I'd love to say yes, but we all know the real answer. They did try to fire the underling that punched the hole in the router (and suspended me for destruction of company property). In the wash I was able to keep the peon employed, though we did end up with a draconian BOFH policy about router changes thereafter. Where we had all this wonderful clear and concise policy about harassment, drugs, and violence, we had essentially no policy about IT infrastructure. We now have a "touch it and die" sticker that can be placed on the equipment, special color coded cables and boots (blue cable with a yellow[straight] or red[cross] boot), and a seperate pwd list, all denoting ownership by the NOC. If anyone but NOC personell touches the gear they are fired.
"To wipe the system to fix it is like killing the patient."
We all gotta do what we all gotta do:-)
Really though, your post is spot on, but in many cases the more ideal solution is the faster one. If you have a server out there that has all your standard builds on it, and your users all understand that they must use one of those builds (or have their build added to the list), and get everone to store data on the server and not the local machine, then all you need to do is pop the image back and you're good to go. This is especially important in a production (production as in testing product before shipping) environment where every hour of downtime is the same thing as taking $100K out of the budget and using it to heat the building.
did you read my other comments? I've managed a build to PC ration of 1:3 on many many clients. I understand what you are saying and other than dev environments it's not excusable. In dev environments you should have extra solutions in place.
Final argument: This is the Governmant, everything is "supposed" to be cookie cutter for a reason. -nB
P.S. This is the Government, everything is always borked beyond all possible hope... I know.
One port on one each of the 7Ks was plugged into one (of two) ports on the corp. router. These four ports were their own VPN and the 7K's were set such that only packets directly addressed to the VPN would be passed. Further filtering was done on the 5K that hosted the corp. segment, it would only allow packets destined to one of two machines: a BDC and a filer. That's it. No Internet, no intranet, no connecting to your share on your PC, etc. The BDC was the weakest link in all this and it never had any issues. The filer was a NetApp and performed admirably. I got lots and lots of user complaints about connectivity. The lUser that got me to thinking of actually using a LART was a manager who did an end run around myself and the NOC and bulldogged some IT guy with the router password to punch an additional hole in the router, to an externally exposed proxy! @!#%@#!*&(%!#@%... $#!% Good god I almost lost my job when I found out I popped so loud (and broke both a door and my hand at the same time). I was vindicated within hours when the lab got pwned because of this same manager's web mail. At least I could re-image all the machines fairly quickly (hard down the lab for 4.5 hours).
Yeah, I don't do that kind of work any more. I have my own dev network at work that I admin (8 machines) and that's it. I also don't work in that field anymore.
Yeah, it was a shitty argument. I realized it as I clicked the submit button. (actually tried to halt the transaction, but was too late). Anyway, I was trying to say: Sell a ton of cheap stuff that has nominal cost, rather than a smaller number of the same item with the same cost, but at a higher price, running the risk of ailenating your customer. -nB
Yeah, and if they turn off users who then pawn the game onto the used market that's one less sale for them on a new copy of the game. Fleecing the users is a bad idea. Maybe make it trivial like 50c or whatever (the ringtone philosophy, make it up on cheap bulk sales). -nB
"I seem to only run across the lazy or dumb sys admins."
Too true. I no longer admin any PCs for a living (IMHO a GoodThing, as really acquiring and *using* a LART was getting hard to resist). My job was to interface ~250 PCs on an isolated network to a Corp. network. The catch is that about 75 of the PCs were actually IP connected test equipment, for which applying patches was a very dangerous proposition, and the other PCs were a blend of OSs. I had only 4 machine builds after purging my predicessors hand built white box crap (and excluding the test equipment). For those four builds I had 72 different "Current Good Config" images. Every Window OS released back to 3.0, 5 flavors of Linux, HP-UX, and BSDs. I was the only dedicated admin. If I needed more help I had one person who I could pull on for 25% time MAX and whatever support I could glean from IT. That kind of forces you to accept good habits or die. -nB
BTW: this was in an ethernet development lab (developing ethernet chipsets, PHYs, MACs, Repeaters, ETC.) and the very shitty thing is when some dumbass plugs in an IXIA or SmartBits into your production network and floods it with random source and destination IP and MAC addresses and random packet lengths. Your routers _will_ die, it is only a matter of time. My little lab ran on a pair of Cat7K's and 3524PWR pizza box switches. Even these crashed under some of the abuse. Enterprise and carrier grade hardware, any my punny 250 client network crashed it:) -nB
This is precious:-) From TFA you linked: Almost three years ago the naval systems arm of major UK defence contractor BAE Systems took the decision to standardise future development on Microsoft Windows. an immediate effect was to commit BAE's joint venture CMS subsidiary, AMS, who specialise in naval Combat Management Systems, to implementing a Windows 2000-based CMS system for the new Type 45 Destroyer. But this prompted strong internal opposition from some of AMS' engineers, who had a sound background in Unix and who had, despite resource starvation and a companywide policy to standardise on Windows, been investigating open source alternatives as a foundation for future combat systems.
Are you not supposed to use the acronym _AFTER_ the initial un-shortened version? I read CMS and expanded it to Content Management System in my head, then my brain nicely mis-read Combat as Content (Start and ends with the right letters and is similar in length). Wierd...
BTW WTF is AMS & BAE, AFAIK CMS is just another TLA (:-x -nB
"good" malware will transfer themselves to your servers. Comment below: or you could just use linux
Server is Linux (SOL 18) Since all data is stored as non active files, critical data in encrypted volumes accesses and unlocked only when needed, then locked when the volume is dismounted, the isses with this problem are minimal. In fact I have never had an outbreak re-infection (and this is with me looking for malware troubles). While I will admit that my system has flaws, they are very minor and not the target of any malware I have yet to come across. I also realise that many small businesses have no resources for this work, but a 2000 client network is not small business and has no excuse for basic protection levels like this. -nB
Really, they had no way to wipe and restore on an automated process? Have they never heard of Ghost-EE? Multicasting? I use ghost on my PC, thus when I plan on installing new software I do so, play with it, am sure I like it, then: Restore latest clean system build image to machine, Install target application, ensure functionality, Create new latest clean system build image. I store all my non-temporary data on a server PC anyway, so this is an ideal solution. One that should work in any enterprise environment as well (assuming that there are only 3-4 different builds). -nB
Neither, why do you ask? We have a healthy gamer population at work:-) In fact we regularly play Who's the ass, Dalmuti, and our own variations at lunch. -nB
So I checked out the site and the simple truth is that I can not get enough people together long enough to play this game. Same holds for D&D and all the others. Hell we have trouble getting three hours together for a poker game, much less a game of Risk or Conquest of the Roman Empire. RPGs are just out. -nB
"I don't suppose it'll be licensed under the GPLv3 then?!"
Oh the irony;-) -nB
Re:weird perspective for a conflict... and wrong!
on
Sun's Open Source DRM
·
· Score: 3, Interesting
MOD PARENT UP UP UP.
This is so correct. My favorite media player is my modified Xbox because it works. I have no real need to pirate anything, but having your current library of videos available "on demand" is great, the added bonus of my daughter not being able to scratch her $40 a pop and up disney DVDs. DRM may kill this system, which means I will not be getting new content. -nB
you're right, nevermind that I have IP connectivity and external site connectivity and even internal intranet connectivity, why is my SAP app timing out? -nB
Unfortunately, this is one of those things that requires maturity, something porn-hating people don't have.
s/hating/fearing/; I've found plenty of people who are anti-porn that are rational about it. It's the one's who are afraid of it that are not rational in their arguments. -nB
It's sad because it's funny.
I'd love to say yes, but we all know the real answer.
They did try to fire the underling that punched the hole in the router (and suspended me for destruction of company property). In the wash I was able to keep the peon employed, though we did end up with a draconian BOFH policy about router changes thereafter. Where we had all this wonderful clear and concise policy about harassment, drugs, and violence, we had essentially no policy about IT infrastructure. We now have a "touch it and die" sticker that can be placed on the equipment, special color coded cables and boots (blue cable with a yellow[straight] or red[cross] boot), and a seperate pwd list, all denoting ownership by the NOC. If anyone but NOC personell touches the gear they are fired.
-nB
"To wipe the system to fix it is like killing the patient."
:-)
We all gotta do what we all gotta do
Really though, your post is spot on, but in many cases the more ideal solution is the faster one. If you have a server out there that has all your standard builds on it, and your users all understand that they must use one of those builds (or have their build added to the list), and get everone to store data on the server and not the local machine, then all you need to do is pop the image back and you're good to go. This is especially important in a production (production as in testing product before shipping) environment where every hour of downtime is the same thing as taking $100K out of the budget and using it to heat the building.
-nB
did you read my other comments?
I've managed a build to PC ration of 1:3 on many many clients.
I understand what you are saying and other than dev environments it's not excusable.
In dev environments you should have extra solutions in place.
Final argument: This is the Governmant, everything is "supposed" to be cookie cutter for a reason.
-nB
P.S. This is the Government, everything is always borked beyond all possible hope... I know.
One port on one each of the 7Ks was plugged into one (of two) ports on the corp. router. These four ports were their own VPN and the 7K's were set such that only packets directly addressed to the VPN would be passed. Further filtering was done on the 5K that hosted the corp. segment, it would only allow packets destined to one of two machines: a BDC and a filer. That's it. No Internet, no intranet, no connecting to your share on your PC, etc. The BDC was the weakest link in all this and it never had any issues. The filer was a NetApp and performed admirably.
I got lots and lots of user complaints about connectivity. The lUser that got me to thinking of actually using a LART was a manager who did an end run around myself and the NOC and bulldogged some IT guy with the router password to punch an additional hole in the router, to an externally exposed proxy! @!#%@#!*&(%!#@%... $#!%
Good god I almost lost my job when I found out I popped so loud (and broke both a door and my hand at the same time). I was vindicated within hours when the lab got pwned because of this same manager's web mail. At least I could re-image all the machines fairly quickly (hard down the lab for 4.5 hours).
Yeah, I don't do that kind of work any more. I have my own dev network at work that I admin (8 machines) and that's it. I also don't work in that field anymore.
-nB
Yeah, it was a shitty argument. I realized it as I clicked the submit button. (actually tried to halt the transaction, but was too late).
Anyway, I was trying to say: Sell a ton of cheap stuff that has nominal cost, rather than a smaller number of the same item with the same cost, but at a higher price, running the risk of ailenating your customer.
-nB
Yeah, and if they turn off users who then pawn the game onto the used market that's one less sale for them on a new copy of the game.
Fleecing the users is a bad idea. Maybe make it trivial like 50c or whatever (the ringtone philosophy, make it up on cheap bulk sales).
-nB
"I seem to only run across the lazy or dumb sys admins."
:)
Too true.
I no longer admin any PCs for a living (IMHO a GoodThing, as really acquiring and *using* a LART was getting hard to resist). My job was to interface ~250 PCs on an isolated network to a Corp. network. The catch is that about 75 of the PCs were actually IP connected test equipment, for which applying patches was a very dangerous proposition, and the other PCs were a blend of OSs. I had only 4 machine builds after purging my predicessors hand built white box crap (and excluding the test equipment). For those four builds I had 72 different "Current Good Config" images. Every Window OS released back to 3.0, 5 flavors of Linux, HP-UX, and BSDs.
I was the only dedicated admin. If I needed more help I had one person who I could pull on for 25% time MAX and whatever support I could glean from IT. That kind of forces you to accept good habits or die.
-nB
BTW: this was in an ethernet development lab (developing ethernet chipsets, PHYs, MACs, Repeaters, ETC.) and the very shitty thing is when some dumbass plugs in an IXIA or SmartBits into your production network and floods it with random source and destination IP and MAC addresses and random packet lengths. Your routers _will_ die, it is only a matter of time. My little lab ran on a pair of Cat7K's and 3524PWR pizza box switches. Even these crashed under some of the abuse. Enterprise and carrier grade hardware, any my punny 250 client network crashed it
-nB
This is precious :-) From TFA you linked:
Almost three years ago the naval systems arm of major UK defence contractor BAE Systems took the decision to standardise future development on Microsoft Windows. an immediate effect was to commit BAE's joint venture CMS subsidiary, AMS, who specialise in naval Combat Management Systems, to implementing a Windows 2000-based CMS system for the new Type 45 Destroyer. But this prompted strong internal opposition from some of AMS' engineers, who had a sound background in Unix and who had, despite resource starvation and a companywide policy to standardise on Windows, been investigating open source alternatives as a foundation for future combat systems.
Are you not supposed to use the acronym _AFTER_ the initial un-shortened version? I read CMS and expanded it to Content Management System in my head, then my brain nicely mis-read Combat as Content (Start and ends with the right letters and is similar in length). Wierd...
BTW WTF is AMS & BAE, AFAIK CMS is just another TLA (:-x
-nB
"good" malware will transfer themselves to your servers.
Comment below:
or you could just use linux
Server is Linux (SOL 18) Since all data is stored as non active files, critical data in encrypted volumes accesses and unlocked only when needed, then locked when the volume is dismounted, the isses with this problem are minimal. In fact I have never had an outbreak re-infection (and this is with me looking for malware troubles). While I will admit that my system has flaws, they are very minor and not the target of any malware I have yet to come across. I also realise that many small businesses have no resources for this work, but a 2000 client network is not small business and has no excuse for basic protection levels like this.
-nB
Really, they had no way to wipe and restore on an automated process? Have they never heard of Ghost-EE? Multicasting?
I use ghost on my PC, thus when I plan on installing new software I do so, play with it, am sure I like it, then:
Restore latest clean system build image to machine,
Install target application, ensure functionality,
Create new latest clean system build image.
I store all my non-temporary data on a server PC anyway, so this is an ideal solution. One that should work in any enterprise environment as well (assuming that there are only 3-4 different builds).
-nB
The scary thing is that hammacher is sold out!
-nB
nevermind, just realised I replied to a comment on an AC. :(
-nB
Neither, why do you ask? :-)
We have a healthy gamer population at work
In fact we regularly play Who's the ass, Dalmuti, and our own variations at lunch.
-nB
What about my extensive corpolite collection you insensitive clod!
-nB
/. poster.
by miles.
-nB
So I checked out the site and the simple truth is that I can not get enough people together long enough to play this game.
Same holds for D&D and all the others. Hell we have trouble getting three hours together for a poker game, much less a game of Risk or Conquest of the Roman Empire. RPGs are just out.
-nB
"I don't suppose it'll be licensed under the GPLv3 then?!"
;-)
Oh the irony
-nB
MOD PARENT UP UP UP.
This is so correct. My favorite media player is my modified Xbox because it works. I have no real need to pirate anything, but having your current library of videos available "on demand" is great, the added bonus of my daughter not being able to scratch her $40 a pop and up disney DVDs. DRM may kill this system, which means I will not be getting new content.
-nB
"Besides, everyone loves kittens!"
no, not everyone.
-nB
I modded him up on one post and down on the other, balence is preserved and I gave him Karma :-)
-nB
WTF was that?
-nB
you're right, nevermind that I have IP connectivity and external site connectivity and even internal intranet connectivity, why is my SAP app timing out?
-nB
eventually we'll have too many managers and have to outsource them too :-0
on a side note I just got promoted and a 16.change% pay hike Yea me!
-nB
Unfortunately, this is one of those things that requires maturity, something porn-hating people don't have.
s/hating/fearing/;
I've found plenty of people who are anti-porn that are rational about it. It's the one's who are afraid of it that are not rational in their arguments.
-nB