Bob Plankers, Author at The Lone Sysadmin

On Disabling Comments

April 28, 2014 by Bob Plankers

There has been some variably constructive criticism of my disabling comments on the “Two Big Vendor Takeaways from Storage Field Day 5” post. This isn’t the first time I’ve disabled comments, and it won’t be the last. In fact, I had my post ready to go 48 hours before I published it, postponing partly because I wanted to make a calm decision about whether to disable comments. I ultimately decided to disable them. Here’s what I thought about. Before I get into it, this is not a post about Storage Field Day 5. If you want to talk about that, this is not a good place! This is a post about why I chose to discourage conversation! Given what we’d already seen on …

Two Big Vendor Takeaways from Storage Field Day 5

April 26, 2014 by Bob Plankers

Storage Field Day 5 is now over and was a marathon of vendor information and tech information. A marathon. I’m tired from 17 hour days, I’m addicted to caffeine, and my brain and body hurt. We had some great people along, on both sides of things. We had great vendors all around, even if some of the presentations were more controversial than others. That’s what I want to talk about here. Problem #1: Efficient Use of Time Tech Field Day participants and viewers already know a lot about the problems a vendor is addressing. We’re on the front lines of this stuff. We help our customers and organizations work around these problems every day. We know budgets aren’t infinite, that …

The Eternal Wait For Vendor Software Updates

April 16, 2014 by Bob Plankers

There’s been a fair amount of commentary & impatience from IT staff as we wait for vendors to patch their products for the OpenSSL Heartbleed vulnerability. Why don’t they hurry up? They’ve had 10 days now, what’s taking so long? How big of a deal is it to change a few libraries? Perhaps, to understand this, we need to consider how software development works. The Software Development Life Cycle To understand why vendors take a while to do their thing we need to understand how they work. In short, there are a few different phases they work through when designing a new system or responding to bug reports. Requirement Analysis is where someone figures out precisely what the customer wants …

8 Practical Notes about Heartbleed (CVE-2014-0160)

April 9, 2014 by Bob Plankers

I see a lot of misinformation floating around about the OpenSSL Heartbleed bug. In case you’ve been living under a rock, OpenSSL versions 1.0.1 through 1.0.1f are vulnerable to a condition where a particular feature will leak the contents of memory. This is bad, because memory often contains things like the private half of public-key cryptographic exchanges (which should always stay private), protected information, parts of your email, instant messenger conversations, and other information such as logins and passwords for things like web applications. This problem is bad, but freaking out about it, and talking out of our duffs about it, adds to the problem. You can test if you’re vulnerable with http://filippo.io/Heartbleed/ — just specify a host and a port, or …

Upgrading to VMware vCenter Server Appliance 5.5 from Windows vCenter 5.1

March 17, 2014 by Bob Plankers

My coworkers and I recently undertook the task of upgrading our vSphere 5.1 environment to version 5.5. While upgrades of these nature aren’t really newsworthy we did something of increasing interest in the VMware world: switched from the Windows-based vCenter Server on a physical host to the vCenter Server Appliance, or vCSA, which is a VM. This is the story of that process. If you aren’t familiar with the vCSA it is a vCenter implementation delivered as a SuSE-based appliance from VMware. It has been around for several major versions, but until vSphere 5.5 it didn’t have both feature parity with Windows and the ability to support very many hosts & VMs without connecting to an external database. Under vSphere …

What Clients Don't Know (and Why It's Your Fault)

March 12, 2014 by Bob Plankers

“Whether you work with outside clients or whether you’re part of an internal team your job is always, always going to include having to convince someone of something. Because your job isn’t just making things. Believe it or not, that’s the easy part. You’re going to spend 90% of your time convincing people that shit you thought up in the shower this morning is right. Your job is to figure out whether something should be made, how it’s made, and always, always, always work to convince someone that you’ve made the right choices.” That’s a quote from Mike Monteiro’s presentation at the Event Apart Austin 2013 conference, a presentation that seems suited to system administrators, IT consultants, and IT professionals …

Update to VMware vCenter Server Appliance & NTP Issues

February 13, 2014 by Bob Plankers

Earlier today I posted “VMware vCenter Server Appliance 5.5.0 Has An Insecure NTP Server.” One of the reasons I like VMware is that they’re responsive to customer issues. This situation is no different. I just spoke with a few guys involved in VMware security, and this is what I’ve learned. 1. There has been mitigation information available internally to VMware Support/GSS since shortly after the vulnerability was published. If you call VMware Support your best bet is to reference the CVE number, CVE-2013-5211. I have not called VMware Support to confirm this, or to verify that they’re able to properly resolve the issue if you don’t reference the CVE number. In the future I’ll make sure to reference the CVE number if …

VMware vCenter Server Appliance 5.5.0 Has An Insecure NTP Server

February 13, 2014 by Bob Plankers

Update: I have updated this article to reflect some new information provided by VMware. I have also published new notes and discussion as a separate blog post. On January 10, 2014 a vulnerability in ntpd, the Network Time Protocol daemon, was made public (US CERT VU#348126): UDP protocols such as NTP can be abused to amplify denial-of-service attack traffic. Servers running the network time protocol (NTP) based on implementations of ntpd prior to version 4.2.7p26 that use the default unrestricted query configuration are susceptible to a reflected denial-of-service (DRDoS) attack. Other proprietary NTP implementations may also be affected. I have encountered several vCenter Server Appliances, version 5.5.0 build 1476327 and older, that were exposed to the general Internet, and have …

The Lone Bookshelf: The Macintosh Way by Guy Kawasaki

February 11, 2014 by Bob Plankers

(This is the inaugural post of my Lone Bookshelf series. Find more posts using the “Books” category) Last summer my family moved to a different house. By itself, moving isn’t that big of a deal. Take everything out of the old house, put it on a truck, unload it into the new house. What is a big deal is sorting. At the old house all of our stuff had a place, carefully curated and filed and sorted and stored. At the new place our stuff had piles in the middle of rooms. Ugh. I have three large bookshelves from my college years that needed a new home in our new home. Bookshelves are a particularly pernicious piece of furniture. By themselves …

New Java Security Settings: More Proof That Oracle Hates You

February 6, 2014 by Bob Plankers

I began the day yesterday updating to Java 7u51, after which absolutely none of my enterprise Java applications worked anymore. I could not reach the consoles of my Rackspace cloud servers. I could not open the iDRAC console on my Dell PowerEdge. They all exited with some error about the Permissions attribute not being set. Being the guy that I am I decided to search for the error. Turns out that 7u51 sneaks a major change in a point release: on the default Java security slider setting of “high” no applet may run if it’s self-signed, unsigned, or is missing the Permissions attribute. Unfortunately, that describes all enterprise software, at least all the current versions of things I’m using. This isn’t …

+ More Posts +