Sadly, no luck on the job interview. Three interviews with them, two face-to-face, and only a generic email confirming no job offer and no actual useful feedback. Looking for a job sucks!
Best posts made by Jimmy9008
-
RE: What Are You Doing Right Now
-
RE: For the love of IPOD...
They were an MSP. The selling SAN part was only a small part of what they did. Only about 200 customers, so small. But, they had their list of products and wouldn't really change from their supported model - extensive list, but static, and old. For example, the backup solution they sold to customers and installed, then managed, was file level only. Any disaster the whole server had to be rebuilt rather than an image restore. Again, because its what they knew rather than developing and using the latest tech. Makes sense for them, but bad for the tech/development and customers - That was one of the reasons I left...
This really annoyed me; a customers server kept crashing (every few hours/daily). It was their SQL server so when that went all of their applications went down. Old kit, no longer supported by HP(E) anymore. From memory it was a 2003 box. Out of warranty etc, no service, so couldn't get them the latest packs... and no support from MS as its no longer supported. All we could do is force a reboot and wait each time. So, the customer ordered a new server. Great! (They should have anyway as it was not fit for purpose anymore for a number of reasons). They were planning to have their application vendor move the SQL instances/whatever to this new box - but that was months away...
So, the new server turns up, I rack n stack it, and get 2012 r2 installed. Now its just sitting in the rack awaiting the vendor and the other box crashes again! I speak to my team and we agree that I will shutdown SQL server services, p2v the box, and bring up on the new host - great - work done and customer happy no ongoing failures until the vendor can come to site.
A few months later I go back to site - one of our techs had visited when the software vendor were planned, they had turned off the VM, installed SQL Server to the physical box and are using the physical box again! Never learn! I had told them to just create a second VM, and use that. Leave the host alone. But nope! Some people just cant be trusted. I know the vendor is happy to use a VM. I expect that decision was made as the other techs were not comfortable with 'scary VM stuff'.
-
RE: What Are You Doing Right Now
@hobbit666 Yeah, lots of folks applying in London. I have a fairly ok paid job at the moment, so its not urgent at all. I just fancy a move from my current position for a few 'reasons'. It just sucks that you give a place two days of your time plus an initial call on the phone and dont even get feedback.
-
RE: Disk2VHD M.2
Yep, restore to a VM from Veeam Agent worked like a charm. Thanks folks.
-
RE: What Are You Doing Right Now
Thought I had constipation, after a week of no luck went to GP who didn't offer much help, that night went to emergency and doctors have confirmed peritonitis/diverticulitis. May need operation to remove part of bowel, will see. Not life threatening at least, just a pain in the arse (so to speak lol).
Anyway, I'm where I need to be.
-
RE: Pentest - Who would you recommend?
@IRJ said in Pentest - Who would you recommend?:
Have you had an assessment before?
Are you in an industry that has requirements like HIPAA, SOX, GLBA, etc?
Roughly how big is the company?
What is the exact scope of work? Are you really looking for a pen test or a security audit?
All these should factor in to who you choose for you pentest.
No previous assessment.
No industry requirements.
25 -35 employees. Thousands of customers.
Pentest. You get our company name, that is all. Can you get in? Could you almost get in? What could/did you change? etc.
-
RE: Is Admitting That Someone's Suspicion of Guilt Is Correct Constitute Admission of Guilt
Interesting read. I am from the UK, so it totally doesn't actually matter - but I would agree with Scott here.
If the police say: "We think there is child porn on your laptop, please give us the password."
Then the person being interviewed says: "You know whats on there."
... regardless of password, or whatever else, you now know what is on there. They hung themselves.
If they said "No.", sure - no issue. But they didn't.
Guilty!
-
RE: Pentest - Who would you recommend?
@IRJ said in Pentest - Who would you recommend?:
@scottalanmiller said in Pentest - Who would you recommend?:
@IRJ said in Pentest - Who would you recommend?:
@scottalanmiller said in Pentest - Who would you recommend?:
@Carnival-Boy said in Pentest - Who would you recommend?:
@IRJ said in Pentest - Who would you recommend?:
You definitely don't want a pen test, you need a security assessment. There will be plenty of things to fix, and after securing the network then you could do a pen test the following year.
Same thing. What do you think an assessment will do that a pentester won't (and vice versa)?
One is only testing penetration from a set of attacks. Most security vulnerabilities are not penetration so aren't part of that test (like SQL Injection is not penetration) plus it tests attacks, not risks.
Example.. which tells you how long it will take to break through a door, hitting it with a hammer or knowing a lot about the door? If you know enough about the door, you know where it is weak or if the hinges are about to give out. If you just hit it with a hammer, you might get lucky and get in on the first swing or you might never hit it hard enough to break the hinge.
Both are valuable, but one tells you a lot more, typically.
Yes, alot of people use security assessment and pentesting as interchangeable terms but they are much different. Pen testing is only done when you feel you've already covered everything found on a security assessment.
Yes, doing both is definitely good. But if only doing one, it's the assessment that I'd want.
Especially in an org that I am assuming has not run any vuln scans. They are going to have over a year's worth of work if they are lucky.
We would like to see what could be cone 'as is'. Just because we have not had a security report done, does not mean one should assume we would fail it. We have a lot in place and fixed processes, of course, nowhere is 100%, but i'd like to see what an external tester could do with nothing more than the company name. That's all an actual attacker would have.
-
RE: What Are You Doing Right Now
Fighting a large outage we have been having all week! Bad timing!
I did not even know this was possible, but our UPS had a large failure on Monday and sent a surge to back end hardware. I thought the point of UPS was to protect end hardware from network surges, but hey... it happened.
We lost the UPS, two switch stacks (core and edge) each having three switches, two old blade chassis with 16 servers in each and a load of old fc and iscsi SANs, and one new server host. We have gone from 35 servers (32 blade servers and 3 standalone servers) to only 2 standalone servers. Luckily though our backups are rock solid.
We have been planning to remove the blades for about 3 months and get a new UPS for 3 months! Really bad timing. The hardware that replaces everything that failed...... is due for delivery on Monday!
Getting there though. Currently fighting one host of the three newer ones to spread the load.
But yeah, fun week!
-
RE: Pentest - Who would you recommend?
@NattNatt said in Pentest - Who would you recommend?:
@Jimmy9008 said in Pentest - Who would you recommend?:
@IRJ said in Pentest - Who would you recommend?:
@scottalanmiller said in Pentest - Who would you recommend?:
@IRJ said in Pentest - Who would you recommend?:
@scottalanmiller said in Pentest - Who would you recommend?:
@Carnival-Boy said in Pentest - Who would you recommend?:
@IRJ said in Pentest - Who would you recommend?:
You definitely don't want a pen test, you need a security assessment. There will be plenty of things to fix, and after securing the network then you could do a pen test the following year.
Same thing. What do you think an assessment will do that a pentester won't (and vice versa)?
One is only testing penetration from a set of attacks. Most security vulnerabilities are not penetration so aren't part of that test (like SQL Injection is not penetration) plus it tests attacks, not risks.
Example.. which tells you how long it will take to break through a door, hitting it with a hammer or knowing a lot about the door? If you know enough about the door, you know where it is weak or if the hinges are about to give out. If you just hit it with a hammer, you might get lucky and get in on the first swing or you might never hit it hard enough to break the hinge.
Both are valuable, but one tells you a lot more, typically.
Yes, alot of people use security assessment and pentesting as interchangeable terms but they are much different. Pen testing is only done when you feel you've already covered everything found on a security assessment.
Yes, doing both is definitely good. But if only doing one, it's the assessment that I'd want.
Especially in an org that I am assuming has not run any vuln scans. They are going to have over a year's worth of work if they are lucky.
We would like to see what could be cone 'as is'. Just because we have not had a security report done, does not mean one should assume we would fail it. We have a lot in place and fixed processes, of course, nowhere is 100%, but i'd like to see what an external tester could do with nothing more than the company name. That's all an actual attacker would have.
Unless the attacker was an internal attacker//had links to someone internal to know a bit more...? Never forget that the biggest vulnerability in any business is the fleshy thing in front of the screen.
Yes, we are aware of this - however that is not the test. We have to trust employees. If we didn't, they would be gone.
Internally, nobody has admin access, only IT have creds that can be admin and elevate when approved. Servers only allow 3389 on the LAN from specific IPs on our network. Creds have to be changed regularly for all users, including domain admin accounts. Workstations likewise use internal WSUS for updates, and are behind proxy for content inspection/etc.
Even so, the test is still:
- Out name is xyz. Document what you try, and what was successful.
Or does nowhere offer that?
-
RE: What Are You Doing Right Now
Its bad timing that gets me, on Monday we get the servers that are replacing these and have been on order for a while, and we had approval to replace the UPS a while back but couldn't due to COVID-19 with the office closed! Oh well, will survive it
Have a good weekend folks!
-
RE: Dell N2048 Switch and IP ACL - I just killed part of my network...
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@EddieJennings said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
So, select host only, and use the machine FQDNs?
And you'll probably have to change the wildcard mask to match all parts of the IP of the host.
Can ip be used with host selected, but mask left empty you think?
With host selected, wild card is defaulted to 0.0.0.0 and disabled. So cannot edit that anyway with host selected.
-
RE: Is Real Estate Actually a Good Investment on Average?
@JaredBusch said in Is Real Estate Actually a Good Investment on Average?:
@Jimmy9008 said in Is Real Estate Actually a Good Investment on Average?:
@Pete-S said in Is Real Estate Actually a Good Investment on Average?:
@Jimmy9008 said in Is Real Estate Actually a Good Investment on Average?:
@Pete-S said in Is Real Estate Actually a Good Investment on Average?:
@Jimmy9008 said in Is Real Estate Actually a Good Investment on Average?:
But, if I know I am going to be South East UK for at least a decade, owning is the only sensible financial choice.
Right, until you get sick long-term or have a divorce and you can't afford to pay your mortgage and you can't sell your house because nobody is willing to pay what you need to pay off your loans.
Renting is the SaaS of living arrangements.
Zero capital expense, zero risk, 100% agility.
Pretty much, shit happens.
If you are worried about possible future long term sick, get ASU insurance.
If you are worried about future divorce, well that sucks. Its still better to have 50% of a house than 0%.There are lots of real world examples of shit happening. It still doesn't change the fact that renting is paying somebody else mortgage, when you could have your own and 'hope' to gain from it.
Everything has risk.
Yeah, but a shitty investment such as a single family home isn't worth that risk. It's a lot more financially responsible to rent your home and invest your capital in something better. Something that is not coupled to your living arrangements. Something you can sell and buy when the opportunity is right, not when you want to move.
If you like real estate there are plenty of things to own. Apartment buildings, commercial real estate for example.
The prices in the UK for renting are above what you would pay for mortgage payments. You are spending far more renting than you would not renting. That makes no sense.
See this is the thing people are trying to explain to you. Math doesn't work that way.
You are very confused if you think owning a home as an investment is a smart thing.
Owning a home is fine. Thinking of it as an investment is the issue of this topic.
I bought my house for $228,000 in 2016. I paid 10% down and the rest was a loan. I refinanced last year to take advantage of the lower interest rate and to drop my term to 20 years. I was 5 years into a 30 year term, so I gained 5 years on the payback also.
I don't' have my original amortization schedule handy, but for my refi I do.
My refi has an original balance of $205,986.
After making a payment of $1,168.34 for 240 months (20 years) I will have paid $280,401.60.This means before any other expenses or values are calculated, I will have lost $74,415.60 over the term of this loan.
This is a shit ass way to start an investment return.
By the way, I only put 10% down on the original loan in 2016, because I knew the house needed remodeled. I drop approximately $25,000 to remodel everything in 2016.
So that puts me down $100,000 at the 20 year mark.
I converted the half bath to a full master bath in 2019 for $11,000.
So that puts me down $111,000 at the 20 year mark now.
I gutted 2 rooms and reinsulated them in the last 6 months for ~$4,000.
So that puts me down $115,000 at the 20 year mark now.
That means for my house to be a value as an investment, assuming I have zero other house only expenses (aka expenses that I would not also have as a renter), I would need to sell my house for $228,000 + $115,000 = $343,000 in 2016 adjusted dollars just to break even on my investment.
Edit:
Neglected a huge cost of owning a house in the U.S., property taxes. That would bring that $115,000 significantly higher as I currently pay ~$6,000 per year in property taxes. That comes to $120,000 over a 20 year loan.
So now I need to sell this house in 2041 for $463,000 (in 2016 dollars) just to break even.
Say somebody was renting your dwelling for 20 years from a landlord. They also would be paying $1,168 every month for 20 years. Where you are down $74,415, they are down $280,401.
Rent here in the UK is MORE than the cost of a mortgage. I'd get it if the renter was paying $400. They could take the other $768 and stick that somewhere with better interest than a house.
Owning may not be a great option, but its still better than renting. In 20 years you hopefully have a house you can sell worth at least $205,986. Then renter doesn't.
How is that better than owning where the rent cost == mortgage cost?
I can pay a bank 1,168 dollars every month for 20 years and hope to have a house I can sell for 200k+. Or, I can pay a landlord that money have after 20 years have sweet fuck all... hmmm, sure, I will rent.
-
RE: When to use VMWare over free hypervisors?
@JaredBusch said in When to use VMWare over free hypervisors?:
@Jimmy9008 said in When to use VMWare over free hypervisors?:
with VMWare at 5k a pop
FFS, you have no idea WTF you are talking about. Stop arguing and go learn. Then you can discuss instead of argue.
^ where did I argue? I was asking an actual question... from the quick search I did it was 5k or so per server, maybe not exact... didn't realise I had to provide a detailed quote for a reply on ML!
Chill and have a beer fella - its Friday.
-
RE: Is Real Estate Actually a Good Investment on Average?
@scottalanmiller said in Is Real Estate Actually a Good Investment on Average?:
@Jimmy9008 said in Is Real Estate Actually a Good Investment on Average?:
The prices in the UK for renting are above what you would pay for mortgage payments.
TODAY this is true. Unless that has always been true, then your logic doesn't hold. Looking at a momentary financial situation isn't a good way to invest for a lifetime.
This is why I ask if this is regional. Its been true in South East UK for a long time. My parents purchased in Greenwich, London, in the early 80s for £38k. They sold in 2014 for £1.1m. Looking at inflation 38k would be £164k in 2014. They were hugely up on the initial purchase ~£960,000. Sure, they had some maintenance, insurance, and other costs, but that is a huge amount.
If they were renting from the 80s until 2014, they would have had zero.
Even now, my place in 2019 was £270,000. Its currently valued at £340,000. In fact, I am going to sell soon and move. But that is £70k addition compared to if I had rented. If I rented, I get £0 from that £70,000. That 70k goes straight in to the pocket of the landlord.
I get it. It may not have always been like this. But where I am in SE UK, mortgages are going for 1,000 and rental for the house next door is £1,200 - £1,400. It just doesn't make sense to rent here right now. If I could rent this place for say £500 - £800 that could make sense. I could take the difference and put it in a fund long term. But, realistically - its just not going to make sense here right now.
Same for Liverpool, Aberdeen, Barcelona? I don't know. That is why I think its regional. If I have to rent for more than it would cost to own, then it makes sense to own here.
-
RE: When to use VMWare over free hypervisors?
@wirestyle22 said in When to use VMWare over free hypervisors?:
@JaredBusch said in When to use VMWare over free hypervisors?:
@Jimmy9008 said in When to use VMWare over free hypervisors?:
@JaredBusch said in When to use VMWare over free hypervisors?:
@Jimmy9008 said in When to use VMWare over free hypervisors?:
with VMWare at 5k a pop
FFS, you have no idea WTF you are talking about. Stop arguing and go learn. Then you can discuss instead of argue.
This is the product right?
£4712 with VAT... not far out of the 5k I said no?
So where are you saying I'm wrong here?
Would like like me to send you a quote for an hour of consulting time to help you understand?
How much is an hour of consulting time? I fI can afford it I'd probably hire you to teach me. I'm very serious
Hahah lol
No, i'd like you to not be rude actually. From the page I am looking at, that product is the minimum you need for vMotion - which is what we were just talking about where I referred to the price... so... yeah...
I'm not the one being rude here.
-
RE: When to use VMWare over free hypervisors?
@DustinB3403 said in When to use VMWare over free hypervisors?:
@wirestyle22 said in When to use VMWare over free hypervisors?:
@Jimmy9008 said in When to use VMWare over free hypervisors?:
whenever I do updates... that's the app down
You said the above which leads us to believe that you thought there would be 100% uptime. That's why we said that it doesn't really exist (outside of possibly really huge enterprise systems that I have never seen)
Very few people have seen systems like this. The top 1% of IT engineers in the world are the only people to see systems like this.
Ok, so... vMotion allows you to plan a move of a VM from node1 to node2. Then you can perform downtime to node1. That's hardware HA. HypreV allows you to do that... benefit of buying the VMWare for this = 0. In that case, the 1x VM its self goes down, then that's downtime to the service as its not application level HA... if that's ok by you then fine, even more reason not to get VMWare. If you need the app to be able to stay up if the VM is restarted, you need application level HA with SQL server and IIS etc.. in which case, doesn't matter again if you have VMWare.
-
RE: When to use VMWare over free hypervisors?
@DustinB3403 said in When to use VMWare over free hypervisors?:
@Jimmy9008 said in When to use VMWare over free hypervisors?:
@DustinB3403 said in When to use VMWare over free hypervisors?:
@Jimmy9008 said in When to use VMWare over free hypervisors?:
@DustinB3403 said in When to use VMWare over free hypervisors?:
@Jimmy9008 said in When to use VMWare over free hypervisors?:
@wirestyle22 said in When to use VMWare over free hypervisors?:
@Jimmy9008 said in When to use VMWare over free hypervisors?:
@wirestyle22 said in When to use VMWare over free hypervisors?:
@JaredBusch said in When to use VMWare over free hypervisors?:
@Jimmy9008 said in When to use VMWare over free hypervisors?:
@JaredBusch said in When to use VMWare over free hypervisors?:
@Jimmy9008 said in When to use VMWare over free hypervisors?:
with VMWare at 5k a pop
FFS, you have no idea WTF you are talking about. Stop arguing and go learn. Then you can discuss instead of argue.
This is the product right?
£4712 with VAT... not far out of the 5k I said no?
So where are you saying I'm wrong here?
Would like like me to send you a quote for an hour of consulting time to help you understand?
How much is an hour of consulting time? I fI can afford it I'd probably hire you to teach me. I'm very serious
Hahah lol
No, i'd like you to not be rude actually. From the page I am looking at, that product is the minimum you need for vMotion - which is what we were just talking about where I referred to the price... so... yeah...
I'm not the one being rude here.
He's definitely rude (and he knows it) but he's also correct 99% of the time
Yeah, probably. But i'm just curious as to why i'm wrong here. Not being rude about it from my side at all. It does look to be 5k. And i'd still need the same multiple IIS servers, and SQL servers... and yes, i'd want them sitting behing something like HA proxy. At that point I have application level high availability, so even less need for vMotion.
But at that point you'd have at least 12 individual system before you're even managing the Hypervisor its self.
That's a stupidly long dependency chain with a lot of things that can go wrong. Not even mentioning the time to setup and test the system. And then to find someone who would want to support it from the Bus effect.
Yeah, agree i'd have 12 systems. Of course I have 12. Why on earth wouldn't I. If I had only 1 x SQL Server, or 1 x IIS, whenever I do updates... that's the app down. Surely I'm not the only person to see that? I need application HA in addition to the hardware level... and in this case, once I have that... vMotion does nothing for me.
Every system has down time, even wall street. There is no such thing as 100% up time. You're in a dream world if you think this is a viable, cost effective solution.
And unless you are Wall Street, the entire setup here would only make sense for the 1% of the top 1% of organizations.
Where did I say 100% uptime? I didn't. 12 VMs is small. Everywhere has downtime, yes, but this isn't complex and for IIS and SQL Server etc... this is not an unreasonable setup. Not hard to manage or design either. I'm shocked y'all think its suck a crazy setup.
You're purposefully attempting to say ESXi sucks because you can do something else with Hyper-V.
I'm sure VMWare has its awesome points. I was just saying that vMotion, if the system is built in the right way, makes that pointless. Especially as Hyper-V does it anyway. This is a question of when to use VMWare over free hypervisiors - vMotion IMO is not one of them.
-
RE: When to use VMWare over free hypervisors?
@DustinB3403 said in When to use VMWare over free hypervisors?:
@Jimmy9008 Why does VMware effect what application you are hosting?
You're mixing things up.
I'm trying to say that the HA you get from VMWare (when we were talking about vMotion), compared to what you can do with free hyper-v, if the application is built correctly at application HA level, makes VMWare pointless.
If I can survive multiple host failures as I have application level high availability, the hypervisor that sits on doesn't matter. The free one does the same as the HA is app level.
-
RE: virtualize all the things... ?
IMO - if the systems built to the specification needed for what will be ran, then virtualisation cannot be a performance issue. If its a system you already have, without specification for a specific workload, then its possibly going to be a performance issue - only because it wasn't built to spec.
Another reason to not virtualise is old unsupported systems. Or, ones where you require vendor support (by the software makers) who will not support their stuff running on VMs. (In which case you should move away from them - but sometimes that's not possible).