Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Rhymenoserous
May 23, 2008


Bob Morales posted:

We're using a iMail install from like 2006.

Oh god gently caress iMail.

Adbot
ADBOT LOVES YOU

stevewm
May 10, 2005


I'm just glad we don't use Outlook anymore. In fact no one uses a local mail client anymore. Web interface all the way. No more dicking with PSTs.

For more evidence of the owners cheapness, we have exactly 3 installations of Microsoft Office, and only because we have a small app that needs Access and Excel macros. All others use LibreOffice (set to save in MS Office formats of course) But in all honesty, it works perfectly fine. We don't go beyond basic word processing and simple spreadsheets which LibreOffice handles fine.

QuiteEasilyDone
Jul 1, 2010

Won't you play with me?


Fuckmothering Cryptlocker hit a bunch of clients for my org. That is the poo poo that is pissing me off today

sanchez
Feb 26, 2003


We just picked up a new client because of cryptolocker (their old vendor had no backups and it hit their shared and home drives)

dorkanoid
Dec 21, 2004



Cryptolocker scares me. I know we have backups of everything + shadow copies enabled, but the cleanup would still be horrible.

99% of our data is in Excel files on a server - is there any way at all to protect them?

...or a way to notice that cryptolocker has started encrypting? Like placing a file in a catalog as a "canary" and have some service monitor it for modification or something?

Sickening
Jul 15, 2007

Black summer was the best summer.

dorkanoid posted:

Cryptolocker scares me. I know we have backups of everything + shadow copies enabled, but the cleanup would still be horrible.

99% of our data is in Excel files on a server - is there any way at all to protect them?

All you can do is limit access.

CMYK BLYAT!
Nov 7, 2011

tolko zhaesh, poshli ikh na X
ne umru ya, moi drug, nikogda!



Damnit Skype, you're now owned by the largest purveyor of software for business environments and you still can't implement a port range option to allow for an outbound traffic policy saner than "just leave everything above port 1024 wide open"?

SamDabbers
May 26, 2003




stevewm posted:

...we have exactly 3 installations of Microsoft Office, and only because we have a small app that needs Access and Excel macros. All others use LibreOffice (set to save in MS Office formats of course) But in all honesty, it works perfectly fine. We don't go beyond basic word processing and simple spreadsheets which LibreOffice handles fine.

This is sensible.

What's not sensible is buying 10 licenses of MS Office, installing it on 100 machines, and believing everything's "legit" because the VL MAK key activated. My previous employer is now being audited by the BSA because their new help desk guy did exactly that. There is no inventory of any sort, and there are a bunch of unnecessary servers all over the place that are similarly unlicensed.

So glad I got out of there.

EAT THE EGGS RICOLA
May 29, 2008



dorkanoid posted:

Cryptolocker scares me. I know we have backups of everything + shadow copies enabled, but the cleanup would still be horrible.

99% of our data is in Excel files on a server - is there any way at all to protect them?

...or a way to notice that cryptolocker has started encrypting? Like placing a file in a catalog as a "canary" and have some service monitor it for modification or something?

A software restriction policy on %AppData%*.exe apparently stops it.

Trastion
Jul 24, 2003
The one and only.

EAT THE EGGS RICOLA posted:

A software restriction policy on %AppData%*.exe apparently stops it.

Not totally. It seems it doesn't work too well on Windows 7 machines. When we got hit I had that in place already and it got in through a Win7 machine.

thebigcow
Jan 3, 2001

Bully!

Trastion posted:

Not totally. It seems it doesn't work too well on Windows 7 machines. When we got hit I had that in place already and it got in through a Win7 machine.

%appdata%\*.exe for xp and %appdata%\roaming\*.exe or just %appdata%\*\*.exe for vista or newer

or so i've been told.

DoomTrainPhD
Feb 12, 2009



I ran into a gcc compiler bug, in 2013. I mean, sure it's a cross compiler gcc bug, but still.

dorkanoid
Dec 21, 2004



thebigcow posted:

%appdata%\*.exe for xp and %appdata%\roaming\*.exe or just %appdata%\*\*.exe for vista or newer

or so i've been told.

Would that also kill Chrome?

Sickening posted:

All you can do is limit access.

Each user has access to 10+ GB of Excel files

That's why I thought of making some sort of "canary file" - a file that never should be touched in normal situations, and some kind of alert as to which user accessed it. Here I'm assuming that encrypting all 10-15-20-30 GB of Excel files takes a considerable amount of time, and this would give us time to turn off the infected computer and only have to do a partial restore.

RadicalR
Jan 20, 2008

"Businessmen are the symbol of a free society
---
the symbol of America."


dorkanoid posted:

Would that also kill Chrome?

If Chrome is a profile install, yes. Since it's running out of AppData as well.

SolTerrasa
Sep 2, 2011



ratbert90 posted:

I ran into a gcc compiler bug, in 2013. I mean, sure it's a cross compiler gcc bug, but still.

I almost never believe anyone who says this. It's pretty much always something wrong with the code instead. Are you dead sure? If so, have you filed a bug report? Cause, like, they want to know about this sort of thing, and fix it. Cause, if so...

Sickening
Jul 15, 2007

Black summer was the best summer.

dorkanoid posted:

Would that also kill Chrome?


Each user has access to 10+ GB of Excel files

That's why I thought of making some sort of "canary file" - a file that never should be touched in normal situations, and some kind of alert as to which user accessed it. Here I'm assuming that encrypting all 10-15-20-30 GB of Excel files takes a considerable amount of time, and this would give us time to turn off the infected computer and only have to do a partial restore.

Does every user need access to every file? If yes, then your hosed. If no, then you can segment directories and make changes to access accordingly.

dorkanoid
Dec 21, 2004



Sickening posted:

Does every user need access to every file? If yes, then your hosed. If no, then you can segment directories and make changes to access accordingly.

Probably not every file, but the overlap is significant enough that it's a problem.

evol262
Nov 30, 2010
#!/usr/bin/perl

SolTerrasa posted:

I almost never believe anyone who says this. It's pretty much always something wrong with the code instead. Are you dead sure? If so, have you filed a bug report? Cause, like, they want to know about this sort of thing, and fix it. Cause, if so...

So.... Bugs in GCC aren't actually that rare. What flags are you using? -std=c99 -pedantic?

nitrogen
May 21, 2004

Oh, what's a 217°C difference between friends?


CatsOnTheInternet posted:

Both, to be honest. BYOD is terrible, and reading deployment anecdotes in said comments are equally terrible because you just know that it's a Director or CIO telling a smiling success story when it's actually a total clusterfuck.

Teh ONLY way BYOD is any good is if support folks can say, "Sorry, you're allowed, but if you want help, here's a windows laptop with our image." If you call IT with any software problems on BYOD, they should hang up on you.

As a huge nerd, i'd really love to be able to do BYOD beause I don't WANT any IT support.

CatsOnTheInternet
Apr 24, 2013

BEEEEAAOOOORRRRRRRW BEEEBEAAAAAOOOORRWW

nitrogen posted:

Teh ONLY way BYOD is any good is if support folks can say, "Sorry, you're allowed, but if you want help, here's a windows laptop with our image." If you call IT with any software problems on BYOD, they should hang up on you.

I agree with that part, but the 'brick wall' in play is how BYOD often entails giving users an allowance or reimbursement for the device they want to use for work. So really, you're sanctioning the introduction of these devices to the environment while limiting the scope of support. As a result, you've got IT stonewalling users and citing policy as soon as they discover a problem is client-side, even though the company kinda sorta paid for the device. There is no amount of written policy in the world that will keep IT from caving and supporting those consumer-grade devices eventually.

Here's what really baffles, me though: I don't understand the logic behind handing a personal device setup sheet to Joe Sixpack and sending him off to buy a poo poo Compaq at Best Buy. Why am I doing that, when I can buy a pallet of Probooks at predictable bulk pricing with predictable useful life, and stage them all with a known-good config with a few mouseclicks? Where is the cost-savings with BYOD? Where is the labor savings?

CatsOnTheInternet fucked around with this message at 20:47 on Oct 23, 2013

Inspector_666
Oct 7, 2003

benny with the good hair


BYOD is fine for phones but holy poo poo I would never work anywhere it applied to laptops and poo poo.

Of course, I work for an MSP so I guess I kind of already do...

CatsOnTheInternet posted:

Here's what really baffles, me though: I don't understand the logic behind handing a personal device setup sheet to Joe Sixpack and sending him off to buy a poo poo Compaq at Best Buy. Why am I doing that, when I can buy a pallet of Probooks at predictable bulk pricing with predictable useful life, and stage them all with a known-good config with a few mouseclicks? Where is the cost-savings with BYOD? Where is the labor savings?

A pallet of Probooks shows up on an invoice for somebody. IT's salaries don't. Seriously, if you can boil a decision down to "Will one way create an invoice while the other side won't?" you instantly know why it was made that way.

Inspector_666 fucked around with this message at 20:58 on Oct 23, 2013

Lum
Aug 13, 2003



I'd be tempted to do BYOD by just making a VMWare player appliance with the standard corporate desktop image on it.

Paladine_PSoT
Jan 2, 2010

If you have a problem Yo, I'll solve it



Cross posting the poo poo out of this:

BOTTLE OPENER ORDER FORM

We can't split orders between sizes, and everyone OVERWHELMINGLY chose 32g, so we're going with that. Price would be $23.45 plus shipping if we got at least 25, to $18.45 plus shipping if we got over 100.

Timeline:
Close out form for orders Nov 1st
Collect payments by Nov 7
Create final order and submit by Nov 11

If all goes well, you should get it in the mail in the first two weeks of December (Domestic). I will work with international recipients.

PM with questions.

BTW: We can only pick one design, so this is a vote. Winning one will be ordered.

Paladine_PSoT fucked around with this message at 21:11 on Oct 23, 2013

CatsOnTheInternet
Apr 24, 2013

BEEEEAAOOOORRRRRRRW BEEEBEAAAAAOOOORRWW

Lum posted:

I'd be tempted to do BYOD by just making a VMWare player appliance with the standard corporate desktop image on it.

That's certainly an interesting approach. XenClient is as close as it comes to total client-side virtualization (imho) as it's basically a type 1 hypervisor that pulls a 'desktop VM' for the client device from a central store, caches it, and runs it locally as the user's OS.

Still, neither it nor VM Player hugs the bare metal close enough. First time an end-user wants to use Sketchup or play a 720p video in their VM, kaboom. (Unless you picked one of like, 12 laptop models that support GPU offload.)

CatsOnTheInternet fucked around with this message at 21:11 on Oct 23, 2013

FISHMANPET
Mar 3, 2007

Sweet 'N Sour
Can't
Melt
Steel Beams


CatsOnTheInternet posted:

I agree with that part, but the 'brick wall' in play is how BYOD often entails giving users an allowance or reimbursement for the device they want to use for work. So really, you're sanctioning the introduction of these devices to the environment while limiting the scope of support. As a result, you've got IT stonewalling users and citing policy as soon as they discover a problem is client-side, even though the company kinda sorta paid for the device. There is no amount of written policy in the world that will keep IT from caving and supporting those consumer-grade devices eventually.

Here's what really baffles, me though: I don't understand the logic behind handing a personal device setup sheet to Joe Sixpack and sending him off to buy a poo poo Compaq at Best Buy. Why am I doing that, when I can buy a pallet of Probooks at predictable bulk pricing with predictable useful life, and stage them all with a known-good config with a few mouseclicks? Where is the cost-savings with BYOD? Where is the labor savings?

I like to rant about this a lot, because I work at a University and BYOD in some capacity is huge (because students are already bringing their own devices). And then I get all philosophical.

When IT manages a computer, I believe there is an implicit social contract that says IT is taking care of updates and installing the software you need and generally managing the machine, in exchange for the user not being able to manage the machine. There's a tradeoff. We take away some power from the user on their machine in order to manage that machine for them. It's a two way street, and there be dragons if you go too far down in one direction. On one end you have the BOFH that won't actually mange the machines or install software, which prevents the person from doing their work, which is the whole reason they have that computer in the first place. But on the other end, it becomes cost prohibitive to give the same level of service to a machine when you don't know what's been done to that machine. The social contract has been broken.

Lum
Aug 13, 2003



CatsOnTheInternet posted:

That's certainly an interesting approach. XenClient is as close as it comes to total client-side virtualization (imho) as it's basically a type 1 hypervisor that pulls a 'desktop VM' for the client device from a central store, caches it, and runs it locally as the user's OS.

Still, neither it nor VM Player hugs the bare metal close enough. First time an end-user wants to use Sketchup or play a 720p video in their VM, kaboom. (Unless you picked one of like, 12 laptop models that support GPU offload.)

Well I kind of figured you'd make them do non work poo poo outside of the VM under whatever OS the machine comes with.

Probably be easier to force them to use Citrix, thinking about it.

SolTerrasa
Sep 2, 2011



evol262 posted:

So.... Bugs in GCC aren't actually that rare. What flags are you using? -std=c99 -pedantic?

I'm in IT by way of college IT. Another thing I do while I'm here is teach a class full of students how to program worth a poo poo, a class we call "software craftsmanship". CS 201: How To Not Show Up In This Thread, basically.

Students really really really love blaming errors on things that aren't their lovely code. So I'm in an environment where they are about that rare and mistakenly applied the belief I had about compiler bugs in that context to compiler bugs in general.

Thanks for the correction. Glad there's one more documented to be fixed, I guess.

spog
Aug 7, 2004

It's your own bloody fault.


EAT THE EGGS RICOLA posted:

A software restriction policy on %AppData%*.exe apparently stops it.

Wasn't there the suggestion that you could block the IPs of the remote encryption key generators, so it couldn't get a key to encrypyt with?

Did that go anywhere?

Varkk
Apr 17, 2004




dorkanoid posted:

Cryptolocker scares me. I know we have backups of everything + shadow copies enabled, but the cleanup would still be horrible.

99% of our data is in Excel files on a server - is there any way at all to protect them?

...or a way to notice that cryptolocker has started encrypting? Like placing a file in a catalog as a "canary" and have some service monitor it for modification or something?

I think this was posted in the ticket thread about the time that Cryptolocker first showed up.

But good backups and enable volume shadow copies on the share are important as well so if it does happen you can recover quickly.

DoomTrainPhD
Feb 12, 2009



SolTerrasa posted:

I almost never believe anyone who says this. It's pretty much always something wrong with the code instead. Are you dead sure? If so, have you filed a bug report? Cause, like, they want to know about this sort of thing, and fix it. Cause, if so...

I was compiling the KERNEL.

thebigcow
Jan 3, 2001

Bully!

dorkanoid posted:

Would that also kill Chrome?


I have one guy that runs a local install of Chrome and it seems unaffected. I'd have to look at what I set up again.

Dilbert As FUCK
Sep 8, 2007

by Cowcaster


Pillbug

The S of SMB really ticks me sometimes...

Yay people who have been up +20hours

anthonypants
May 6, 2007

by Nyc_Tattoo


Dinosaur Gum

Dilbert As gently caress posted:

The S of SMB really ticks me sometimes...

Yay people who have been up +20hours
Server?

Dilbert As FUCK
Sep 8, 2007

by Cowcaster


Pillbug


Poor planning for an environment when I completely advised the customer and project engineer against doing a design that would end in disaster. GUESS WHAT HAPPENED???

many SMB's don't believe in a thing called RIO, RPO's, TCO, or Business contentuity until after it is too late!

I think I will call out tomorrow I will call out tomorrow because like <12 hours of sleep in the past 2 days, and I think it is starting to Catch Up. But All Good Because I Mean A Jason Langone VCDX tomrrow!

Dilbert As FUCK fucked around with this message at 05:25 on Oct 24, 2013

CitizenKain
May 27, 2001

That was Gary Cooper, asshole.



Nap Ghost

They are pushing BYOD phones at work really hard, if we use our own phone, then we save a whopping 30 bucks a month on our phone bill. I'm holding on to my BB Curve right now as I like have a separate phone from my personal one, as I can turn off the work phone if I'm on vacation. I'm not sure what they'll do when this thing finally dies, maybe they just won't give me another phone.

Dilbert As FUCK
Sep 8, 2007

by Cowcaster


Pillbug

CatsOnTheInternet posted:

That's certainly an interesting approach. XenClient is as close as it comes to total client-side virtualization (imho) as it's basically a type 1 hypervisor that pulls a 'desktop VM' for the client device from a central store, caches it, and runs it locally as the user's OS.

Still, neither it nor VM Player hugs the bare metal close enough. First time an end-user wants to use Sketchup or play a 720p video in their VM, kaboom. (Unless you picked one of like, 12 laptop models that support GPU offload.)

Why not give them a BLAST URL and be done with it? Horizion 5.2/5.3 really made this loving good so long as you look at your GPO's and understand network traffic flow. Hell I believe Win7 is now MMR capable.

I fully support BYOD after View 5.2 BLAST u1. Got an HTML5 browser? Go for it! Want a VIOP gate way? "Make sure you system is compatible at your desk with RJ45 or 802.11/n/ however to answer your phone you need to be at your desk"

Not to mention View 5.2 supports Nvidia GPU's and 5.3 supports AMD/Intel/Nvidia

Dilbert As FUCK fucked around with this message at 05:38 on Oct 24, 2013

luminalflux
May 27, 2005



Pissing me off: conference for devs kicking off at 8:15

anthonypants
May 6, 2007

by Nyc_Tattoo


Dinosaur Gum

Dilbert As gently caress posted:

Poor planning for an environment when I completely advised the customer and project engineer against doing a design that would end in disaster. GUESS WHAT HAPPENED???

many SMB's don't believe in a thing called RIO, RPO's, TCO, or Business contentuity until after it is too late!

I think I will call out tomorrow I will call out tomorrow because like <12 hours of sleep in the past 2 days, and I think it is starting to Catch Up. But All Good Because I Mean A Jason Langone VCDX tomrrow!
I really think you meant Small/Medium Business but you could also mean Server Message Block

Crowley
Mar 13, 2003


CitizenKain posted:

I'm not sure what they'll do when this thing finally dies, maybe they just won't give me another phone.

I guess you just won't have a work-phone then.

Lum posted:

Well I kind of figured you'd make them do non work poo poo outside of the VM under whatever OS the machine comes with.

Probably be easier to force them to use Citrix, thinking about it.
VDI, baby. VDI.

VDI is seriously the answer to BYOB. Just remember to set up a connection-tester on your website for when people call in and complain that "it doesn't work". Get them to run the connection tester, and if that shows a green light it's a problem on their end.

We support personal devices on three conditions.
1) If we have the time. Drop off your device, and if we have the time we'll take a look at it. If we don't you're boned.
2) We don't guarantee that we will or can fix it! We might take a look at it and go "Looks like the display-cable, or maybe the display itself. That's all I can say with the time I have."
3) You'll pay us with cake, or we'll never ever have the time to take a look at any of your crap again. Cake or GTFO! Home made cookies, 10-cent donuts from 7-11, whatever you picked up from the bakery on the way to work. We don't care, just feed us appropriately to the issue (little thing, small cake, large thing, big cake)

Adbot
ADBOT LOVES YOU

Che Delilas
Nov 23, 2009
FREE TIBET WEED

luminalflux posted:

Pissing me off: conference for devs kicking off at 8:15

Hmm, clearly a conference staffed by people who have never been developers in their lives. Which means it's probably all cargo cultists and people who read an article about <thing> one time.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply