From Reddit: "I just got to yell at a Vendor"



  • @SwiftOnSecurity just linked this on Twitter, and it's too good not to copy/paste this Reddit post here:

    <RANT> I work for an MSP, and one of our clients is a county jail. I got a call from a detective that needed the access a call from the inmate phone system. I started digging around, and found that the site needed IE9, Compatibility mode, and Trusted sites to run. The site didn't support HTTPS, and didn't even have a domain name, The users connect by an IP. When I called the vendor to ask about it he informed me they had a new version releasing in 2 months built on Silverlight. Fucking Silverlight. He also proudly told me that they just upgraded all of their servers to Server 2003. I was sure he was fucking with me. He proceeded to explain that old browsers and servers were more secure because people are only writing viruses for the new stuff. Needless to say I will be starting discussions with the CTO on Monday about replacing the system. </RANT>

    Security by ancient versions? That's a new one.


  • Notification Spam Recipient

    There is technically some truth to this I suppose.
    It's been a while since I got a virus on DOS...



  • Dude, mbr vira. That was some shit...


  • Notification Spam Recipient

    Those were fun days. I kinda missed when you had to be careful what floppy disks you put into your computer...


  • Winner of the 2016 Presidential Election Banned

    It's not a new concept, it's just almost always backfires.



  • I mean, maybe? Go too far forward and you'll get hit with blaster worm.



  • The real MVP there is this comment:

    Welcome to the exciting world of telecoms, where everything is perpetually stuck at least 10 years behind modern computing and is basically a bunch of band aids slapped on top of something that barely worked in 1982.

    There's range of phone systems my workplace sells, manufactured by one of the largest Asian tech manufacturers in the world. You probably have something made by them in your house. You might even have a laptop that was made by them. The software to manage it only runs correctly on Windows XP, and can't be installed while the computer is joined to a domain. It uses an ASP website running on Personal Web Server with a horrible hack to trigger an analogue dial-up connection for remote access. The voicemail system can only be accessed via a serial port or an analogue dial-up modem. It has no logging or diagnostics, and can only support VoIP via a separate add-on card. The phone system will just occasionally "forget" programming for no apparent reason, like keys on a handset, or even entire handsets.

    There's another manufacturer who is a Fortune 500 company, and their only product is their phone system. Their systems are used by hotel chains, hospitals and government. They've been used as props in '24'. Their modern system runs on vmWare, but it has a dirty secret - it boots into linux, and runs a MIPS emulator that boots up a 'virtual' copy of the physical appliance. That appliance is still running code from the system they made in the 80s, so it runs a 680x0 emulator when it starts up. You have a god damned 3-way nested virtual machine chewing up tons of extra CPU and RAM that it doesn't need if they just rewrote the damn software from the 80s. If you try to take a vmware snapshot, the thing is so sensitive that the fraction of a second it takes for Vmware to do the snapshot is enough to make calls drop. They don't support IPv6 - yeah, cause the core code was written in the 80s and barely supports IPv4 as it is. The web interface is just a front for the old VT100 menu interface, and they don't support anything above IE8. Their latest software just barely supports Firefox 14.0. You want to upload some hold music? Did they use a regular HTML upload form? Did they fuck - they used Java! And not any Java, but it needs a very specific version of 32-bit java running on a specific version of IE, with certain KB patches uninstalled. Want to program a new trunk? You need a god damn degree in quantum mechanics to make sense of that shit. I'm not kidding - one of my coworkers literally has a degree in physics. They have a unified comms app you can install in Windows to dial numbers and log missed calls, and it needs 2GB of RAM. I've written more complicated programs on a fucking arduino and they sure as shit didn't need 2GB of RAM. Fax to email? You'll need a server and a couple of thousand dollars in licensing. You want to block a nuisance caller? You'll need to buy a server and about $9000 of licensing. Call Recording? You'll need two servers and probably close to 15k in licenses.

    We've recently started selling a crappy little $300 box from China that runs Asterisk. It can do everything that the big systems that cost $50k do for a few hundred bucks. They can be programmed from start to finish in under an hour - it takes a minimum of 2-3 days for a basic config on the other systems. Fuck the traditional telecoms industry. I hate it. I hate the fact they everything in that field is always YEARS behind current technology. I hate their love of stupid java apps. I hate their atrociously bad interfaces. I hate their patches on top of patches on top of bodges on top of hacks that makes stuff behave is completely bizarre ways that just plain wouldn't happen if there was any sort of quality control going on. I hate that these vendors are so full of themselves that they can't see how shit their systems are, and that the only reason they get away with it is because all the competitors are equally as shit.

    My workplace has started the process of getting out of the telecoms industry and moving to an all data/networks service provider. I can't wait to be rid of that crap.


  • BINNED

    @cartman82 said:

    There's range of phone systems my workplace sells, manufactured by one of the largest Asian tech manufacturers in the world. You probably have something made by them in your house. You might even have a laptop that was made by them.

    Hmmm... I'm only aware of Phillips and Panasonic doing something in PBX world... then again, maybe whatever this guy is talking about just never reached the local market...

    @cartman82 said:

    We've recently started selling a crappy little $300 box from China that runs Asterisk

    Which still has a bunch of legacy bullshit internally, but damn it, it's mostly sane! And they are adding cool shit to it! Really, I think that the biggest problem is that they get so enthralled with new stuff that they never upgrade some of the old stuff you actually might need.



  • Any recommendations for running Asterix? I'll probably need to play with it soon... (for shits n giggles)


  • BINNED

    What kind of recommendations are you looking for? Underlying OS? Hardware? We run it on top of latest Debian stable, and hardware... Whatever you can put together? The thing itself will be perfectly happy with 1GB of RAM and a semi-decent CPU. VM is fine as long as you only want to do SIP, POTS will likely be a pain without running on bare metal.

    If you need a GUI... yeah, apparently FreePBX is OK? I don't use a GUI with it.



  • @Onyx said:

    I'm only aware of Phillips and Panasonic doing something in PBX world

    My first thought was NEC but I've never used any of their things other than key systems.



  • I've gained a few gray hairs these days wrapping my head around PJSIP, even though it wasn't for a company, just my own PBX.



  • @Onyx said:

    The thing itself will be perfectly happy with 1GB of RAM and a semi-decent CPU.

    Does a 900MHz quad-core ARMv7 count as "semi-decent"?


  • BINNED

    I didn't install it myself, but I did add some functionality to someone's Asterisk install that was installed on a Pi. Works like a charm.


  • :belt_onion:

    @Onyx said:

    Hmmm... I'm only aware of Phillips and Panasonic doing something in PBX world... then again, maybe whatever this guy is talking about just never reached the local market...

    That description made me think he's talking about our favorite Asian software/hardware producer



  • @Onyx said:

    If you need a GUI... yeah, apparently FreePBX is OK? I don't use a GUI with it.

    FTFS</abr>

    There's a "ask Asterisk questions" thread floating around somewhere, and I'm always willing to lend what knowledge I have via PM, and I know Onyx has been willing in the past too, so if you get to sensitive config information and the like feel free to start up a three way message with Onyx and myself.



  • Is Communicator/Lync/Skype for Business victim to one of these traps? We have Lync running our massive telecom setup at work and whenever I've worked with the telecom guys it doesn't seem too contrived/shitty.



  • SfB's administration side is Discoursean levels of awful.

    Like. Maybe even worse.

    From the end user side (provided the administrators figured out which end was up), it seems to be pretty ok.

    ETA: Though, if you live in a brave new post telecom world where the only other people you need to communicate with are using SfB, then it's not too bad to deal with from the admin side either. But given that you live in the real world, where the PSTN (either via SIP or, God help you, a call gateway) exists, well....



  • Yeah, I hear we have something like 200 outbound phone lines here. I can't imagine how nightmarish that must be.

    Does the admin interface support powershell well? I swear I saw one of the admins using Powershell to reset some settings a user had changed.


  • Java Dev

    We're on cisco IP phones. From the end-user perspective, it works as long as you're dealing with hardphones - I've heard the soft client works reasonably on windows, but I know on linux even after you manage to install it on wine it only mostly works. Not me who tried it. Outbound for our office is on some heavy-duty ISDN line.

    They've cut off new softphone licenses though, moving to jabber voice or something? Apparently it's crap. There's a zoom.us license as well and we've been using that for standups since it actually works on all platforms.



  • @AlexMedia said:

    Security by ancient versions? That's a new one.

    Depends on how ancient you want to go.

    It's highly doubtful that anyone will write new malware for an OS/2 system, or a Mac with a PowerPC processor (or a 68040) or Windows NT running on an Itanium or SPARC processor.

    The downside to this approach of course is that such a system is not likely to be useful for its intended task either.



  • Nobody has written malware for LubarOS yet, but that's because it has a userbase of 0 people.

    Also it doesn't exist.



  • @Onyx said:

    Hmmm... I'm only aware of Phillips and Panasonic doing something in PBX world... then again, maybe whatever this guy is talking about just never reached the local market...

    Panasonic makes laptops. Well, they did as of 4-5 years ago, I haven't looked recently.

    EDIT: looks like they basically ditched everything but the Toughbooks, but Toughbooks are still pretty common in some industries.



  • @izzion said:

    From the end user side (provided the administrators figured out which end was up), it seems to be pretty ok.

    Have you used the SfB client lately?
    It's a fucking usability and performance nightmare.


  • BINNED

    @Zemm said:

    NEC

    Oh yeah those are shit but I don't know how hard they are stuck in the 80ties. Even getting a plain, standard S0 was seen as advanced.



  • @Ragnax said:

    Have you used the SfB client lately?

    I use it every day at work. Can't say I've had problems on the client side.

    @rc4 said:

    Does the admin interface support powershell well? I swear I saw one of the admins using Powershell to reset some settings a user had changed.

    Probably? I'm not much of a powershell person myself, so I'm not the best to answer that.



  • @izzion said:

    Can't say I've had problems on the client side.

    There are plenty though:

    The biggest annoyance is that it hijacks foreground focus on incoming conversations that you don't manually acknowledge. (Strangely not on phone calls or conference calls; only on chat conversations.)

    This becomes extra fun when you add another issue: if you re-open a conversation window to a recent contact (from within the last hour or so) the entire client will stall as it tries to refetch past messages from the earlier conversation. So you can end up with Lync forcing focus into itself, then stalling for ~20sec while it's attempting to grab a previous conversation, with - apparantly - no way to unfocus from the damn thing.

    The renderer is also complete garbage. If you have a conversation window open (without even having anything in it), it will generate enough load to start adversely affecting other applications. If you have an animated emoticon present, then it can generate enough load to tank Chrome down from a smooth 60 FPS for a CSS animation to a bare minimum 10 FPS. (This was actually driving me NUTS attempting to debug performance issues on a project, until I figured out that fucking Skype for Business was to blame.)

    The list goes on and on.



  • @AlexMedia said:

    Security by ancient versions? That's a new one.

    Not so new? I remember a large virus outbreak some years ago (don't remember which one, but large enough that there were warnings about it on the news) which I was able to ignore because I was still on Windows 98.


Log in to reply