Je zaújmavé aké myšlienky mi behajú niekedy po rozume, väčšina z nich sa rýchlo stratí v nenávratne, niektoré si zapíšem. Takto mám zapísaných už pár strán a niekedy sa mi podarí danú myšlienku ďalej rozpísať do elektronickej podoby. Vačšina mojich myšlienok nemá uzavretý koniec a nechcem písať o niečom čo nemá začiatok ani koniec. Dnes je to inak aj keď aj táto myšlienka nemá uzavretý koniec.

Iba pár dni dozadu, (19.12.2017) som si viacmennej ako inokedy bezcieľne prehľadával sociálne siete a internet, medzi všetkým tými vizuálnymi bol aj obrázok s dvoma vlkmi a popisom „The wolf you feed is the wolf that wins“ a v duchu si hovorím blbosť a idem ďalej.

Neskôr som si spomenul, že túto myšlienku poznám a ako píšem tento príspevok tak som ten príbeh aj našiel, bohužiaľ iba v angličtine:

 

ONE EVENING, AN ELDERLY CHEROKEE BRAVE TOLD HIS

GRANDSON ABOUT A BATTLE THAT GOES ON INSIDE PEOPLE.

 

HE SAID “MY SON, THE BATTLE IS BETWEEN TWO ‘WOLVES’ INSIDE US ALL.

ONE IS EVIL. IT IS ANGER, ENVY, JEALOUSY, SORROW,

REGRET, GREED, ARROGANCE, SELF-PITY, GUILT, RESENTMENT,

INFERIORITY, LIES, FALSE PRIDE, SUPERIORITY, AND EGO.

 

THE OTHER IS GOOD. IT IS JOY, PEACE LOVE, HOPE SERENITY,

HUMILITY, KINDNESS, BENEVOLENCE, EMPATHY, GENEROSITY,

TRUTH, COMPASSION AND FAITH.”

 

THE GRANDSON THOUGH ABOUT IT FOR A MINUTE AND THEN ASKED  HIS GRANDFATHER:

 “WHICH WOLF WINS?…”

 

THE OLD CHEROKEE SIMPLY REPLIED,

THE ONE THAT YOU FEED

 

 

Tento sobotný deň bol zvláštny a poobede mi v hlave mi behali rôzne emócie a cítil som, že najlepšie riešenie je ísť si prevetrať hlavu von na vzduch. Zobral som si telefón, slúchadlá. Podivný deň si pýta podivné reakcie a tak som si pustiť štýl hudby ktorý som už dlhšie nepočúval. Reakcia bola nečakaná, ako by sa vo mne zobudila iná časť, ktorá dlhšie spala. Nálada bola zrazu veľmi dobrá a v tom sa mi v hlave začal vykresľovať obraz pokojne sediaceho vlka, ktorý ako by sa skladal z dvoch častí ľavá polovica biela, pravá čierna menšia a zdeformovaná. Čím viac sa sústredujem na tento obraz začínam si všímať detaily kotré som si predtým nevšimol. Nerovnosť medzi jednotlivými časťami spôsobila deformáciu na oboch stranách tváre vlka. Ďalej som si všímol, že aj keď čierna časť je menšia v oblasti tváre na druhej strane trupu som si všimol čierne škvrny. V duchu si hovorí, že mi to pripomína simbol Jing-Jang a už viem prečo mi ako prvá myšlienka napadla, že to je blbosť. Ludská osobnosť je zlozitá jednota protikladov a idea, že ak potlačíme jednu svoju časť na úkor tých ostatných mi pripadá ako scestná. Myslím si, že správny spôsob je nájsť tu strednú cestu a hlavne byť samím sebou. Na internete som skúšal nájsť podobný obrázok ako bol v predstavách a toto je asi najviac podobné tomu čo som si predstavoval, aj keď tento vlk je našťastie v rovnováhe.

Ľudská osobnosť je zložitá jednota protikladov (Psychohygiena všedného dna – Ondrej Kondas). Obrázok je reklama pre Mercedes-Benz.

Hlúpa motivačná myšlienka na záver, ktorá sa mi veľmi páči ak sa bude dať chcel by som sa jej držať:

Men need dreams burning inside their hearts! Even if it means struggling every day, never give up! Stand tall! “Live every day with a laugh! As long as you keep challenging the impossible, life will be paradise!”  If You stand up, the path will always open! (Scorpion character, Onepiece anime)

 

Zdroje:

https://www.linkedin.com/pulse/inside-each-us-two-wolves-gianluca-boldarin/

https://wooffy.deviantart.com/art/Yin-Yang-again-oil-painted-70181105

https://wooffy.deviantart.com/art/Yin-Yang-Wolf-31009630

This is just quick shout, but I am so angry now. For me this story started as a very simple thing, today my father deleted one file on his computer and I was trying to help with help of TeamViewer and I am asking myself why people in Microsoft are so incompetent. Please, is this so complicated thinking “if you want to remove some feature be sure users don’t need it and you are replacing missing feature with something better?” I thought they learned their lesson with start menu and Windows 8 but no. The user experience in windows 8 was a joke. I remember I had installed preview version of Windows 8 on my computer at work and asked people if they can show me how to turn off computer or click on non-existing start button to show star menu with mouse, they all failed. With Windows 8.1 they have fixed some UI stuff, but on the other hand managed to kill another good feature OneDrive. Yes with Windows 8.1 it was not possible to use SkyDrive (rebranded to OneDrive later) with local /domain accounts. I learned from this mistake and moved to Dropbox. With Windows 10 Microsoft returned possibility to use OneDrive with local /domain account but I never returned to use OneDrive again.

 

Previous version feature changes in Windows 10 Home/Pro:

Previous version is one of the best features of windows, but most users don’t know that this even exist. But if you need recover deleted file or files locked with crypto-locker, I have found this feature very helpful. Let say it simple users don’t backup their data and in many situations this feature was a magic helper. Microsoft created new feature File History as a replacement for standard windows backup but this feature was not very interesting and not is marked as deprecated. But let’s get to the point, best Information that I have found on this issue was in this Microsoft TechNet post by Emmet Gray:

The Volume Shadow Copy service and the System Restore snapshots feature are alive and well in Windows 10.   The part that’s missing is the GUI that allows you to selectively do a restore on an individual file/folder.  I understand (but have not verified) that only the Enterprise SKUs get this feature in the GUI.

So, that means your files are protected, but the only way to retrieve them is to do a complete restore from a previous Restore Point.   That might be problematic, since it will replace everything that you’ve done on the PC since that time.

However, there are several free 3rd-party applications that will allow you to do a “selective restore” of files/folders.   Personally, I’ve been using Shadow Copy View [1].

Thanks Microsoft now I need to use third party tools to view something that was possible in the past for many years.

 

While I was looking for some information about this issue I have found this NoteWe joke on our team that we’re ordering pizza for one-and-a-half billion people,” Mohammed Samji, a principal group program manager at Microsoft, said in an interview.
In order to serve all of those users, Microsoft wanted Windows 10 to work well for people no matter what interface they chose. Windows 8 was criticized by people who thought that Microsoft had moved too much functionality around in order to accommodate and appeal to users of tablets [2].

So the problem is that the development is targeting everyone on every platform from mobile phones (already dead platform for Microsoft) to tablets, laptops, desktop and console players. With this scope in mind the result can be average at best. Like when you would like to create pizza that everyone could eat, you would need to make compromises for every group, for people that don’t like hot (spicy), vegetarians … and in the end the result would not be very interesting.

 

Useful tools:

Shadow Copy Viewer (NirSoft) –  http://www.nirsoft.net/utils/shadow_copy_view.html
Shadow Explorerhttp://www.shadowexplorer.com/

 

[1] – https://social.technet.microsoft.com/Forums/windows/en-US/2ebc2245-f5a4-4883-9762-f93f8f21d19b/previous-versions-not-working-in-windows-10?forum=win10itprogeneral
[2] – https://www.pcworld.idg.com.au/article/580704/making-windows-10-like-ordering-pizza-1-5-billion-people/

Every time I wanted to build Home lab test server with free version of ESXi Hypervisor I had problems installing a downloading latest version for installation.

If you have standard vmware account but don’t have vcenter license linked to your account, you have problem. While I was trying to install ESXi on unsupported hardware with Realtek NIC I learn how easy you can download and create files for installation and updates. All you need s Power CLI and information about latest patch.

There are multiple good guides how to install PowerCli on Windows (Linux in future).

Creating bootable .iso with last patch is simple:

  • First step is to found correct patch version of ESXi on site VMware ESXi Patch Tracker -> https://esxi-patches.v-front.de/
  • You need to look for correct image profile, in this example i will use ESXi-6.0.0-20170604001-standard
  • Start Vmware PowerCli
  • Add-EsxSoftwareDepot https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
  • Get-EsxImageProfile ESXi-6.0.0-20170604001-standard
  • Export-EsxImageProfile -ImageProfile ESXi-6.0.0-20170604001-standard -ExportToISO -FilePath c:\temp\ESXi-6.0.0-20170604001-standard.iso

In your case replace Image profile ESXi-6.0.0-20170604001-standard with latest profile and change –filepath to place where you want Power CLI to export generated file.

If you just need to create latest ESXi patch bundle (.zip archive) for offline installation you change last step to Export-EsxImageProfile -ImageProfile ESXi-6.0.0-20170604001-standard -ExportToBundle -FilePath c:\temp\ESXi-6.0.0-20170604001-standard.zip

 

This weekend I was attending WUG days in Brno. I was little bit bored so decided that I will try some new stuff with Hyper-V virtualization on my laptop with Windows 10 Ent (1607). I have enabled vTPM and VSM (Credential Guard and Virtualization Based protection of code integrity). After some time, I noticed my notebook CPU fan is running and I don’t do anything with my laptop, all VMs was stopped. Mysterious process with name Virtual machine security process was using 30 % of all CPU resources and CPU was running on highest frequency. Restart didn’t help, turning off Hyper-V service also. I removed vTPM from VM, disabled all VSM setting with GPO, but no change. In the end I found one registry setting on my host computer, that helped me but it was late my battery was already low.

Virtual machine security process high CPU

I think there is some bug, because this high CPU usage is not normal. But in the end I learned many new things:

VSM requires UEFI BIOS and TPM, but in my case Laptop uses Legacy boot. In Virtualized Windows 10 Enterprise Gen 2 machine VSM worked (I did test with mimikatz). Hyper-V is also required by VSM, but on quest computer it worked without Hyper-V and nested virtualization was disabled. System information is really great application for investigating information about Credential Guard. Disabling VSM is little bit problematic, and in the end it’s not always best idea to flash, upgrade system or test new featured when I am out of Office.

sysimfo-allSystem information Host vs Guest (in this case vTPM was disabled and Credential Guard was not working)

 

powershell-nested-vm

Nested Virtualization is disabled for guest OS VM

Credential Guard registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\ RequireMicrosoftSignedBootChain was set to 1.

 

mmikatz VSM

Windows 10 guest OS mimikatz test with event viewer check and system information.

 

Nice info about VSM on older Windows 10 >> http://deploymentresearch.com/Research/Post/490/Enabling-Virtual-Secure-Mode-VSM-in-Windows-10-Enterprise-Build-10130
Hyper-V Nested virtualization >> https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/user_guide/nesting

DFS-R is really great technology, but in production environment it’s critical to monitor health of your DFS infrastructure. You need to monitor free space and backlog files (objects in queue waiting for replication). If you have licensed Microsoft System Center Suite, Operation Manager (SCOM) is maybe the best monitoring tool for DFS, but don’t forget to enable backlog monitoring. If you don’t have monitoring software capable of monitoring DFSR, it’s good to have at least some simple script that will send you some scheduled reports. When looking for one script I found this one >> http://chris-nullpayload.rhcloud.com/2014/08/powershell-script-to-monitor-dfs-replication/, but this script has two problems, it didn’t work correctly when there is an error with replication and this older version is not capable to send e-mail report (Later I found that the author did make a newer version, but in that time I have tested my modified version).

I have modified this script, for weekly e-mail reports, and tried to fix the script in case DFSR replication is in error state. Added disk drive usage and you can use this script to save .TXT report to c:\DFSReports folder.

Understanding DFSR Backlog -> If you create, update, delete some file or folder it’s processed in staging folder and replicated to all partners. In case you have 5 replication partners a modify one file, the backlog count should be 5 and after successful replication with partner decrease by one after some time finish with 0 updates in backlog. Higher number files in Backlog may indicate problem with replication and needs to be investigated.

This is how email report is seen in e-mail client:

dfsr-email-report-2Email report when you have big replication problems 😉

Modified PowerShell script (DFSR.report.ps1):

#_Source http://chris-nullpayload.rhcloud.com/2014/08/powershell-script-to-monitor-dfs-replication/
#_Tested on WS2012R2, powershell 4.0
#_https://technet.microsoft.com/en-us/library/dn296583.aspx
#_MF 6/2016 v1.03
#Line breaks are removed in posts made in plain text format in Outlook https://support.microsoft.com/en-us/kb/287816 !!!
#to do Threshols variables
$RGroups = Get-WmiObject -Namespace "root\MicrosoftDFS" -Query "SELECT * FROM DfsrReplicationGroupConfig"
$ComputerName=$env:ComputerName
$Succ=0
$Warn=0
$Err=0
$ErrInfo=0
$ErrText=''
$EmailHint = ''
#Backlog files count warning
$EmailNotification = 0 #enable (1) or disable (0) e-mail notification
$ExportReporttoFile = 1 #enable (1) or disable (0) saving report to file
$ExportReporFolder = 'C:\DFSReports' #Export Path
$Last7days = (Get-Date).AddDays(-7) #last week date, for eventlog weekly reports</code>

$EmailText ="---------------------------------------------------------------------------------------------`r`nWeekly DFSR report $(get-date -format 'dd-MMMM-yyyy HH:mm')"
$EmailText +="`r`n---------------------------------------------------------------------------------------------`r`n"

Write-Host $EmailText

foreach ($Group in $RGroups)
{
$RGFoldersWMIQ = "SELECT * FROM DfsrReplicatedFolderConfig WHERE ReplicationGroupGUID='" + $Group.ReplicationGroupGUID + "'"
$RGFolders = Get-WmiObject -Namespace "root\MicrosoftDFS" -Query $RGFoldersWMIQ
$RGConnectionsWMIQ = "SELECT * FROM DfsrConnectionConfig WHERE ReplicationGroupGUID='"+ $Group.ReplicationGroupGUID + "'"
$RGConnections = Get-WmiObject -Namespace "root\MicrosoftDFS" -Query $RGConnectionsWMIQ
foreach ($Connection in $RGConnections)
{
$ConnectionName = $Connection.PartnerName#.Trim()
if ($Connection.Enabled -eq $True)
{
foreach ($Folder in $RGFolders)
{
$RGName = $Group.ReplicationGroupName
$RFName = $Folder.ReplicatedFolderName

if ($Connection.Inbound -eq $True)
{
$SendingMember = $ConnectionName
$ReceivingMember = $ComputerName
$Direction="inbound"
}
else
{
$SendingMember = $ComputerName
$ReceivingMember = $ConnectionName
$Direction="outbound"
}

$BLCommand = "dfsrdiag Backlog /RGName:'" + $RGName + "' /RFName:'" + $RFName + "' /SendingMember:" + $SendingMember + " /ReceivingMember:" + $ReceivingMember
$Backlog = Invoke-Expression -Command $BLCommand

#Hint Command example at the end of Email message
$EmailHint += "`r`ndfsrdiag Backlog /RGName:$RGName /RFName:$RFName /SendingMember:$SendingMember /ReceivingMember:$ReceivingMember"

$BackLogFilecount = 0
foreach ($item in $Backlog)
{

if (($item -ilike "[ERROR]*") -and ($item -inotlike "*Operation Succeeded*") )
{
$BacklogFileCount = "[ERROR]"
$Color="red"
$ErrInfo=1
$ErrText+= "$item `r`n"
$Err++
}
elseif ($item -ilike "*No Backlog*")
{
$BacklogFileCount = 0
$Color="white"
$Succ++
}
elseif ($item -ilike "*Backlog File count*")
{
$BacklogFileCount = [int]$Item.Split(":")[1].Trim()
if ($BacklogFileCount -lt 5)
{
$Color="white"
$Succ++
}
elseif ($BacklogFilecount -le 100)
{
$Color="yellow"
$Warn++
}
elseif ($BacklogFilecount -gt 100)
{
$Color="red"
$Err++
}
}
}

Write-Host "$BacklogFileCount updates in backlog $SendingMember-&gt;$ReceivingMember for $RGName" -ForegroundColor $Color
$EmailText += "$BacklogFileCount updates in backlog $SendingMember-&gt;$ReceivingMember for $RGName"
$EmailText += "`r`n"

} # Closing iterate through all folders
#} # Closing If replies to ping
} # Closing If Connection enabled
} # Closing iteration through all connections
} # Closing iteration through all groups

$ReplicationState = Invoke-Expression "dfsrdiag replicationstate -v"

Write-Host "$Succ successful, $Warn warnings and $Err errors from $($Succ+$Warn+$Err) replications.`n"
Write-Host "Updates can be new, modified, or deleted files and folders. Any files or folders listed`nin the DFS Replication backlog have not yet replicated from the source computer"
Write-Host "to the destination computer. This is not necessarily an indication of problems.`nA backlog indicates latency, and a backlog may be expected in your environment,`ndepending on configuration, rate of change, network, and other factors.`n`n"

$EmailText += "$Succ successful, $Warn warnings and $Err errors from $($Succ+$Warn+$Err) replications.`r`n`r`n"
$EmailText += "Updates can be new, modified, or deleted files and folders. Any files or folders`r`nlisted in the DFS Replication backlog have not yet replicated from the source`r`n"
$EmailText += "computer to the destination computer. This is not necessarily an indication of`nproblems.`r`nA backlog indicates latency, and a backlog may be expected in your environment,`r`ndepending on configuration, rate of change, network, and other factors.`r`n`r`n"

Write-Host "File System Free Space on $ComputerName ($(get-date)) `n---------------------------------------------------------------------------------------------"
$EmailText += "File System Free Space on $ComputerName ($(get-date)) `r`n---------------------------------------------------------------------------------------------"
$FreeSpace = psdrive -PSProvider FileSystem |Select-Object root, @{Name="Free (GB)";Expression={"{0:N1}" -f ($_.free / 1gb)}}, @{Name="Used (GB)";Expression={"{0:N1}" -f ($_.used / 1gb)}}, description | ft -AutoSize
$EmailText += $FreeSpace | Out-String
$FreeSpace | Out-String

if ($ErrInfo -eq "1" ) {
Write-Host "DFSR Backlog Errors ($(get-date)) `n---------------------------------------------------------------------------------------------`n"
Write-Host "$ErrText`n"
$EmailText +="DFSR Backlog Errors ($(get-date)) `r`n---------------------------------------------------------------------------------------------`r`n"
$EmailText += "$ErrText`r`n"
}

Write-Host "DFSR replication State ($(get-date)) `n---------------------------------------------------------------------------------------------`n"
$EmailText +="DFSR replication State ($(get-date)) `r`n---------------------------------------------------------------------------------------------`r`n"

$ReplicationState = invoke-expression "dfsrdiag replicationstate -v"
$ReplicationState

$EmailText += $ReplicationState | Out-String

Write-Host "Latest DFSR events (Error, Warning) from $Last7days to $(get-date) `n---------------------------------------------------------------------------------------------`n"
$EmailText += "Latest DFSR events (Error, Warning) from $Last7days to $(get-date) `r`n---------------------------------------------------------------------------------------------`r`n"

$DFSRError = (Get-EventLog -LogName "DFS Replication" -Newest 5 -EntryType Error -After $Last7days | fl timegenerated, entrytype, message | Out-String )
$DFSRError
$DFSRWarrning = (Get-EventLog -LogName "DFS Replication" -Newest 3 -EntryType warning -After $Last7days| fl timegenerated, entrytype, message | Out-String )
$DFSRWarrning

$EmailText += $DFSRError
$EmailText += $DFSRWarrning

$EmailText +="[Hint] You can allways check current DFS-R status with this commands:`r`n---------------------------------------------------------------------------------------"
$EmailText +="`r`ndfsrdiag replicationstate"
$EmailText += $EmailHint

#Send report to e-mail
If ($EmailNotification -eq '1') {

$EmailSubject = "Weekly DFSR report $(get-date -format 'dd-MMMM-yyyy') - ($Err Errors, $Warn Warrnings)"
$EmailRecipients = #"email@contoso.com","email2@contoso.com"
$EmailFrom = "server01@example.com"
$EmailSMTPServer = 'mail.example.com'
$EmailEncoding = [System.Text.Encoding]::UTF7 #UTF7,UTF8,ASCII

Send-MailMessage -To $EmailRecipients -Subject $EmailSubject -From $EmailFrom -Body $EmailText -SmtpServer $EmailSMTPServer -Encoding $EmailEncoding
#Send-MailMessage [-To] &lt;String[]&gt; [-Subject] [[-Body] ] [[-SmtpServer] ] -From [-Attachments &lt;String[]&gt; ] [-Bcc &lt;String[]&gt; ] [-BodyAsHtml] [-Cc &lt;String[]&gt; ] [-Credential ] [-DeliveryNotificationOption ] [-Encoding ] [-Port ] [-Priority ] [-UseSsl] [ ]
}

#save report to file
if ( $ExportReporttoFile -eq '1' )
{
if((Test-Path $ExportReporFolder) -eq $False) #If export directory doesn't exzist, create new directory
{
New-Item -ItemType Directory -Path $ExportReporFolder
}
$ExportFilePath = "$ExportReporFolder\DFSR_report_$(get-date -f yyyy-MM-dd).txt"
Out-File -InputObject $EmailText -FilePath $ExportFilePath -Encoding unicode
}

Download PowerShell Script >> dfsr-report-ps1
Tested with Windows Server 2012R2 + PowerShell 4.0, but it should work on older Windows Server, but it’s not tested ( in WS 2012 Microsoft changed WMI namespace for DFSR so this script need more testing) !!!

If you use MS Outlook it’s good to make this changes, because Outlook mess with line breaks >> https://support.microsoft.com/en-us/kb/287816

 

outlook-fix
Really helpful setting for plain text reports MS Outlook.

 

While checking why our SCCM OSD deployment failed on step Ad computer to domain  I found this error message in c:\Windows\debug\netSetup.log and the solution is simple. Error message 2242 means “The password of this user has expired”, check the user account and set the password never expire option.

You can simply decrypt return messages with this command:

net helpmsg XXXX

domain.join.error.2242

Great article about debugging domain join problems:

http://www.unidesk.com/support/kb/debugging-domain-join-problems-windows-7

In my case google, bing, yahoo didn’t find any solution to this problem, therefore I have decided to write this simple IT post.

NetSetup.log

06/17/2016 14:55:43:157 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0
06/17/2016 14:55:45:610 NetUseAdd to \\domain.name.local\IPC$ returned 2242
06/17/2016 14:55:45:610 NetpJoinDomainOnDs: status of connecting to dc ‘\\domain.name.local’: 0x8c2
06/17/2016 14:55:45:610 NetpJoinDomainOnDs: Function exits with status of: 0x8c2
06/17/2016 14:55:45:610 NetpJoinDomainOnDs: NetpResetIDNEncoding on ‘(null)’: 0x0
06/17/2016 14:55:45:610 NetpDoDomainJoin: status: 0x8c2

There was many problems after upgrading VMware vCenter 5.5 to update 3b if you didn’t upgraded your environment correctly. The vCenter 5.5u3 update (6.0 u1 also), disabled the old and unsecure protocol SSLv3 and this caused many problems. In my case the VMware replication and SRM didn’t worked correctly. Upgrade of replication appliance from version 5.8.0 to 5.8.1 was without problems, but I was unable to upgrade SRM version 5.8.0 to 5.8.1. I tried many possible solution but nothing worked and SRM 5.8.1 installation always ended with the same error „internal error: unexpected error code: -1.“ but I haven’t found any lead to solution (even google didn’t found anything). Thanks to our external support we found that the VMware vCenter Site Recovery Manager Service was not running, and it would not start. Suggestion was to temporary enable SSLv3 and then update SRM to 5.8.1 and this solution worked in the end.

SRM installation error

This is official KB from VMware about SRM not starting (not so helpfull)-> https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2118209

and this is another not very helpful KB from VMware about disabling SSLv3 -> https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2139396

In the end only thing that is needed by SRM to start is enabling SSLv3 on the “VMware Virtual Center Server (vpxd)” – Port 443.

To enable SSLv3:

Open/edit the vpxd.cfg file:

Windows default location: C:\ProgramData\VMware\VMware VirtualCenter\vpxd.cfg

vCenter Server Appliance default location: /etc/vmware-vpx/vpxd.cfg

Before start, create a backup copy of the vpxd.cfg file.

Edit the file to add or remove <sslOptions>16924672</sslOptions> to enable or disable SSLv3 respectively:

<vmacore>
<cacheProperties>true</cacheProperties>
<ssl>
<useCompression>true</useCompression>
<sslOptions>16924672</sslOptions>
</ssl>
<threadPool>
<TaskMax>90</TaskMax>
<threadNamePrefix>vpxd</threadNamePrefix>
</threadPool>
</vmacore>

Save the file and restart the vpxd Service (VMware VirtualCenter Server). After restart of vpxd service, VMware vCenter Site Recovery Manager Server (vmware-dr) service will start correctly and now it’s possible to upgrade SRM to 5.8.1. After upgrade, remove <sslOptions>16924672</sslOptions> from vpxd.cfg to disable SSLv3 and restart vpxd service again.

Veľký Brat vie čo sa tlačí

Tento článok vznikol tak trochu náhodou, ako odpoveď na jednoduchú otázku “Je možné pozrieť ako sa využíva náš Print server?”. V dnešnej dobe stáleho šetrenia nákladov, je to úplne bežná otázka. Nakoniec ma samého prekvapilo aké jednoduché bolo riešenie, ktoré sa skladalo zo zapnutia logovania a pripravenia jednoduchého Powershell skriptu. Nič nie je také jednoduché a jednoznačné ako by sa na prvý pohľad zdá, ale k tomu sa dostanem neskôr. Na obrázku je možné vidieť ako to teda dopadlo, keď sa skript spustí na produkčnom serveri. Skript zobrazí jednoduchý Business report využitia print serveru za posledný mesiac, ktorý je možné odoslať e-mailom a vytvorí aj ďalšie dva textové súbory vo formáte CSV. Tieto obsahujú report vyťaženia všetkých tlačiarní (dátum.AllPrintersReport.csv) a export eventlogu do textovej podoby (dátum.CSVPrintersReport.csv). Skript samozrejme funguje aj klientskych windows (otestované na Windows 8.1, ale aj na počítačoch s Windows vista a novších by mal tiež fungovať).

Summary of printing new blur

Takže pozrime sa na ako nastaviť Windows Server s rolou “Print and Document Service” tak, aby sme mohli robiť pravidelné reporty využitia tlačiarni. Štandardne po inštalácii OS a doinštalovaní vlastnosti tlačovej služby “Print and Document Service” nie je zapnuté logovanie tlačových udalostí “Print Services events” do event logu. Zapnutie logovanie a správne nastavenie veľkosti log súboru nie je zložité;

  • Pomocou GUI: Stačí spustiť Event Viewer (eventvwr.msc), otvoriť priečinok “Applications and Services Logs-> Microsoft-> Windows -> PrintService” Už len zapnúť a nastaviť log “Operational”, pomocou kliknutia pravým tlačítkom myši. Ďalej v nastaveniach tohto logu doporučujem nastaviť veľkosť minimálne 50 MB, ale závisí to od vyťaženia konkrétneho Print serveru.
  • Pomocou CMD (príkaz zapne logovanie a nastaví veľkosť log súboru na 51 MB): wevtutil.exe sl “Microsoft-Windows-PrintService/Operational” /enabled:true /ms:52428800
  • Skriptom (SummaryOfPrinting…): Pri prvom spustení zapne logovanie a nastaví veľkosť log súboru na 60 MB, skript je v tomto prípade potrebné spustiť ako správca.

Podľa mňa ideálne riešenie je naplánovať automatické spúšťanie tohto skriptu napríklad vždy prvý deň v mesiaci o 01:00. Takýmto spôsobom dostanete v štandardnom nastavení, report za posledný mesiac. Zmeniť časové obdobie je možno pomocou premennej -> $LatestEventTime, ktorá definuje aké staré udalosti bude skript spracovávať. Skript si môžete stiahnuť tu >> SummaryOfPrinting.v2.7.ENG.ps1 <<, alebo pozrieť nižšie na tejto stránke.

# Simple Powershell script, Windows Print service Monthly reporting 
# by Michal Fajta, version 0.27 12/11/2014
#
# Tested on Windows Server 2008 R2, Windows 8.1 (Powershell 2.0 and 4.0)
# 
# param ($Computer)
# to Enable Print Server logging -&gt; wevtutil.exe sl "Microsoft-Windows-PrintService/Operational" /enabled:true
# todo progras bar, csv export daily, smtp e-mail 

$ExportPath = 'c:\temp\'
$Computer = "localhost"          #hostname of PrintServer
$TOPcount = '4'                  #define number of highest records (TOP )

#E-mail settings
$SendEmail = $false                     # = $true if you want to enable send report to e-mail (SMTP send)
$EmailTo   = 'user@domain'              #user@domain.something (for multiple users use "User01 &lt;user01@example.com&gt;" ,"User02 &lt;user02@example.com&gt;" )
$EmailFrom = 'Printsevrver Name here'   #automat042@domain 
$EmailSMTP = 'full dns name here' #smtp server adress, DNS hostname.


$HashTableUser = @{}
$HashTablePrinter = @{}
$HashTableDocument = @{}
$CSVExportArray = @()
$LatestEventTime = (get-date).AddMonths(-1) #Last Month (Monthly report), AddDays(-X) for days
$CSVExportArray = "User,Printer,IP port,Pages,RemoteComputer,Document Name,Document Size,Time`n"
$TotalPages = 0
$TotalDocuments = 0

$WinEventXMLFilter = '
<QueryList> 
<Query Id="0" Path="Microsoft-Windows-PrintService/Operational">   
<Select Path="Microsoft-Windows-PrintService/Operational">*[System[(Level=4 or Level=0) and (EventID=307)]]</Select> 
</Query>
</QueryList>'

#Clear-host
Write-Host "Script started at: $(Get-Date)" -ForegroundColor Green

$EventLogCheck = Get-WinEvent -ListLog Microsoft-Windows-PrintService/Operational
if ($EventLogCheck.isEnabled -eq $true ) {

$Events = Get-WinEvent -filterxml $WinEventXMLFilter -Computer $Computer
Write-Host "Total number of PrintService events: $($events.count)" -ForegroundColor Yellow

ForEach ($Object in $Events) {

    $Time = $Object.TimeCreated
    if( $Time -gt  $LatestEventTime ) {
        $DocumentName =$Object.Properties[1].Value
        $User = $object.Properties[2].Value
        $Printer = $object.Properties[4].Value
        [int]$Pages = $object.Properties[7].Value
        $IPport = $object.Properties[5].Value
        $PrinterPLUS = $Printer +' port:(' + $IPport +')'

            #User Hash Table
            if ($HashTableUser.Contains($User)) {
                $Sum = $HashTableUser.Item($User)
                $Sum += $Pages
                $HashTableUser.Item($User) = $Sum
            }
            else {
                $HashTableUser.Add($User,$Pages)
            }
               
            #Printer Hash Table
                if ($HashTablePrinter.Contains($PrinterPLUS)) {
                $Sum = $HashTablePrinter.Item($PrinterPLUS)
                $Sum += $Pages
                $HashTablePrinter.Item($PrinterPLUS) = $Sum
                }
                else {
                $HashTablePrinter.Add($PrinterPLUS,$Pages)
                }

                     #Document Hash Table
                    if ($HashTableDocument.Contains($DocumentName)) {
                    $OrigDocument = $HashTableDocument.Item($DocumentName)
                        if ($OrigDocument -lt $Pages){
                        $HashTableDocument.Item($DocumentName) = $Pages
                        }
                    }
                   else {
                   $HashTableDocument.Add($DocumentName,$Pages)
                   }       

        $RemoteComputer = $object.Properties[3].Value
        $DocumentSize = $object.Properties[6].Value
              
        $CSVExportArray += "$user,$printer,$IPport,$Pages,$RemoteComputer,$DocumentName,$DocumentSize,$Time`n"

        $TotalPages += $Pages
        $TotalDocuments++
        $OldestTime = $Time

    }
}

Write-Host "`nTOP $TOPcount USERS (Ordered by Total number of printed pages):" -BackgroundColor Black
$TopUsers = $hashTableUser.GetEnumerator() | Sort-Object Value -descending | Select-Object -First $TOPcount | ft @{Expression={$_.Name};Label="User";width=30}, @{Expression={$_.Value};Label="Pages"} #-AutoSize
$TopUsers 

Write-Host "Top $TOPcount PRINTERS (Ordered by Total number of printed pages):" -BackgroundColor Black
$TopPrinters = $hashTablePrinter.GetEnumerator() | Sort-Object Value -descending | Select-Object -First $TOPcount | ft @{Expression={$_.Name};Label="Printer Name + port";width=73}, @{Expression={$_.Value};Label="Pages"} #-AutoSize
$TopPrinters 

Write-Host "Top $TOPcount LARGEST DOCUMENTS (Ordered by number of pages):" -BackgroundColor Black
$TopDocuments = $hashTableDocument.GetEnumerator() | Sort-Object Value -descending | Select-Object -First $TOPcount | ft @{Expression={$_.Name};Label="Document Name";width=73}, @{Expression={$_.Value};Label="Pages"} #-AutoSize
$TopDocuments

$ExportPathTOP = $ExportPath + $(get-date -format yyyy.MM.dd ) + '.TOPPrintersReport.txt'
$ExportPathCSV = $ExportPath + $(get-date -format yyyy.MM.dd ) + '.CSVPrintersReport.csv'
$ExportPathPRT = $ExportPath + $(get-date -format yyyy.MM.dd ) + '.AllPrintersReport.csv'

$CSVExportArray | Out-File -FilePath $ExportPathCSV -Force

$AllPrinters = $hashTablePrinter.GetEnumerator() | Sort-Object Value -descending | Select-Object -Property Name, Value
$AllPrinters | Export-csv -Path $ExportPathPRT -NoTypeInformation -Force

$TopUsers | Out-File -FilePath $ExportPathTOP -Force
$TopPrinters | Out-File -FilePath $ExportPathTOP -Append
$TopDocuments | Out-File -FilePath $ExportPathTOP -Append
"Total Number of printed pages (All Printers): $TotalPages" | Out-File -FilePath $ExportPathTOP -Append
"Oldest Print Server EventLog: $OldestTime" | Out-File -FilePath $ExportPathTOP -Append

Write-Host "_______________________________________________________________"
Write-Host "Script execution end Time: $(Get-Date)" -ForegroundColor Yellow
Write-Host "Total Number of documents printed (All Printers): $TotalDocuments"
Write-Host "Total Number of printed pages (All Printers): $TotalPages"
Write-Host "Oldest Print Server EventLog: $OldestTime"

# Send e-mail with reports as attachments
# http://ss64.com/ps/send-mailmessage.html
if ($SendEmail -eq $true) {

$EmailSubject = "[AUTO] Print Server Monthly Report $(get-date -format MM.yyyy)"
$EmailBody = "Print Server Monthly Report $(get-date -format MM.yyyy) (last Month).`n`nYours sincerely`nAutomat042"

Write-Host "Sending e-mail to $EmailTo from $EmailFrom (SMTPServer = $EmailSMTP) " -ForegroundColor Yellow

Send-MailMessage -To $EmailTo -From $EmailFrom -Subject $EmailSubject -Body $EmailBody -SmtpServer $EmailSMTP -attachment $ExportPathCSV, $ExportPathTOP, $ExportPathPRT # -useSSL

} #if $SendEmail = $true ....
} #if $EventlogCheck.is Enabled ... end

else { # else EventlogCheck.is not Enabled, inspirated by http://poshcode.org/5191 by KevMar 4
Write-Host "Print Service Logging is not enabled .... Trying to enable logging with log file size = 60 MB" -ForegroundColor Yellow
Write-Host "This action requires Administrator rights to modify eventlog settings !!"

$EventLogCheck  | %{$_.IsEnabled = $true; $_.MaximumSizeInBytes=60MB; $_.LogMode = "AutoBackup"; $_.saveChanges()}
} #else 

Nič nie je také ako sa zdá

Na začiatku som sa zmienil, že to nie je také ľahké ako sa na prvý pohľad zdá. Problém spočíva v tom, že takto je možné zistiť ako je vyťažený print server, ale nemáte kontrolu nad tým kto a ako tlačí, kopíruje priamo na tlačiareň. Keďže toto sú veci, ktoré je potrebné v niektorých prípadoch zohľadniť. Jednoduchým riešením môže byť sieťové obmedzenie tak aby bolo možné tlačiť iba z IP adries print serveru (ale toto riešenie nie je podľa mňa ideálne). Zaujímavým riešením na väčšine moderných multifunkčných zariadení je použitie overenie používateľa napríklad na základe PIN kódu, v niektorých prípadoch sa zase využíva vlastnosť „secure printing“, kde sa tlačová úloha vytlačí až po zadaní overenia na tlačiarni (napr. PIN). Najzaujímavejšie môžu byť špecializované produkty na monitoring a správu tlače. V tomto smere nemám ale dosť skúsenosti aby som ich popisoval a hodnotil. Spomeniem iba u nás málo známi produkt Hawlett-Packard Web JetAdmin. Hlavná výhoda Web JetAdmin, že je zadarmo a do určitej mieri funguje aj na tlačiarňach od iných výrobcov ako HP (otestované mám niektoré tlačiarne Oki, Sharp, Ricoh). Osobne vidím WebJet Admin ako vhodný doplnok, v ktorom je vidieť údaje priamo zo zariadení/tlačiarni (počet vytlačených strán, rozdelenie farebné/čiernobiele, duplex, skenovanie, …). Web JetAdmin predstavím iba na pár obrázkoch z testovacej prevádzky, keďže správe tlačiarni ani skriptovaniu v Powershelli sa nevenujem. Na záver by som ešte chcel poďakovať Borisovi G. za pomoc pri vytváraní skriptu, HASH tabuľky nie sú moja silná stránka.

 

wjadmin01.blur

Pohľad na konzolu HP Web JetAdmin, stav tonera/papieru na tlačiarni OKi ES8460 MFP.
Zaujímaví je aj pohľad na položku „Engine cycle count“, ktorá zodpovedá celkovému počtu vytlačených strán.

 

wjadmin02.blur

Príklad mesačného reportu z dvoch tlačiarní, na tlačiarni Ricoh je možné vidieť iba celkový počet strán.

 

Patrím medzi ľudí, ktorý od detstva snívajú o nekonečnom, tajomnom vesmíre a budúcnosti, ktorá nám dovolí odhaľovať jeho skryté tajomstvá.  Sci-fi seriály a filmy ako Star Trek, Babylon 5, Star Gate a Hviezdne vojny patrili k mojim najobľúbenejším. Dnes už mám niektoré veci iné názory ako v detstve, ale zaujímavé novinky z vedy a techniky ma dodnes fascinujú. Tak tomu je aj dnes, keď mi radosť spravil mini projekt NASA.

Mier ako si ho ľudia predstavovali po skončení druhej svetovej vojny dlho nevydržal, začala studená vojna a preteky v zbrojení. Novinkou bolo dobíjanie vesmíru, ktoré slúžilo ako propaganda na oboch stranách. Ľudstvo robilo veľké pokroky, ale toto tempo bolo dlhodobo neudržateľné. Skončením studenej vojny ako keby pre politikov prestalo byť dobývanie vesmíru zaujímavé a nastalo prirodzené spomalenie. Laicky mi to pripomína ekonomické cykly.

Po menšej prestávke sa začína aj vďaka projektom ako SPACE X a ľudom, ktorý vkladajú do týchto vysoko rizikových projektov peniaze nová éra. Do vesmíru sa pomaly dostávajú aj súkromné spoločnosti.

Pobyt vo vesmíre nebude ani v budúcnosti záležitosť pre každého, ale najväčšou prekážkou bude zo začiatku cena. Nám snílkom zostávajú sny a virtuálna realita. Som fanúšikom počítačovej hry Star Citizen, ktorá je zatiaľ známa iba ako najúspešnejšej komunitne financovaná hra. Aktuálne Star citizen vyzerá zvláštne, na jednej strane chcú poskytnúť hráčom najväčšie možné priblíženie realite na druhej strane nechcú búrať klišé o vesmíre aké poznáme zo Sci-fi filmov a seriálov. Preto má Star Citizen dobre nastavený engine a realisticky simuluje pohyb vo vesmíre, na druhej strane mám z aktuálneho diania okolo tejto hry dojem ako by to bol simulátor lietadiel z druhej svetovej vojny vo vesmíre.

Prekvapenie u mňa nakoniec nevyvolal Star Citizen, ale projekt laboratória  NASA Eagleworks. Tým pod vedením „Dr. White“ sa zaoberal vzorcom, ktorý sformuloval Miguel Alcubierre v článku “The warp drive: hyper-fast travel within general relativity [1]”, ktorý bol vydaný v roku 1994. Teoreticky nie je možné prekonať rýchlosť svetla, navrhnutý Warp pohon vytvára oblasti v ktorých sa komprimuje a expanduje časo-priestor. Expandujúci časoprietor tlači vesmírnu loď dopredu. Pomocou kruhov je vytvorená okolo vesmírnej lodi Warp bublina ktorá presúva časopriestor okolo objektu. Fyzikálne tomu vôbec nerozumiem, ale zaujímavé je že posádka, ktorá by bola vo vnútri Warp bubliny by pri pohybe Warpom nepociťovala spôsobené zrýchlenie.  Myšlienka Warp pohonu mala ale háčik, na presun by bola potrebná energia, ktorá je porovnateľná s energiou, ktorú ma planéta Jupiter (1.9 × 1027 kg)[2].

Warp Teory

Tým okolo Dr. Whitea sa zameral na optimalizáciu a dospel k záveru, že by bolo možné za určitých okolností znížiť energetické požiadavky na 1600 pounds “mass-energy” (energia ktorá podľa vzorcu Energia = hmotnosť · (rýchlosť svetla)²  je skrytá v približne 727 kg hmoty). Stále je to, ale veľké množstvo energie, len pre predstavu v 1 g hmoty sa podľa týchto prepočtov nachádza 25 GW/h energie [3].

Ukazuje, že toto riešenie má viacero prekážok, ktoré bude potrebné v budúcnosti prekonať. Na prekonanie rýchlosti svetla budú potrebné častice, zo zápornou energiou. Ďalším problémom, že by sa pri lete nad svetelnou rýchlosťou zbierali vysoko energetické častice, ktoré by pri spomalení na pod svetelnú rýchlosť uvoľnili. To čo ma ale najviac zaujalo sú vizualizácie vesmírnej lode, ktorá bol navrhnutá s Warp pohonom, ktorý optimalizoval tým „Dr. White“.

 

Video: https://www.youtube.com/watch?v=9M8yht_ofHc

 

Vesmír: konečná hranica. Toto sú lety vesmírnej lode Enterprise, ktorá má trvalé poslanie. Skúmať cudzie nové svety, vyhľadávať nové formy života a nové civilizácie, ísť neohrozene tam, kam sa ešte človek nedostal.

IXS Enterprise 01

IXS Enterprise 02 by Mark Rademaker

IXS Enterprise 03 by Mark Rademaker

Space Ship  by Mark Rademaker

 

[1] http://iopscience.iop.org/0264-9381/11/5/001

[2] http://io9.com/5963263/how-nasa-will-build-its-very-first-warp-drive

[3] http://en.wikipedia.org/wiki/Mass%E2%80%93energy_equivalence

https://www.flickr.com/photos/123021064@N05/sets/72157644113972600/

http://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/20110015936.pdf

http://io9.com/heres-nasas-new-design-for-a-warp-drive-ship-1588948192

http://sploid.gizmodo.com/holy-crap-nasas-interplanetary-spaceship-concept-is-fr-1589001939/1589277571/+jesusdiaz

http://www.universetoday.com/93882/warp-drives-may-come-with-a-killer-downside/#ixzz34HJTDkWl

Nie som bezpečnostný expert, ale pre pár dňami (8.Apríl 2014) bola v médiách správa o závažnej chybe, ktorá dostal pomenovanie „Hearthbleed“. Ide vraj o najzávažnejšiu bezpečnostnú chybu posledných rokov. Rozhodol som sa, že sa na to aspoň laicky pozriem a zostal som zaskočený.

O čo ide ?

O bezpečnosti dát prenášaných internetom sa toho už dosť hovorilo, ale mam dojem ako by sme boli nepoučiteľní. Ľudia na svojich stránkach, sociálnych sieťach dávajú verejne o sebe viac informácii ako vedia ich najbližší a s radosťou sa pripoja na hociktorú verejnú Wi-Fi sieť len aby sa pripojili na internet, ktorý sa stal súčasťou ich každodenného života. Našťastie väčšina služieb už využíva vytváranie „bezpečného“ zašifrovaného kanálu pomocou technologických štandardov ako TLS/SSL. Stalo sa to, že objavili ľahký spôsob ako ukradnúť citlivé dáta zo serveru, bez toho aby si to niekto všimol. Medzi týmito údajmi sa mohli nachádzať a kľúče ktoré boli používane na zabezpečenú komunikáciu.

We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication (herthbleed.com).

Tell me the truth doctor, how bad is it? -> On a scale of 1 to 10, I would say 11. I’m still busy with dealing with crap on my servers. I did an attack together with a colleague on a server under our own control and within minutes we had logins and passwords. Dealing with this crap means not only updating your openssl libraries (the easy part) but also creating new certificates and dealing with the CA (the annoying part). I have to revoke my old certficates, create a new private key, create new CSR, upload them to the CA to sign them and finally replace the certificates on the servers when the CA has does his job. When it comes to security bugs, this one is going to be a candidate for a top spot in the history books („realy funny comment“)

 Týka sa ten problém aj mňa ?

Tento problém sa týka skoro všetkých používateľov internetu. Bol objavený v slobodnej implementácii OpenSSL (1.0.1-1.0.1f), ktorá je vo veľkej miere používaná na serveroch s APACHE a NGINX. Uvádzam iba pár internetových stránok o ktorých sa vie, že boli postihnuté touto chybou:

Yahoo.com, Flickr.com, seznam.cz, sme.sk, econimist.com, privatbank.ua, lonelyplanet.com, worldoftanks.com, rapidshare.com, czfd.cz, vodafone.co.uk, zive.cz, Tumblr,  …. tisíce ďalších.  Postihnuté boli viaceré služieb od Google, ako Gmail, Youtube, … Keďže chybu objavil Neel Mehta z Google Security tak sa dá predpokladať, že služby Google boli medzi prvými, ktoré boli opravené.

Našťastie väčšina bánk u nás a v Českej republike vyhlásili, že ich sa tento problém netýka.

Webové stránky nie sú jediné postihnuté viacero významných firiem už ohlásilo, že niektoré ich produkty môžu byť postihnuté týmito chybami (Cisco, Juniper, F5, VMWare, …).

Samozrejme sa nedá zabudnúť ani používateľov Linuxových distribúcii, pretože OpenSSL je ich súčasťou. Pravdepodobne jediná verzia Android 4.1.1 je postihnutá a google už vydal opravu.

Čo sa dá teraz robiť ?

Teraz objavená chyba je súčasťou OpenSSL od verzie 1.0.1 vydanej v marci 2012. V podstate už asi nikdy sa nezistí aké veľké je množstvo uniknutých dát. Teraz to je hlavne na Systémových administrátoroch, ktorý majú na starosti postihnuté servery. Z užívateľského pohľadu treba predpokladať, že už došlo k úniku a ideálne riešenie je zmeniť si používateľské heslá. Z bezpečnostného hľadiska je ideálne ak si používatelia menia heslá pravidelne a používajú viacej dostatočne komplikovaných hesiel pre rôzne služby, na druhú stranu málokto tieto bezpečnostné rady dodržiava (snažím sa, ale ani ja).

Ako sa to mohlo stať ?

Určite sa nájdu viacerí ľudia, ktorý budú obviňovať Americké tajné služby, ale ja si myslím že vysvetlenie je jednoduché a to ľudská chyba. Sám autor Robin Seggelmann priznal, že to bola neúmyselná chyba.

‘Unfortunately’ missed

Dr Seggelmann, of Münster in Germany, said the bug which introduced the flaw was “unfortunately” missed by him and a reviewer when it was introduced into the open source OpenSSL encryption protocol over two years ago.

“I was working on improving OpenSSL and submitted numerous bug fixes and added new features,” he said.

“In one of the new features, unfortunately, I missed validating a variable containing a length.”

After he submitted the code, a reviewer “apparently also didn’t notice the missing validation”, Dr Seggelmann said, “so the error made its way from the development branch into the released version.” Logs show that reviewer was Dr Stephen Henson.

Dr Seggelmann said the error he introduced was “quite trivial”, but acknowledged that its impact was “severe”.

 Je a bola chyba Hearthbleed zneužívana ?

Na túto otázku sa ťažko odpovedá. Napríklad článok na http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html píše, že Americká NSA o tejto chybe vedela, na druhu stranu Americká vláda aj NSA použitie tejto chyby oficiálne popreli. Skutočnosť sa už asi ťažko dozvieme.

Ako to funguje ?

Odpoveď na túto otázku tu nenájdete, je viacej dobrých technických popisov tejto chyby. Jeden s tých lepších je na stránkach root.cz. Ale žiaden článok to nevysvetlí lepšie ako dobrý komix (xkcd).

[image loading]

Odporučenie do budúcnosti

V tomto prípade platí obľúbená veta seriálového hrdinu MD. House, „všetci klamú“ a podľa toho sa aj správať. Väčšina riešení si nemôže dovoliť bezpečnostný audit svojho kódu a tak nám zostáva iba dôverovať nedôveryhodným.

 

Zdroje:

 

http://heartbleed.com/

http://www.root.cz/clanky/heartbleed-bug-vazna-zranitelnost-v-openssl/

https://www.schneier.com/blog/archives/2014/04/heartbleed.html

http://www.smh.com.au/it-pro/security-it/man-who-introduced-serious-heartbleed-security-flaw-denies-he-inserted-it-deliberately-20140410-zqta1.html

http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html

https://github.com/musalbas/heartbleed-masstest/blob/master/top10000.txt

http://googleonlinesecurity.blogspot.cz/2014/04/google-services-updated-to-address.html

http://article.gmane.org/gmane.os.openbsd.misc/211963

BUG