As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

[sysadmin] sexy.code = new.underpants.required

15455575960100

Posts

  • TL DRTL DR Not at all confident in his reflexive opinions of thingsRegistered User regular
    What's the worst that could happen with malicious access to the MFP, though, considering it wouldn't be accessible outside of the LAN and most users have no idea how to get into it?

  • Le_GoatLe_Goat Frechified Goat Person BostonRegistered User regular
    That's my point. You can't do much and yet I still change its default password.

    While I agree that being insensitive is an issue, so is being oversensitive.
  • SeidkonaSeidkona Had an upgrade Registered User regular
    edited September 2015
    I had a tech install his own account on our MFP with a default password and was told to leave it alone by the leasing company.

    I gave up at that point. They want their shit unsecured that's fine. I'll make sure we sue them if it's ever used as an attack vector.

    Seidkona on
    Mostly just huntin' monsters.
    XBL:Phenyhelm - 3DS:Phenyhelm
  • CogCog What'd you expect? Registered User regular
    TL DR wrote: »
    What's the worst that could happen with malicious access to the MFP, though

    scientificamerican.com/article/printers-can-be-hacked-to-catch-fire/

    Yet another reason to be weary of your nefarious and malevolent print devices.

  • ThawmusThawmus +Jackface Registered User regular
    More to the point, why is your MFP NAT'd so that it's accessible to the outside world in the first place? Why does it have a gateway address configured on it?

    Twitch: Thawmus83
  • CogCog What'd you expect? Registered User regular
    Thawmus wrote: »
    More to the point, why is your MFP NAT'd so that it's accessible to the outside world in the first place? Why does it have a gateway address configured on it?

    Some people need to print over multiple VLANs.

  • Le_GoatLe_Goat Frechified Goat Person BostonRegistered User regular
    edited September 2015
    Thawmus wrote: »
    More to the point, why is your MFP NAT'd so that it's accessible to the outside world in the first place? Why does it have a gateway address configured on it?
    We actually do have some MFPs configured to report to a vendor's external server. It calls in with print counts, error codes, and supply status. Once supplies hit a specific level, cartridges are automatically ordered and shipped to us.

    Le_Goat on
    While I agree that being insensitive is an issue, so is being oversensitive.
  • bowenbowen How you doin'? Registered User regular
    Cog wrote: »
    Thawmus wrote: »
    More to the point, why is your MFP NAT'd so that it's accessible to the outside world in the first place? Why does it have a gateway address configured on it?

    Some people need to print over multiple VLANs.

    Fuck 'em.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • CogCog What'd you expect? Registered User regular
    A reasonable counter-argument.

  • bowenbowen How you doin'? Registered User regular
    Just got a quote for a company to set us up with VMWare and some servers.

    $60k.

    $30k in hardware, $30k in 'engineering'

    I'm looking through this quote... they included backup stuff.. which is fine but I didn't really ask for that.

    Then they included new network hardware...

    Which I mean great, but

    getting down to the meat and potatoes I'm looking at like $10k in hardware costs overall.

    Then they tacked in vsphere

    What the fuck is going on with these quotes, did you guys not listen to me at all?

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • bowenbowen How you doin'? Registered User regular
    I feel like I can do all of this stuff with a budget of $15000 and pocket $5000 of it.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • ThawmusThawmus +Jackface Registered User regular
    Cog wrote: »
    Thawmus wrote: »
    More to the point, why is your MFP NAT'd so that it's accessible to the outside world in the first place? Why does it have a gateway address configured on it?

    Some people need to print over multiple VLANs.

    I'll concede the point. You'd certainly need a gateway for that, or run a print server that multiple networks have a route to.
    Le_Goat wrote: »
    Thawmus wrote: »
    More to the point, why is your MFP NAT'd so that it's accessible to the outside world in the first place? Why does it have a gateway address configured on it?
    We actually do have some MFPs configured to report to a vendor's external server. It calls in with print counts, error codes, and supply status. Once supplies hit a specific level, cartridges are automatically ordered and shipped to us.

    They don't have a way for this information to be centralized internally? I mean, that sounds swell and all, and super handy, but there is established/related traffic running to your MFP's all day long.
    bowen wrote: »
    Cog wrote: »
    Thawmus wrote: »
    More to the point, why is your MFP NAT'd so that it's accessible to the outside world in the first place? Why does it have a gateway address configured on it?

    Some people need to print over multiple VLANs.

    Fuck 'em.

    Pretty much the mood I'm in today.

    Twitch: Thawmus83
  • Le_GoatLe_Goat Frechified Goat Person BostonRegistered User regular
    Thawmus wrote: »
    Le_Goat wrote: »
    Thawmus wrote: »
    More to the point, why is your MFP NAT'd so that it's accessible to the outside world in the first place? Why does it have a gateway address configured on it?
    We actually do have some MFPs configured to report to a vendor's external server. It calls in with print counts, error codes, and supply status. Once supplies hit a specific level, cartridges are automatically ordered and shipped to us.

    They don't have a way for this information to be centralized internally? I mean, that sounds swell and all, and super handy, but there is established/related traffic running to your MFP's all day long.
    Oh no no. That would indeed be a bad idea. These transmissions occur around midnight and only once each day. In fact, now that I think about it, they send their information to a VM, which then transmits the information to their servers, so it's not a direct connection.

    While I agree that being insensitive is an issue, so is being oversensitive.
  • CogCog What'd you expect? Registered User regular
    bowen wrote: »
    I feel like I can do all of this stuff with a budget of $15000 and pocket $5000 of it.

    That hardware quote is absurd.

  • bowenbowen How you doin'? Registered User regular
    Cog wrote: »
    bowen wrote: »
    I feel like I can do all of this stuff with a budget of $15000 and pocket $5000 of it.

    That hardware quote is absurd.

    HP Servers, a whole bunch of memory, some fibre shit... I mean I could see it being in the ballpark of 10-20k.

    Then they start tacking on backup services.

    There's no way I can get my boss to drop $60k on upgrading all these servers.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • Le_GoatLe_Goat Frechified Goat Person BostonRegistered User regular
    edited September 2015
    $10k for a server isn't totally insane. It'd have to be a beast, but it's not unheard of. Anything above $13k is... well it's totally out of my league in regards to my agency's needs.

    EDIT: Also included in my costs is 5-7 years of 4-hour 24x7 Pro Support.

    Le_Goat on
    While I agree that being insensitive is an issue, so is being oversensitive.
  • bowenbowen How you doin'? Registered User regular
    Le_Goat wrote: »
    $10k for a server isn't totally insane. It'd have to be a beast, but it's not unheard of. Anything above $13k is... well it's totally out of my league in regards to my agency's needs.

    Yeah we're a medium sized doctor's office (we really have more staff than we need honestly) We have 3 doctors, 4 NPs, and about 15 secretaries, 5 billing/medical coders, 5 lab techs, 4 blood peeps, me, and two office managers.

    We do have a lot of IT infrastructure, though, since we have a lot of equipment. Lab equipment, LIS database for the equipment, patient databases, internal program stuff, etc.

    The servers themselves were about $11-12k for all the hardware and upgrades (2 HP servers).

    Another $1000 in switches (2 of them), then a whole bunch of VNXE stuff which I'm not sure of. Probably some sort of fibreSAN type thing? That was another $6k, another 2k in IO modules for the fibre san I guess? Another 2k for "advanced support", then about 6k for VMWare vSphere licenses?

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • Le_GoatLe_Goat Frechified Goat Person BostonRegistered User regular
    Licensing... the hidden cost devil

    While I agree that being insensitive is an issue, so is being oversensitive.
  • CogCog What'd you expect? Registered User regular
    Le_Goat wrote: »
    $10k for a server isn't totally insane. It'd have to be a beast, but it's not unheard of. Anything above $13k is... well it's totally out of my league in regards to my agency's needs.

    EDIT: Also included in my costs is 5-7 years of 4-hour 24x7 Pro Support.

    Yeah given what I've absorbed about the size of bowen shop over the years, there's no way he needs servers like that.

  • CogCog What'd you expect? Registered User regular
    edited September 2015
    VNXE is EMC SAN shit, btw. EMC is the Cadillac of SAN technology. It costs a shitload, has a lot of name cachet, tons of great features, and is highly dubiously worth the sticker price.

    Cog on
  • bowenbowen How you doin'? Registered User regular
    Yeah looks like they went super expensive.

    vSphere, VNXE... I feel like I can build twice the stuff for half the cost if I rolled my own.

    I was really hoping they'd help me out rather than trying to pad their pockets. Now I remember why I stopped using them.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • Apothe0sisApothe0sis Have you ever questioned the nature of your reality? Registered User regular
    bowen wrote: »
    No one uses telnet anymore because it's unencrypted and that's a great way to get your server hacked into.

    bowen, when did you become our resident optimist?

    So many people still use telnet for switch and router management still

    I run into it so often and

    q2xof1i0p9mq.jpg

  • Apothe0sisApothe0sis Have you ever questioned the nature of your reality? Registered User regular
    Athenor wrote: »
    And that is why any Exchange admin worth their salt would block port 25... Of course, few do, but hey. :)
    sender restrictions, more often

  • LD50LD50 Registered User regular
    In a perfect world I would be able to say the only thing I've used telnet for was connecting to MUDs.

  • DehumanizedDehumanized Registered User regular
    LD50 wrote: »
    In a perfect world I would be able to say the only thing I've used telnet for was connecting to MUDs.

    I'm doing that right now tbh

    hell yeah MUDs

  • SeñorAmorSeñorAmor !!! Registered User regular
    LD50 wrote: »
    In a perfect world I would be able to say the only thing I've used telnet for was connecting to MUDs.

    Or towel.blinkenlights.nl

  • EchoEcho ski-bap ba-dapModerator mod
    Apothe0sis wrote: »
    Athenor wrote: »
    And that is why any Exchange admin worth their salt would block port 25... Of course, few do, but hey. :)
    sender restrictions, more often

    SMTP authentication is a thing we've been able to do for a while, I hear.

  • bowenbowen How you doin'? Registered User regular
    So what would be a good price point for a SAN? I still feel like 30k is fucking highway robbery.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • Apothe0sisApothe0sis Have you ever questioned the nature of your reality? Registered User regular
    A SAN is a BFD. 30k isn't outlandish,

    The cheaper option is DAS - disk attached storage. Direct Attached Storage?

    If you are only doing a small number of servers it gets you the benefits of vmotion and such with less expense.

  • twmjrtwmjr Registered User regular
    Apothe0sis wrote: »
    bowen wrote: »
    No one uses telnet anymore because it's unencrypted and that's a great way to get your server hacked into.

    bowen, when did you become our resident optimist?

    So many people still use telnet for switch and router management still

    I run into it so often and

    q2xof1i0p9mq.jpg

    heck, one of our NOC teams has been known to have devices reloaded when they can't connect via telnet because "management connectivity isn't working."

    without ever trying ssh.

    so glad I got out of operations.

  • bowenbowen How you doin'? Registered User regular
    Apothe0sis wrote: »
    A SAN is a BFD. 30k isn't outlandish,

    The cheaper option is DAS - disk attached storage. Direct Attached Storage?

    If you are only doing a small number of servers it gets you the benefits of vmotion and such with less expense.

    Well 30k was for all the licenses/hardware, so that's 2 servers, a shitload of ram, and the SAN.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • electricitylikesmeelectricitylikesme Registered User regular
    bowen wrote: »
    Apothe0sis wrote: »
    A SAN is a BFD. 30k isn't outlandish,

    The cheaper option is DAS - disk attached storage. Direct Attached Storage?

    If you are only doing a small number of servers it gets you the benefits of vmotion and such with less expense.

    Well 30k was for all the licenses/hardware, so that's 2 servers, a shitload of ram, and the SAN.

    How fast do you need to go? Because for raw storage those backblaze pods pretty much can't be beat.

  • bowenbowen How you doin'? Registered User regular
    bowen wrote: »
    Apothe0sis wrote: »
    A SAN is a BFD. 30k isn't outlandish,

    The cheaper option is DAS - disk attached storage. Direct Attached Storage?

    If you are only doing a small number of servers it gets you the benefits of vmotion and such with less expense.

    Well 30k was for all the licenses/hardware, so that's 2 servers, a shitload of ram, and the SAN.

    How fast do you need to go? Because for raw storage those backblaze pods pretty much can't be beat.

    Whatever's standard, I just want to reduce the number of our physical servers.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • CogCog What'd you expect? Registered User regular
    LD50 wrote: »
    In a perfect world I would be able to say the only thing I've used telnet for was connecting to MUDs.

    I'm doing that right now tbh

    hell yeah MUDs

    Dark Castle MUD nearly flunked me out of highschool.

    Cause that's all I did.

    Of course, if you looked solely at my tintin scripts from the time period, I probably qualified for some sort of comp sci degree.

  • chamberlainchamberlain Registered User regular
    Pfft, tintin.

    I credit my typing skills to hours and hours and hours of Hidden Worlds.
    I can type
    n
    bs tiamat
    c recall

    in my sleep.

  • RandomHajileRandomHajile Not actually a Snatcher The New KremlinRegistered User regular
    bowen wrote: »
    Apothe0sis wrote: »
    A SAN is a BFD. 30k isn't outlandish,

    The cheaper option is DAS - disk attached storage. Direct Attached Storage?

    If you are only doing a small number of servers it gets you the benefits of vmotion and such with less expense.

    Well 30k was for all the licenses/hardware, so that's 2 servers, a shitload of ram, and the SAN.
    That really doesn't seem bad at all to me. But then I'm pretty lucky that I can well over-buy hardware. (Our hosts run around $15k each, and we got a $100k EqualLogic SAN for around $40k in our first round...) Are you sure that isn't a NAS box? Because that seems totally fine. I will say this: whatever you do, get a lot of RAM. More than you think you need, so you can deploy larger VMs.

    Also, perhaps look into building the project with VMware vSAN. This week they announced two-host/node vSAN (used to be a minimum of three hosts), where you get huge performance without a physical SAN; it just uses the storage built in to the hosts, but there are some very specific hardware requirements. We're probably going to move toward that when we roll out virtual desktops.

  • CogCog What'd you expect? Registered User regular
    edited September 2015
    Oh there was still plenty of typing, and let me be very clear: Pre mudding, I typed looking at my fingers around 30 wpm. Post mudding I typed high/drunk/asleep/watching tv around 130wpm. Still can't spell for shit, cause you don't tend to type 'bs tiamat' at work very much, but I can fuck words up fast.

    tintin was just for making sure I never had to loot/sac corpses, sac junk loot, auto-join the arena, some auto-responses to a few combat triggers in PVP, walking directions, and myriad utility triggers and actions.

    Oh, and I subbed and colored text so combat read differently than the default to highlight the important shit, and my prompt was different depending on if I was in combat or out.

    Cog on
  • bowenbowen How you doin'? Registered User regular
    bowen wrote: »
    Apothe0sis wrote: »
    A SAN is a BFD. 30k isn't outlandish,

    The cheaper option is DAS - disk attached storage. Direct Attached Storage?

    If you are only doing a small number of servers it gets you the benefits of vmotion and such with less expense.

    Well 30k was for all the licenses/hardware, so that's 2 servers, a shitload of ram, and the SAN.
    That really doesn't seem bad at all to me. But then I'm pretty lucky that I can well over-buy hardware. (Our hosts run around $15k each, and we got a $100k EqualLogic SAN for around $40k in our first round...) Are you sure that isn't a NAS box? Because that seems totally fine. I will say this: whatever you do, get a lot of RAM. More than you think you need, so you can deploy larger VMs.

    Also, perhaps look into building the project with VMware vSAN. This week they announced two-host/node vSAN (used to be a minimum of three hosts), where you get huge performance without a physical SAN; it just uses the storage built in to the hosts, but there are some very specific hardware requirements. We're probably going to move toward that when we roll out virtual desktops.

    Yeah I'm not really sure what we need.

    That's the problem, I would do all this myself.

    But then I was like, well I don't really know all the technology behind it, and I don't want to fuck us over with 10-20k worth of hardware if it won't do what I want.

    Then I call this company, and they quote me 30K in hardware and 30K in 'engineering' to set all this all up. I can't help but feel fleeced.

    VNXe was the 'storage' they were quoting us, I don't really know much about it, it looks like it's a SAN of some sort but I don't really know. We obviously would like to keep performance, but costs are more a priority to us. We probably don't need super SANs with SSD hybrid drives or whatever.

    We would like redundancy though.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • SeidkonaSeidkona Had an upgrade Registered User regular
    edited September 2015
    I get feeling fleeced but you do have to factor in the fact that they know all the technology behind what you want to set up and you don't. So that's certainly worth something? I mean you charge your company your salary to know things no one else does, right? Your salary is basically a yearly engineering retainer.

    Maybe it really is worth 30k? Sorry, I am just trying to pivot out of NPO's and I am trying to think of things, IT skills in particular, in a different light.

    Seidkona on
    Mostly just huntin' monsters.
    XBL:Phenyhelm - 3DS:Phenyhelm
  • bowenbowen How you doin'? Registered User regular
    edited September 2015
    I have a hard time believing popping a server in a rack and setting up VMWare requires 30k's worth of knowledge over the course of 2ish days.

    I could probably do it, but it's risky.

    Plus isn't there a free bare-metal hypervisor, why are they giving me vSphere?

    The other quote they gave me was some sort of microsoft thing, and instead of paying for vSphere I was paying for microsoft server licenses and it wasn't a bare metal hypervisor (which is what I specifically laid out since the last time they did this project they put vmware server 2 on our system)

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
This discussion has been closed.