that will give VLAN information. I had used a FLUKE before overseas and I don't remember the model, but looking up ones available now such as the MicroScanner 2, reviews say it does not give VLAN info. Ideally that would be what I need since we have multiple networks and each system uses a different VLAN, and with stations being moved around a lot it would save me time to view on a tester vs logging into the switch and verifying there.

 

Not really my area of expertise, but sounded interesting so I used the Google.

$482 NetAlly LSPRNTR-300 LinkSprinter 300 Network Tester with WiFi and Distance to Cable Fault Indication, w/WiFi & Distance to Cable Fault Indication

https://www.amazon.com/NETSCOUT-LSP...&qid=1488312126++&sr=8-2&keywords=LSPRNTR-300