05-II-2019.
The “project” (the page where I was supposed to write stuff about new server) is still unavailable (still was, another month later). Because, ah, security. Will write in confluence's wiki then.
First off, why Cisco AnyConnect – it works only under windowses, doesn’t remember passwords, the certificate is never right (so an extra click each time or stay connected forever, which is a security concern) and by default disconnects the box from the rest of the world, so we practically need two machines – one to connect to the server, other for the rest of it. Now at least some way of connecting the two would be nice – clipboard synchronization, LAN access. I have both, as I’ve already sacrificed a W7 VM for that and the rest of the box is under Linux, but I know for sure that at least some people in the dutch office will have problems with that, starting with Jan.
Now the bloody password. There’s a “self-service” thing but it wants me to register. By issuing so-called security questions. It’s hard to find one where I can enter an answer that I will unambiguously remember in a year or two.
• Mother’s maiden name – won’t accept that, 4 characters is not long enough. What would Hungarians with just Fa for surname do?
• The country I always dreamed of vacationing in – never existed, I didn’t. Specially not by country.
• Name of your favourite cousin? - No such animal, due to family circumstances.
• Favourite colour? - I change that every few years, no good.
• Childhood hero? - I could put one, but next week I wouldn’t be sure whether I spelled it in english or in serbian.
• First name of your eldest nephew/niece? - nobody calls her by official name, and as I haven’t seen her in decades, maybe next time I’d remember someone else as eldest. This is a question for younger folks.
• Parents’ wedding anniversary? I know the date, but in which format would I write it, and in which language? Ambiguous, and impossible to memorize firmly.
• Favourite cartoon character during childhood? None, we didn’t have TV until I was 10, and then with each one of them I went through interest-enjoyment-boredom-disenchantment. Liked Pink Panther, but wasn’t a child at the time.
• Maternal grandmother’s name, elementary school name – the only I can answer unambiguously. At least it didn’t insist on english alphabet only.
But then if I change my password using that service, the rules are:
The minimum password age is 1
The maximum password age is 42
The minimum password length is 7
No. of Passwords Remembered is 24
The password complexity property is Enabled
...and disconnect all of them one other user?
Wow. So every six weeks I’d have to go through that. No, better leave it at the incomprehensive string from a text file I keep. Wasting ten seconds per connection is better than wasting a kilo of nerves every six weeks.
Writing a long article on the wiki about what I can and can’t do on the new servers. At least the new ftp works but
- using filezilla ftp server, not m$’s own ftp (which seems to be untameable, being part of IIS), which means the usernames and passwords are not the same
- going without SSL (for now) so it’s possible to access it from a browser. But that’s for dowloads only, when we need to upload a whole database for conversion, it won’t work through a browser. But then it works from my Krusader, I guess it would work from anywhere.
- we all use the same password.
The VMs on it are set to single user, which runs contrary to our regular use - we'd often sit two or three of us on the same VM so we could study a problem on some clinic's server together. Usually one from support would locate the problem, find an example where it shows, then invite a programmer to try to figure it out. This single-user setup is useless. To make things worse, it's a straight copy of the VM25 from the Manchester server, which was again a copy of what we once had on the dutch server... so nothing was changed in the first migration, why now?
[nb: this never got resolved, AFAIK]
Mentions: Jan Brenkelen, Majkrosoft (m$), in serbian