I would assume that any legitimate usage of this function would be heavily marketed as a time-saving measure, something like:

"Many of our customers prefer to start off with a fresh install of Windows. We understand that hunting down drivers just to get hardware working after a reinstall is frustrating and time consuming. Now, we're using cutting-edge technology to ensure your computer has a direct line to automatically download the latest drivers even after a complete reinstall of Windows! System administrators: If you'd rather have a completely blank slate upon reinstallation, this option can be disabled in the BIOS."

You don't just spend time and money getting a feature like this set up without some sort of return on your investment, and in an ideal world this would actually be a pretty decent selling point. I would love to be able to do a fresh install without worrying about driver downloads & updates immediately afterwards. It's not a huge thing but it would be nice.

In contrast, Lenovo's implementation got shut down by Microsoft, and was only discovered by someone doing some deep diving into their own system. Otherwise it would have quietly been a thing until they had to patch it out. It was also difficult to disable, implying Lenovo didn't plan on allowing it to be disabled.

Hmmm... SAM can't post to Spiceworks?

Quick, everyone head over there and recommend SANs, FreeNAS and VMWare!

Hey look it's a bare link on a forum. It looks like it leads to a system that tests people's susceptibility to phishing attacks.

Can someone forward this thread to Alanis Morrisette as an example of irony?

Just got a cold call from someone offering hosted PBX services (among other things).

By the end of the call the latency on their end was making it almost impossible for me to understand what they were saying.

I decided to pass on their offer...

I want to believe that someone was handing out cheese as a promotion for their new line of mice.

From Ars Technica:
"In a move eerily similar to the Superfish debacle that visited Lenovo in February, Dell is shipping computers that come preinstalled with a digital certificate that makes it easy for attackers to cryptographically impersonate Google, Bank of America, and any other HTTPS-protected website.

The self-signed transport layer security credential, which was issued by an entity calling itself eDellRoot, was preinstalled as a root certificate on at least two Dell laptops, one an Inspiron 5000 series notebook and the other an XPS 15 model. Both are signed with the same private cryptographic key. That means anyone with moderate technical skills can extract the key and use it to sign fraudulent TLS certificates for any HTTPS-protected website on the Internet. Depending on the browser used, any Dell computer that ships with the root certificate described above will then accept the encrypted Web sessions with no warnings whatsoever. At least some Dell Inspiron desktops and Precision M4800 models are also reported to be affected."

http://arstechnica.com/security/2015/11/dell-does-superfish-ships-pcs-with-self-signed-root-certificates/

Very disappointing news as I have been a fan of Dell's hardware for a while and stopped buying Lenovo in part due to the Superfish debacle... All the more reason to make sure a fresh OS install is a part of setting up new computers!

@DustinB3403 said:

So this is a two fold question regarding GPO's.

First, does it hurt to have multiple distinct GPO's for specific purposes? (say 40 for arguments sake, I don't know how many we have specifically.)
I'm assuming that multiple small GPO's means more work for the servers and client pc's that receive these GPO's but want confirmation.

Second, is there an automated way to compile the existing GPO's into 1 concise GPO?

From what I know, keeping each GPO to a single distinct purpose is considered best practice so you can more easily troubleshoot group policy conflicts/failures.

Hi everyone!

So is this like the cool kids table in the Spiceworks cafeteria?

I have been lurking for the past couple days and am excited to actually start saying stuff. It reminds me of the small forum communities I used to spend too much time on, except everyone here is (mostly) sharing useful info

@johnhooks said:

Do they think people email each other like that.

Good Morrow Sir,

I hope you are well, but lets dispense with the pleasantries. I will need a transfer of funds from the financial institution, post haste. Please inform me of the financial details.

Best Regards,

I've heard a theory that scammers intentionally mangle the grammar in their emails so they pre-screen the people that are going to catch on quickly and only get responses from people that are most likely to fall for the whole scam... No idea how true that is as I'm not a scam copywriter, but it does explain why no scammers seem to have any grasp of grammar and/or how people actually talk.

Got back into the office after a wonderfully relaxing vacation about 3 hours ago.

Just finished locking down the account of an executive that got spear phished this morning after their account started sending out shady wire transfer requests.

At least the attacker waited for me to get back, and no one actually transferred anything! I will call that a win overall.

I started my path down VPS hosting on DO and later Vultr - mainly for hosting clients' WordPress webservers. I think their biggest advantages are predictable pricing and user-friendly admin interfaces. It's really nice to be able to say "Hosting is going to be $12/month" and know that will be true for the foreseeable future, versus trying to explain/predict AWS' pricing which is more like paying a utility bill. It's also really easy to get a development server up and running quickly without having to worry about all the details.

With all of that said, I haven't gone back to DO or Vultr since I learned how to work AWS EC2 instances. For one thing, it's a much easier sell to say "I'm hosting your site on the same physical infrastructure that powers Netflix" than trying to explain the advantages of VPS hosting to non-techie people. With reserved instance pricing, you can really cut down on the extra costs typically associated with using AWS as well...

The biggest thing for me is that, last I checked, DO and Vultr both charge you full price for any VPS associated with your account, whether or not it's running. You need to totally destroy a VPS to stopped being billed for it. AWS (and I would assume other "big players" in this space) only charges you for data storage of stopped instances, which is a relatively tiny part of the usual hosting cost.

This is a big advantage for me as I can keep staging/development copies of webservers ready to go without paying full price for their existence or having to wait for a whole new instance to spin up. This has been really nice with the regularity of platform updates on WordPress and the importance of applying them quickly...

Python and Ruby are two good places to start.

I have heard that Shoes works well for getting Ruby apps to work with a GUI, but I don't have any experience with it myself.

@travisdh1 said:

@IT-ADMIN said:

what do you think Dear Scott of python programming language, i heard interesting things about it, also it is portable,

also what is the best IDE (has to be drag and drop GUI builder) i can use to make GUI application with it ??

I've used python a little bit with a RaspberriPi doing sensor and light type things. I don't know that it'd be very good for doing GUI, but I'd look at Eclipse by the way of pydev.

I would be interested in hearing more about that in another thread at some point as I'm trying to hook a Pi up to some sensors in my off time... were they i2C sensors?

Did you get the whole admin console or just the remote control portion? We have v8 over here as well.

Back in the WC3 custom game days I remember hating DotA because I wanted to play things like Sheep Tag, Tower Defense etc and had to sift through all the DotA games to find them.

Then I got into HoN and eventually Dota 2 and I understood why it was so popular. After I graduated from college, I stopped having the free time to commit to 30-45 min matches and cut mobas out of my life for a while, but I got hooked again with Heroes of the Storm.

Now Heroes is pretty much the only moba I'll play because matches usually end within 15-25 minutes and you don't need to have amazing micro skills to be good. Best of all, there's no All chat, which seems to have really cut down on the saltiness and general negative atmosphere that mobas usually seem to cultivate.

Other than that I've been playing a lot of Rainbow 6: Siege lately... I've always been a fan of FPS games and it's fun to have some strategic decisions to make on top of "what gun should I pick".

I picked it up a few months ago and it's really pretty amazing.

Their goal with remote administration is to have screen sharing be a last resort to solve problems. You can view and edit control panel items like installed printers, mapped drives, etc and view the task manager without interrupting the user at all.

Over the past year they've been focusing on making their product better for people getting their feet wet with PowerShell. One example pointed out in the sales demo I went through is that you can build PowerShell scripts that only affect the local computer, then use Goverlan to define the scope and run it locally on each computer.

I was able to deploy it for a nonprofit space due to the glorious renewal pricing - $80/year for major upgrades, which tend to come out every few years based on their past releases. Their support plan is also $80/year.

The only caveat I have found is that all of the coolest features only work if you're connected on a private network - they don't let you manage drive mappings for someone over WAN. For remote user assistance, people here have two options: Use Goverlan's "request assistance" program, where the user initiates the assistance request and a popup appears on your admin console to accept/decline, or just use ZeroTier to extend your private network.

Recently I learned about OSSEC, which touts itself as "a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS)."

Has anyone heard of this or used it before? I know Snort is kind of the de facto open source IDS - it looks like OSSEC's main strengths over Snort are its focus on central management and low resource usage on endpoint systems, which are two things I like the sound of.

Thought it might be good to check in with you guys before devoting a weekend to getting it up and running

But you guys, somehow they have lower prices on equivalent hardware! That means it's all worth it.

/s

Dear leaders of the People's Democratic Republic of MangoLassi,

Directly hotlinking to images is generally considered poor internet manners in the circles I've run in, but that doesn't seem to be universal so I won't argue that.

More pragmatically, hotlinking allows someone else to effectively embed arbitrary content on your site should they so desire. This introduces the potential for performance and security issues you cannot directly control should the image host get vindictive...

Example: if someone notices dog.jpg on their site is getting way more traffic than makes sense, they can replace it with dog1.jpg on their site's links and then do whatever they want with the original image. This can range from introducing performance issues (dog.jpg is now a 10mb photo!) to, if they are truly nasty, embedding malware within the image to be served wherever it's linked.

The chances of this actually happening are pretty low, of course, but it's possible and I don't know if anything could be done on the website to check for changes in what's getting served from hotlinks.

I'm hoping the NodeBB devs use the Imgur API to automatically upload images linked to and serve that instead. That would eliminate the bandwidth concerns as well as the potential revenge issues.

I'd appreciate some sort of option to turn topic icons off in the meantime, but I also understand it would probably be a lot of work to add that in if NodeBB doesn't already provide it!

Hey look it's a bare link on a forum. It looks like it leads to a system that tests people's susceptibility to phishing attacks.

Can someone forward this thread to Alanis Morrisette as an example of irony?