I'm mostly a Windows person, but I LOVE Asterisk. Especially when you can get some cheap used Cisco phones, reflash them, and have all the features of an expensive PBX for less than $100. But I also know how to work with Linux, am the SME for our HP thinclients (they all run Linux, and I've had to dig into xTerminal a few times on them), and back in the day did PHP stuff; now I just use various TurnKey distros for most of my lab stuff on a VM.
One also needs standardized hardware and control over software deployments. Disable the Store; stop people from just installing whatever they feel like. Have everyone use the same "line" of hardware, whatever the vendor might be pick one and stick with it.
How do you do Active Directory domain-level GPOs with your linux server? I know there are a few sort-of solutions (SSSD with RHEL), Samba for certain things...but doing tasks like pushing out various trust zones, AD-integrated certificate services, Exchange-style calendaring / Skype chat / voip integrations, even locking down screen savers...you'd need another layer like Puppet or Ansible on top of the linux server to properly manage the AD side of stuff. Of course, the "plus side" is total lock-in for the consultant; good luck ever finding anyone else to support the very bespoke RHEL+Puppet+Samba etc setup you'd end up deploying without them just replacing everything or spending hours and hours pouring over text config files LOL.
I'm guessing the "warranty" is really a pre-paid block of support hours, as opposed to a normal hardware warranty like "my 6-month old desktop just beeps a bunch now". I'm betting this "consultant" also deployed home-brewed desktops too, so that's always fun. At my work, I've been pushing all the "custom" desktops out of the network; most don't have TPM capability which is a contractual requirement we have with our major client. I hate seeing "to be filled by o.e.m" in my WMI queries and in SCCM. Or each machine having a different brand / version of BIOS that can't ever be standardized...
Yeah, I was just thinking this too...especially the FUBAR "major OS changes every quarter" of Win10. However, I can give this advise, for free:
-Implement a WSUS server, force all systems to go to it ONLY via GPO
-Have someone on-staff to do patch management, with scheduled times for releasing patches from WSUS
-Stay at least one "Feature Update" behind the most recent Win10 release. See the most recent 1809 screw-up.
Windows 10 "software as a service" means you can't just install it and let it sit there. Patches come out at LEAST once a week, major updates at least every quarter. We spend several hours a week just patching servers, and I always find "secondary servers" (like our MDT / WDS box, our HPDM server, etc) that didn't get patched and rebooted. And you can't just slap on patches, many also require registry changes too to enforce them.
She needs to not have a "single consultant" that just does breakfix. I would suggest a local consulting company, one that has a help desk with remote capabilities, ticketing system, and higher-level staff that can do more complex items like firewalls, vlans, GPOs, iSCSI storage, off-site backups, etc.
Standardizing on "business class hardware" would also be useful; pick a company for desktops like HP (HP ProDesk series), Dell (Optiplex), Lenovo (ThinkCentre) and ONLY buy those so your not trying to support multiple vendors, hunting for drivers, no warranty, etc. Don't screw around with stuff like eMachines, bespoke desktops, etc. The initial savings are just not worth the support cost when every desktop has different internal hardware.
Finally, make sure whomever does all of this that they document everything. A small business should demand an itemized bill, and demand that their consultant document every role they do on the servers, IP addresses, software rolled out, serial numbers, vendor support contacts, etc. SO MANY small businesses have faced the nightmare of realizing they have a bunch of software they don't know who to call for support once their "consultant" disappears / goes out of business, or their "consultant" had been installing pirated software, or has done some non-standard configs that no one knew about until it was far too late.
You know that famous painting, "The Scream"? Can you guess why the sky is orange? It's because of the 1883 Krakatoa eruption. Here are more paintings from that time". We might end up with an orange-tinted atmosphere, and the constant "sulfur" smell everywhere. Their idea is that injecting SO2 will chemically convert into SO4. It will also convert into H2SO4, more commonly known as "acid rain". It can also cause ozone depletion, which is one of the reasons it "can't stop" if we start.
It's an apocalyptic idea, and has an insane amount of unmitigated risks. It's an "end-game strategy" that will irreversibly alter our entire planet, and will be the ultimate Anthropocene Epoch event; this will be our Chicxulub.
You forgot the BEST part: "If this answer solves your issue, please mark this as Answered"...that MS pesters you with if you post a technet forum question.
3-D Builder, Zune Music, Solitaire Collection, Bing Finance, Duo Lingo, Candy Crush, Farmville, Pandora, Twitter...these are just a few of the "AppX" items one has to use powershell to remove from Windows 10 Enterprise. You know, their OS for large corporations; because large corps really want games installed by default. You also have to make a special "tile template" for an image so your Start menu tileset doesn't have a bunch of "missing links" or holes in it afterwards.
We are, at my work, going to be moving to a newer Windows version soon...so I will once again have to strip out a bunch of shit and re-do the image.I personally wanted to go with LTSB, but several of our vendors are moving to Store Apps (I'm looking at you, Boeing Toolbox) so I'm being forced to implement AppLocker, Corporate Store...and am still fighting with management over getting Admin rights to the Store in our tenancy to do my "new" job managing the Store for Business which I would rather not have to do...it's only a matter of time before the MS store is compromised with malware just like all the others.
Of course there is plenty of money to pay for it, just not if it's only funded via the current payroll tax system taking into account the number of people paying in vs. the number of the people pulling money out extrapolated into future populations.
This also will impact Medicare / Medicade, and health insurance rates in general in the USA. With the number of people over 65 quickly outstripping the people under 65, it is in no way sustainable past 2035. Per the US Census statistics, by 2030 all the "baby boomers" will be over 65, and by 2035 we will be at 165.6 million "working age" vs "retirement age" of 76.7 million...which puts the ratio at 2.15. SSA.gov says the ratio needs to be at least 3 to keep the system going; it dropped below 3 in 2010.
There are only a few fixes for this: 1) forced births combined with forced adoptions; to increase the population AND place the kids into families capable of supporting them or 2) increased immigration; bringing in more immigrants and quickly incorporating them into the legal workforce. 3) restructuring medicare taxes by increasing the income cap, increasing the retirement age, etc.
I often wonder if this type of project is a result of "free market" vs "state run" research. A free market system can give you amazingly innovative ideas, but there are practical limitations to how big of a project any one company can do. Especially when it comes to projects that require deep research into "fundamental" physics, chemistry, or biology; that kind of research may not turn an immediate profit so is ignored by corps. A country like China, however, can direct billions of dollars over years into projects like this; the USA did this once with the Apollo project...but we have descended into a quagmire of hyper-partisan politics and re-routing any potential research funds of that level back to the.1% via tax cuts.
"not technically feasible"...well, go read A Formal Security Analysis of the Signal Messaging Protocol and get back to us. Depending on who he is calling, end-to-end encryption is very much technically feasible. Trump could install this app on his iPhone, and tell the people who he's calling to install it as well. Either he is just too stupid to do this, OR he really wants other parties to listen in. Halon's Razor in action.
Technically, your incorrect about the Star Trek reference. The Federation is not a specific planetary government, but an agreement between semi-autonomous high-tech worlds. It's far more like the ancient Greek "polis" or the modern EU than the US and it's "states".
Even then, people can still leave since warp drive FTL has been an existing tech for at least 150 years before the Federation was even founded and was already in widespread civilian use. There are still many worlds that are not under UFP control. And, even with the UFP, a world must have a "stable planetary political unity, demonstrating a resolution of social and political differences and a respect of the rights of the individual"...therefore, a world that has a charismatic overlord would automatically be disqualified from entering the Federation. By the time of ST:NG warp-drive had been around for at least 300 years.
Other than that, I totally agree that a world-wide single government right now (or even in the foreseeable future) would be a horrible idea for most of humanity; until we have a viable choice to "not participate" by leaving the planet, or somehow manage to overcome our issues of racism, hated of "the other", and have some place to go to satisfy the instinctual urge to "move and explore".
My thoughts exactly. Plus, this is why we are moving back to the "capsule" idea; proven design with proven survivability rates. The Shuttle was a cool idea, but far too complex for our current tech capabilities. We can "go back" to the Shuttle-style systems when we can actually "fly it like a plane" the whole way and not need to launch it up like a rocket; this will never happen while still using chemical rocket tech.
"I know.... Seriously." So, you have paid $42,000 and actually went over this information coming from these hackers? Unless you personally have looked at THESE FILES that TFA is talking about, you do NOT know.
Maybe for you, but for me and my work associates, it gotten far worse just this year. Calls about "my student loans", "health insurance", "car warranties", NONE of these are political in nature. It's up to about 4-6 calls per day, I get text messages to, about "You won't believe this!" with a tinyURL. I get way more calls that are spam than normal calls. I've set my contacts to a different ring, but when I'm on-call I have to actually answer every call so that's super annoying.
Even though it's not "legally" related, ever since NN when DOA, it's gone through the roof. It's almost like all the spammers realize the FCC just doensn't give a shit about consumers, only businesses...and they are businesses, so it's "open season".
And, at least for the moment, violating Facebook's ToOS isn't the same as committing a criminal act. So, technically, the police could break ToS and still not be committing a crime. I have no idea how various LEO's officially designate someone as an "undercover"; I doubt it's just "I'm doing XYZ undercover" totally on their own without any sort of over-site but I could be wrong.
Thus said, there is also a big difference between using said accounts to "follow criminals" and catch "child predators" VS "undercover Facebook accounts to watch protesters". "Watching protesters" seems a bit 1984, could even be a violation of 1st Amendment rights if being done outside an active investigation, without a warrant, etc.
"being forced to consult manuals also appears to cause negative emotional experiences" makes me smile. I write quite a bit of documentation at my job, and often love to drop a new product on the help desk with no training except "it's all on the Wiki"...which no ones reads either.
There are also some other "unofficial" rates, like this one that pegs the "true unemployment around 21.2%. They add in "long-term discouraged workers" that were removed by BLI in 1994. My guess is this 21.2% is in large part the Trump die-hard base members; people who have been unemployed for so long the Feds don't even count them as real people anymore. That's 53M over-18 people.
Looks like Google has already closed the discussion on this OUT, within 48 hours. They merged several other threads of people complaining about this into this thread, there are other various issues people reported; but it seems like Google just doesn't care. This also strips out "www" anywhere in the URL, so "https://sub.www.example.com" is changed to just showing "sub.example.com".
Chrome also provides an "Enterprise" MSI, I'm wondering if they will enable / force this too. In my job, I NEED the FULL URL displayed. One of my functions is to ensure the PKI certificates all work properly, I have to make certs for a vast amount of different devices, the last thing I need is LESS information. We will just have to use a GPO to stop Google from updating, even though this goes against the DoD STIG of keeping all software updated.
Hey Google, is it possible to disable this flag in a GPO, using the provided ADMX files? Is this available in the HKLM\Software\Policies\Google\Chrome\ registry subtree? I'm surprised this "trivial" setting isn't already in V1R12 of the DISA STIG...
I say just give them ALL the "encrypted data" they ask for. Let them figure out how to actually decrypt it.
IRL, any laws passed to enforce this will have the following effects: 1. APT will just make their own "clean" variations of various encryption protocols, and these will forever be beyond the grasp of Five Eyes. 2. Someone will find the "master keys", and the REAL fun will begin as all compromised protocols will be "open season", and the entire system will be compromised 3. The Five Eyes will develop their own, non-compromised protocols for military communications; but will be unable to allow all the various contractors access so this too will be vulnerable.
Slashdot Mirror
I'm mostly a Windows person, but I LOVE Asterisk. Especially when you can get some cheap used Cisco phones, reflash them, and have all the features of an expensive PBX for less than $100. But I also know how to work with Linux, am the SME for our HP thinclients (they all run Linux, and I've had to dig into xTerminal a few times on them), and back in the day did PHP stuff; now I just use various TurnKey distros for most of my lab stuff on a VM.
One also needs standardized hardware and control over software deployments. Disable the Store; stop people from just installing whatever they feel like. Have everyone use the same "line" of hardware, whatever the vendor might be pick one and stick with it.
How do you do Active Directory domain-level GPOs with your linux server? I know there are a few sort-of solutions (SSSD with RHEL), Samba for certain things...but doing tasks like pushing out various trust zones, AD-integrated certificate services, Exchange-style calendaring / Skype chat / voip integrations, even locking down screen savers...you'd need another layer like Puppet or Ansible on top of the linux server to properly manage the AD side of stuff. Of course, the "plus side" is total lock-in for the consultant; good luck ever finding anyone else to support the very bespoke RHEL+Puppet+Samba etc setup you'd end up deploying without them just replacing everything or spending hours and hours pouring over text config files LOL.
I'm guessing the "warranty" is really a pre-paid block of support hours, as opposed to a normal hardware warranty like "my 6-month old desktop just beeps a bunch now". I'm betting this "consultant" also deployed home-brewed desktops too, so that's always fun. At my work, I've been pushing all the "custom" desktops out of the network; most don't have TPM capability which is a contractual requirement we have with our major client. I hate seeing "to be filled by o.e.m" in my WMI queries and in SCCM. Or each machine having a different brand / version of BIOS that can't ever be standardized...
The only "code" desktop / server support should be touching in Windows is PowerShell, maybe some VBScript for very specific tasks.
Yeah, I was just thinking this too...especially the FUBAR "major OS changes every quarter" of Win10. However, I can give this advise, for free:
-Implement a WSUS server, force all systems to go to it ONLY via GPO
-Have someone on-staff to do patch management, with scheduled times for releasing patches from WSUS
-Stay at least one "Feature Update" behind the most recent Win10 release. See the most recent 1809 screw-up.
Windows 10 "software as a service" means you can't just install it and let it sit there. Patches come out at LEAST once a week, major updates at least every quarter. We spend several hours a week just patching servers, and I always find "secondary servers" (like our MDT / WDS box, our HPDM server, etc) that didn't get patched and rebooted. And you can't just slap on patches, many also require registry changes too to enforce them.
She needs to not have a "single consultant" that just does breakfix. I would suggest a local consulting company, one that has a help desk with remote capabilities, ticketing system, and higher-level staff that can do more complex items like firewalls, vlans, GPOs, iSCSI storage, off-site backups, etc.
Standardizing on "business class hardware" would also be useful; pick a company for desktops like HP (HP ProDesk series), Dell (Optiplex), Lenovo (ThinkCentre) and ONLY buy those so your not trying to support multiple vendors, hunting for drivers, no warranty, etc. Don't screw around with stuff like eMachines, bespoke desktops, etc. The initial savings are just not worth the support cost when every desktop has different internal hardware.
Finally, make sure whomever does all of this that they document everything. A small business should demand an itemized bill, and demand that their consultant document every role they do on the servers, IP addresses, software rolled out, serial numbers, vendor support contacts, etc. SO MANY small businesses have faced the nightmare of realizing they have a bunch of software they don't know who to call for support once their "consultant" disappears / goes out of business, or their "consultant" had been installing pirated software, or has done some non-standard configs that no one knew about until it was far too late.
You know that famous painting, "The Scream"? Can you guess why the sky is orange? It's because of the 1883 Krakatoa eruption. Here are more paintings from that time". We might end up with an orange-tinted atmosphere, and the constant "sulfur" smell everywhere. Their idea is that injecting SO2 will chemically convert into SO4. It will also convert into H2SO4, more commonly known as "acid rain". It can also cause ozone depletion, which is one of the reasons it "can't stop" if we start.
It's an apocalyptic idea, and has an insane amount of unmitigated risks. It's an "end-game strategy" that will irreversibly alter our entire planet, and will be the ultimate Anthropocene Epoch event; this will be our Chicxulub.
You forgot the BEST part: "If this answer solves your issue, please mark this as Answered"...that MS pesters you with if you post a technet forum question.
3-D Builder, Zune Music, Solitaire Collection, Bing Finance, Duo Lingo, Candy Crush, Farmville, Pandora, Twitter...these are just a few of the "AppX" items one has to use powershell to remove from Windows 10 Enterprise. You know, their OS for large corporations; because large corps really want games installed by default. You also have to make a special "tile template" for an image so your Start menu tileset doesn't have a bunch of "missing links" or holes in it afterwards.
We are, at my work, going to be moving to a newer Windows version soon...so I will once again have to strip out a bunch of shit and re-do the image.I personally wanted to go with LTSB, but several of our vendors are moving to Store Apps (I'm looking at you, Boeing Toolbox) so I'm being forced to implement AppLocker, Corporate Store...and am still fighting with management over getting Admin rights to the Store in our tenancy to do my "new" job managing the Store for Business which I would rather not have to do...it's only a matter of time before the MS store is compromised with malware just like all the others.
Of course there is plenty of money to pay for it, just not if it's only funded via the current payroll tax system taking into account the number of people paying in vs. the number of the people pulling money out extrapolated into future populations.
This also will impact Medicare / Medicade, and health insurance rates in general in the USA. With the number of people over 65 quickly outstripping the people under 65, it is in no way sustainable past 2035. Per the US Census statistics, by 2030 all the "baby boomers" will be over 65, and by 2035 we will be at 165.6 million "working age" vs "retirement age" of 76.7 million...which puts the ratio at 2.15. SSA.gov says the ratio needs to be at least 3 to keep the system going; it dropped below 3 in 2010.
There are only a few fixes for this: 1) forced births combined with forced adoptions; to increase the population AND place the kids into families capable of supporting them or 2) increased immigration; bringing in more immigrants and quickly incorporating them into the legal workforce. 3) restructuring medicare taxes by increasing the income cap, increasing the retirement age, etc.
I often wonder if this type of project is a result of "free market" vs "state run" research. A free market system can give you amazingly innovative ideas, but there are practical limitations to how big of a project any one company can do. Especially when it comes to projects that require deep research into "fundamental" physics, chemistry, or biology; that kind of research may not turn an immediate profit so is ignored by corps. A country like China, however, can direct billions of dollars over years into projects like this; the USA did this once with the Apollo project...but we have descended into a quagmire of hyper-partisan politics and re-routing any potential research funds of that level back to the .1% via tax cuts.
"not technically feasible"...well, go read A Formal Security Analysis of the Signal Messaging Protocol and get back to us. Depending on who he is calling, end-to-end encryption is very much technically feasible. Trump could install this app on his iPhone, and tell the people who he's calling to install it as well. Either he is just too stupid to do this, OR he really wants other parties to listen in. Halon's Razor in action.
Technically, your incorrect about the Star Trek reference. The Federation is not a specific planetary government, but an agreement between semi-autonomous high-tech worlds. It's far more like the ancient Greek "polis" or the modern EU than the US and it's "states".
Even then, people can still leave since warp drive FTL has been an existing tech for at least 150 years before the Federation was even founded and was already in widespread civilian use. There are still many worlds that are not under UFP control. And, even with the UFP, a world must have a "stable planetary political unity, demonstrating a resolution of social and political differences and a respect of the rights of the individual"...therefore, a world that has a charismatic overlord would automatically be disqualified from entering the Federation. By the time of ST:NG warp-drive had been around for at least 300 years.
Other than that, I totally agree that a world-wide single government right now (or even in the foreseeable future) would be a horrible idea for most of humanity; until we have a viable choice to "not participate" by leaving the planet, or somehow manage to overcome our issues of racism, hated of "the other", and have some place to go to satisfy the instinctual urge to "move and explore".
My thoughts exactly. Plus, this is why we are moving back to the "capsule" idea; proven design with proven survivability rates. The Shuttle was a cool idea, but far too complex for our current tech capabilities. We can "go back" to the Shuttle-style systems when we can actually "fly it like a plane" the whole way and not need to launch it up like a rocket; this will never happen while still using chemical rocket tech.
"I know.... Seriously." So, you have paid $42,000 and actually went over this information coming from these hackers? Unless you personally have looked at THESE FILES that TFA is talking about, you do NOT know.
Maybe for you, but for me and my work associates, it gotten far worse just this year. Calls about "my student loans", "health insurance", "car warranties", NONE of these are political in nature. It's up to about 4-6 calls per day, I get text messages to, about "You won't believe this!" with a tinyURL. I get way more calls that are spam than normal calls. I've set my contacts to a different ring, but when I'm on-call I have to actually answer every call so that's super annoying.
Even though it's not "legally" related, ever since NN when DOA, it's gone through the roof. It's almost like all the spammers realize the FCC just doensn't give a shit about consumers, only businesses...and they are businesses, so it's "open season".
ToS != "the law". At least not right now.
And, at least for the moment, violating Facebook's ToOS isn't the same as committing a criminal act. So, technically, the police could break ToS and still not be committing a crime. I have no idea how various LEO's officially designate someone as an "undercover"; I doubt it's just "I'm doing XYZ undercover" totally on their own without any sort of over-site but I could be wrong.
Thus said, there is also a big difference between using said accounts to "follow criminals" and catch "child predators" VS "undercover Facebook accounts to watch protesters". "Watching protesters" seems a bit 1984, could even be a violation of 1st Amendment rights if being done outside an active investigation, without a warrant, etc.
"being forced to consult manuals also appears to cause negative emotional experiences" makes me smile. I write quite a bit of documentation at my job, and often love to drop a new product on the help desk with no training except "it's all on the Wiki"...which no ones reads either.
There are also some other "unofficial" rates, like this one that pegs the "true unemployment around 21.2%. They add in "long-term discouraged workers" that were removed by BLI in 1994. My guess is this 21.2% is in large part the Trump die-hard base members; people who have been unemployed for so long the Feds don't even count them as real people anymore. That's 53M over-18 people.
He's a Trumpican, the Chaotic Neutral of political parties.
Looks like Google has already closed the discussion on this OUT, within 48 hours. They merged several other threads of people complaining about this into this thread, there are other various issues people reported; but it seems like Google just doesn't care. This also strips out "www" anywhere in the URL, so "https://sub.www.example.com" is changed to just showing "sub.example.com".
Chrome also provides an "Enterprise" MSI, I'm wondering if they will enable / force this too. In my job, I NEED the FULL URL displayed. One of my functions is to ensure the PKI certificates all work properly, I have to make certs for a vast amount of different devices, the last thing I need is LESS information. We will just have to use a GPO to stop Google from updating, even though this goes against the DoD STIG of keeping all software updated.
Hey Google, is it possible to disable this flag in a GPO, using the provided ADMX files? Is this available in the HKLM\Software\Policies\Google\Chrome\ registry subtree? I'm surprised this "trivial" setting isn't already in V1R12 of the DISA STIG...
I say just give them ALL the "encrypted data" they ask for. Let them figure out how to actually decrypt it.
IRL, any laws passed to enforce this will have the following effects: 1. APT will just make their own "clean" variations of various encryption protocols, and these will forever be beyond the grasp of Five Eyes. 2. Someone will find the "master keys", and the REAL fun will begin as all compromised protocols will be "open season", and the entire system will be compromised 3. The Five Eyes will develop their own, non-compromised protocols for military communications; but will be unable to allow all the various contractors access so this too will be vulnerable.