Systems Administration

Tech giant to spend $500m dealing with housing crisis caused by tech giants

The Register - Thu, 01/17/2019 - 14:15
Redmond to throw cash at the problem, hopes some might stick to affordable homes

Microsoft has revealed it is to spank the best part of $500m on attempting to deal with the lack of affordable housing in the Seattle area.…

.htaccess FilesMatch not finding files with angularjs

I'm fairly new to configuring this, and I'm trying to understand what's going on and what I should do.

I have an app built on angularjs, and it's authenticated by shibboleth.

Part of the app is public, and part of the app needs shib authentication. In my .htaccess file, I have this:

Options +FollowSymLinks RewriteEngine on Options -Indexes IndexIgnore * AuthType Shibboleth require shibboleth ShibRequireSession off <FilesMatch "^(admin|secure)$"> AuthType Shibboleth ShibRequireSession on require shibboleth require valid-user </FilesMatch> # with some rewrite rules below

Now, FilesMatch should be matching files that is being requested from the server, based on regex matching, and before the matched file is served, it will require a shibb session and valid user, as I understand it.

And in this case, it should do that for every file that has 'admin' or 'secure' in the name, right? However, because in part due to angularjs (I suppose), for some reason this is working for whenever the server is requested files in an admin directory (presumable because one or more of them have 'admin' in the name), but it is not working at all for any file that has 'secure' in the name. I was trying to make it work for a file named add.secure.js.

I have tried numerous combinations (and I am not the best at regex), but I've tried directly reference the file name while escaping dots: "^add\.secure\.js$" and the like.

Does anyone have any familiarity with this or could point me in the right direction?

Thanks!

submitted by /u/machine3lf
[link] [comments]

Using google home voice controls to unlock Schlage door lock with Smartthings, sharptools and tasker

Tasker: Total Automation for Android - Thu, 01/17/2019 - 13:59

Hi All,

I am very new to tasker and sharptools and am completely lost in trying to accomplish my goal. Using Smartthings and Google home I want to be able to unlock my door using a phrase that only I know.

How can I get this done? I have tried watching tutorials but the the systems are so complicated that I just cannot figure it out. I have Smartthings linked up into my sharptools but setting up the automation in tasker is where I am stuck.

Thanks,

Seth

submitted by /u/supraseth94
[link] [comments]

[HELP] Receive telegram notification when file is downloaded.

Tasker: Total Automation for Android - Thu, 01/17/2019 - 13:47

Here's what I want to make happen:

I want to receive message on telegram when the file download is completed.

Progress So Far:

I've created a bot using botfather and connected it to a channel. Tasker successfully sends messages to it when action is executed. I'm using Auto Notifications to intercept notification of uc browser. I also found out using Auto Notification helper task that on completion of download %antexts() changes to this values: UC Music, File Name,Successfully downloaded.

Now, the Problem is I created a profile and it would run and send message to my telegram channel when the uc browser starts downloading and not when it finishes downloading. How do I query notification every few seconds to monitor changes in values and trigger task as soon as it's value has text: Successfully downloaded?

Any ideas? Thanks in advance.

submitted by /u/thatnewredditor
[link] [comments]

PSA: Tape Backups aren't evil!

Sysadmin - Thu, 01/17/2019 - 13:46

I've seen a lot of eye-rolling and scoffing on this board about tape backups, so figured it was time to chime in and explain why you still see companies today using tape.

Tape is not a dead format from 20 years ago. The current tape standard, LTO-8 was released in 2017. It's typically run over Fiber Channel, and uncompressed, a single tape can hold 12TB, written at speeds near 300 MB/s.

Once written, it's shelf stable for _years_, and part of the LTO standard is a mandate for the current generation to be backwards compatible with the last generation, so if in 8 years, your tape drive dies, you can easily replace it with a newer one, and still read back from your old backups.

Tape backups also have the benefit of being offline once written, so no cryptolocker concerns.

As far as expenses go, LTO-8 tapes roughly run $150/tape, but can be overwritten dozens of time if you're working a rotation system.

Tape isn't a be all, end all solution, but rather an excellent supplement to an existing backup strategy.

AND YOU CAN NEVER HAVE TOO MANY BACKUPS.

submitted by /u/IBringPandaMonium
[link] [comments]

CVE 2018 12201, 12202, 12203, 12204 and 12205 UEFI vulnerabilities?

Sysadmin - Thu, 01/17/2019 - 13:28

So lately CVE-2018-12201, 12202, 12203, 12204 and 12205 fixes have been popping up in Lenovo/HP bios updates however no other data seems to be available at this time.

Does anyone here know what hell is going on? I first noticed these on a Lenovo update in December where they mentioned "Import insyde patch IB06740650 about RC code update for PCR CVE-2018-12201 & CVE-2018-12203", now HP is releasing batches of new bios updates with fixes for these as well.

 

Edit: Insyde makes UEFI Firmware so that's where hunch comes from https://www.insyde.com/

 

CVE Database:

HP releases (a few only)

Lenovo

Edit: formatting

submitted by /u/DrunkMAdmin
[link] [comments]

Google-Home supports now chaining commands for 2-Devices in German-Language!

Tasker: Total Automation for Android - Thu, 01/17/2019 - 13:26

Google-Home supports now to chain 2-Commands in One-Sentence in German-Language (For example, - Turn on the kitchen-light and turn off the bathroom-light!), and it works! Can Anybody confirm this?

submitted by /u/roselanguste
[link] [comments]

Find reg key value's explaination

Sysadmin - Thu, 01/17/2019 - 13:19

Is there a website or document I can refer to, to get a explaination of a registry's value? For example, local_machine\system\currentcontrolset\control\terminalserver\fDenyTSConnections is a value for deny remote desktop, 0 to enable and 1 to disable.

The keys I'm looking for is, hklm/system/setup/status/ anything found in here related to sysprep/setup.

submitted by /u/coffee2redbull
[link] [comments]

Oracle boss prevented from Brexit Britain trip due to US shutdown

The Register - Thu, 01/17/2019 - 13:15
Mark Hurd confesses: I didn't take my passport – but usually that's not an issue

Forget cyber security or emergency hamburgers – the real impact of the US government shutdown is only just beginning.…

How does Enterprise IT not "get it?" Stop engineering stuff in a bubble and then rolling it out and expecting everyone to think it's awesome.

Sysadmin - Thu, 01/17/2019 - 13:14

I own my own little corner of the world at my company, and many other things are out of my control.

Today I get an email telling me I am being migrated to our new BYOD solution, which is Office365.

So, I called up the team that did that, and here's a paraphrase of what happened:

"Hey, when I get the new BYOD, I'll have access to Outlook and Skype on my phone?"

"No, only Outlook. We're not supporting Skype."

"But I kind of need Skype. It's probably more important than email."

"Sorry, no Skype. But you can access your OneDrive and open any Office document you want on your phone!"

"That's great. But I don't really use Office all that much. Most of the stuff I need is in Confluence or OneNote, can I access those?"

"Sorry no. But you can access your Office documents!"

"Can I get to Hipchat?"

"No, but you can get to your OneDrive!"

"Can I access ServiceNow, Confluece and JIRA?"

"No, but you can access your Office documents!"

"What's the roadmap for rolling out mobile Skype?"

"There is none. We don't plan to support it."

I don't recall being sent a survey asking me what features I would like in a BYOD solution. I really hate it when other teams design stuff in a bubble and don't bother to ask anyone what they think of it, or to even test it.

So, now I get an emergency support ticket at 2:00 AM in my email and click on the ServiceNow link to see the details and I get an error. I then have to schlep all the way to my basement office and VPN in to figure out what's going on.

submitted by /u/plazman30
[link] [comments]

Question about AES Encryption.

Sysadmin - Thu, 01/17/2019 - 12:42

According to TopTenReviews, AES is comprised of AES-128, AES-192 and AES-256. The key bit you choose encrypts and decrypts blocks in 128 bits, 192 bits and so on.

Then what happens when I use to following command on Linux?cryptsetup luksFormat --cipher aes-xts-plain64 --key-size=512 --hash sha512

As far as I see, AES-128, AES-192 and AES-256 are not used?

submitted by /u/Eroldin
[link] [comments]

Domain Migration - Shares, DNS, SPN ... questions.

Sysadmin - Thu, 01/17/2019 - 12:41

I'm working on a Domain Migration. I need to move all objects from 1 domain to a brand new domain that has a trust relationship. So I have a file server that's in the old domain that I'm getting ready to move and I know that Service Principal Names can get wonky. What I'm seeing is this:

fileserver.abc.com (old domain) moves to fileserver.cba.com (new domain)

The idea was to put a CNAME record in abc.com to point to the fileserver.cba.com so we don't have to track down EVERY LITTLE Desktop link and mapped drive and change the FQDN.

BUT, in testing, once I setup the new CNAME record and try to access the share via the old FQDN, I get access errors that lead back to the SPN.

Has anyone ran into this and understand SPN enough to add the old FQDN in a way that allows the shares to be accessed with either FQDN?

Much appreciated

submitted by /u/LoadFloppyDisk3
[link] [comments]

Searching in ACM Digital Library?

Computer Science: Theory and Application - Thu, 01/17/2019 - 12:36

I am looking to do a database demonstration from our library for students in a cloud computing course. The students need to seek out articles once a week to do a short presentation on. Are there any good keywords or search strings I could use to demonstrate that there's good content in here? I reviewed the syllabus and list of topics covered each week, but they're very generic like "cloud security", "advanced cloud architecture", etc. These don't yield good results and what little I know about comp sci don't sound like good keywords or search strings to look up! What are some questions a student might ask and want to look up by?

Also, most of the time when I put things in like "cloud security" etc I'm pulling conference proceedings but the instructor wants the students to use peer-reviewed journal articles (I'll also be demonstrating IEEE Xplore and ScienceDirect and am not having any issues with those platforms), I am really stymied when it comes to ACM Digital Library.

I'd love to hear input from people who DO use this resource regularly...

submitted by /u/Nandinia_binotata
[link] [comments]

My review after a year of Storage Spaces Direct (S2D)

Sysadmin - Thu, 01/17/2019 - 12:35

So it's been a year since we switched to Storage Spaces Direct, and I felt it would be a nice time to let everyone know how it's been. I'll start with a background story, and then jump right in.

Background: When I took my current position, I walked into a complete mess. The network and servers have been neglected for years by lack of budget and IT know-how to keep things running as they should. I first started looking at everything that could put us out of business, and the first thing that jumped out at me was our single physical VMWare host server. Now I understand that many smaller business only have a single host, so that was not the problem. The problem was with the raid level that the host was running on. The raid level was set to Raid 0.... When I asked why this was set this way by the last IT person, I was told that they had run out of space, and didn't want to buy more drives. After confirming the backups were valid and useful. I started down the path of finding a permanent solution. After several quotes and consideration (and a great deal of begging on my part for the money), we were sold on a 4 node Storage Spaces Direct cluster. Each node had 2 SSD's for cache drives, each providing cache for 4 spinning drives (8 per server)

  • Solution Build Ah-ha moment: So of course, when your building a solution, you try to balance performance with cost. We went wit the middle of the road solution, and got less (but larger) hard drives to save space. After a few rebuilds, I wish I would have went with more smaller hard drives for improved rebuild times, but you live and learn. To be fair, the engineer who put the quotes together did warn us of the rebuild times.

Deployment: Since I had no experience with setting up a storage spaces cluster, we paid a company to help us set it up (thank God). It was pretty seamless, and I could have figured it out if there was better documentation, but there was very little at the time. I'll post the instructions that were given to me for you to review below. The hardest part was the networking piece. We have two 40 GB fiber switches to connect the 4 servers to each other. This high speed connection allows each server to write to each others storage.

  • Ah-ha moment from deployment: One thing I will say, is once you have the cluster up and running, try your best to break it before important VMs are deployed. I tested simulated drive loss, server loss, dual server loss (I have dual server redundancy), power loss (UPS tests), etc. I did manage to break the cluster to the point it needed a rebuild by massing with the Cluster Service Startup Type (Changed it to manual) then did cluster aware updates. Doing this caused the nodes to not re-join the cluster after reboot, and after 3 server reboots, I had gone past the dual redundancy lost. I had changed it because earlier in the year, we had a power issue where power was coming back online and offline. I figured if the cluster shut down, I would want to start the cluster myself. Needless to say, don't change that setting.

Day to day management: Overall, I've been very happy with the management portion of S2D. I've got a zabbix server that monitors the cluster and services. It also monitors my idrac's in case of physical drive failures. Read/Write performance is about what I get on most RAID 10 servers, so I cant complain about that. The only problem I have stems from the build Ah-ha moment. When doing Cluster Aware updating, the rebuild times for the cluster to re-join/rebuild is a long time (like 3-6 hours) This makes updating quite a chore. Another thing that is important is your hard drive firmware. Only specific firmware is supported by S2D, so you have to do a great deal of research if you plan on updating it. Dell Actually does help quite a bit if you ask them for compatible firmware though.

Recap: So overall, I would have to say I've liked S2D and Hyper-Converged Infrastructure. The performance/reliability has been great so far, and it's held up through some electrical/networking outages. It always seams to rebuild just fine without data loss. I would recommend it to anyone who asks me about it, with a little bit of guidance on the build side and hard drive sizes. I would recommend building a cluster in a virtual environment to practice rebuilding in case of a catastrophic failure.

PS: Sorry if my notes are messy. I didn't plan on sharing them when I built them, and I'm too lazy to make them pretty for everyone. If I help one person, I feel this post was worth it.

Build Storage Spaces Direct Notes

Building a Volume without tiering

New-Volume -FriendlyName "Volume2" -PhysicalDiskRedundancy 2 -FileSystem CSVFS_ReFS -StoragePoolFriendlyName S2D* -Size 32TB -ResiliencySettingName Mirror

New-Volume -FriendlyName "Volume3" -PhysicalDiskRedundancy 2 -FileSystem CSVFS_ReFS -StoragePoolFriendlyName S2D* -Size 32TB -ResiliencySettingName Parity

New-Volume -FriendlyName "3-WayMirror" -PhysicalDiskRedundancy 2 -FileSystem CSVFS_ReFS -StoragePoolFriendlyName S2D* -Size 4094GB -ResiliencySettingName Mirror

From <https://docs.microsoft.com/en-us/windows-server/storage/storage-spaces/create-volumes>

Building a Volume with Teiring

$MT = New-StorageTier –StoragePoolFriendlyName S2D* -FriendlyName HDDMTPDR2 -MediaType HDD -ResiliencySettingName Mirror -PhysicalDiskRedundancy 2

$PT = New-StorageTier –StoragePoolFriendlyName S2D* -FriendlyName HDDPTPDR2 -MediaType HDD -ResiliencySettingName Parity -PhysicalDiskRedundancy 2

At this point, you should have a fully functional cluster, storage pool, and S2D should be running correctly. It is now time to configure the storage. The following PowerShell is an example configuration for a 4-node system. You can modify the code for other applications.

We need to store the information concerning the storage pool and the storage tiers.

$poolname = Get-StoragePool S2D*

$perf = Get-storagetier HDDMTPDR2

$capa = Get-storagetier HDDPTPDR2

To set up the volumes, change the values for the FriendlyName (name of your CSV). In addition, you must change the size of the tiers to match with the storage capacity of your system.

New-Volume -StoragePool $poolname -FriendlyName ‘DuelMirrorandParityTiering’ -FileSystem CSVFS_REFS -StorageTiers $perf, $capa -StorageTierSizes 4096GB, 38912GB -Verbose

Next, run the command once for each CSV. In this case, we ran the command four times incrementing FriendlyName each time.

Remove Virtual disks with this command:

Remove-VirtualDisk -FriendlyName DuelParityMirror1

Increasing Storage Tiers:

1#Without tiers:

Get-VirtualDisk DuelParityMirror1 | Resize-VirtualDisk -Size 4TB

2# Choose virtual disk

$VirtualDisk = Get-VirtualDisk DuelParityMirror1

3# Get its partition

$Partition = $VirtualDisk | Get-Disk | Get-Partition | Where PartitionNumber -Eq 2

4# Resize to its maximum supported size

$Partition | Resize-Partition -Size ($Partition | Get-PartitionSupportedSize).SizeMax

1#With Tiers:

Get-VirtualDisk DuelMirrorandParityTiering | Get-StorageTier | Select FriendlyName

Get-StorageTier DuelMirrorandParityTiering_HDDMTPDR2 | Resize-StorageTier -Size 20TB

Get-StorageTier DuelMirrorandParityTiering_HDDPTPDR2 | Resize-StorageTier -Size 55TB

2# Choose virtual disk

$VirtualDisk = Get-VirtualDisk DuelMirrorandParityTiering

3# Get its partition

$Partition = $VirtualDisk | Get-Disk | Get-Partition | Where PartitionNumber -Eq 2

4# Resize to its maximum supported size

$Partition | Resize-Partition -Size ($Partition | Get-PartitionSupportedSize).SizeMax

Run cluster Validation

I ran into this error

https://lokna.no/?p=1704

Enable Cluster Aware Updating role

Analyze cluster to make sure it is ready - You can ignore the Proxy one.

https://www.concurrency.com/blog/w/configure-cluster-aware-updating-for-windows-serve

Build a VM to test it out.

submitted by /u/AlRFORCE1
[link] [comments]

Using Custom Settings/Blue Light Filter to Detect Sunrise/Sunset

Tasker: Total Automation for Android - Thu, 01/17/2019 - 12:17

I'm trying to set up a profile to increase brightness close to max when BT connected to my car, Waze is open and it's daylight. The BT connected and Waze open is fine. I couldn't find an easy native way for Tasker to tell sunrise/sunset so I decided to try custom settings to check the value of the blue light filter to tell if it's daytime or not. If the blue light filter is on, do nothing, if it's off increase brightness. It's fine during the day but at night sometimes it brightens the screen and sometimes it doesn't and occasionally it will go back and forth on it's own. Should this method work? If so what should I look for that's going wrong? Is there a better way? I can't get the task from my phone at the moment to share it.

submitted by /u/SpecialFX99
[link] [comments]

Top GP: Medical app Your.MD's data security wasn't my remit

The Register - Thu, 01/17/2019 - 12:15
Prof Maureen Baker told tribunal info security and clinical safety are two separate things

The founders of medical symptom-checker app Your.MD knew that a number of key medical information databases were "open to anyone who knows the URL", emails seen by a London tribunal have revealed.…

How To Troubleshoot IIS App

Sysadmin - Thu, 01/17/2019 - 12:11

Hello,

I have an 3rd party app that provides an admin web console. It is running on Server 2012r2 using IIS 8. We have noticed that randomly this web console login page takes 30 to 40 seconds to load. I do not have much experience troubleshooting IIS and was hoping for some suggestions.

What i found was that it appears the w3wp process stops due to inactivity. When someone tries to load the login page, the w3wp process starts, and after a while eventually loads the page. Looking in the IIS logs, i see where w3wp starts, and the first request is a get request for the login page. it is successful with a 200, but the time-taken is 44,341 (which i take to mean 44.341 seconds). any subsequent requests for login are loaded immediately. If i check randomly and find that the w3wp process is not running, the very next request always takes a long time to process. if it is running, requests are quick as expected.

Are there any tools/methods to try to figure out what is causing this slowness. We have this same product on a different server. I see that w3wp is not running due to inactivity. when the login page is requested it takes 5-8 secs to load. I am just not sure how to tell what is causing the difference in loading times between the two machines.

Thanks for any thoughts/imput

edited to add: i am not necessarily looking for a fix (that would be great). mainly how does one go about troubleshoointing issues like this. What tools used, thought process, etc.

submitted by /u/15_Tries_All_Taken
[link] [comments]

[Help] Can't get this to work!

Tasker: Total Automation for Android - Thu, 01/17/2019 - 12:05

js.zip

This is the script i'm trying to replicate but to no avail please help!

Description

js (27) A1: HTML Popup [ Code:<body> Actual Money Value: <input type="text" id="displayedresources" value="1990"> <br> Encrypted Money Value1 (Search): <br> <h1><label id="encval1">0</label></h1> Encrypted Money Value2 (Recommended to search for this first and use substract 4 from it's Address to get the first Value): <br> <h1><label id="encval2">0</label></h1> <input type="button" id="calculate" value="Calculate" /> </body> Layout:HTML Popup Timeout (Seconds):600 Show Over Keyguard:On ] A2: JavaScriptlet [ Code:function caclulateEncVal() { var orig = $('#displayedresources').val(); var i, buffer1, buffer2, enc1, enc2; for (i = 0; i < 32; i++) { buffer1 = i % 2 == 0 ? orig >>> i & 1 : 0; buffer2 = i % 2 == 0 ? 0 : orig >>> i & 1 ^ 1; enc1 = enc1 | buffer1 << i; enc2 = enc2 | buffer2 << i; } $('#encval1').text(enc1); $('#encval2').text(4294967296 + enc2); } $('#calculate').click(caclulateEncVal); Libraries: Auto Exit:Off Timeout (Seconds):45 ] A3: Variable Query [ Title:Value Variable:%orig Input Type:Normal Text Default: Background Image: Layout:Variable Query Timeout (Seconds):40 Show Over Keyguard:On ] A4: Variable Set [ Name:%converted To:%enc1

%enc2 Recurse Variables:Off Do Maths:Off Append:Off ] A5: Set Clipboard [ Text:%converted Add:Off ]

XML

<TaskerData sr="" dvi="1" tv="4.9u3m"> <Task sr="task27"> <cdate>1547716570199</cdate> <edate>1547745531847</edate> <id>27</id> <nme>js</nme> <pri>100</pri> <Action sr="act0" ve="7"> <code>941</code> <Str sr="arg0" ve="3"><body> Actual Money Value: <input type="text" id="displayedresources" value="1990"> <br> Encrypted Money Value1 (Search): <br> <h1><label id="encval1">0</label></h1> Encrypted Money Value2 (Recommended to search for this first and use substract 4 from it's Address to get the first Value): <br> <h1><label id="encval2">0</label></h1> <input type="button" id="calculate" value="Calculate" /> </body></Str> <Str sr="arg1" ve="3">HTML Popup</Str> <Int sr="arg2" val="600"/> <Int sr="arg3" val="1"/> </Action> <Action sr="act1" ve="7"> <code>129</code> <Str sr="arg0" ve="3">function caclulateEncVal() { var orig = $('#displayedresources').val(); var i, buffer1, buffer2, enc1, enc2; for (i = 0; i < 32; i++) { buffer1 = i % 2 == 0 ? orig >>> i & 1 : 0; buffer2 = i % 2 == 0 ? 0 : orig >>> i & 1 ^ 1; enc1 = enc1 | buffer1 << i; enc2 = enc2 | buffer2 << i; } $('#encval1').text(enc1); $('#encval2').text(4294967296 + enc2); } $('#calculate').click(caclulateEncVal);</Str> <Str sr="arg1" ve="3"/> <Int sr="arg2" val="0"/> <Int sr="arg3" val="45"/> </Action> <Action sr="act2" ve="7"> <code>595</code> <Str sr="arg0" ve="3">Value</Str> <Str sr="arg1" ve="3">%orig</Str> <Int sr="arg2" val="0"/> <Str sr="arg3" ve="3"/> <Str sr="arg4" ve="3"/> <Str sr="arg5" ve="3">Variable Query</Str> <Int sr="arg6" val="40"/> <Int sr="arg7" val="1"/> </Action> <Action sr="act3" ve="7"> <code>547</code> <Str sr="arg0" ve="3">%converted</Str> <Str sr="arg1" ve="3">%enc1

%enc2</Str> <Int sr="arg2" val="0"/> <Int sr="arg3" val="0"/> <Int sr="arg4" val="0"/> </Action> <Action sr="act4" ve="7"> <code>105</code> <Str sr="arg0" ve="3">%converted</Str> <Int sr="arg1" val="0"/> </Action> </Task> </TaskerData>

submitted by /u/PulangPepe
[link] [comments]

A perfect example of why even vendors can't just get on the network.

Sysadmin - Thu, 01/17/2019 - 12:00

Today we have a technician for our phone system doing some backend work for us.

After arriving he asks me if I can get him connected to the network.

I asked if he could connect via Serial and he said no.

"Ok, I can't let you connect your laptop to the network, but let me get something working for you."

I got him a laptop with a local account and RDP'd into our management box with a local account.

As I brought the laptop back up, what do I see?

His laptop is running Windows XP

shudder

Hell no that thing is not going on the network. Especially not now.

PS: Panasonic phone systems are trash and dumb to smoke.

submitted by /u/THEMCV
[link] [comments]

Pages