The vmware horizon solutions I have used are fucking gaaaaaaaaaarbage.
I personally think that Horizon is fine if you go into it with both eyes open and invest in it adequately. The problem is that too many companies buy into bullshit hype about desktop virtualization or app virtualization and either expect them to serve use cases where they're a poor fit, or they expect them to save money on hardware (they don't) and underinvest in them.
They never, ever, ever save money compared to a traditional thick workstation setup.
Oh, I think they work fine when they are working properly.
We have an affiliate rural hospital that has their entire infrastructure on horizon. We help them out with the IT side of things when they need it. The virtual desktops work fine when they aren't broken, but they have a tendency to crash without recovering, and the users that the desktops are provisioned for can't log in without calling their help desk and the session is restarted. I don't know why horizon can't figure out that the session has hung and terminate it automatically.
Also, the management console is a web page written in flash.
VMware started phasing out flash about two years ago, and the Horizon version released about a year ago got rid of it entirely.
Despite that, I'm totally sympathetic. I'm in a situation right now where we're finally dumping Persona Management, which has been a deadend technology for years, in favor of Dynamic Environment Manager. We should have done this a long time ago, but I couldn't get the budget to upgrade our Horizon Advanced licenses to Horizon Enterprise... until Persona Management encountered a severe BSOD hard crash bug. DEM is great, Persona Management was always an irritation. But you don't get DEM unless you pay the $$$$$$$$ for Horizon Enterprise licenses. When managers & execs hear "well, for less money on the Advanced license you can use Persona Management instead of DEM" and nobody at VMware admits "uh, Persona Management hasn't received any serious development attention since 2016" then guess what happens.
Also, I'm going to venture a guess that your rural hospital is also using Imprivata, because it's ubiquitous in healthcare. Imprivata and Horizon have some intricate interoperabilities, so you can't just upgrade Horizon without also upgrading Imprivata, which means a whole other set of challenges.
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
I’m not sure we have the time or expertise for that.
This also isn’t something we can refactor. The main offender here is on the docket to be replaced, but that is probably a couple years out.
Yeah, you didn't make this sound like it was something you developed in-house. You made it sound like a software platform you purchased, and you're just hosting it in-house.
I really mean it though, reverse proxies are exactly the splint you want in this situation. You can usually use a reverse proxy to implement security and authentication features that the web app itself doesn't support. NGINX and IIS are probably the first ones to look into. If you have budget, then F5 might be my top pick.
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
Pet peeve: when another tech starts their troubleshooting process with "what changed?"
"Did something change on Server47? It's no longer accepting HTTPS requests."
No, nothing changed. We froze it in amber a year ago.
I work in a larger org, so I'm gonna challenge this somewhat. In our type of environment we can pull a list of, say, new services or patches that were applied in the last 24 hours, which IS a good place to start when things stop working.
I admit that part of this is that i've never worked in an organization with a healthy change management process.
But also, yeah, I totally agree, asking "what changed?" and treating it as a data point is totally fine. I'm more talking about interactions like this:
Tech: Did something change on Server47? It's no longer accepting HTTPS requests.
Me: Since when?
Tech: I dunno. Last week, maybe?
Me: Well, we finally turned off NTLM v1 across 200 VMs, but I don't see how that could--
Tech: Can we turn it back on?
Me: Is only Server47 having the problem?
Tech: I dunno. I think so?
Me: Are there any error messages that suggest NTLM is the problem?
Tech: I dunno. I could check? Why can't you just turn NTLMv1 back on?
Me: Bring me some credible evidence that it's NTLMv1 and I will.
My real pet peeve is techs not bothering to do, y'know, basic diagnostic work: is there anything in a relevant log? (Either Event Viewer or the IIS log or some other application log?) Which machines are affected? Which machines are not affected? Does it happen for any client? Any user? Have you poked it with any diagnostic tools? (for a web server refusing SSL, I'd expect something along the lines of nmap's ssl-enum-ciphers script if it's internal or Qualys server test if it's external).
I respect that's not really a problem with the approach of "what changed?" but more with techs just glomming on to whatever easy answer that lets them pass the buck
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
Pet peeve: when another tech starts their troubleshooting process with "what changed?"
"Did something change on Server47? It's no longer accepting HTTPS requests."
No, nothing changed. We froze it in amber a year ago.
I work in a larger org, so I'm gonna challenge this somewhat. In our type of environment we can pull a list of, say, new services or patches that were applied in the last 24 hours, which IS a good place to start when things stop working.
I admit that part of this is that i've never worked in an organization with a healthy change management process.
But also, yeah, I totally agree, asking "what changed?" and treating it as a data point is totally fine. I'm more talking about interactions like this:
Tech: Did something change on Server47? It's no longer accepting HTTPS requests.
Me: Since when?
Tech: I dunno. Last week, maybe?
Me: Well, we finally turned off NTLM v1 across 200 VMs, but I don't see how that could--
Tech: Can we turn it back on?
Me: Is only Server47 having the problem?
Tech: I dunno. I think so?
Me: Are there any error messages that suggest NTLM is the problem?
Tech: I dunno. I could check? Why can't you just turn NTLMv1 back on?
Me: Bring me some credible evidence that it's NTLMv1 and I will.
My real pet peeve is techs not bothering to do, y'know, basic diagnostic work: is there anything in a relevant log? (Either Event Viewer or the IIS log or some other application log?) Which machines are affected? Which machines are not affected? Does it happen for any client? Any user? Have you poked it with any diagnostic tools? (for a web server refusing SSL, I'd expect something along the lines of nmap's ssl-enum-ciphers script if it's internal or Qualys server test if it's external).
I respect that's not really a problem with the approach of "what changed?" but more with techs just glomming on to whatever easy answer that lets them pass the buck
Even a simple Test-NetConnection seems to solve so much. At my main customer I'm responsible for End User Computing (including mailservers and internal DNS for the entire environment, because lines get blurred as to what exactly is just End User and what is just general IT). My general job (not included in my job description) these days seem to be "help application adminsitrators through the most basic of troubleshooting."
The vmware horizon solutions I have used are fucking gaaaaaaaaaarbage.
I personally think that Horizon is fine if you go into it with both eyes open and invest in it adequately. The problem is that too many companies buy into bullshit hype about desktop virtualization or app virtualization and either expect them to serve use cases where they're a poor fit, or they expect them to save money on hardware (they don't) and underinvest in them.
They never, ever, ever save money compared to a traditional thick workstation setup.
Oh, I think they work fine when they are working properly.
We have an affiliate rural hospital that has their entire infrastructure on horizon. We help them out with the IT side of things when they need it. The virtual desktops work fine when they aren't broken, but they have a tendency to crash without recovering, and the users that the desktops are provisioned for can't log in without calling their help desk and the session is restarted. I don't know why horizon can't figure out that the session has hung and terminate it automatically.
Also, the management console is a web page written in flash.
VMware started phasing out flash about two years ago, and the Horizon version released about a year ago got rid of it entirely.
Despite that, I'm totally sympathetic. I'm in a situation right now where we're finally dumping Persona Management, which has been a deadend technology for years, in favor of Dynamic Environment Manager. We should have done this a long time ago, but I couldn't get the budget to upgrade our Horizon Advanced licenses to Horizon Enterprise... until Persona Management encountered a severe BSOD hard crash bug. DEM is great, Persona Management was always an irritation. But you don't get DEM unless you pay the $$$$$$$$ for Horizon Enterprise licenses. When managers & execs hear "well, for less money on the Advanced license you can use Persona Management instead of DEM" and nobody at VMware admits "uh, Persona Management hasn't received any serious development attention since 2016" then guess what happens.
Also, I'm going to venture a guess that your rural hospital is also using Imprivata, because it's ubiquitous in healthcare. Imprivata and Horizon have some intricate interoperabilities, so you can't just upgrade Horizon without also upgrading Imprivata, which means a whole other set of challenges.
Yyyup. Both my hospital and our affiliate use it, and are in the process of migrating their users onto our imprivata instance. We're also migrated about half of their virtual desktop infrastructure into our citrix environment with their own set of images. The process should be completed some time before the end of the year. I'm sure horizon would be better if it were fully up to date, but it doesn't make sense to go through the headache of upgrading that infrastructure when it's going to be replaced.
Pet peeve: when another tech starts their troubleshooting process with "what changed?"
"Did something change on Server47? It's no longer accepting HTTPS requests."
No, nothing changed. We froze it in amber a year ago.
I work in a larger org, so I'm gonna challenge this somewhat. In our type of environment we can pull a list of, say, new services or patches that were applied in the last 24 hours, which IS a good place to start when things stop working.
I admit that part of this is that i've never worked in an organization with a healthy change management process.
But also, yeah, I totally agree, asking "what changed?" and treating it as a data point is totally fine. I'm more talking about interactions like this:
Tech: Did something change on Server47? It's no longer accepting HTTPS requests.
Me: Since when?
Tech: I dunno. Last week, maybe?
Me: Well, we finally turned off NTLM v1 across 200 VMs, but I don't see how that could--
Tech: Can we turn it back on?
Me: Is only Server47 having the problem?
Tech: I dunno. I think so?
Me: Are there any error messages that suggest NTLM is the problem?
Tech: I dunno. I could check? Why can't you just turn NTLMv1 back on?
Me: Bring me some credible evidence that it's NTLMv1 and I will.
My real pet peeve is techs not bothering to do, y'know, basic diagnostic work: is there anything in a relevant log? (Either Event Viewer or the IIS log or some other application log?) Which machines are affected? Which machines are not affected? Does it happen for any client? Any user? Have you poked it with any diagnostic tools? (for a web server refusing SSL, I'd expect something along the lines of nmap's ssl-enum-ciphers script if it's internal or Qualys server test if it's external).
I respect that's not really a problem with the approach of "what changed?" but more with techs just glomming on to whatever easy answer that lets them pass the buck
Yeeeeep. This is why I've also gotten to the point where sometimes it's, "Generate the standard support packet and don't call me until you have that data." Because more than half the time just the act of collecting it results in a solution and I don't have to be involved.
InfluxDB is like...shockingly bad. I now have no questions as to how Prometheus took the world by storm the way it did, because things you can do easily in Prometheus are somewhere between stupid hard, inaccurate or literally impossible in InfluxQL when your querying it.
Like, wow. My entire company's metrics gathering seems to turn on "massive limitations of Influx in querying data" rather then any other actual restriction.
By a weird coincidence, I'm just right now researching "which time series DB should we use", and while Influx sure does show up in a lot of lists. (the db-engines list for example. It's also commonly used in comparisons when other TSDBs want to show they're better, which suggests it's at least got name recognition, though that doesn't mean it's good, just popular)
Can you give any more details about what's wrong with it? I have a big list of options I'm trying to do a quick initial filter through, and if there's a quick way to knock one out of that list it'll help.
(Prometheus won't work for our case, we need to push data into it rather than having it pull data from other stuff, and dashboardability isn't as much of an issue for us, but there's still OpenTSDB / Timescale / Kairos / QuestDB / Clickhouse, etc, etc, etc. Also, I don't know why so many of these things use "custom query language" as if it's a _positive_ thing, ugh)
djmitchella on
0
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
edited September 2020
I dunno where else to ask, but I've got a little Linksys SE3005 switch at home and frequently have to hard reboot the thing to get gigabit ethernet speeds. It seems to be defaulting down to Ethernet 100. As soon as I unplug and replug the power on the switch the download speeds jump right back up to where they should. Either I'm not looking for the right question or there is a real dearth of information regarding this on the Goog.
This is a stupid, unmanaged switch and it just has my PC and Switch hooked to it. I never had this issue when I was running the cable straight to my PC. I'm just curious why it doesn't degrade in any other manner other than going from GB to 100M. Tried different cables and have had zero luck.
IME even though 5e is rated for gig most consumer grade networking equipment can't actually push a gig through it.
So I could see the switch negotiating 1gig to start (after a reboot) then dropping down to 100meg once it's lost too many packets.
Usually cat6 has good enough shielding that it doesn't come up.
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
+2
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
InfluxDB is like...shockingly bad. I now have no questions as to how Prometheus took the world by storm the way it did, because things you can do easily in Prometheus are somewhere between stupid hard, inaccurate or literally impossible in InfluxQL when your querying it.
Like, wow. My entire company's metrics gathering seems to turn on "massive limitations of Influx in querying data" rather then any other actual restriction.
Here at EchoCorp we were looking at Influx for certain data collection, since it can do downsampling natively - even though I love Prometehus, it still has some glaring omissions in features that Influx can do. We ended up not using Influx and solving it with a daily data pipeline instead, because it turns out Influx strongly recommends against running it in k8s, and that's a major point against it.
Have you looked at their newer Flux query language that's in Influx 2.0?
due to some (terrible) changes by devs our production Galera mariadb cluster went from ~40% disk utilization to 90+ overnight.. I was panicking hard thinking I'd need to do reboots etc to increase disk space. which often cause outages while it resyncs the servers, but nope GCP let me double the size of the boot disks in seconds with two cli commands with no performance hit while doing it; the future is now. I pray to god I never work anywhere that hasn't migrated to gcp/aws/azure or similar again
Switching to virtualized was the best thing we've done.
So much better to maintain and manage.
It took a long time to convince my boss to do it because of the sour taste he had in his mouth when the original company had attempted to virtualize his infrastructure 14 some odd years ago with vmware's gsx or whatever the fuck that thing was in 2007ish.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
Switching to virtualized was the best thing we've done.
So much better to maintain and manage.
It took a long time to convince my boss to do it because of the sour taste he had in his mouth when the original company had attempted to virtualize his infrastructure 14 some odd years ago with vmware's gsx or whatever the fuck that thing was in 2007ish.
It really is. Even for very small companies with a couple of servers, just turning them into free ESXi or basic Hyper-V hosts and running your servers as VMs is so much better.
Feral on
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
Switching to virtualized was the best thing we've done.
So much better to maintain and manage.
It took a long time to convince my boss to do it because of the sour taste he had in his mouth when the original company had attempted to virtualize his infrastructure 14 some odd years ago with vmware's gsx or whatever the fuck that thing was in 2007ish.
It really is. Even for very small companies with a couple of servers, just turning them into free ESXi or basic Hyper-V hosts and running your servers as VMs is so much better.
No more of that "oh, we need to pay out the nose for this bespoke server motherboard circa 2005 to get our whatever to boot", just buy whatever cheap shit dell has off the shelf and spin your vm back up.
InfluxDB is like...shockingly bad. I now have no questions as to how Prometheus took the world by storm the way it did, because things you can do easily in Prometheus are somewhere between stupid hard, inaccurate or literally impossible in InfluxQL when your querying it.
Like, wow. My entire company's metrics gathering seems to turn on "massive limitations of Influx in querying data" rather then any other actual restriction.
Here at EchoCorp we were looking at Influx for certain data collection, since it can do downsampling natively - even though I love Prometehus, it still has some glaring omissions in features that Influx can do. We ended up not using Influx and solving it with a daily data pipeline instead, because it turns out Influx strongly recommends against running it in k8s, and that's a major point against it.
Have you looked at their newer Flux query language that's in Influx 2.0?
We're caught in "next system hell" at the moment. We're moving to M3 which uses PromQL...so nobody wants to touch or upgrade Influx so we definitely can't have Flux (which would fix my immediate problems).
Really weird network share permission error I ran into that I haven't seen before.
Standard practice for me has always been to set Share permissions to Full Control for Everyone. Then within the NTFS permissions I set access and restrictions. I tested this just now on 2012 R2 and it works exactly as I would expect, the user cannot enter the Share because NTFS is restricting their access.
In comes a different server (2012). Same permissions as above, NTFS is restricted to one user group that has only a few members. Somehow any user is able to access the share and open files, etc. Only way to restrict access is through the Share permissions by removing Everyone and adding in that group.
Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
Really weird network share permission error I ran into that I haven't seen before.
Standard practice for me has always been to set Share permissions to Full Control for Everyone. Then within the NTFS permissions I set access and restrictions. I tested this just now on 2012 R2 and it works exactly as I would expect, the user cannot enter the Share because NTFS is restricting their access.
In comes a different server (2012). Same permissions as above, NTFS is restricted to one user group that has only a few members. Somehow any user is able to access the share and open files, etc. Only way to restrict access is through the Share permissions by removing Everyone and adding in that group.
Any suggestions on what to check?
First thing that comes to mind is the local security policy has been changed to allow anonymous (unauthenticated) access.
Computer Configuration\Windows Settings\Security Settings\Local Polices\Security Options
Network access: Let Everyone permissions apply to anonymous users
I forget if there are more sec policies that further remove security on a system like that.
Additionally, it's possible a local group membership on the server has been changed to include groups that shouldn't be there and this is causing more rights than expected. For an extreme example putting Domain Users in the Local Admins group.
SiliconStew on
Just remember that half the people you meet are below average intelligence.
Oh great, more network fuckery by Apple. ios 14 apparently has a new "feature" that creates a random MAC for each wifi network to avoid tracking. Except they fucked up the implementation and the device connects to the network first with it's real MAC address before switching to the fake MAC. So not only does it fail in protecting you from tracking, this causes duplicate IP address problems on the network. So good luck connecting to any wifi network that tracks logins/access by MAC such as hotels or other public/guest wifi with your Apple device unless you turn it off.
Just remember that half the people you meet are below average intelligence.
I use MAC strictly for keeping employees from using our company wifi. There's still enterprise wifi with radius auth but we've been using their company credentials for access and wanted it to be pain-free on their company devices.
Gonna have to look into doing certificate-based auth whenever they stop loading me with shit to do. I have 3 new projects already waiting for me when I get back next week.
Me: upgrades Cisco IOS-XE version across several of our branch routers and switches
Me: tests routing, throughput. everything looks good.
Branch office, three days later: "Half of our computers don't have Internet."
Helpdesk staff, "Hey, Feral, half of the computers at the branch office don't have Internet."
Me: "hey thanks for translating English to English. Would you mind at least pretending to be useful and doing some minimal troubleshooting before escalating a ticket? k thx bye"
Feral on
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
Long story short: some of our offices don't have servers onsite, so DHCP is served up by the local Cisco router
the new version of IOS-XE doesn't let you use spaces in a DHCP scope name. The old version did, so we had DHCP scopes like "Spokane 12th St Office LAN"
The new version just dropped the DHCP scopes from the config.
I know, I could have noticed while doing the upgrade. I didn't. I reviewed the config but not with a fine-toothed comb. Shut up. It's still dumb.
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
the "no true scotch man" fallacy.
0
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
Long story short: some of our offices don't have servers onsite, so DHCP is served up by the local Cisco router
the new version of IOS-XE doesn't let you use spaces in a DHCP scope name. The old version did, so we had DHCP scopes like "Spokane 12th St Office LAN"
The new version just dropped the DHCP scopes from the config.
I know, I could have noticed while doing the upgrade. I didn't. I reviewed the config but not with a fine-toothed comb. Shut up. It's still dumb.
As a network device dev, the fact that they just dropped it instead of alarming or converting the config to something compatible is insane to me. I’d get reamed if I tried to ship that, but our stuff is better than Cisco’s, so...
Long story short: some of our offices don't have servers onsite, so DHCP is served up by the local Cisco router
the new version of IOS-XE doesn't let you use spaces in a DHCP scope name. The old version did, so we had DHCP scopes like "Spokane 12th St Office LAN"
The new version just dropped the DHCP scopes from the config.
I know, I could have noticed while doing the upgrade. I didn't. I reviewed the config but not with a fine-toothed comb. Shut up. It's still dumb.
As a network device dev, the fact that they just dropped it instead of alarming or converting the config to something compatible is insane to me. I’d get reamed if I tried to ship that, but our stuff is better than Cisco’s, so...
That was my feeling too.
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
the "no true scotch man" fallacy.
0
That_GuyI don't wanna be that guyRegistered Userregular
I found a 6th gen iPad in the recycling bin at the office today. It is understood that if you find something in there you want to fix, it's your's. It turns on but the digitizer is cracked all to hell. The screen itself and the fingerprint reader seem fine. The adhesive holding the glass in place has even started to pull apart. I decided to take it and attempt to repair it. The digitizer is only $13 on eBay. Since the glass is already pulling free, it should be easy enough to get it out. I think the trickiest part will be getting the fingerprint reader out.
I found a USB cable with it so I'm trying to charge the battery. I'm going to mess around with it for a while to see if it'll be worth fixing up.
I found a 6th gen iPad in the recycling bin at the office today. It is understood that if you find something in there you want to fix, it's your's. It turns on but the digitizer is cracked all to hell. The screen itself and the fingerprint reader seem fine. The adhesive holding the glass in place has even started to pull apart. I decided to take it and attempt to repair it. The digitizer is only $13 on eBay. Since the glass is already pulling free, it should be easy enough to get it out. I think the trickiest part will be getting the fingerprint reader out.
I found a USB cable with it so I'm trying to charge the battery. I'm going to mess around with it for a while to see if it'll be worth fixing up.
I used to recycle equipment straight to my house all the time because I was willing to fuck around with parts ordering and my company isn't.
But then my wife started getting really mad about how many computers I had at home "just cuz."
I found a 6th gen iPad in the recycling bin at the office today. It is understood that if you find something in there you want to fix, it's your's. It turns on but the digitizer is cracked all to hell. The screen itself and the fingerprint reader seem fine. The adhesive holding the glass in place has even started to pull apart. I decided to take it and attempt to repair it. The digitizer is only $13 on eBay. Since the glass is already pulling free, it should be easy enough to get it out. I think the trickiest part will be getting the fingerprint reader out.
I found a USB cable with it so I'm trying to charge the battery. I'm going to mess around with it for a while to see if it'll be worth fixing up.
It may be much easier if you grab one of those ~$20 "smartphone tools" kits so you can pry open things and mess with the parts easily. Also be gentle with the heat gun; I had a guy mess up the screen on my Pixel XL because he didn't move the heat gun around enough (he replaced the damaged part).
Good luck! We're getting my younger daughter a refurb iPad since her sister has one. They've held up very well so far.
0
That_GuyI don't wanna be that guyRegistered Userregular
I found a 6th gen iPad in the recycling bin at the office today. It is understood that if you find something in there you want to fix, it's your's. It turns on but the digitizer is cracked all to hell. The screen itself and the fingerprint reader seem fine. The adhesive holding the glass in place has even started to pull apart. I decided to take it and attempt to repair it. The digitizer is only $13 on eBay. Since the glass is already pulling free, it should be easy enough to get it out. I think the trickiest part will be getting the fingerprint reader out.
I found a USB cable with it so I'm trying to charge the battery. I'm going to mess around with it for a while to see if it'll be worth fixing up.
It may be much easier if you grab one of those ~$20 "smartphone tools" kits so you can pry open things and mess with the parts easily. Also be gentle with the heat gun; I had a guy mess up the screen on my Pixel XL because he didn't move the heat gun around enough (he replaced the damaged part).
Good luck! We're getting my younger daughter a refurb iPad since her sister has one. They've held up very well so far.
I don't have a heat gun but I have everything else I'll need. I'm going to try using a hairdryer and/or a hotpack.
I found a 6th gen iPad in the recycling bin at the office today. It is understood that if you find something in there you want to fix, it's your's. It turns on but the digitizer is cracked all to hell. The screen itself and the fingerprint reader seem fine. The adhesive holding the glass in place has even started to pull apart. I decided to take it and attempt to repair it. The digitizer is only $13 on eBay. Since the glass is already pulling free, it should be easy enough to get it out. I think the trickiest part will be getting the fingerprint reader out.
I found a USB cable with it so I'm trying to charge the battery. I'm going to mess around with it for a while to see if it'll be worth fixing up.
It may be much easier if you grab one of those ~$20 "smartphone tools" kits so you can pry open things and mess with the parts easily. Also be gentle with the heat gun; I had a guy mess up the screen on my Pixel XL because he didn't move the heat gun around enough (he replaced the damaged part).
Good luck! We're getting my younger daughter a refurb iPad since her sister has one. They've held up very well so far.
I don't have a heat gun but I have everything else I'll need. I'm going to try using a hairdryer and/or a hotpack.
Personally, I would just get a heat gun. They are not expensive and they are so useful.
The vmware horizon solutions I have used are fucking gaaaaaaaaaarbage.
I personally think that Horizon is fine if you go into it with both eyes open and invest in it adequately. The problem is that too many companies buy into bullshit hype about desktop virtualization or app virtualization and either expect them to serve use cases where they're a poor fit, or they expect them to save money on hardware (they don't) and underinvest in them.
They never, ever, ever save money compared to a traditional thick workstation setup.
Oh, I think they work fine when they are working properly.
We have an affiliate rural hospital that has their entire infrastructure on horizon. We help them out with the IT side of things when they need it. The virtual desktops work fine when they aren't broken, but they have a tendency to crash without recovering, and the users that the desktops are provisioned for can't log in without calling their help desk and the session is restarted. I don't know why horizon can't figure out that the session has hung and terminate it automatically.
Also, the management console is a web page written in flash.
VMware started phasing out flash about two years ago, and the Horizon version released about a year ago got rid of it entirely.
Despite that, I'm totally sympathetic. I'm in a situation right now where we're finally dumping Persona Management, which has been a deadend technology for years, in favor of Dynamic Environment Manager. We should have done this a long time ago, but I couldn't get the budget to upgrade our Horizon Advanced licenses to Horizon Enterprise... until Persona Management encountered a severe BSOD hard crash bug. DEM is great, Persona Management was always an irritation. But you don't get DEM unless you pay the $$$$$$$$ for Horizon Enterprise licenses. When managers & execs hear "well, for less money on the Advanced license you can use Persona Management instead of DEM" and nobody at VMware admits "uh, Persona Management hasn't received any serious development attention since 2016" then guess what happens.
Also, I'm going to venture a guess that your rural hospital is also using Imprivata, because it's ubiquitous in healthcare. Imprivata and Horizon have some intricate interoperabilities, so you can't just upgrade Horizon without also upgrading Imprivata, which means a whole other set of challenges.
I didn't realize when I wrote this that VMware, literally a few weeks ago, finally gave a feature-limited UEM/DEM ("DEM Standard") to us lowly Advanced license plebes. After years of people yelling "WTF" at them. Thank fucking god.
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
The vmware horizon solutions I have used are fucking gaaaaaaaaaarbage.
I personally think that Horizon is fine if you go into it with both eyes open and invest in it adequately. The problem is that too many companies buy into bullshit hype about desktop virtualization or app virtualization and either expect them to serve use cases where they're a poor fit, or they expect them to save money on hardware (they don't) and underinvest in them.
They never, ever, ever save money compared to a traditional thick workstation setup.
Oh, I think they work fine when they are working properly.
We have an affiliate rural hospital that has their entire infrastructure on horizon. We help them out with the IT side of things when they need it. The virtual desktops work fine when they aren't broken, but they have a tendency to crash without recovering, and the users that the desktops are provisioned for can't log in without calling their help desk and the session is restarted. I don't know why horizon can't figure out that the session has hung and terminate it automatically.
Also, the management console is a web page written in flash.
VMware started phasing out flash about two years ago, and the Horizon version released about a year ago got rid of it entirely.
Despite that, I'm totally sympathetic. I'm in a situation right now where we're finally dumping Persona Management, which has been a deadend technology for years, in favor of Dynamic Environment Manager. We should have done this a long time ago, but I couldn't get the budget to upgrade our Horizon Advanced licenses to Horizon Enterprise... until Persona Management encountered a severe BSOD hard crash bug. DEM is great, Persona Management was always an irritation. But you don't get DEM unless you pay the $$$$$$$$ for Horizon Enterprise licenses. When managers & execs hear "well, for less money on the Advanced license you can use Persona Management instead of DEM" and nobody at VMware admits "uh, Persona Management hasn't received any serious development attention since 2016" then guess what happens.
Also, I'm going to venture a guess that your rural hospital is also using Imprivata, because it's ubiquitous in healthcare. Imprivata and Horizon have some intricate interoperabilities, so you can't just upgrade Horizon without also upgrading Imprivata, which means a whole other set of challenges.
I didn't realize when I wrote this that VMware, literally a few weeks ago, finally gave a feature-limited UEM/DEM ("DEM Standard") to us lowly Advanced license plebes. After years of people yelling "WTF" at them. Thank fucking god.
update: but it doesn't include App Volumes, and selling UEM without App Volumes is like selling a car without wheels
fuck you, vmware
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
@Feral If I wanted to spec out a VMWare Horizon install because I was asked to provide it, what do I even need for licenses?
This is for the same stuff I was asking about awhile back, it will only be application virtualization for some old web apps that we need to provide external access to. Also yes, I realize this is totally overkill for that purpose.
I am so fucking tired of people using Zoom and Teams and not clicking on the right shit to make video and audio work, and/or ignoring red indicators asking for perms. Especially when they call me 30 minutes after their meetings are over and just simply share that it didn't work.
Just fucking call me. Also if you're taking like 12 meetings a day and have been doing so for the past 7 months maybe you should have learned by now how to use video conferencing.
Also gonna say fuck you to the sales guy saying, "It's because we don't have real computers so we don't have Teams."
1. You have real computers, they just don't have Windows, they have Linux.
2. MS has a Linux client for Teams that works exactly like the Windows client and I installed it for you 7 months ago. Again, fuck you.
I am so fucking tired of people using Zoom and Teams and not clicking on the right shit to make video and audio work, and/or ignoring red indicators asking for perms. Especially when they call me 30 minutes after their meetings are over and just simply share that it didn't work.
Just fucking call me. Also if you're taking like 12 meetings a day and have been doing so for the past 7 months maybe you should have learned by now how to use video conferencing.
Also gonna say fuck you to the sales guy saying, "It's because we don't have real computers so we don't have Teams."
1. You have real computers, they just don't have Windows, they have Linux.
2. MS has a Linux client for Teams that works exactly like the Windows client and I installed it for you 7 months ago. Again, fuck you.
can I have a fake computer that doesn't have Teams? sign me the heck up for that.
Ah this reminds me of 5 months ago when I cautioned them that telemed with old patients was going to be a crapshoot.
Guess who was right
Yeah, my wife does a bunch of it with the Mayo clinic (she's a patient) and they have an intermediary person who works with you to make sure you've figured your shit out before they hand you off to the doctor.
Posts
VMware started phasing out flash about two years ago, and the Horizon version released about a year ago got rid of it entirely.
Despite that, I'm totally sympathetic. I'm in a situation right now where we're finally dumping Persona Management, which has been a deadend technology for years, in favor of Dynamic Environment Manager. We should have done this a long time ago, but I couldn't get the budget to upgrade our Horizon Advanced licenses to Horizon Enterprise... until Persona Management encountered a severe BSOD hard crash bug. DEM is great, Persona Management was always an irritation. But you don't get DEM unless you pay the $$$$$$$$ for Horizon Enterprise licenses. When managers & execs hear "well, for less money on the Advanced license you can use Persona Management instead of DEM" and nobody at VMware admits "uh, Persona Management hasn't received any serious development attention since 2016" then guess what happens.
Also, I'm going to venture a guess that your rural hospital is also using Imprivata, because it's ubiquitous in healthcare. Imprivata and Horizon have some intricate interoperabilities, so you can't just upgrade Horizon without also upgrading Imprivata, which means a whole other set of challenges.
the "no true scotch man" fallacy.
Yeah, you didn't make this sound like it was something you developed in-house. You made it sound like a software platform you purchased, and you're just hosting it in-house.
I really mean it though, reverse proxies are exactly the splint you want in this situation. You can usually use a reverse proxy to implement security and authentication features that the web app itself doesn't support. NGINX and IIS are probably the first ones to look into. If you have budget, then F5 might be my top pick.
the "no true scotch man" fallacy.
I admit that part of this is that i've never worked in an organization with a healthy change management process.
But also, yeah, I totally agree, asking "what changed?" and treating it as a data point is totally fine. I'm more talking about interactions like this:
Tech: Did something change on Server47? It's no longer accepting HTTPS requests.
Me: Since when?
Tech: I dunno. Last week, maybe?
Me: Well, we finally turned off NTLM v1 across 200 VMs, but I don't see how that could--
Tech: Can we turn it back on?
Me: Is only Server47 having the problem?
Tech: I dunno. I think so?
Me: Are there any error messages that suggest NTLM is the problem?
Tech: I dunno. I could check? Why can't you just turn NTLMv1 back on?
Me: Bring me some credible evidence that it's NTLMv1 and I will.
My real pet peeve is techs not bothering to do, y'know, basic diagnostic work: is there anything in a relevant log? (Either Event Viewer or the IIS log or some other application log?) Which machines are affected? Which machines are not affected? Does it happen for any client? Any user? Have you poked it with any diagnostic tools? (for a web server refusing SSL, I'd expect something along the lines of nmap's ssl-enum-ciphers script if it's internal or Qualys server test if it's external).
I respect that's not really a problem with the approach of "what changed?" but more with techs just glomming on to whatever easy answer that lets them pass the buck
the "no true scotch man" fallacy.
Even a simple Test-NetConnection seems to solve so much. At my main customer I'm responsible for End User Computing (including mailservers and internal DNS for the entire environment, because lines get blurred as to what exactly is just End User and what is just general IT). My general job (not included in my job description) these days seem to be "help application adminsitrators through the most basic of troubleshooting."
Yyyup. Both my hospital and our affiliate use it, and are in the process of migrating their users onto our imprivata instance. We're also migrated about half of their virtual desktop infrastructure into our citrix environment with their own set of images. The process should be completed some time before the end of the year. I'm sure horizon would be better if it were fully up to date, but it doesn't make sense to go through the headache of upgrading that infrastructure when it's going to be replaced.
Yeeeeep. This is why I've also gotten to the point where sometimes it's, "Generate the standard support packet and don't call me until you have that data." Because more than half the time just the act of collecting it results in a solution and I don't have to be involved.
By a weird coincidence, I'm just right now researching "which time series DB should we use", and while Influx sure does show up in a lot of lists. (the db-engines list for example. It's also commonly used in comparisons when other TSDBs want to show they're better, which suggests it's at least got name recognition, though that doesn't mean it's good, just popular)
Can you give any more details about what's wrong with it? I have a big list of options I'm trying to do a quick initial filter through, and if there's a quick way to knock one out of that list it'll help.
(Prometheus won't work for our case, we need to push data into it rather than having it pull data from other stuff, and dashboardability isn't as much of an issue for us, but there's still OpenTSDB / Timescale / Kairos / QuestDB / Clickhouse, etc, etc, etc. Also, I don't know why so many of these things use "custom query language" as if it's a _positive_ thing, ugh)
This is a stupid, unmanaged switch and it just has my PC and Switch hooked to it. I never had this issue when I was running the cable straight to my PC. I'm just curious why it doesn't degrade in any other manner other than going from GB to 100M. Tried different cables and have had zero luck.
IME even though 5e is rated for gig most consumer grade networking equipment can't actually push a gig through it.
So I could see the switch negotiating 1gig to start (after a reboot) then dropping down to 100meg once it's lost too many packets.
Usually cat6 has good enough shielding that it doesn't come up.
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
I think the one for the PC is Cat5e. I'll get some new cabling, thanks!
Here at EchoCorp we were looking at Influx for certain data collection, since it can do downsampling natively - even though I love Prometehus, it still has some glaring omissions in features that Influx can do. We ended up not using Influx and solving it with a daily data pipeline instead, because it turns out Influx strongly recommends against running it in k8s, and that's a major point against it.
Have you looked at their newer Flux query language that's in Influx 2.0?
So much better to maintain and manage.
It took a long time to convince my boss to do it because of the sour taste he had in his mouth when the original company had attempted to virtualize his infrastructure 14 some odd years ago with vmware's gsx or whatever the fuck that thing was in 2007ish.
It really is. Even for very small companies with a couple of servers, just turning them into free ESXi or basic Hyper-V hosts and running your servers as VMs is so much better.
the "no true scotch man" fallacy.
No more of that "oh, we need to pay out the nose for this bespoke server motherboard circa 2005 to get our whatever to boot", just buy whatever cheap shit dell has off the shelf and spin your vm back up.
We're caught in "next system hell" at the moment. We're moving to M3 which uses PromQL...so nobody wants to touch or upgrade Influx so we definitely can't have Flux (which would fix my immediate problems).
Standard practice for me has always been to set Share permissions to Full Control for Everyone. Then within the NTFS permissions I set access and restrictions. I tested this just now on 2012 R2 and it works exactly as I would expect, the user cannot enter the Share because NTFS is restricting their access.
In comes a different server (2012). Same permissions as above, NTFS is restricted to one user group that has only a few members. Somehow any user is able to access the share and open files, etc. Only way to restrict access is through the Share permissions by removing Everyone and adding in that group.
Any suggestions on what to check?
First thing that comes to mind is the local security policy has been changed to allow anonymous (unauthenticated) access.
Computer Configuration\Windows Settings\Security Settings\Local Polices\Security Options
Network access: Let Everyone permissions apply to anonymous users
I forget if there are more sec policies that further remove security on a system like that.
Additionally, it's possible a local group membership on the server has been changed to include groups that shouldn't be there and this is causing more rights than expected. For an extreme example putting Domain Users in the Local Admins group.
That said, the share permissions should also be added to the NTFS permissions, did you remove or restrict the "Everyone" group from NTFS?
Gonna have to look into doing certificate-based auth whenever they stop loading me with shit to do. I have 3 new projects already waiting for me when I get back next week.
Me: tests routing, throughput. everything looks good.
Branch office, three days later: "Half of our computers don't have Internet."
Helpdesk staff, "Hey, Feral, half of the computers at the branch office don't have Internet."
Me: "hey thanks for translating English to English. Would you mind at least pretending to be useful and doing some minimal troubleshooting before escalating a ticket? k thx bye"
the "no true scotch man" fallacy.
the new version of IOS-XE doesn't let you use spaces in a DHCP scope name. The old version did, so we had DHCP scopes like "Spokane 12th St Office LAN"
The new version just dropped the DHCP scopes from the config.
I know, I could have noticed while doing the upgrade. I didn't. I reviewed the config but not with a fine-toothed comb. Shut up. It's still dumb.
the "no true scotch man" fallacy.
Work with this shit every single day and it'll still surprise you.
That was my feeling too.
the "no true scotch man" fallacy.
I found a USB cable with it so I'm trying to charge the battery. I'm going to mess around with it for a while to see if it'll be worth fixing up.
I used to recycle equipment straight to my house all the time because I was willing to fuck around with parts ordering and my company isn't.
But then my wife started getting really mad about how many computers I had at home "just cuz."
It may be much easier if you grab one of those ~$20 "smartphone tools" kits so you can pry open things and mess with the parts easily. Also be gentle with the heat gun; I had a guy mess up the screen on my Pixel XL because he didn't move the heat gun around enough (he replaced the damaged part).
Good luck! We're getting my younger daughter a refurb iPad since her sister has one. They've held up very well so far.
I don't have a heat gun but I have everything else I'll need. I'm going to try using a hairdryer and/or a hotpack.
Personally, I would just get a heat gun. They are not expensive and they are so useful.
I didn't realize when I wrote this that VMware, literally a few weeks ago, finally gave a feature-limited UEM/DEM ("DEM Standard") to us lowly Advanced license plebes. After years of people yelling "WTF" at them. Thank fucking god.
the "no true scotch man" fallacy.
update: but it doesn't include App Volumes, and selling UEM without App Volumes is like selling a car without wheels
fuck you, vmware
the "no true scotch man" fallacy.
This is for the same stuff I was asking about awhile back, it will only be application virtualization for some old web apps that we need to provide external access to. Also yes, I realize this is totally overkill for that purpose.
Just fucking call me. Also if you're taking like 12 meetings a day and have been doing so for the past 7 months maybe you should have learned by now how to use video conferencing.
Also gonna say fuck you to the sales guy saying, "It's because we don't have real computers so we don't have Teams."
1. You have real computers, they just don't have Windows, they have Linux.
2. MS has a Linux client for Teams that works exactly like the Windows client and I installed it for you 7 months ago. Again, fuck you.
can I have a fake computer that doesn't have Teams? sign me the heck up for that.
Guess who was right
Yeah, my wife does a bunch of it with the Mayo clinic (she's a patient) and they have an intermediary person who works with you to make sure you've figured your shit out before they hand you off to the doctor.
I said I'd maybe consider it for double my salary. Maybe.