Overclockers Australia Forums

OCAU News - Wiki - QuickLinks - Pix - Sponsors  

Go Back   Overclockers Australia Forums > Specific Hardware Topics > Business & Enterprise Computing

Notices


Sign up for a free OCAU account and this ad will go away!
Search our forums with Google:
Reply
 
Thread Tools
Old Yesterday, 4:27 PM   #24421
PabloEscobar
Member
 
Join Date: Jan 2008
Posts: 9,288
Default

Quote:
Originally Posted by elvis View Post
Who cares? And that's the point. Your customers give zero shits what your infrastructure has in it.
You don't care what it has in it, What I'm getting at is... You're moving because your service provider couldn't provide a service... but you've moved without ensuring the your new service provide won't suffer a similar fate next time. So you've not really done anything to decrease your risk profile... Couple that with the fact that if you've done any systems integration with the old provider, it will all need to be re-written to suit the new one, means that dropping A for B isn't always cost and time neutral... so that all needs to be factored in to the business case for a switch.

Quote:
Originally Posted by elvis View Post
But you seem to baulk at the idea of changing, even though the idea that one bad application/desktop could hose your entire infrastructure has you shitscared. So what are you going to do about that? Again, are you sticking with the devil you know, and trying to keep all of it patched? Have you even investigated the idea of moving some of your infrastructure to something else? Or is that such an enormous task, the risk matrix say stick with what you have now?
The Risk Matrix does say stick with what we've got, but I'm also not sold on any of the benefits for change. Linux on the desktop enjoys peace, because its more profitable to go after Windows... as a result, Windows is more and more secure.

When the year of the Linux desktop gets here, all the bad people who currently look for bugs, and those who seek to monetize those bugs will start building more and more shit for it, and It will go through the same cycle. The update ecosystem will be more mature, but as we've seen... dumb is gonna dumb.

Quote:
Originally Posted by elvis View Post
I'm actually quite genuinely interested. These things don't have to be "all or nothing". How many of your apps do you deliver via network (RDP, thin app, whatever)? Do you *need* the same desktop infrastructure as your server stuff? Does your whole fleet need to be on the same OS? Ours doesn't - we have OSes per business unit, based on their needs. The sheer heterogeneity of that has some very interesting positive ramifications when it comes to our risk profile for a given attack on a given day, no matter what your OS of preference.

Homogeneity is a risk in animal species, and is rapidly becoming a risk in corporate desktops too. Food for thought.

The management overheads of a heterogeneous environment FAR outweigh the risk increase of a homogeneous one.

We've got very few 'desktops' as such, just a few road warriors with laptops. You can connect to our VDI environment with any device that has a supported client (almost any device). We've got Zero Clients on the desktop, Tablets in the Field, We're testing Chromebooks to see if they will be suitable. The end user device is almost irrelevant.

When you've got a monolithic LOB application, Yes, your fleet is tied to the platform/s that the application is supported on, and while changing the application isn't out of the picture, its also not something that can happen at the drop of a hat.

Quote:
Originally Posted by GumbyNoTalent View Post
UNIX/Linux user space, you know the stuff in the kernel, while not perfect isn't the steamy pile of shit that is windows eco system. But if you have issues with an application then there's always cgroups to the rescue to contain the trash.
Many crypto variants were userspace... It doesn't stop it fucking shit that users have (and need to have) access to.
PabloEscobar is offline   Reply With Quote

Join OCAU to remove this ad!
Old Yesterday, 4:36 PM   #24422
bcann
Member
 
Join Date: Feb 2006
Location: NSW
Posts: 4,083
Default

Quote:
Originally Posted by PabloEscobar View Post
Many crypto variants were userspace... It doesn't stop it fucking shit that users have (and need to have) access to.
Its often the most valuable stuff. Talk to an engineering mob whose engineering PDF's and Design drawings done by their users, and ask them whats the most valuable. Or in elvis's case the rendering that a highly paid team of drawing geeks spent countless hours on.

Yes i understand its likely a case in a well designed system to restore yesterdays backup, or hell even an hours ago snapshot, but generally your not the type of business/user their after in that case when it comes to crypto dollars.
__________________
Quote:
Originally Posted by elvis View Post
All I do is hand folks the working gun. Up to them as to whether or not they go hunting to bring home the bacon, or shoot themselves in the foot. I am merely the lowly gunsmith, and nothing more.
bcann is offline   Reply With Quote
Old Yesterday, 4:45 PM   #24423
PabloEscobar
Member
 
Join Date: Jan 2008
Posts: 9,288
Default

Quote:
Originally Posted by bcann View Post
Yes i understand its likely a case in a well designed system to restore yesterdays backup, or hell even an hours ago snapshot, but generally your not the type of business/user their after in that case when it comes to crypto dollars.
"Using Linux" isn't the answer.

"Not having a stupid system" is the answer.

At the moment, you are more likely to "Have a Stupid System" if you use windows, because the barrier of entry for setting up a stupid system with windows is so low. and because (historically) it's presented itself so friendly-like, leading people to believe that office managers could setup and maintain sane systems.

As the demand for non-windows system rises, the amount of 'dumb' in that ecosystem will rise accordingly, and the same discussions will be had.
PabloEscobar is offline   Reply With Quote
Old Yesterday, 5:20 PM   #24424
GumbyNoTalent
Member
 
GumbyNoTalent's Avatar
 
Join Date: Jan 2003
Location: Briz Vegas
Posts: 3,666
Default

Quote:
Originally Posted by PabloEscobar View Post
...Then the year of the Linux desktop gets here..
Party like its 1999 all over again.

Most of QQing is about servers being crypto'd, jailed apps in Linux only shit on themselves, not their neighborhood.

My point is userspace in windows land is already hosed, and not just hosed by the bad guys, supposed good shitizens have shat all over it for decades. Mind you Linux is no better with numpties running all their apps as root looking at you pretend Oracle Admins.
GumbyNoTalent is offline   Reply With Quote
Old Yesterday, 6:32 PM   #24425
Foliage
Member
 
Foliage's Avatar
 
Join Date: Jan 2002
Location: Sleepwithyourdadelaide
Posts: 31,705
Default

Quote:
Originally Posted by GumbyNoTalent View Post
UNIX/Linux user space, you know the stuff in the kernel, while not perfect isn't the steamy pile of shit that is windows eco system.
Hyperbole much?

Quote:
Originally Posted by GumbyNoTalent View Post
My point is userspace in windows land is already hosed, and not just hosed by the bad guys, supposed good shitizens have shat all over it for decades. Mind you Linux is no better with numpties running all their apps as root looking at you pretend Oracle Admins.
Windows sandboxes apps if you run them from the store, very similar to what apple/linux do.
__________________
You know, if you watch Titanic backwards, it's actually a heart warming tale of a ship that jumps out of the water and saves lots of drowning people.
Foliage is offline   Reply With Quote
Old Yesterday, 7:06 PM   #24426
millsy_c
Member
 
millsy_c's Avatar
 
Join Date: Mar 2007
Location: Brisbane
Posts: 10,991
Default

On the topic of windows, some nice additional security controls in the upcoming builds.

https://blogs.windows.com/windowsexp...-15228-mobile/

Quote:
We’ve heard your feedback regarding the upcoming EMET EOL, so we’re excited to announce that starting with this build you can now audit, configure, and manage Windows system and application exploit mitigation settings right from the Windows Defender Security Center! You don’t need to be using Windows Defender Antivirus to take advantage of these settings.
Nice.

Quote:
Controlled folder access monitors the changes that apps make to files in certain protected folders. If an app attempts to make a change to these files, and the app is blacklisted by the feature, you’ll get a notification about the attempt. You can complement the protected folders with additional locations, and add the apps that you want to allow access to those folders.
Leading into a rant:

Windows 10 is upgrading so fast that people I've spoken to in critical infrastructure are delaying roll outs because of these rapid builds. It's great they're adding these features, but this is proving hard for some mobs to keep up. You're looking at a typical 3-8 year window for an OS in place, and making it like... 2-6 months.

Inb4 elvis agile or die rant
__________________
Quote:
Originally Posted by Luke212 View Post
You are talking like an expert beginner. Talk less and listen more.

Last edited by millsy_c; Yesterday at 7:09 PM. Reason: added additional friday shitposting fuel
millsy_c is offline   Reply With Quote
Old Yesterday, 10:34 PM   #24427
elvis Thread Starter
Old school old fool
 
elvis's Avatar
 
Join Date: Jun 2001
Location: Brisbane
Posts: 28,915
Default

Quote:
Originally Posted by PabloEscobar View Post
You don't care what it has in it, What I'm getting at is... You're moving because your service provider couldn't provide a service... but you've moved without ensuring the your new service provide won't suffer a similar fate next time. So you've not really done anything to decrease your risk profile... Couple that with the fact that if you've done any systems integration with the old provider, it will all need to be re-written to suit the new one, means that dropping A for B isn't always cost and time neutral... so that all needs to be factored in to the business case for a switch.
As per my "heterogeneous or die" comment before, we had multiple vendors at the ready, and jumping was trivial. Putting all your eggs in one vendor basket is really, really stupid, and not just for software.

Quote:
Originally Posted by PabloEscobar View Post
The Risk Matrix does say stick with what we've got, but I'm also not sold on any of the benefits for change.
I'm suggesting diversity far more than I'm suggesting change.

Quote:
Originally Posted by PabloEscobar View Post
Linux on the desktop enjoys peace, because its more profitable to go after Windows... as a result, Windows is more and more secure.

When the year of the Linux desktop gets here, all the bad people who currently look for bugs, and those who seek to monetize those bugs will start building more and more shit for it, and It will go through the same cycle.
I've already said this above, but that's all hypothetical future talk. There's steps you can take right now to reduce your risk, and diversifying your platforms are one of them. For all of these ransomware style attacks, thus far I think I've encountered two (out of thousands) that target non-Windows platforms. If this was someone making a decision about an investment, the maths would be really, really obvious. It appears folks are far too precious about their platforms to see objective options before them.

Quote:
Originally Posted by PabloEscobar View Post
The management overheads of a heterogeneous environment FAR outweigh the risk increase of a homogeneous one.
As someone who works in a very small team and manages a very large and complex set of heterogeneous infrastructure, I'm calling BS on that one. Most of my career has been people telling me what I achieve on a day to day basis is impossible, and yet here I am still doing it decades later. And I'm no genius, nor a magician. Anyone can do the same.

Quote:
Originally Posted by PabloEscobar View Post
We've got very few 'desktops' as such, just a few road warriors with laptops. You can connect to our VDI environment with any device that has a supported client (almost any device). We've got Zero Clients on the desktop, Tablets in the Field, We're testing Chromebooks to see if they will be suitable. The end user device is almost irrelevant.
So it sounds like platform heterogeneity is very much suitable for you. I'm not sure what all of the above is then - just hypothetical arguments for "other companies"? And honestly, there's not much you can't wrap up in VDI these days. We too have our own class of stupid, bloated, Windows-only apps. Guess how we deal with them? VDI today, planned replacement tomorrow.

Quote:
Originally Posted by millsy_c View Post
Windows 10 is upgrading so fast that people I've spoken to in critical infrastructure are delaying roll outs because of these rapid builds. It's great they're adding these features, but this is proving hard for some mobs to keep up. You're looking at a typical 3-8 year window for an OS in place, and making it like... 2-6 months.

Inb4 elvis agile or die rant
Quite frankly, the "or die" bit is just a daily news story today. Here's the NHS's breakdown on Wannacry:

https://www.theregister.co.uk/2017/0...nnacry_report/

Didn't patch enough, didn't spend enough, not enough qualified people, all shit. Well, how about that. Colour me not even slightly surprised. There's your "or die" part.
__________________
Play old games with me!
elvis is offline   Reply With Quote
Reply

Bookmarks

Sign up for a free OCAU account and this ad will go away!

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +10. The time now is 1:59 AM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
OCAU is not responsible for the content of individual messages posted by others.
Other content copyright Overclockers Australia.
OCAU is hosted by Micron21!