Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
edmund745
Jun 5, 2010


Welp I've totally given up on using telecom fiber, just because even tho the 6-fiber cable itself is cheap,,,,,,, all the connectors are too expensive and the precision required doesn't lend itself to DIY parts.
It would be kewl, but it would be pretty expensive to send Arduino data around in.

By the by--the actual cost of the sending and receiving units (the little port 'holes' you plug the fiber-optic cables into on the equipment) is,,, not cheap.
CHEAP ones can be found for $25 each. Most cost $100-$200, and some cost even more. Depending on the speeds.
Plus there is some circuitry built-in to the telecom ports that I didn't wanna deal with.
I just wanted a one-way line, with a laser or LED on one end and a photodetector on the other.

For Arduino-grade sillyness. toslink (usually plastic fiber) is a lot more practical, at least for up to 20-30 meters.
There's no good source for DIY end fittings, but cheap & ugly toslink cables cost roughly $1 a meter.
But Toslink tx and rx modules are still $10 ~ $20 each, so you have to improvise by cutting up a 1-meter cable ($1.25) and then using each end as a tx or rx unit somehow, and then using butt connectors to attach everything together (toslink butt connectors only cost ~50 cents each).

edmund745 fucked around with this message at 17:47 on Aug 11, 2017

Adbot
ADBOT LOVES YOU

KennyG
Oct 22, 2002
Here to blow my own horn.

FC Zoning.

Anyone use anything that's not the proprietary Brocade/Cisco tools that are insanely priced? I have a non-trivial zoneset to build... (2 sites, 4 FC switches, vplexes, multiple recoverpoint clusters, 8 storage arrays and about 100 hosts). I currently use excel but certainly simple mapping of groups to rules to generate single initiator, single target zones seems like a problem that was solved in 2004.

Mr-Spain
Aug 27, 2003

Bullshit... you can be mine.

Well Western Digital bought my vendor. Woo!!!

YOLOsubmarine
Oct 19, 2004

When asked which Pokemon he evolved into, Kamara pauses.

"Motherfucking, what's that big dragon shit? That orange motherfucker. Charizard."



Mr-Spain posted:

Well Western Digital bought my vendor. Woo!!!

Tegile? That was a while back now. And they were always their largest investors.

devmd01
Mar 7, 2006

Elektronik
Supersonik


On more goddamn vm to migrate off the CX4 this weekend and weíre kicking that fucker to the curb.

The jr admin wants to take it home, lmao. Have fun getting a 30A circuit installed and your electricity bill doubling!

Langolas
Feb 12, 2011

My mustache makes me sexy, not the hat


devmd01 posted:

On more goddamn vm to migrate off the CX4 this weekend and weíre kicking that fucker to the curb.

The jr admin wants to take it home, lmao. Have fun getting a 30A circuit installed and your electricity bill doubling!

Tell them they should light it on fire. Waste of power. Maybe scrounge SFPs to sell on ebay

1000101
May 14, 2003

BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY FRUITCAKE!

KennyG posted:

FC Zoning.

Anyone use anything that's not the proprietary Brocade/Cisco tools that are insanely priced? I have a non-trivial zoneset to build... (2 sites, 4 FC switches, vplexes, multiple recoverpoint clusters, 8 storage arrays and about 100 hosts). I currently use excel but certainly simple mapping of groups to rules to generate single initiator, single target zones seems like a problem that was solved in 2004.

Ansible and a jinja2 template.

qutius
Apr 2, 2003
NO PARTIES


This Intel bug is going to be a doozy...

Has anyone seen official storage vendor responses yet as a result?

Not my blog, but I thought this was a fair summary of things:
https://lonesysadmin.net/2018/01/02/intel-cpu-design-flaw-performance-degradation-security-updates/

Thanks Ants
May 21, 2004

#essereFerrari


I assume every single Atom-powered network appliance has the same flaw?

Truga
May 4, 2014


Lipstick Apathy

Yep.

YOLOsubmarine
Oct 19, 2004

When asked which Pokemon he evolved into, Kamara pauses.

"Motherfucking, what's that big dragon shit? That orange motherfucker. Charizard."



Well, since Storage arrays generally donít run untrusted user code Iím not sure how they would be exploitable.

Potato Salad
Oct 23, 2014

Nobody Cares




the question of whether edge systems can be goosed by inbound traffic to reveal information from microarchitecture exploits is relevant too


A user browsing GiveMeYourData.ru without NoScript enabled is one thing, but an edge security stack getting rowhammered or SPECTRE'D is quite another

bull3964
Nov 18, 2000

DO YOU HEAR THAT? THAT'S THE SOUND OF ME PATTING MYSELF ON THE BACK.




YOLOsubmarine posted:

Well, since Storage arrays generally don’t run untrusted user code I’m not sure how they would be exploitable.

Neither do servers (generally).

The issue comes when you have the intersection of this with another vulnerability. Suddenly, any exploit that's capable of running unprivileged code becomes a lot more serious.

For example, it may be possible to do a credential dump that would allow full privileged access to the array.

From there, you may be able to change ACLs on shares to open up access to other processes to syphon off data, delete LUNs, even possibly setup access to existing LUNs to a compromised machine to allow data access.

bull3964 fucked around with this message at 22:51 on Jan 4, 2018

Potato Salad
Oct 23, 2014

Nobody Cares




If someone can break into one of your vms, they'll not only try to creep through your internal network, they'll search through adjacent vms to get credentials and keys that make their network intrusion look far more legitimate and reach further


If someone on one of your vdi systems is using a browser, same story

YOLOsubmarine
Oct 19, 2004

When asked which Pokemon he evolved into, Kamara pauses.

"Motherfucking, what's that big dragon shit? That orange motherfucker. Charizard."



bull3964 posted:

Neither do servers (generally).

The issue comes when you have the intersection of this with another vulnerability. Suddenly, any exploit that's capable of running unprivileged code becomes a lot more serious.

For example, it may be possible to do a credential dump that would allow full privileged access to the array.

From there, you may be able to change ACLs on shares to open up access to other processes to syphon off data, delete LUNs, even possibly setup access to existing LUNs to a compromised machine to allow data access.

None of these things are something that array manufacturers can mitigate. Nobody is going to be using Meltdown or Spectre to read the contents of your array because thatís somewhere between extremely difficult to impossible, whereas using them on the servers and workstations that access the array data is fairly easy.

Servers arenít really the main attack vector either those itís much easier to run arbitrary code on those than on an array that maintains all of its code and libraries on a small piece of privileged flash and that doesnít actually have any way to trigger arbitrary code in the first place because program execution controlled by supervisor processors, not users.

bull3964
Nov 18, 2000

DO YOU HEAR THAT? THAT'S THE SOUND OF ME PATTING MYSELF ON THE BACK.




The point is you don't leave an exploit unpatched because of how remotely unlikely it is that someone may exploit it. That doesn't fly when it comes to mission critical system, especially in certain industries. That's also kinda what got us in the current situation.

If you are targeted for an attack, the attack is going to be crafted based on the weaknesses found in the system. Yes, there are softer targets out there, but you don't increase the toolbox unnecessarily.

EMC just had an advisory last month where SMB could be exploited on Data Domain for RCE. Gaining access to kernel memory or memory within other user processes makes that RCE a lot more useful.

adorai
Nov 2, 2002

10/27/04 Never forget

Grimey Drawer

bull3964 posted:

The point is you don't leave an exploit unpatched because of how remotely unlikely it is that someone may exploit it.
We are not going to patch our storage systems (specifically) for meltdown. From a risk management perspective, the likelihood of exploit is effectively zero, and if someone is in a position to do so, they have better things to accomplish.

bull3964
Nov 18, 2000

DO YOU HEAR THAT? THAT'S THE SOUND OF ME PATTING MYSELF ON THE BACK.




Well, I have to eat crow because Pure just emailed me with a statement saying that because there exists no mechanism for running code on their arrays outside of the main OS, there is no current risk.

Internet Explorer
Jun 1, 2005


~~~thread broke~~~

Vulture Culture
Jul 14, 2003

I was never enjoying it. I only eat it for the nutrients.


YOLOsubmarine posted:

None of these things are something that array manufacturers can mitigate. Nobody is going to be using Meltdown or Spectre to read the contents of your array because thatís somewhere between extremely difficult to impossible, whereas using them on the servers and workstations that access the array data is fairly easy.

Servers arenít really the main attack vector either those itís much easier to run arbitrary code on those than on an array that maintains all of its code and libraries on a small piece of privileged flash and that doesnít actually have any way to trigger arbitrary code in the first place because program execution controlled by supervisor processors, not users.
My dude, Stuxnet existed to attack centrifuges at one single disconnected nuclear facility in the middle of Iran. Things aren't immune to attack just by being obscure.

YOLOsubmarine
Oct 19, 2004

When asked which Pokemon he evolved into, Kamara pauses.

"Motherfucking, what's that big dragon shit? That orange motherfucker. Charizard."



bull3964 posted:

The point is you don't leave an exploit unpatched because of how remotely unlikely it is that someone may exploit it. That doesn't fly when it comes to mission critical system, especially in certain industries. That's also kinda what got us in the current situation.

If you are targeted for an attack, the attack is going to be crafted based on the weaknesses found in the system. Yes, there are softer targets out there, but you don't increase the toolbox unnecessarily.

EMC just had an advisory last month where SMB could be exploited on Data Domain for RCE. Gaining access to kernel memory or memory within other user processes makes that RCE a lot more useful.

NetApp and Nimble have already said theyíre not vulnerable, and Iíd expect to hear the same from most other storage vendors.

This paragraph from the Cisco response pretty much sums up what most of hardware provider response has been:

ďIn order to exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. The majority of Cisco products are closed systems, which do not allow customers to run custom code on the device. Although, the underlying CPU and OS combination in a product may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code on the device, and thus are not vulnerable. There is no vector to exploit them. Only Cisco devices that are found to allow the customer to execute their customized code side-by-side with the Cisco code on the same microprocessor are considered vulnerable.Ē

Methanar
Sep 26, 2013
ASK ME MY METHOD FOR SORTING GENOCIDES I'VE MADE A LIST FROM GOOD TO BAD AND THE ANSWER MAY SURPRISE YOU!

Why can't I view the last page of this thread

paperchaseguy
Feb 21, 2002

THEY'RE GONNA SAY NO

hello from this thread's cache buffer overflow

Thanks Ants
May 21, 2004

#essereFerrari


This thread is broken

evil_bunnY
Apr 2, 2003



YOLOsubmarine posted:

Well, since Storage arrays generally donít run untrusted user code Iím not sure how they would be exploitable.
This. If youíve got peeps running 3rd party unaudited code on your storage product you got bigger fish to fry. In other NAS news thereís apparently a hidden admin cred on all WD MyCloud drives and theyíve done nothing about it for the past 6 mo.

Thanks Ants
May 21, 2004

#essereFerrari


Posting in the thread to see if more posts fixes it.

Methanar
Sep 26, 2013
ASK ME MY METHOD FOR SORTING GENOCIDES I'VE MADE A LIST FROM GOOD TO BAD AND THE ANSWER MAY SURPRISE YOU!

this is a really good thread

GnarlyCharlie4u
Sep 23, 2007

I have an unhealthy obsession with motorcycles.

Proof


Is this real life?

GnarlyCharlie4u
Sep 23, 2007

I have an unhealthy obsession with motorcycles.

Proof


RIP thread

Thanks Ants
May 21, 2004

#essereFerrari


qutius
Apr 2, 2003
NO PARTIES


Time for a new thread since this one is broken?

Thanks Ants
May 21, 2004

#essereFerrari


Thanks Ants
May 21, 2004

#essereFerrari


bull3964 posted:

The point is you don't leave an exploit unpatched because of how remotely unlikely it is that someone may exploit it. That doesn't fly when it comes to mission critical system, especially in certain industries. That's also kinda what got us in the current situation.

If you are targeted for an attack, the attack is going to be crafted based on the weaknesses found in the system. Yes, there are softer targets out there, but you don't increase the toolbox unnecessarily.

EMC just had an advisory last month where SMB could be exploited on Data Domain for RCE. Gaining access to kernel memory or memory within other user processes makes that RCE a lot more useful.

BallerBallerDillz
Jun 10, 2009

Cock, Rules, Everything, Around, Me


Scratchmo

Will posting in this thread let me read it? Stay safe ghost posts!

Nitr0
Aug 17, 2005

IT'S FREE REAL ESTATE


Test

Langolas
Feb 12, 2011

My mustache makes me sexy, not the hat


Making sure to post in this dead gay thread to hopefully fix it.


Anyone else seeing some vendors trending on their smaller all flash products to lowering total ram for front end cache and allocating that memory for system processes like snapshots, dedup etc?

I've seen some specs from a couple vendors. I probably shouldn't have had access to those specs so I'm afraid to post specifics due to NDAs. Figured I'd poll some of you goons I know have some good ties in the storage world.

incoherent
Apr 24, 2004

01010100011010000111001
00110100101101100011011
000110010101110010


https://twitter.com/NZ_BenThomas/status/950271094803480577 totes posted this in the wibbows thread, forgot there is a storage mt as well.

Methanar
Sep 26, 2013
ASK ME MY METHOD FOR SORTING GENOCIDES I'VE MADE A LIST FROM GOOD TO BAD AND THE ANSWER MAY SURPRISE YOU!

im gay but thankfully nobody will ever read this

Methanar
Sep 26, 2013
ASK ME MY METHOD FOR SORTING GENOCIDES I'VE MADE A LIST FROM GOOD TO BAD AND THE ANSWER MAY SURPRISE YOU!

More blood for the blood god

Adbot
ADBOT LOVES YOU

paperchaseguy
Feb 21, 2002

THEY'RE GONNA SAY NO

thread gay, so what

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply