Burned by Eschewing Best Practices
-
@Dashrender said in Burned by Eschewing Best Practices:
@stacksofplates said in Burned by Eschewing Best Practices:
@Dashrender said in Burned by Eschewing Best Practices:
@stacksofplates said in Burned by Eschewing Best Practices:
@dafyre said in Burned by Eschewing Best Practices:
@stacksofplates said in Burned by Eschewing Best Practices:
@dafyre said in Burned by Eschewing Best Practices:
@stacksofplates said in Burned by Eschewing Best Practices:
@dafyre said in Burned by Eschewing Best Practices:
@DustinB3403 said in Burned by Eschewing Best Practices:
So yesterday we had a bunch of computer parts arrive with a dedicated port each ps2 keyboard and mouse...
I tell the boss and he says "that's good"... um no its not we don't have ps2 keyboard and mice...
What in the world did you order that came with PS/2 ports?
We got brand new z440s this year and they have PS/2 ports.
You can completely disable USB on them so you need another way for input. Plus they are rackable so I'm assuming it's also for backwards compatibility with older KVMs.
So use your existing USB keyboards and mice with them, lol.
You can, but if you disable the ports in the BIOS you can't.
[snarky]
So don't disable the USB Ports!
[/snarky]Sometimes you are required to ha.
Yeah, Haven't you seen all the spy movies where the spies are trying to plug in USB sticks into servers/whatever in DCs? Ya gotta disable them ports, dem bad..
We are required to have a media center for one of the networks. Anything going on or off that network has to go through the media center. Only a select group of people/PCs can movie media on or off, so USB is disabled in the other machines. We were able to leave two open for keyboard and mouse and remove the kernel module for USB storage, but strictly following SCAP it's supposed to be completely disabled.
I was harassing Brant, not you. I understand there are law requirements.
Frankly I'd love to disable most if not all USB ports to keep users from plugging random USB sticks they might find in the parking lot into our computers. Other than keyboard/mouse the staff has little to no reason to use USB sticks. The exception is me and booting to Clonezilla for image deployment. I don't bother with PXE booting.
Ah ok ha. Ya it's actually one of the things I agree with. All Mary has to do is bring in a USB with crypto to load pictures of her cat as a wallpaper, and you're screwed.
Plus there is nothing stopping people from just taking information and putting it on the USB drive and leaving with it.
-
@Dashrender said in Burned by Eschewing Best Practices:
@DustinB3403 said in Burned by Eschewing Best Practices:
@Dashrender said in Burned by Eschewing Best Practices:
@stacksofplates said in Burned by Eschewing Best Practices:
@dafyre said in Burned by Eschewing Best Practices:
@stacksofplates said in Burned by Eschewing Best Practices:
@dafyre said in Burned by Eschewing Best Practices:
@stacksofplates said in Burned by Eschewing Best Practices:
@dafyre said in Burned by Eschewing Best Practices:
@DustinB3403 said in Burned by Eschewing Best Practices:
So yesterday we had a bunch of computer parts arrive with a dedicated port each ps2 keyboard and mouse...
I tell the boss and he says "that's good"... um no its not we don't have ps2 keyboard and mice...
What in the world did you order that came with PS/2 ports?
We got brand new z440s this year and they have PS/2 ports.
You can completely disable USB on them so you need another way for input. Plus they are rackable so I'm assuming it's also for backwards compatibility with older KVMs.
So use your existing USB keyboards and mice with them, lol.
You can, but if you disable the ports in the BIOS you can't.
[snarky]
So don't disable the USB Ports!
[/snarky]Sometimes you are required to ha.
Yeah, Haven't you seen all the spy movies where the spies are trying to plug in USB sticks into servers/whatever in DCs? Ya gotta disable them ports, dem bad..
If you've lost physical access to the system, you're data is already at an extremely high risk level of being compromised.
You do know that datacenters love to give tours of their facilities right? Sometimes they are on the ball, sometimes not. I did a tour a few years ago... it would have been easy for me to plug in a USB stick in one of the open cabinets we were shown.
Not good ones. Good ones don't give tours. High end ones... even the admin staff isn't allowed in. If you are getting a DC tour, it's either not open yet or it isn't a serious DC.
-
@scottalanmiller said in Burned by Eschewing Best Practices:
@Dashrender said in Burned by Eschewing Best Practices:
@DustinB3403 said in Burned by Eschewing Best Practices:
@Dashrender said in Burned by Eschewing Best Practices:
@stacksofplates said in Burned by Eschewing Best Practices:
@dafyre said in Burned by Eschewing Best Practices:
@stacksofplates said in Burned by Eschewing Best Practices:
@dafyre said in Burned by Eschewing Best Practices:
@stacksofplates said in Burned by Eschewing Best Practices:
@dafyre said in Burned by Eschewing Best Practices:
@DustinB3403 said in Burned by Eschewing Best Practices:
So yesterday we had a bunch of computer parts arrive with a dedicated port each ps2 keyboard and mouse...
I tell the boss and he says "that's good"... um no its not we don't have ps2 keyboard and mice...
What in the world did you order that came with PS/2 ports?
We got brand new z440s this year and they have PS/2 ports.
You can completely disable USB on them so you need another way for input. Plus they are rackable so I'm assuming it's also for backwards compatibility with older KVMs.
So use your existing USB keyboards and mice with them, lol.
You can, but if you disable the ports in the BIOS you can't.
[snarky]
So don't disable the USB Ports!
[/snarky]Sometimes you are required to ha.
Yeah, Haven't you seen all the spy movies where the spies are trying to plug in USB sticks into servers/whatever in DCs? Ya gotta disable them ports, dem bad..
If you've lost physical access to the system, you're data is already at an extremely high risk level of being compromised.
You do know that datacenters love to give tours of their facilities right? Sometimes they are on the ball, sometimes not. I did a tour a few years ago... it would have been easy for me to plug in a USB stick in one of the open cabinets we were shown.
Not good ones. Good ones don't give tours. High end ones... even the admin staff isn't allowed in. If you are getting a DC tour, it's either not open yet or it isn't a serious DC.
Yep, we have had tours of two datacenters recently (looking to collocate a DR site) both were in the building phase and basically said we wouldn't be allowed in when they go live.
-
@scottalanmiller said in Burned by Eschewing Best Practices:
@Dashrender said in Burned by Eschewing Best Practices:
@DustinB3403 said in Burned by Eschewing Best Practices:
@Dashrender said in Burned by Eschewing Best Practices:
@stacksofplates said in Burned by Eschewing Best Practices:
@dafyre said in Burned by Eschewing Best Practices:
@stacksofplates said in Burned by Eschewing Best Practices:
@dafyre said in Burned by Eschewing Best Practices:
@stacksofplates said in Burned by Eschewing Best Practices:
@dafyre said in Burned by Eschewing Best Practices:
@DustinB3403 said in Burned by Eschewing Best Practices:
So yesterday we had a bunch of computer parts arrive with a dedicated port each ps2 keyboard and mouse...
I tell the boss and he says "that's good"... um no its not we don't have ps2 keyboard and mice...
What in the world did you order that came with PS/2 ports?
We got brand new z440s this year and they have PS/2 ports.
You can completely disable USB on them so you need another way for input. Plus they are rackable so I'm assuming it's also for backwards compatibility with older KVMs.
So use your existing USB keyboards and mice with them, lol.
You can, but if you disable the ports in the BIOS you can't.
[snarky]
So don't disable the USB Ports!
[/snarky]Sometimes you are required to ha.
Yeah, Haven't you seen all the spy movies where the spies are trying to plug in USB sticks into servers/whatever in DCs? Ya gotta disable them ports, dem bad..
If you've lost physical access to the system, you're data is already at an extremely high risk level of being compromised.
You do know that datacenters love to give tours of their facilities right? Sometimes they are on the ball, sometimes not. I did a tour a few years ago... it would have been easy for me to plug in a USB stick in one of the open cabinets we were shown.
Not good ones. Good ones don't give tours. High end ones... even the admin staff isn't allowed in. If you are getting a DC tour, it's either not open yet or it isn't a serious DC.
They were still building, but there were live systems already on site as well.
-
@Dashrender said in Burned by Eschewing Best Practices:
They were still building, but there were live systems already on site as well.
If you're doing any construction on a datacenter you do not run live systems.. doesn't matter what it is. That's a very bad sign for that Datacenter.
-
Allowed non-IT people to work in IT and make decisions about the equipment to order and use. Also create separate boot and data partitions, boot partition using SSD's!
-
Not the OP's fault, he's just stuck supporting a known bad environment: OpenFiler, iSCSI with VMware...
https://community.spiceworks.com/topic/1948389-openfiler-woes
-
@scottalanmiller said in Burned by Eschewing Best Practices:
Not the OP's fault, he's just stuck supporting a known bad environment: OpenFiler, iSCSI with VMware...
https://community.spiceworks.com/topic/1948389-openfiler-woes
uh, wow, have to feel for them
-
@travisdh1 said in Burned by Eschewing Best Practices:
@scottalanmiller said in Burned by Eschewing Best Practices:
Not the OP's fault, he's just stuck supporting a known bad environment: OpenFiler, iSCSI with VMware...
https://community.spiceworks.com/topic/1948389-openfiler-woes
uh, wow, have to feel for them
Yeah, that guy got screwed.
-
What's amazing is that we were mocking OF 2.99 for being "static and abandoned for years" and that was 3.5 years ago! It has to be at least six years without any updates or movement now. And yet people still ask about it and deploy it? How does that happen? It has been a very, very long time since it was a very well publicized "never use" product.
-
@scottalanmiller but the OF website is nifty.
-
Which is worse, Free
BSDNAS or OpenFiler? -
@DustinB3403 said in Burned by Eschewing Best Practices:
Which is worse, FreeBSD or OpenFiler?
FreeBSD is great, nothing wrong with that at all. OpenFiler has no purpose, ever. The two are totally not comparable.
-
Gah.. I meant FreeNAS sorry.
-
@DustinB3403 said in Burned by Eschewing Best Practices:
Gah.. I meant FreeNAS sorry.
FreeNAS, as well, is a good, solid product. I'm unclear why this new belief that I've said that it was not has come up. In my Jurassic Park paper I talk about it because of issues around it's cult-like community, and the problems with the idea of using non-appliance appliance products but never said that FreeNAS was questionable itself. FreeNAS is solid, it just has an unnecessary delay in updates and the overhead of unnecessary components. Why people select it is the problem, not the product itself. All of the problems that FreeNAS has (community, misuse) are so trivial that they are totally there with OpenFiler, but not ever mentioned, because the problems with OpenFiler are that the product itself is literally less than worthless. There is no association between the two things.
-
@scottalanmiller said in Burned by Eschewing Best Practices:
@DustinB3403 said in Burned by Eschewing Best Practices:
Gah.. I meant FreeNAS sorry.
FreeNAS, as well, is a good, solid product. I'm unclear why this new belief that I've said that it was not has come up. In my Jurassic Park paper I talk about it because of issues around it's cult-like community, and the problems with the idea of using non-appliance appliance products but never said that FreeNAS was questionable itself. FreeNAS is solid, it just has an unnecessary delay in updates and the overhead of unnecessary components. Why people select it is the problem, not the product itself. All of the problems that FreeNAS has (community, misuse) are so trivial that they are totally there with OpenFiler, but not ever mentioned, because the problems with OpenFiler are that the product itself is literally less than worthless. There is no association between the two things.
FreeNAS, as well, is a good, solid product. I'm unclear why this new belief that I've said that it was not has come up.
Because you did say it
-
@stacksofplates Read carefully what I said, I said that the IDEA was bad for all of those. Appliances without appliances, it's a bad idea. But FreeNAS is good within the context of the bad idea. Saying that the idea is bad and that people should not use things of that nature is not saying that the product is bad. You can make an excellent product that has no use case.
-
@scottalanmiller said in Burned by Eschewing Best Practices:
@stacksofplates Read carefully what I said, I said that the IDEA was bad for all of those. Appliances without appliances, it's a bad idea. But FreeNAS is good within the context of the bad idea. Saying that the idea is bad and that people should not use things of that nature is not saying that the product is bad. You can make an excellent product that has no use case.
"FreeNAS makes no sense, IMHO, ever.....But FreeNAS, never, because FreeBSD, at minimum is always better."
So a product that you would rarely use is always better than FreeNAS, but somehow it's a solid product...... That's not saying the idea is bad, that's saying the product is bad.
-
@stacksofplates said in Burned by Eschewing Best Practices:
@scottalanmiller said in Burned by Eschewing Best Practices:
@stacksofplates Read carefully what I said, I said that the IDEA was bad for all of those. Appliances without appliances, it's a bad idea. But FreeNAS is good within the context of the bad idea. Saying that the idea is bad and that people should not use things of that nature is not saying that the product is bad. You can make an excellent product that has no use case.
"FreeNAS makes no sense, IMHO, ever.....But FreeNAS, never, because FreeBSD, at minimum is always better."
So a product that you would rarely use is always better than FreeNAS, but somehow it's a solid product...... That's not saying the idea is bad, that's saying the product is bad.
Nope, it really is not. Read the words very carefully and try not to look for something being implied, it's exactly what it says. It's a good implementation of a bad idea. It's well done, but there is no reason to ever use it. The idea is what is bad.
Just like you can have a good SAN but the idea of an IPOD is bad.
FreeBSD is always better than FreeNAS, but one thing being always better doesn't make another thing bad. But it does rule it out from use cases.
-
And that FreeBSD is rarely used is not a factor. It's not rarely used because it is bad, it is rarely used because it is poorly known and it's strengths are not broad or extreme enough to overcome those factors. You are reading stuff into the statements that are not there.