IT Team gets together and creates the hold from hell.

https://www.theregister.co.uk/2016/04/29/it_helpdesk_creates_oh_hold_hell/

https://www.reddit.com/r/VOIP/comments/dypp36/20191119_critical_freepbx_security_vulnerability/

"There has been a criticial security vulnerability discovered in FreePBX which allows remote code execution without authentication."

v14/v15 should automatically update themselves. Earlier versions will not.

@wirestyle22 said in Random Thread - Anything Goes:

thanks

This is what's keeping me busy lately. Building a Chicken Coop, though we're calling it the Palace, for our girls.



We have Leghorns (apparently pronounced LegUrns, Rhode Island Red, and Plymouth Rock (black) to start.

Construction is 2x4 insulated 8' x 8' with the run being 20' x 8'. All those years in construction back in the day always seem to pay off in some way. :D

Apparently, I've been elected to be the one to get them from the coop to the table when the time comes. ;)

The announcement page: Starwood Guest Reservation Database Security Incident Marriott International

My thoughts on the matter though rather curtailed from what I really want to say due to polite company: Some Thoughts on the Starwood/Marriott Reservations Database Breach

@dustinb3403 It's been a while, but there's a set of files the Mac writes to all folders it touches. .DS_Store or something like that.

We've seen busy graphics houses have their file servers brought to their knees by this "feature".

These guys: https://dea.nbird.com.au/2014/11/19/windows-server-prevent-mac-files-on-shares-ds_store-_-trashes/

@Danp Whoever made the T-Shirt was probably too intimidated to mention the grammatical error or maybe let it go because the guy was a d*ck.

@WrCombs said in DHCP Question...:

This is for a friend of mine who asked me ; And Wanted to be able to send him a link to read up on DHCP Best practices and ideas on his situation.

He came to me and said "if you set up a dhcp why do you set up .2-.254 with a gate way of .1
don't you want to keep some open for Static IPs... for example: printers?"

what can I say to him other than .1 is reserved for gateway? .1 is the gateway so it can't be used in the scenario.

He is explaining to me that this company Cybera is setting up a firewall for him at his location and is curious why they would leave it that wide and open without any reserved Static IPS.

I'm sending him the link to this thread to have him read through the answers I get.

Our rule of thumb, and it's a "we've been doing it this way since ... so we keep doing it this way" situation, is to set up the full subnet in DHCP and then set exclusions for what we want to set aside for servers, printers, and the like. We generally set printers via reservation.

Here's a simple scope setup in PowerShell:

Add-DHCPServerInDC
Add-DHCPServerv4Scope -Name "OUR Local Scope" -StartRange 10.100.10.1 -EndRange 10.100.10.254 -SubnetMask 255.255.255.0
Add-DhcpServerv4ExclusionRange -ScopeID 10.100.10.0 -StartRange 10.100.10.1 -EndRange 10.100.10.49
Add-DhcpServerv4ExclusionRange -ScopeID 10.100.10.0 -StartRange 10.100.10.200 -EndRange 10.100.10.254
Set-DhcpServerv4OptionValue -ComputerName DC.Domain.com -DnsServer 10.100.10.254 -DnsDomain Domain.com -Router 10.100.10.1

@mlnews said in Why aren’t chip credit cards stopping “card present” fraud in the US?:

Fraud is on the rise despite a move to chip cards.

A security analysis firm called Gemini Advisory recently posted a report saying that credit card fraud is actually on the rise in the US. That's surprising, because the US is three years out from a big chip-based card rollout. Chip-based cards were supposed to limit card fraud in the US, which was out of control compared to similar fraud in countries that already used EMV (the name of the chip card standard)....

I remember reading comments from the American payment industry folks that basically said Americans were too stupid to do Chip & PIN. We've had it here for a very long time with TAP being a relatively recent addition. TAP is limited to $50 or $100 depending on merchant and product. It makes transactions fast versus any other method.

Swipe needs to be banned. Period.

Next up: RFID protection wallets. A must-have for frequent travelers.

@DustinB3403 said in Random Thread - Anything Goes:

@scottalanmiller said in Random Thread - Anything Goes:

A is positively the correct answer.

Kids in our family know what Eye-Dee-Ten-Tee (ID10T) and PEBKAC (Peb-Cack) mean. :D

Easier is "Set up for an Organization" and choose a username. Ours would be Laptop Admin with the space and no password to avoid the questions.

Once logged on, CTRL+ALT+DEL and Change Password to set the new one. Note that the existing would be a blank.

@travisdh1 said in Random Thread - Anything Goes:

@phlipelder said in Random Thread - Anything Goes:

@nadnerb said in Random Thread - Anything Goes:

Ouch ... that brought back a painful memory.

ATI Rage Fury MAXX

(Image Credit: Internet)

We had a client with a fair number of very proficient Photoshop drivers. They needed way more GPU than the then current "best" could give them.

So, we built a bleeding edge system with this card.

Everything seemed to pan out but then the drivers came back and bit us in the arse.

Ultimately, a very expensive failed experiment.

Remember the All-In-Wonder cards? I had one of those a long time that I used as a DVR. Same deal, but multiplied by 2 because of the TV tuner.

Yup. Lots of horror stories around ATI and their dismal driver record.

We just went through a round of pain with AMD/ATI RADEON PRO W5700 series cards flaking out in SolidWorks/3D CAD situations. :(

As much as things change, they sure remain the same.

@nadnerb said in Random Thread - Anything Goes:

Ouch ... that brought back a painful memory.

ATI Rage Fury MAXX

(Image Credit: Internet)

We had a client with a fair number of very proficient Photoshop drivers. They needed way more GPU than the then current "best" could give them.

So, we built a bleeding edge system with this card.

Everything seemed to pan out but then the drivers came back and bit us in the arse.

Ultimately, a very expensive failed experiment.

@stuartjordan We have an aggregator that puts it together for us:

We are net importing energy because it costs more in CO2 taxes to run our coal plants.

EDIT: Forgot the link: https://twitter.com/ReliableAB/status/1393228855733805056

@nadnerb said in Random Thread - Anything Goes:

@IRJ

Reminds me of the times where a system drive would crash, we'd get the call, I'd show up, and low and behold a rare earth magnet was holding their entire kitten p*rn collection to the side of the PC right near the drive's location.

Heh ... those were the days.

@syko24 said in Who's sharing that printer?:

@mr-jones said in Who's sharing that printer?:

I'm wondering if anyone knows a solid way to track down who is sharing a network printer in a Windows environment?

I have all network printers deployed via GP, and per OU as appropriate, but I'm seeing someone else has shared one, and renamed it something outside of my naming convention. I'm trying to track down which client has done so. I'm currently digging around, but I'm not finding anything.

Any ideas?

Not sure if this is what you are looking for but you can use Advanced IP Scanner and run a network scan. If a system has any shares it will list them below system name/ip address.

https://www.advanced-ip-scanner.com/

Excellent utility. We use it to map IP to device name. I haven't taken a deeper look at its abilities. So, great one! :)

@mr-jones The shared printer should have a machine name associated with it? Grey matter isn't firing on all cylinders yet ...

Connect to that printer and check the Advanced properties to see what the name of the host is.

This one could be a tough one.

Problem: One network blip and the intranet clients will lose their ability to resolve internal DNS A records for whatever the TTL setting is for them. BTDT

Public DNS servers do not belong anywhere near your intranet setup.

I.E. don't have DNS0 192.168.33.5 DC/DNS and DNS1 8.8.8.8 or whatever public DNS server. Bad. Just. Bad.

There are two ways to solve this that won't cause you grief:

• Set up as you are but leave DHCP off on the secondary device
• Set up DHCP Failover via a second DC

The second option can be licensed via your favourite SPLA provider for very little cost per month over purchasing a full license.

@JasGot Probably has young kids.

@brandon220 said in Browsing shares from W10 (2004) on a domain:

Started having trouble with Win10 (2004) seeing local shares on the network recently. Computers randomly show up in "Network". The proper services are enabled and running per MS documentation:
Function Discovery Resource Publication
Function Discovery Resource Publication
SSDP Discovery
UPnP

Firewall is set properly but it doesn't work even if you disable the FW temporarily.

Network Discovery is enabled, and of course the network is private as it is on a domain. It should work without enabling SMB 1.0/CIFS. Users can connect to shares by entering \servername in the file explorer with no issues.

At this point it may be easier to add a startup script that maps the shared drives. Problem is - the users are so used to browsing to the resource they need manually via the 'network' section within explorer.

Thoughts?

Receive Segment Coalescing (RSC). Disable that on your file server's pNIC/vNIC and on the desktop/laptop adapters(s) that support it.

@PhlipElder Y'all see the "Great Reset" push that's coming down the pipe?

Do all y'all understand, and I mean understand, what it is implying and what it means for the regular Joes & Janes of this world?!?

My family has been through two Red Revolutions and one near miss with the Armenian Genocide. The whole thing is just too coincidental.

Sorry, not buying it. I'm not buying the virus push at all anymore.

I'm firmly in the Better Dead Than Red camp here.