|
Sickening posted:What does this even mean? Forget it. No worth argument. jaegerx fucked around with this message at 23:49 on Sep 29, 2014 |
#
?
Sep 29, 2014 22:28
|
|
|
|
| # ? Apr 19, 2024 22:17 |
|
|
Misogynist posted:lol if you actually believe this is true Obviously it's not literally true, but experiments have borne out that people prize relative wealth over absolute wealth.
|
|
#
?
Sep 29, 2014 22:43
|
|
|
jaegerx posted:Something very bad happened to Xen the Hypervisor which required all those big companies to reboot their xen servers this weekend. So if you run Xen as your hypervisor I suggest contacting your vendor if you have one. ex RedHat/Suse/Etc. NOPE. DO NOT DO THIS. If a mod is watching, please remove these posts, srs. I know you may think this is ok and you're being good or it makes you feel important, but it's poo poo exactly like this that blows CVEs. When Kaminsky told people he found a flaw in DNS but wasn't going to tell people what it was until a fix was out, people went hunting. Your vendor also isn't going to tell you unless you're a huge special snowflake, which you probably aren't. I'm all for disclosure once it's public, but even acknowledging that there's going to be a vulnerability announced in a specific projects lets people know they shoudl look. evol262 fucked around with this message at 23:31 on Sep 29, 2014 |
|
#
?
Sep 29, 2014 23:28
|
|
|
That cat's already pretty well out of the bag. There's multiple articles in Information Week and The Register about it. Anyone who's paying attention at all to security news is aware that a patch and disclosure are coming. And I don't even run that product.
|
|
#
?
Sep 29, 2014 23:36
|
|
|
Docjowles posted:That cat's already pretty well out of the bag. There's multiple articles in Information Week and The Register about it. Anyone who's paying attention at all to security news is aware that a patch and disclosure are coming. And I don't even run that product. Ignore me. I need to feel important jaegerx fucked around with this message at 23:50 on Sep 29, 2014 |
|
#
?
Sep 29, 2014 23:41
|
|
|
He hasn't said anything that's not already known? http://www.eweek.com/cloud/amazon-reboots-cloud-servers-to-patch-xen-hypervisor.html http://www.informationweek.com/cloud/software-as-a-service/amazon-reboots-cloud-servers-xen-bug-blamed/d/d-id/1316093 https://gigaom.com/2014/09/25/amazon-confirms-that-ec2-reboots-are-due-to-xen-issues/
|
|
#
?
Sep 29, 2014 23:41
|
|
|
There's an embargoed vulnerability, yes, but your vendor isn't going to tell you anything about what it is (if they were going to, they already would have). I guess I prefer that any indication of severity ("something very bad") or any real details stay under the hood. I don't run or maintain that product either, and it's been pretty much an open secret for a couple of days, but a general "don't talk about vulnerabilities if there's any possibility you may have private knowledge" is generally fair advice. CLAM DOWN posted:He hasn't said anything that's not already known? Everybody knows Amazon had to reboot a portion of AWS because of Xen. But knowing which 10% and why is part of the puzzle. Giving them information that another public, well-known company (it's not a secret who jaegerx works for) also runs Xen and has had to reboot lets researchers compare versioning and start bisecting it. Every bit of information counts with embargoed security issues. jaegerx posted:Hence why I waited till all of the big companies have already fixed the flaw. Now the smaller ones might not know about it and need to get on the horn. This is not how it works. Why do you think "getting on the horn" will accomplish anything for small companies? evol262 fucked around with this message at 23:46 on Sep 29, 2014 |
|
#
?
Sep 29, 2014 23:42
|
|
|
[quote="evol262" post="435575321"] There's an embargoed vulnerability, yes, but your vendor isn't going to tell you anything about what it is (if they were going to, they already would have). I guess I prefer that any indication of severity ("something very bad") or any real details stay under the hood. I don't run or maintain that product either, and it's been pretty much an open secret for a couple of days, but a general "don't talk about vulnerabilities if there's any possibility you may have private knowledge" is generally fair advice. [/] Guess we can forget about security when you left my post quoted for 5 hours. jaegerx fucked around with this message at 04:56 on Sep 30, 2014 |
|
#
?
Sep 29, 2014 23:46
|
|
|
Tab8715 posted:Not sure if this is the place but I'm trying to get a serial connection between my laptop T440s and a Power 8 Server. I'm not sure for the Power 8 server specifically, but if it's a serial RS232 port with an RJ-45 port that's like a lot of other devices with embedded operating systems, then the answer is pretty much no. If you don't already have a USB->Serial adapter, the one I've used for years is the Tripplite Keyspan USB Serial adapter. The drivers install automatically on Windows, and once you figure out the COM port number from Device Manager, then you can just use putty to connect to the serial port (and edit your connection settings if your device is a special snowflake; baud speeds, in particular, are annoying to figure out if you don't have the manual on-hand. Yes, I really wanted to have to connect to $SPECIALIZED_DEVICE at 115200 bps instead of the usual 9600, thanks guys for making me guess and/or dig up your manual!) Just don't unplug it while putty is running and it's active (solid green light that blinks when you send/receive data); I've gotten bluescreens seldomly by doing that. Casull fucked around with this message at 07:48 on Sep 30, 2014 |
|
#
?
Sep 30, 2014 07:45
|
|
|
Casull posted:I'm not sure for the Power 8 server specifically, but if it's a serial RS232 port with an RJ-45 port that's like a lot of other devices with embedded operating systems, then the answer is pretty much no. Ok, so it is in fact a completely different interface. The whole reason I was trying to avoid this was because of the whole driver issue. I nearly spent a whole half of my day a year ago trying to get dongle driver working on my laptop but eventually gave up and just used a old laptop that had a internal serial connection. Fortunately, I found a different blue USB-to-Serial adapter as opposed to those more common grey Belkin adapters? Anyway, it worked right away and windows even automatically detected the drivers! I'm a little serial connection illiterate but are these types of interfaces typical hot-pluggable? May I connect and disconnect whenever? How do I know what terminal I'm suppose to be using? Google is telling me a lot of things.... tl;dr - Do I really need to know about terminal types, character sets when I'm making a serial connection to a device such as router or pc? Or is this something I don't need to be concerned about? I'm leaving everything as default in puTTY and it seems to work... Gucci Loafers fucked around with this message at 15:11 on Sep 30, 2014 |
|
#
?
Sep 30, 2014 14:28
|
|
|
Tab8715 posted:Ok, so it is in fact a completely different interface. The whole reason I was trying to avoid this was because of the whole driver issue. I nearly spent a whole half of my day a year ago trying to get dongle driver working on my laptop but eventually gave up and just used a old laptop that had a internal serial connection. I think I've seen the blue USB-Serial adapters you were talking about, though I can't remember the brand anymore. I've never messed with the Belkin adapters, but I've always thought there were better options for the price points they were asking, anyway. And yeah, Windows 7 is pretty good with auto-installing USB-Serial drivers. quote:I'm a little serial connection illiterate but are these types of interfaces typical hot-pluggable? May I connect and disconnect whenever? How do I know what terminal I'm suppose to be using? Google is telling me a lot of things.... Yes, you can pretty much connect/disconnect the serial (ethernet-looking side) whenever so that you can configure a device, disconnect the serial side from your device while leaving putty open, then reconnect it to another device and go to town on the same putty session. Just remember these two caveats: 1. Don't disconnect the actual USB side. That'll error out putty (and seldomly bluescreen your computer.) 2. Don't forget to actually log out of the device before you disconnect the serial! I liken serial connections as similar to connecting a monitor and keyboard to a computer; you get that exact kind of output, but you can't assume the device will auto-log you out after a certain amount of time. You can use whatever terminal emulator you want. It looks like you're using putty just fine; that's what I use as well. quote:tl;dr - Do I really need to know about terminal types, character sets when I'm making a serial connection to a device such as router or pc? Or is this something I don't need to be concerned about? I'm leaving everything as default in puTTY and it seems to work... Not really. The default in putty works for most devices just fine; you can look up that information in Wikipedia if you're curious. The only time you'll ever need to dick with them is if you connect to a device and it's spitting out garbage or not responding to keystrokes; before you determine the device is hosed, look at the manual and/or call support and see what console settings you'll need to change. The most common thing I've had to change is the baud speed; the default of 9600 works fine but I've had to deal with anything from 38400 to 115200. Quick question: are you anticipating this as a one-off or do you have a lot of devices in your datacenter with console ports?
|
|
#
?
Sep 30, 2014 16:00
|
|
|
Casull posted:1. Don't disconnect the actual USB side. That'll error out putty (and seldomly bluescreen your computer.) If I disconnect and re-connect it's not necessarily going to "takeover" the same windows/session I had open previously? Is this the standard behavior or is usually device dependent? Casull posted:Not really. The default in putty works for most devices just fine; you can look up that information in Wikipedia if you're curious. The only time you'll ever need to dick with them is if you connect to a device and it's spitting out garbage or not responding to keystrokes; before you determine the device is hosed, look at the manual and/or call support and see what console settings you'll need to change. The most common thing I've had to change is the baud speed; the default of 9600 works fine but I've had to deal with anything from 38400 to 115200. The whole baudrate, parity bits and stop bit thing is something I'm all to used too. When I was working for a big telecom usually half my days were spent trying to fix telemetry(I think that's what they were...) circuits which involved find a magical combination of the above  Casull posted:Quick question: are you anticipating this as a one-off or do you have a lot of devices in your datacenter with console ports? It's more-so a one time thing, I had to setup this up yesterday IBM SMS but it's more of a extra-circular thing I've been curious about. 
|
|
#
?
Sep 30, 2014 16:23
|
|
|
For the past few months I've been part of a data center migration project. One of the few remaining original employees sent this out about a half hour agoquote:On 8/6/2003 we took our first test order into the Secaucus NJ data center. It has lived a good long life. Steps are being taken now that will make the site unrecoverable. It almost makes me sad.
|
|
#
?
Sep 30, 2014 21:28
|
|
|
Casull posted:I think I've seen the blue USB-Serial adapters you were talking about, though I can't remember the brand anymore. I've never messed with the Belkin adapters, but I've always thought there were better options for the price points they were asking, anyway. And yeah, Windows 7 is pretty good with auto-installing USB-Serial drivers. If it's one of these then they are the best USB serial adapters put on this earth: http://www.brainboxes.com/product/us-101/1-port-rs232-usb-to-serial-adapter
|
|
#
?
Oct 1, 2014 00:21
|
|
|
Anyone have experience with PXE boot? I'm looking to learn about setting up a PXE server for booting to a custom WinPE image i have. If you have any links to how to set it up or what I need to do to get started that would be super helpful.
|
|
#
?
Oct 1, 2014 00:38
|
|
|
Tab8715 posted:If I disconnect and re-connect it's not necessarily going to "takeover" the same windows/session I had open previously? Is this the standard behavior or is usually device dependent? The serial connection is always (there may be a caveat here somewhere, but for standard devices assume always) a continuous connection to a single session. There is no session management, it's just a direct connection in to whatever is happening on the "physical" console, whichever tty device that maps to. So yes, log out. Ive connected to devices before and found myself already logged in as root or admin because the last user didn't log out.
|
|
#
?
Oct 1, 2014 00:43
|
|
|
smokmnky posted:Anyone have experience with PXE boot? I'm looking to learn about setting up a PXE server for booting to a custom WinPE image i have. If you have any links to how to set it up or what I need to do to get started that would be super helpful. http://blog.itvce.com/?p=4730
|
|
#
?
Oct 1, 2014 00:44
|
|
|
NippleFloss posted:The serial connection is always (there may be a caveat here somewhere, but for standard devices assume always) a continuous connection to a single session. There is no session management, it's just a direct connection in to whatever is happening on the "physical" console, whichever tty device that maps to. So yes, log out. Ive connected to devices before and found myself already logged in as root or admin because the last user didn't log out. The other rather useful bit about this however is that if you're trying to troubleshoot multiple devices at once using a serial connection, or just check how a device is doing (i.e. watching a Cisco switch boot), you can just move the console cable around and the next bit of output that gets sent by the device just shows up in Putty, assuming you didn't close the session. So you can connect to the switch, see that it's halfway through booting, plug the cable back into another switch or ASA or whatever you were doing work on and just pick up from where you left off. Think of it more like a VGA connection where if you plug it in it'll just instantly negotiate and display whatever's getting sent out by the device. The session you're opening in Putty is really more opening it on the computer side. The only caveat is that if the device isn't sending anything out (i.e. your Cisco switch has finished booting), you have to hit enter (or really any key, assuming you can find the any key) a few times to get it to give you a login prompt. I've seen people sit there with a blank screen going "this loving thing isn't working" because they already had the Putty session opened, connected the console cable to another device, and didn't send any input to the device so it didn't respond.
|
|
#
?
Oct 1, 2014 01:41
|
|
|
Got promoted to Sys Admin a few days ago. The first thing I'm handed? Upgrade SEPM, get a new certificate and remove Symantec Protection Center. Cert is no problem, the new version of SEPM broke some stuff that I got fixed, but removing SPC was not a good choice. I was worried when the instructions given to me BY Symantec support involved deleting a bunch of registry keys that didn't sound like they were only for this SPC nonsense. Boy I should have listened to my gut, I've now wasted a few hours trying to fix our QA environment and I'm nearing the end of the tunnel, but it's still irritating. I feel like my liver is not going to be my friend in a few months if I have to keep managing SEP.
|
|
#
?
Oct 1, 2014 03:22
|
|
|
MF_James posted:Got promoted to Sys Admin a few days ago. I'm sorry to inform you that you have not, in fact, been promoted. You've died. Goondolences. http://www.smbc-comics.com/comics/20140929.png
|
|
#
?
Oct 1, 2014 03:30
|
|
|
Not sure if this is the right thread for this, it's been a while since I've ventured this way, not since the Year of the Job in 2010. And I got a job in the Year of the Job. For far below what I was worth, because I was out of money and desperate. In the four years since my pay is still poo poo. Roughly half of what I was making before. And things have gotten worse, with disagreements with management and an overall high stress level of dealing with my boss. Of the five PHP developers at my business, two of us are actively looking for new jobs and one might be. One just found one. I'm hoping I'm next. But, I've been looking since May, which in itself has its own depression, making me wonder if I'm even all that good and maybe my earlier jobs are stupid flukes. On the other hand, I've been working full time all that time, and that makes it harder to find jobs. Also living in Iowa makes it harder to find IT jobs, but I really don't want to move just yet. I will if I have to, but I haven't gotten many bites on my expanded search either. So, all that backstory delivered: Despite me desperately wanting a new job, I've been putting in some great work and output lately, and I'm wondering if I'd be out of line in asking for a raise. Especially since I'm being paid so little that I've had three headhunters gasp in disbelief at it, one nearly hung up because she thought it meant I was entry level until I told her I used to make twice as much. Should I bother trying to ask for a raise for a job I desperately no longer want to be at? Is Year of the Job still trucking along?
|
|
#
?
Oct 1, 2014 06:54
|
|
|
Golbez posted:But, I've been looking since May, which in itself has its own depression, making me wonder if I'm even all that good and maybe my earlier jobs are stupid flukes. I think it's a very bad idea to internally connect the quality of your work to your pay. 2009-2011 was a rough period and I'm guessing that anyone who got a job at that time is going to be underpaid, that doesn't mean you're less valuable. If you haven't updated your resume since 2010 you might want to consider paying someone to jazz it up.
|
|
#
?
Oct 1, 2014 07:03
|
|
|
Dr. Arbitrary posted:I think it's a very bad idea to internally connect the quality of your work to your pay. I've updated it for all the new skills and knowledge I've picked up, though the general formatting is the same.
|
|
#
?
Oct 1, 2014 07:16
|
|
|
Golbez posted:Should I bother trying to ask for a raise for a job I desperately no longer want to be at? Is Year of the Job still trucking along?
|
|
#
?
Oct 1, 2014 13:16
|
|
|
Go with a professional. HR deals with so many applicants who use so many buzzwords and have so many certs that some departments just crtl-f through resumes looking for exactly what they want. Professionals (Like the R2I guy in SA-Mart) know what that something is. And I know it's harder to find time to apply for jobs working full time, but being a FTE somewhere makes you very desirable elsewhere. Just don't quit til you have something better lined up
|
|
#
?
Oct 1, 2014 13:47
|
|
|
Thanks for all serial connection/terminal chat, this is the kind of stuff you don't find while googling...Potato Alley posted:The only caveat is that if the device isn't sending anything out (i.e. your Cisco switch has finished booting), you have to hit enter (or really any key, assuming you can find the any key) a few times to get it to give you a login prompt. I've seen people sit there with a blank screen going "this loving thing isn't working" because they already had the Putty session opened, connected the console cable to another device, and didn't send any input to the device so it didn't respond. This is something that has always perplexed me, what key am I suppose to press to make certain it's not actually taking a command? I'm assuming space is pretty safe? Also, what's with puTTy and pasting into the terminal? Sometimes, if you have a bunch of text in your buffer, accidentally click in the puTTy terminal window it'll paste everything and even enter that input. I'm suspecting it's taking a new-line as enter? Is there a way to avoid this? I once accidentally pasted a bunch of input into script during production. It broke a ton of stuff and it took me days to figure out
|
|
#
?
Oct 1, 2014 14:45
|
|
|
Tab8715 posted:Thanks for all serial connection/terminal chat, this is the kind of stuff you don't find while googling... Don't middle-click?
|
|
#
?
Oct 1, 2014 14:53
|
|
|
Tab8715 posted:Also, what's with puTTy and pasting into the terminal? Sometimes, if you have a bunch of text in your buffer, accidentally click in the puTTy terminal window it'll paste everything and even enter that input. I'm suspecting it's taking a new-line as enter? Is there a way to avoid this? Yeah, right-click = paste and new lines = enter. Recipe for prod disaster. Somewhere in the PuTTY settings window you can change the default right-click action from "Paste" to "Open menu".
|
|
#
?
Oct 1, 2014 15:02
|
|
|
evol262 posted:Don't middle-click? The default right-click in puTTy is an immediate paste. Granted, we should be careful but this is a awfully dangerous default setting. I know I'm being a little nitpicky but I just find it a little weird. Gucci Loafers fucked around with this message at 15:09 on Oct 1, 2014 |
|
#
?
Oct 1, 2014 15:02
|
|
|
jaegerx posted:Ignore me. I need to feel important http://xenbits.xen.org/xsa/advisory-108.html ^ Is what he was vaguely hinting at. Awesomely, apparently HP has put off rebooting until AFTER this huge security hole is announced. https://gigaom.com/2014/10/01/and-now-its-ibm-softlayers-turn-to-reboot-its-cloud/?utm_source=twitterfeed&utm_medium=twitter Malkar fucked around with this message at 15:40 on Oct 1, 2014 |
|
#
?
Oct 1, 2014 15:35
|
|
|
So, this is a hypervisor security issue? What is actually at risk? VMs are able to access data from other VMs without permission?
|
|
#
?
Oct 1, 2014 15:51
|
|
|
Tab8715 posted:Also, what's with puTTy and pasting into the terminal? Sometimes, if you have a bunch of text in your buffer, accidentally click in the puTTy terminal window it'll paste everything and even enter that input. I'm suspecting it's taking a new-line as enter? Is there a way to avoid this? You can change the right-click behavior here 
|
|
#
?
Oct 1, 2014 15:56
|
|
|
Tab8715 posted:So, this is a hypervisor security issue? What is actually at risk? VMs are able to access data from other VMs without permission? Yeah, basically. The pre-disclosure list was the following: Amazon CentOS Citrix Debian Gandi.net GoGrid.com Host Virtual Inc. Intel Invisible Things Lab Linode Mageia Novell OnApp.com Oracle prgmr.com Rackspace Redhat SolusVM.com SuSE Ubuntu Xen Made Easy Xen Security Response Team Xen 3.4 stable tree maintainer Not all of these were actually affected, though. Rackspace's description (from: http://www.rackspace.com/blog/an-apology/): This particular vulnerability could have allowed bad actors who followed a certain series of memory commands to read snippets of data belonging to other customers, or to crash the host server. We wanted to flag the issue as quickly as possible to those of you using our Standard, Performance 1, and Performance 2 Cloud Servers, and our Hadoop Cloud Big Data service. But we didn’t want to do so until we had a software patch in place to address the vulnerability.
|
|
#
?
Oct 1, 2014 16:00
|
|
|
So I'm like a year into working in IT, and I've managed to configure a pretty ballin' MDT 2013 setup, using a .wim file sourced from a VMWare box (I originally used one from an Optiplex 9020 but it was having driver conflicts with a few other models here and there, so I had to figure out how to build a WinPE .iso that had VMWare network drivers). MDT automatically installs the proper drivers sourced from the Dell .cab files I have loaded in there, and then runs a few command lines to do some other stuff (forces an Office 2013 activation, etc.). I just got a new Optiplex 9030 All-in-One going, and somehow I'm still impressed that it's working perfectly on the first try and I don't see any missing drivers. I know this is all several years below most of you guys, but things are still moving just fast enough here that I'm constantly learning but I don't feel like I'm drowning. Also, pretty sure it was someone here who told me to figure out MDT instead of using ImageX for deployments like I was, so thanks. 
|
|
#
?
Oct 1, 2014 23:51
|
|
|
Japanese Dating Sim posted:So I'm like a year into working in IT, and I've managed to configure a pretty ballin' MDT 2013 setup, using a .wim file sourced from a VMWare box (I originally used one from an Optiplex 9020 but it was having driver conflicts with a few other models here and there, so I had to figure out how to build a WinPE .iso that had VMWare network drivers). MDT automatically installs the proper drivers sourced from the Dell .cab files I have loaded in there, and then runs a few command lines to do some other stuff (forces an Office 2013 activation, etc.). Love to hear this. Bit worried about that reference image you're using... but if it's working for you for now then roll with it. Check out Johan Arwidmark's TechEd reference image creation video next time you have a chance.
|
|
#
?
Oct 2, 2014 00:15
|
|
|
Management is freaked out by Shellshock and wants us to stop running FreeBSD and switch to RHEL despite the fact that it's the foundational OS behind our proprietary packet capturing system. And also despite the fact that FreeBSD is more secure than Linux.
psydude fucked around with this message at 03:43 on Oct 2, 2014 |
|
#
?
Oct 2, 2014 03:39
|
|
|
Have you tried explaining what Shellshock actually is?
|
|
#
?
Oct 2, 2014 03:45
|
|
|
psydude posted:Management is freaked out by Shellshock and wants us to stop running FreeBSD and switch to RHEL despite the fact that it's the foundational OS behind our proprietary packet capturing system. And also despite the fact that FreeBSD is more secure than Linux. Heh, bash isnt even in the FreeBSD base.
|
|
#
?
Oct 2, 2014 04:10
|
|
|
psydude posted:Management is freaked out by Shellshock and wants us to stop running FreeBSD and switch to RHEL despite the fact that it's the foundational OS behind our proprietary packet capturing system. And also despite the fact that FreeBSD is more secure than Linux. It's so hard to find a polite way to say, "stop panicking" to people with massive egos. Maybe, "This is why you have an IT department, right here. We are all over this and there's nothing to worry about."
|
|
#
?
Oct 2, 2014 09:29
|
|
|
|
| # ? Apr 19, 2024 22:17 |
|
|
PCjr sidecar posted:Heh, bash isnt even in the FreeBSD base. Even if it were, sh is not bash, which makes FreeBSD immune unless you're stupid enough to literally write public bits or CGI scripts in bash
|
|
#
?
Oct 2, 2014 15:11
|
|