Monday May 20th, 2019 14:15 The Case of the Unrestorable AD Account

So, funny thing happened to me today.

By “funny” I mean “so maddening I wanted to execute the original programmer so the evil bastard can’t breed.”

So, you know how when you delete an Exchange mailbox, the only warning it gives you is:

Do you want to delete “XXX”?

Turns out that also deletes the AD account.

Wait. Check that.

It instantly deletes and recycles the AD account, bypassing the tombstone waiting period.

So, I had cause to restore one this morning and I usually:

1. Open up LDP, connect everything and grab the GUID
2. Open up AD PS and run get-adobject with the -includedeleteditems switch, to make sure it’s still there
3. Restore-adobject -identity “[GUID]” [other necessary junk]

Simple.

Except I’m getting ‘Directory object not found’ or ‘Illegal modify operation’ or, ‘The requested delete operation could not be performed’ when I was ready to give up and kill the whole thing.

So, literally the only reasonable thing you can do, whether the account was deleted in Exchange on purpose or not, is to adjust the tombstone lifetime to 1, then wait until tomorrow. There’s a nice, straightforward guide on that here, if you’re not familiar.

And on another note, exactly how stupid is it that “isrecycled=true” means that something is no longer in the recycle bin. It makes logical sense with an *actual* recycling bin, as recycled items have to be removed first, but flies directly in the face of decades of training – from the same company – to read “recycled” as ‘still available somewhere’ while the word for ‘nope, you’re not getting that back’ is “deleted.”

Now, I know I could go through authoritative restore, but that was entirely too much to do after I’d wasted so much time on this nonsense, leaving it outside the parameters of “reasonable.”

In: Computers, How ToNo Comments

Monday April 29th, 2019 12:35 The Spamvengers: Stupidgame

So, one of my users just got a phishing email from a lazy-ass cred thief.

It was fairly well composed, HTML-wise. So, I’ll give them that. But OMFG how could you completely fall down on the job with everything else? For instance:

The second dir I obfuscated because it’s the name of the supposed sender. I’m gathering this twit got a hold of their account and copied out the contacts list for this little endeavor.

But, seriously? Block directory listing, you imbecile.

Because that inevitably leads to someone clicking through and finding a handy zip of all your PHP. And that leads to them finding a plain text copy of the emails you were having all the credentials sent to:

And that leads to no one caring about obfuscating your address, since you’re a spammer dickhead. Or using online services to flood your inbox for hours on end.

I don’t know what dastardly individual would do that second part, though.

Oh, that’s right.

In: Computers, How ToNo Comments

Friday April 19th, 2019 14:37 Computer illiteracy is not cute, and you have no excuse

“Sorry, I’m not very good with computers.”

get-out-GIF

I am formally declaring that the time period in which this is an acceptable statement or sentiment is officially over.

There are a number of legitimate reasons why someone doesn’t know how to use a computer, and all of them are socioeconomic or a result of governmental/racial/situational oppression or unavailability of the physical means. None of what I’m saying applies to people in such scenarios. At all.

Thankfully I didn’t run into the encounter that inspired this post at work. This was a nice person, who I actually like.

But whomever it is, I still see the same thing in my head:

what_year_is_it

..except in no way funny.

There are so many ways to learn how to use a computer that there was at least one scammy computer-teaching company that kept its doors open for 20 years. There are thousands of legitimate services to teach you how to use one, and there is virtually zero stigma against not already knowing how – absolutely zero if you have so much as a whiff of white hair.

While many people got through the 18th and 19th centuries skipping out on learning to read, it was a lumberingly slow progression. Character (meaning letters) writing is thousands of years old. It took half a millenium for the world to move from movable type to ‘most people own at least one book.’

It took about 60 years after the computer’s invention for us to start carrying an access card to the entirety of human knowledge (and stupidity) in our pockets. Computers now control the world’s money, nuclear arsenals, transportation systems, electrical grids and water delivery pathways. And those are just the one with which almost none of us will ever interact.

There is no reasonable comparison for how chart-toppingly foolish it is not to at least know some fundamentals. My aforementioned inspiration couldn’t figure out how to open a web browser. Why? Because there wasn’t a link on the desktop.

So, no, it is no longer cute. It is no longer okay if you’re over 50. It is not a quirky character trait. It’s not you being ‘traditional’ or ‘preferring paper.’

It is you being pathetically inept at even the most basic interaction with that which controls the world around you, and doing so voluntarily, often with a twisted sense of pride about it.

And just because it reminded me, I leave you with this:

In: Computers, OtherNo Comments

Friday February 1st, 2019 12:48 We don’t need no stinking expert

Gotta love users:

User: Is this email legit? [Automated message from OneDrive about deleting a bunch of files recently]

Me: I’m not 100% sure about these links [odd tracking redirect domain], did you recently delete a bunch of files?

User: Not that I recall.

Me (after checking their account’s recycle bin): Oh, it turns out you deleted folder X, which did have a bunch of files in it, hence the email.

User: Oh, that only had like 7 pictures in it, maybe it was because of the size.

Me (in my head): No, you’re probably right. Your completely amateur guess as to the cause of receiving an email with the subject line “Heads up! We noticed that you recently deleted a large number of files from your OneDrive” seems like it’s far more plausible than the explanation of the professional who actually went in there and checked to confirm that you did exactly what it said you did, not to mention the, you know, words in the email.

And, on a personal note, I do ever so love it when users give me the ol’ “I’m going to treat your statements of fact as no more reliable than the forecasts of Meterorologist Stumbly McMorningdrinker.”

In: ComputersNo Comments

Thursday December 13th, 2018 14:38 Okay, now that’s pretty cool

A few years ago, I started the interminable process of prying DFS out of my network because the whole desktop mapping functionality was gone sideways.

Not the usual ‘user doesn’t even know this is there and is confused when they’re offline and can’t use the desktop’ (which is, in and of itself, stupid). Not the usual ‘offline files aren’t working properly or didn’t have time to upload properly.’

No, more like ‘desktop just didn’t load for no apparent reason and there’s no connectivity problem nor is there anything in any log anywhere.’

At the time, a couple users were being annoyed by OneDrive for Business popups all the time. It had come in with the latest version of Office and MS was really pushing cloud hard – not that they’ve since changed that tune.

So, I had a brilliant idea: ditch DFS and make OneDrive stop barking at people by actually using it.

I decided to re-map their desktop and documents folders through OneDrive and the implementation was an instant hit. Everyone loved it. I started telling all my friends to do it, and it was a hit for them as well.

So I was more than just a bit amused when I was setting up GPO for my new network and saw some interesting new policy options. That’s when I opened my own install to find this:

I knew I couldn’t have been the only one to come up with that idea.

In: ComputersNo Comments

Thursday November 15th, 2018 13:27 X1 Yoga fan and the MacGyver option

It appears that some of the fan casings for the 2nd-gen X1 Yoga didn’t receive the care and attention they deserved at the manufacturing plant. The little plastic clips that connect it to the copper plating are sometimes the wrong size, or simply don’t clip at all.

This, of course, results in a rousing rendition of the most annoying sound in the world, of which everyone in the office it thoroughly appreciative.

Depot RMA on these things is a 4-6 week process, at which time they will replace exactly one part, possibly from the same batch of junk they put in there in the first place.

Luckily, there’s a 20-minute solution:

Never fear to MacGyver that business.

Provided you know what you’re doing, of course.

In: Computers, How ToNo Comments

Monday September 24th, 2018 15:23 Cisco 8832 stuck on ‘connecting’ and how to fix it

I SEOed the shit out of that title. But I have a good reason.

If you go looking around for this problem, you get the official Cisco instructions plus a number of other people reposting those same instructions.

These instructions:

Step 1 Unplug the phone:
If using PoE, unplug the LAN cable.
If using the power adapter, unplug the adapter.
Step 2 Wait 5 seconds.
Step 3 Press and hold #, and plug the phone back in.
Step 4 When the phone boots up, the LED strip lights up. When the LED turns off, press 123456789*0# in sequence.
After you press these buttons, the phone goes through the factory reset process.

If you press the buttons out of sequence, the phone powers on normally.

Caution
Do not power down the phone until it completes the factory reset process, and the main screen appears.

Seems simple, right?

Here’s the problem:

In step three, you have to hold the * key instead.

Seriously, that’s it. The problem disappears immediately.

You’re welcome.

In: Computers, How ToNo Comments

Wednesday August 8th, 2018 11:10 Affirmative security defense FTW

I didn’t notice this until the election coverage last night brought it bubbling up, but it appears that Ohio has created an affirmative legal defense for data breaches in cases where the company took the reasonable steps necessary to protect themselves.

Computer law badass Sharon Nelson has more detail and insight on this, but generally reaches the same conclusion I did:

About damn time.

Let me explain. No, there is too much. Let me sum up:

If you’re the sec person/on the sec team and you’re all

but then some attackers come at you like

and they’re really clever, so you go

then your users are all

but you show them this new law like

and the lawyers got your back, tellin users

so your company can be all

In: Computers, News, PoliticsNo Comments

Wednesday April 11th, 2018 15:20 Fundamental Facebook filing flub

Mmmmmm…the alliteration.

But seriously, folks. A lot of people have been spending the last day and a half looking at or talking about this guy:

105122436-GettyImages-94438

There’s been an incredible amount of discussion of social responsibility on the part of social networks, whether social networks should be regulated, if social networks have become ubiquitous enough to warrant a government-sponsored takeover, and blahblahblah.

One problem: Facebook is not a social network.

Say it with me: Facebook is a market research and advertising platform.

It’s just one that conducts its business in an, honestly, revolutionary manner. Ol’ Creeptastic got the people to come to the advertising, instead of the other way around. That’s bloody brilliant.

Sure, it started as a ‘social network.’ But we didn’t even have the term back then. By the time that existed, FB had long since ceased to fit in the mold.

Take, for example, the subject broached by Sen. Chris Coons. He mentioned the fact that it took an entire year for FB to properly remove the options for advertisers to choose the race of the people they wanted to see their advertisements.

First off, I can’t take another breath without jumping for joy that not only was it Captain Cracker McGingerton who brought up FB’s tacit support of racial discrimination, but his name is Coons. Can’t make that stuff up.

Now, I am no longer a developer, nor was I ever on the level of Zuck or probably anyone that works for him.

But I know damn good and well that, at a social network, this is how things would go:

  1. Controversy begins, and eventually goes as far as to appear on TV news
  2. CEO sees controversy
  3. Every dev in the entire company gets an email to remove the federal-law-breaking feature from the site immediately
  4. That tick box is gone within the hour
  5. CEO goes on TV and says he’s sorry, this has been removed, and everyone involved has been fired

Conversely…

On an advertising platform with a massive global presence, it might take a good while for them to plan out how to remove that feature without losing too much revenue or pissing off the wrong people. A year sounds about right.

There is absolutely no possibility that this was a technical problem. The advertising part of FB is little more than a machine that prints money. There’s no old code sitting around. There’s no quirky workarounds that might throw things off. That thing is kept in perfect working order 24/7/365.

So, they could have stopped openly flaunting discrimination laws. They just didn’t didn’t do it right away.

This clearly shows that ads, not users, are the core of not only their profit strategy, but the company as a whole. You don’t risk openly breaking federal laws otherwise.

Thus, an advertising platform.

If we could just start thinking about it like that, all of these conversations will get a whole lot easier.

Also, if people could start dealing with the fact that, complicated TOS or not, they voluntarily agreed to let FB do every single thing they’re currently doing, that would help as well.

In: Computers, News, PoliticsNo Comments

Friday March 9th, 2018 16:21 Don’t care for Apple devices, but damn that manufacturing….

The battery swelled on this thing, so I put it in salt water to neutralize before tossing it. This shot is from 24 hours later, still underwater:

IMG_20180309_160034
(Click to embiggen)

In: ComputersNo Comments

Whois

IT guy, dev, designer, writer.

Got a degree in print journalism from UF but history dealt some bad cards to that industry, so I moved back to an earlier love: the computer.

Was recently at ZMOS Networks, but am now the Senior IT Associate at the Edna McConnell Clark Foundation.

My name is moderately common, as are a couple screen names, so always look for the logo to make sure you're reading something with official Km approval.

You can get to me directly with kyle(@)kylemitchell.org