Whoa, two NetWare posts in one day. I must be making an effort to counteract what I was complaining about in my previous post about Novell news disappearing.
Adrem makes a remote console for NetWare formerly called Freecon, which was free. I just noticed via iDogg’s blog that it’s no longer free, and has been renamed Litecon. You can’t download the Freecon installer anymore. They’ve decided to start charging $500 for a product that they formerly gave away for free. Nice.
iDogg also makes a great point how a little third-party utility for managing a part of an OS that costs more than the whole OS it manages makes no sense.
2008-07-04
I read a tonne of tech news via RSS in Google Reader. I subscribe to various IT-related feeds and planet feeds. I used to often see Novell-related news in my feeds. In the last year or so these have dwindled to the occasional IDM story or something to do with SLES in data centres, which doesn’t really interest us too much. We were strong NetWare / OES customers, Border Manager users, GroupWise and Zenworks and everything red. We’re still tight with GroupWise, but the rest of the stuff is losing it’s lustre for us.
This has occurred coincidentally with Novell stopping marketing to us directly, and disappearing from our market space. They’ve stopped addressing our market requirements in their shift to data center Linux. We still use their products, but we don’t feel like they are connected with our market anymore. We actually get cold sales calls on stuff we don’t care about from them every once in a while now, while we haven’t heard from our actual sales rep in a year. The only direct contact we get from them where they act like they know who we are anymore is for auditing and billing.
It was a good run while it lasted, anyways.
2008-07-04
After this happened, I went into the configuration of the network firewall in front of our spam firewall and told it to drop connections from blissultra.com and newvega.com. Here’s the result. This is the hourly mail stats from our Barracuda. The blue is the “rate-controlled” rejected spam from the spam hosts.
You can almost hear the spam firewall going “Ahhh”.
2008-02-29
Yesterday we exceeded our previous spam record by 20%. We received 58,000 spams yesterday. The scary part is that we only set the previous record six days earlier, at 48,000. I don’t think we can sustain that rate of increase for too long before our spam firewall melts. It’s still ticking over at less than 10% utilization, but who knows if there could be a rate that would be a tipping point, after which it would suddenly leap up to maximum utilization and stop keeping up.
The problem is the massive flood of spam coming from the domain name newvega.com. The spammers have recently added a new spamming source at blissultra.com. Today we’re getting hammered with about 12 to 15,000 per hour.
I just modified the firewall in front of the Barracuda to reject connections from blissultra.com and newvega.com. It’s already lightening the load on the Barracuda quite a bit.
Spammers can die in a fire, please.
2008-02-28
Yesterday we set a new company record for incoming emails. We received 50,060 messages on Feb 21. Of those, 3701 were legitimate emails and the other 46,359 were spam and viruses. Over 19,000 came from one email address: Platinum_Partner_January@newvega.com. Note to spam harvester robots: Please harvest Platinum_Partner_January@newvega.com and spam the bejeezus out of it.
Throughout this barrage, our Barracuda spam firewall allowed a single message from Platinum_Partner_January@newvega.com to come through, and blocked the rest of the 19,000. Barracuda spam firewalls are worth their weight in bandwidth charges.
That is all.
2008-02-22
I have a Thinkpad R40 that’s been kicking around since about mid 2004, I think. It’s been a great laptop. It’s rugged, speedy, reliable, runs Linux great, and even works with Solaris. I also love the superior keyboards of Thinkpads, being something of a keyboard snob. Sadly, something is wrong with the wired ethernet subsystem. I intermittently lose the wired ethernet connection. It happens in Windows, Linux, and Solaris, so it’s not a driver issue. It’s not just the port, because the problem occurs with the docking station too. The wireless adapter still works normally, but we don’t have wireless network access to our internal networks, so it’s tough to use it for work.
If I can’t figure out what’s going on with it, I will be sad to see the old workhorse go. Hopefully I can replace it with another Thinkpad, or dare I say it, a Macbook Pro (gasp).
2008-02-21
I had just read an article about czechnology on somebody else’s blog today, when we experienced a wonderful improvised and somewhat hackish solution in our own environment. I have been working with Lyle from Longview systems on setting up a pilot of a network access control infrastructure that locks computers out of the network at the switch until they meet the virus scanner, malware scanner and Windows patch currency policy.
The system we are looking at is of course designed for a Windows Server / Active Directory environment, so it is not obvious getting it working with a Novell environment. With Windows desktops and servers, the NAC will do pass-through authentication, so when you boot up, you are on the untrusted network, you authenticate to AD via pass-through on the NAC server, the NAC agent runs and verifies you meet policy, then flips you onto the trusted network, at which point you run your login script and go to work. With NetWare / Open Enterprise Server, you can’t defer the login script, and if you allow enough traffic from the untrusted network to the trusted network to get users authenticated, they can also access data on the server, because authentication and data access via Novell core protocol uses the same ports. Allowing data access while the workstation is still in the untrusted network defeats the purpose of the NAC.
When Lyle and I were discussing the conundrum, Lyle mentioned that you can change the security configuration on the NAC server between the time the user logs in and the time the NAC agent starts to check your workstation for policy compliance. That led to the idea that we could allow the user access to eDirectory from the untrusted network before they login, so that the login could work and the login script could run. Then, when the user had logged in and all the drive mapping had been done, the NAC agent starts up and the NAC server revokes access to eDirectory and NCP protocol, effectively blocking the user from using the mapped drives. Then, after remediation, the workstation flips into the trusted network, and grabs a new IP address. The Novell client stays connected, and all those drive mappings suddenly work again. A nice clean but hackish solution!
2007-12-18
We’re getting going (rather late in the year) with a pilot of a network access control system. Essentially, the system prevents network access to devices that don’t meet policy regarding virus scanners, malware detectors, and patches. When a computer boots up, the access control system dumps it onto an untrusted network. From there, the computer can only see sufficient resources to get itself patched and up to standards according to our security policy. Then, when the access control system is satisfied with the state of the computer, it flips it onto the trusted network, and the system gets a new address and starts working normally.
This kind of system requires some pervasive changes to our network infrastructure, and integrates to our machines at the login level, so we’re doing the pilot to make sure that it will do all the things we need from it before we commit to a rather large expense. The intent of it is to reduce the impact and slow the spread of an outbreak of viruses or malware caused by inadvertently unpatched software or out-of-date virus scanners or malware detectors.
2007-12-13
Last week we had training at work on “Service Excellence” which focussed on providing exemplary customer service, to both internal and external clients. While the content was interesting and of some value to all in attendance, that isn’t the topic of this post.
The topic of this post is something else that happened to me for the first time ever. In the group of 20 or so randomly selected employees, I was the most senior employee (in terms of service in the company, not age) by some five years (15 total in the company) over the next longest serving employee. That was very weird, especially since I sat in the middle of a group of 20-somethings who averaged about 1.5 years with the company. We have a lot of really long-term employees in the 20, 25 and even 30 years range, so it’s unusual for me at 15 to be the most senior in any given group of staff.
I feel pretty good about my 15 years here. I’ve learned a lot, worked with some really smart people and good clients, made decent money, and gotten to do some interesting work. I also have a good group at the moment, with some hard working and dedicated guys. So far so good.
2007-12-10
We have a company that’s full of engineers. Not software engineers,but civil and structural and mechanical and electrical and automation engineers. It’s not a technically un-savvy company by any means. However, in my experience, engineers tend to be extremely focussed in their technical acumen and (sometimes) surprisingly ignorant in other technical areas, especially information technology. There are some notable exceptions in our company, especially among automation engineers, transportation engineers and GIS people. In fact, transportation engineers, as a group, were the first really computerized engineering discipline back in the day before there were computers on every desk, just because of the nature of their work designing highways.
That said, I was surprised and pleased to receive my first request for a corporate internally facing blog from an end user today. I think most of our staff don’t know what a blog is, much less actually knowingly read any, and much much less want to write one. I guess I’m off to work preparing my first internal WordPress server. We’ll probably need some kind of internal image and file host for it too.
2007-07-06
