by ezs | Jul 22, 2023 | evilzenscientist
Well – I thought the bad practice of not hashing passwords was behind us, but no, today another example popped up.
If you want a primer on password hashing – take a read of this from Troy Hunt (of Have I been pwned fame).
Short version – hashing is a one-way mathematical function that for an input, always produces the same output. It’s best practice to store passwords for websites as a hashed value (or hash+salt to be honest) – so in the event that the site database is compromised, there’s a list of usernames or emails, but no passwords. It also means that you can’t get back to your old password – so you should never see a “mail me my password” or get emails saying “here is your username and password”.
So, back to the school district. Their jobs page has a “create account” link, which lets you do the email address and password thing.


So far, so good. At login – there is the usual credentials page. But what’s that? A “Send Password” button.

And, as you’ve guessed, it sends back a cleartext password, to the email account used to sign up.

Behind all of this are job applications, and also PII including resume, certification information, disclosures, address and phone numbers.

So what now?
The diligent thing is to contact someone, a Data Registrar, a Web Master – anyone really.
That’s going to be in the next blog post.
by ezs | Jul 1, 2023 | evilzenscientist
As we keep seeing – Azure tag names are not case-sensitive, until they are.
Per the documentation https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources
Tag names are case-insensitive for operations. A tag with a tag name, regardless of the casing, is updated or retrieved. However, the resource provider might keep the casing you provide for the tag name. You’ll see that casing in cost reports.
Tag values are case-sensitive.
Per the now four year old bug, Azure Resource Manager itself should respect this (i.e. case insensitive and case preserving) https://github.com/Azure/azure-powershell/issues/9271
Then we get issues with:
CostCenter, Costcenter, costcenter – all being different depending on the tooling in use.
by ezs | Jun 24, 2023 | evilzenscientist
Released back in May, this looks to be stable.
Update is (again) super clean:
zypper migration
select the migration target (i.e. SLES 15 SP5), approve the EULA, wait a while.
I’ve been flagging the ease of upgrade for several years. SUSE have this nailed.
Update: except Redis got a tad confused. Needed to get it re-setup to start correctly.
Update again: openSUSE build server saves the day again: Install package openSUSE:Backports:SLE-15-SP5 / php8-redis along with https://citizix.com/how-to-install-configure-redis-6-on-opensuse-leap-15-3
by ezs | Jun 1, 2023 | evilzenscientist
Another one, again demonstrating the use of extend and mv-expand to pull out the multi-valued array.
resources
| join kind=leftouter (ResourceContainers | where type==’microsoft.resources/subscriptions’ | project SubName=name, subscriptionId) on subscriptionId
| where type == “microsoft.network/virtualnetworks”
| extend vnetCount =array_length(properties.addressSpace.addressPrefixes)
| mv-expand vnet = properties.addressSpace.addressPrefixes
| project SubName, resourceGroup, name, vnetCount, vnet
| order by tostring(vnet) asc
by ezs | Jun 1, 2023 | evilzenscientist
Lots of hygiene work, including cleaning up Azure Action Groups that send to individual emails. That’s a red flag and anti pattern.
Here’s the KQL to read the Action Groups, their subscriptions, and expand out the recipients.
It’s easy work to continue to audit this, and clean up the dead wood.
resources
| join kind=leftouter (ResourceContainers | where type==’microsoft.resources/subscriptions’ | project SubName=name, subscriptionId) on subscriptionId
| where type == “microsoft.insights/actiongroups”
| extend emailRecsCount =array_length(properties.emailReceivers)
| mv-expand emailRecs = properties.emailReceivers
| project SubName, resourceGroup, name, emailRecsCount, emailRecs.name, emailRecs.status, emailRecs.emailAddress
| order by [‘name’] asc
by ezs | Jun 1, 2023 | evilzenscientist
I discovered a pool of servers that seemed to be unused, and used the Azure VM Agent “Run PowerShell Script” to determine the real health.
The output told me: not domain joined, not managed, not being patched, so targets for decommissioning.
$boot = Get-CimInstance -ClassName Win32_OperatingSystem
$hotfix = Get-HotFix | Sort-Object InstalledOn -Descending | Select-Object -First 1
$name = Get-CimInstance -Classname Win32_ComputerSystem
write-host “Server $($name.name) Domain $($name.domain)”
write-host “Last reboot $($boot.LastBootUpTime)”
write-host “Last patch $($hotfix.HotFixID) $($hotfix.InstalledOn)”
Server FOOSERVER Domain WORKGROUP
Last reboot 10/12/2022 18:50:02
Last patch KB4495585 05/15/2019 00:00:00
by ezs | May 9, 2023 | evilzenscientist
Back in a previous life I worked closely with colleagues working on the integration of Dell, HPE and other server hardware vendors into the Microsoft infrastructure management tooling from System Center.
I’m a year in to using Windows Admin Center and the integration with Dell OpenManage and the Dell iDRAC.
It’s (usually) a joy; as part of the patching cycle, open the Dell OpenManage integration blade in Windows Admin Center, check for compliance, see which components need updating, update them.


by ezs | Apr 24, 2023 | evilzenscientist
Four re-certifications in the last few days.
I really like the Microsoft model – free to re-certify, keep up to date on the latest areas of technology.
AZ-104, AZ-700, AZ-400, AZ-500 all current again.
If you’re about to re-sit these my top tips: read the exam subject matter, see what changed since you took the last test. Microsoft Learn has training, documentation and guidance – https://learn.microsoft.com – and you can also revisit learning resources such as John Savills Technical Training.
Open book test, 45 minutes. Bing is your friend.




by ezs | Apr 16, 2023 | evilzenscientist
Tiny piece of housekeeping, note for self for future use.
Previous reservations are wedged in the DHCP database, and not accessible through the DHCP MMS snap-in. Scope reconciliation shows the rogue entries.
Solution is to delete the reservations from the DHCP database.
Show all DHCP clients, i.e active leases and reservations
NETSH DHCP SERVER SCOPE [scope] SHOW CLIENTS
Remove individual, expired reservations
NETSH DHCP SERVER SCOPE [scope] DELETE LEASE [IP ADDRESS]
I could have done this with PowerShell, but NETSH was fast and easy.
by ezs | Mar 10, 2023 | evilzenscientist
I’ve had a Microsoft Flow connector in production for a long time. It runs twice daily, reads the weather forecast for my location (Issaquah, WA), and if it’s forecast to be warm, sends an email to remind that plants need watering.
At some point recently, the flow stopped working correctly. It was triggering for Fahrenheit temperatures rather than Celsius. Cue twice daily emails when it’s cold outside.
I pulled apart the flow – and the Inputs for the connector had changed:


Recent Comments