- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
This sounds awfully familiar.
Admin
And what the hell does "Gertrude herself had made the decision to shut down SMTP over wireless when it was discovered that Microsoft Exchange used the same IP address, an uncommon security vulnerability." mean?
Admin
TRWTF is the IT team. Instead of fixing the problem they've disabled a piece of functionality that loads of people would find useful
Admin
Yet another Hanzo story - lousy as the other so far.
Captcha: similis. Boy, this time Akismet got it right - the Hanzo stories are similar(ly lousy).
Admin
Admin
Agreed on TRWTF being the IT department. Would make sense for them to temporarily disable the service while they implement a fix, but the story reads as follows:
Admin
Sounds very much like an IT department that's forgotten it exists to provide services not simply follow 'security procedure'.
Then compounded with a complete failure to communicate their reasoning with the users of their service, and not caring that they've done so.
I'm 100% with the professor. I'd sack the lot of 'em :p
Admin
Admin
Gone are the days when true experts simply called themselves programmers, and could solve problems by editing a few bytes in working memory, instead of quasi-intellectuals pretending to be a Japanese martial arts (assuming ninjutsu was meant, as the word ninjitsu seems novel), masking their laziness as a Zen attitude.
Admin
I'm kind of confused. If the vulnerability comes from the fact that Exchange and SMTP are using the same IP address, could this not be fixed by moving one or the other to a different host? Who's committing the WTF here?
Admin
I'd be interested to know more about this IP-address vulnerability.
Admin
Can someone explain this Exchange vulnerability?
Admin
I'm afraid the issue about the "same ip address" was that whatever the system from which the email was initially sent, the logged ip address was always the same. Making email-spoofing rather easy and not detectable.
Mail from legitimate Dean (or whatever): To All, the university is to be closed for Xmas from 21 December to 2 January. Happy holidays. email address of sender as [email protected]
Mail from prankster (using their own device, not even the Dean's one): To All, previous message about Xmas was erroneous, it will be closed from 21 December to 14 January. same email of sender.
Admin
If Microsoft Exchange makes it impossible to send e-mail over Wi-Fi, the problem is insisting on using Microsoft Exchange. An IT department insisting on using Microsoft Exchange because they do not know how to set up anything else, and refuse to learn, is ignorance and incompetence.
We have similar nonsense at my workplace, where they refuse to provide an IMAP gateway so incoming e-mails can be read on non Windows computers.
(Although I find it hard to believe that Microsoft Exchange makes it impossible to send e-mail over Wi-Fi)
Admin
a person cant be a ninjitsu.
its like a person being a fighting, or a cooking, or a fishing.
Admin
Hanzo - the same kind of guy who complains at NotAlwaysRight about customers who don't want to put up with demotivated drones (in contrast to those who are really wrong).
Admin
I don't buy this either - they should just use SMTP Auth. I hate to say this Hanzo, but I'm with the Professor here.
Admin
The story itself is a TRWTF. At best I can believe is the story is redacted to a total piece of mess, otherwise the IT dept is the TRWTF. It would be totally unacceptable that using WIFI cannot send email.
Does it mean that the same source IP address is observed on WIFI? If yes, then the network design itself would be a TRWTF either. I think a university campus network should be large enough NOT to use NAT, but rather proper routing to allow WIFI accessing the campus core network.
captcha: minim, does it mean that the IT got minim skills?
Admin
Every last one of these "Hanzo" stories are inane and deeply, deeply smug. Not remotely funny or interesting - just annoying. Hanzo himself bragging to us about how smart he is and how he's the living embodiment of Sun Tzu and how retarded everyone else is compared to his own incredible intellect. It's all just desperate and pathetic. Please stop printing them.
Admin
Admin
Sun Tzu would be "The Art of War". Book of Five Rings is from Miyamoto Musashi.
Admin
I'm another one who actually agrees with the professor here.
Sending emails via SMTP+Wifi is major/critical functionality and disabling it is a hack which doesn't fix the root problem. You'd never do something like that in a business environment, so why would it be acceptable in a Uni?
Even worse, you don't go and break emails, without a good explanation to your staff/students. They just laugh off the issue, but don't actively try to manage it, or solve the issue fully.
Good to see that they published the university though (so at least Employers can probably avoid hiring Hanzo on their own team)
Admin
I call shenanigans. If the story had even a germ of truth, Hanzo would either be going through the uni's internal disciplinary system to deal with the bullying, abusive professor - who may well be correct on the technicalities, but is still an arsehole - and/or being constructively dismissed, or simply suing over the clear and unjustifiable defamation involved in the 'editorials'.
Admin
Admin
He might go by Hanzo, but others probably call him Fatso. And Gertrude isn't even real, she's just a device to make us think Hans is smart. Please no more Hanzo. Hanzo harakiri.
Admin
TRWTF is Hanzo. I thought that was the point of all these posts, like some kinda self-posting WTF.
Admin
This. Not to mention that the self-proclaimed genius is the WTF himself at least in this story.
I can write better English than that author. And it's not my native language. A lot of sentences just plain make 0 sense. TRWTF are the authors English skills and considering his name seems German it wouldn't surprise me that he is Hans.
Admin
One way I imagine this might've occurred would be if the Exchange machine was running NAT for the wireless network. That would be trwtf.
Admin
Oh, and the question of -jitsu versus -jutsu is a bit of a distraction, seeing as how however you want to romanize it, the word was originally written in kanji: 忍術
Admin
Is something lost in translation here?
Admin
TRWTF is horizontal scrolling.
Admin
My guess about the bizarre comment about SMTP and Exchange being on the same IP address is that the Wi-Fi network doesn't connect directly to the wired LAN, it presents a different subnet to the Wi-Fi users and there's a Network Address Translator in between the two. The comment would make a kind of sense if the NAT is set up to map its entire incoming port space onto a single server, rather than being able to map specific ports to specific servers.
Given that Outlook uses RPC to connect to Exchange, and that Windows defaults to dynamically allocating any port to RPC (client connects to TCP 135, the RPC Endpoint Mapper, and is then told what port the server is actually using), they probably mapped the entire port space to the Exchange server rather than limiting the RPC port space and only mapping that range. Being able to access the Exchange server likely trumped access to other servers.
Limiting the dynamic RPC port range was introduced in NT 4.0. The bypass mechanism, RPC over HTTP(S), was added in Exchange Server 2003 and Outlook 2003, so they probably don't have that yet. It's also possible to configure static port assignments, documented in http://support.microsoft.com/kb/270836 .
I can easily believe that CS professors don't understand the complexities of NATs, firewalls, RPC and dynamic port allocation. The ivory-tower network is completely open and fully routed to allow any protocol to hit any device.
Exchange has used SMTP as its server-to-server transport protocol since Exchange 2000, but it's possible that the University are still stuck on Exchange 5.5. If they do have Exchange 2000 or later, it could be that relaying isn't permitted on the Exchange server's SMTP server - default is off for Exchange 2003 and later.
Admin
Admin
Just enumerating:
To be fair: The quote from the Book of Five Rings may sound like it's from The Art of War by Sun Tzu, but it isn't, it is in fact from Five Rings.
Admin
Admin
When I was in grad school, I worked for the greater campus IT, which was quite well-run by people who mostly knew what they were doing. However, the CS department had its own IT department (because obviously, CS people would 'know better' than campus-wise IT what's useful for things) and that department was full of the biggest, most arrogant, ego-tripping assholes who had no idea what they were actually doing.
My 'favorite' recollection from that was when one of the IT admins decided to security-test the 'wall' command (for those who don't remember, it broadcasts a message to every logged-in user) by logging in to random boxes and then piping /dev/random into it, thus screwing up everyone's terminals and causing a lot of confusion. I complained about this, and the admin's response was that "since wall runs setUID we have to test it for buffer overruns."
Okay... if you really must, why not test it on an isolated system? Oh, but he "needed" to test it on a system where people were using it.
If he had such a concern, and since there's no reason for an end-user to run it anyway, why not just set permissions to only allow people in the admin group to run it? No response to that.
They also loved to occasionally remind me that they could monitor my web browsing traffic (including every time I accidentally looked at a 'shock site') and whenever email broke (which was often) they'd complain about me complaining about broken email, instead of just fixing email.
They also had this ridiculous notion of package management; instead of using one of the many symlink-farm-maintaining package systems out there, they decided to hand-roll a ridiculously cumbersome package management system that required that you log in using tcsh (which is TERRIBLE) and where every single installed application had a different wrapper script to add it to your PATH and LD_LIBRARY_PATH and so on. It took about two seconds per application. So logins consisted of waiting about 10 minutes while it slowly listed out every single package you had loaded into your environment. Their reason for this was that it made things slightly easier for them to upgrade custom-built software on the OS, and they didn't trust any of the existing package managers for reasons.
Admin
Why are perfectly valid comments being deleted? Just because they happen to criticise the article (which is crap, let's face it) is no reason to remove them...
Admin
Since we seem to have one of these "Hanzo" stories every other day now, we're really approaching the "Daily WTF" pretty quickly.
The whole story looks like a fake to me. If the author were german or had at least lived somewhere near Dresden, we would know that Dreseden is not in Hesse, and that there is no such thing as a "Hesse University" at all. Secondly, while I know a few anglophone people who think that the name in question is spelled "Hanz", the name is actually "Hans".
About this story: "same IP address"? Huh? Same as what? Did they mean "same port"?
Sorry, but this is far below TDWTF standard.
Admin
I never complained about decreasing TDWTF quality and etc, because I usually think it's just troll-speak...
... but I must agree now... this story was totally stupid, pointless, and not a shade of WTF. And by the way, I love people-related WTF!
Please, don't post this kind of crap! Don't post, if there's nothing noteworthy.
Admin
So, Hanzo is clearly this: http://tvtropes.org/pmwiki/pmwiki.php/Main/CreatorsPet
Admin
The fuck does "made the decision to shut down SMTP over wireless when it was discovered that Microsoft Exchange used the same IP address" mean?
"I don’t think that accomplished much," Gertrude said. "I think you just made him more confused than he started." No shit. (If Hanzo did as well explaining it to him as he did explaining it to us, I'm not the least bit surprised.)
We love scrolling!
Admin
Admin
My sympathies are with the professor, but in that situation I would probably not deliberately dog the IT dept off by means of a flame war. But I would certainly demand an explanation as to the real reason why the kit could not be arranged for the benefit of the users. If there is a technical issue, then the IT department ought to be able to propose a solution -- even if that solution is "implement a completely different communication infrastructure". Saying "Sorry, the software's no good" is not really a long-term solution.
Admin
Yup. Remember the comics we had to live with a while back? I don't think any lessons were learned from that debacle.
Admin
The problem is that he's viewing the professor as an enemy and not a customer.
As much as you hate to serve people that are jerks, you have to manage this situation gracefully.
A simple post to the paper that there is a vulnerability that needs to fixed before restoring the service would have been better than allowing the professor to continue ranting.
Admin
FTFY
Admin
"Professor, this is Hans M"
Just thought I'd point out...
Admin
Agree with everyone else. The professor is right, and the IT department needs to be fired.
Admin
Admin
The professor may have put it in an arseholish way but basically he was right: if Exchange uses SMTP AUTH and still allows email spoofing due to some trivial NAT issue, the problem is Exchange and the IT "ninj[iu]tsus" had better come up with a solution instead of simply disabling email. Which might be to replace Exchange, but more likely simply calling someone who isn't too dumb to configure it. Please, no more of that Hanzo crap!