17D_guy

Don't have a lot of time to reply right now. You'll see the AF has been pushing for this sort of thing for awhile. I think I said in a earlier post that DISA said they were the arbiter of all things cloud.. then certified no cloud services besides their own. DoD CIO punched them in the dick and now they're moving on to approve other cloud providers. But don't think they don't have downtime (AWS and Google have both had outages). Sure, it's not the same as my/your base, but their business model is different, their mission is different, and their costs are different. If "we" low-ball it just like ESD, and other "Cyber Support Servcies" have been it won't be any better than what you've got now. Yep. Thanks. $400 to move that network drop in an office please.

So.. McCain decided BAH was too much for the DoD to cover while leadership's decrying the retirement, "rising" medical costs and the general poor return on investment all around on actual people. Here's section section 591, from the Senate version of the NDAA (S.1376) - Looks like blue-suit base support is over boys, time to go home.

CMSAF Reddit AMA #1 unanswered question - Why do we still have tops in blue? I get it.. he's a top dude and has to answer a certain way.. but man.. so much coolaid.

Christ on a pony, I'm starting to have this argument with "high speed" Airmen and Lt's. Would be nice if the CMSAF didn't look like he shaves with this damn stripes. I'm sure he just "bought it that way." I don't like the rim of my cap folded in, so I straighten by hand when I put it on. But those frenchified caps look live vomit. Ugh... It's amazing how the AF can't write a fucking regulation that isn't ambiguous, even when leadership said repeatedly during phase in what the goal for this was - Per 36-2903 - Per the label on the inside of the "blouse" I'm wearing - That's right, the label on the inside of the uniform is more directive than the AF regulation. When can us Cyber Ops folks have flight suits so we can step away from this bullshit "uniform"?

Behold, what your cyber force is doing -

CSAF talking to FoxNews about all the issues he's been talking about (people, planes and lack of pilots) https://www.foxnews.com/politics/2015/05/25/budget-cuts-impact-us-ability-to-fight-enemy-air-force-general-warns/

Mad Max ruled. Go see it.

Ah, the Cyber Mecca.

Do you think it's because the number couldn't be confirmed? I've had the bosses who didn't want $200+/-, >$200, etc. Wonder if it's a stupid spin off of that.

Don't know if we need more, but glad to see they're rolling in the other 1/2 the population that gets raped. This is like having to listen to all the Domestic Violence stuff like it only happens to the females and a chick would never beat, scratch, destroy property, lie or otherwise destroy a man's like.

Well at least those people are being returned to the bases.. oh wait. We get to put in tickets, just like the users! Except that the numbers keep changing.

Your Local Comm Sq and CYBERCOM will be closed this Christmas -

Was on JQP's facebook page. Thought it was pretty good - https://taskandpurpose.com/4-reasons-i-am-resigning-my-commission-as-a-naval-officer/

As stated the NMCI contract is awful. The Air Force will not play with the Navy on Cyber if NMCI is involved. They do not take any of it seriously and there's a number of.. problems that have occurred on their networks due to the lack of choke-con. Also, having to pay $450+ to move a workstation around the office is a little steep. I enjoyed this little article - https://www.airforcetimes.com/story/military/2015/04/13/whos-been-cut/25574185/ Mobility pilots.. ouch. But then in my corner, This is on top of the cuts the 33S AFSC faced for.. 5 years? I don't know, I wasn't an O then. There's a significant bathtub in the Cyber force. My Sq CC's almost guaranteed Col, not for outstanding performance or any other leadership metric, but because the attrition rates in the year groups are so high and all the other eligibles are leaving. I like my CC, so that's not a slight--that's straight from her. Also, base comm contracted out isn't bad as long as the contractor is responsive and you pay them. Vandenberg had contracted base comm and it was a great working relationship. One of the best I'd been involved with. Just like the ESD would have been if the contractor was paid and sized accordingly. Everyone's of the opinion, "It's simple geek stuff, how hard could it be?" Then the negotiations start and the cyber support service and infrastructure maintenance is constantly down-valued. Which is why in the other thread I said just because you don't value something, doesn't mean it's not important. Well, if the AF had valued the customer service, support, and requirements inherent with the ESD it would have succeeded. the AF didn't. The AF failed. Then the ESD failed. Where so many other businesses, large ones, have succeeded. Union Pacific has a consolidated help desk. It's 24/7, has 3~5 ring pick up requirements and services all of CONUS. They also pay very well to keep the "easy job" service technicians, focus on training and job advancements for top performers. I can't even get that kind of respect for my Amn on the base, let alone out of the behemoth that is mother-AF. Actually, that's not fair. The base here is really appreciative of the work my guys do. This valuing of "easy jobs" could be applied to all the support career-fields. How much would you guys pay for a full-up, competent finance and MPF? With NCO's who know what they're doing and know their job inside and out... like we used to have. That didn't have to write a request to a central processing agency and wait for a reply to do something? That could execute your DTS and other orders with little to no problems? Well, whatever you think, the AF decided we all could use an additional duty as our own MPF/Finance troop. Don't forget your IAO additional duty as well.

What? It's not that they don't know how to install hard drives. I guess I didn't communicate that well. Many warranties require certified technicians to install equipment. It's not always the case, but those nuances are the reality of the situation. You do have Airmen (both O&E) designing networks for base support that aren't up to industry standards. It's a lack of experience, and the fact that... we can't get people to that level in AD most of the time. It's also a problem with the increasing complexity of today's tech systems. We're having issues with that right now where the base network works, but we're trying to interface with a DISA service.. and we're unable to because of configuration issues. The ANG has a really big advantage here. I've worked with some ANG CCIE's, and the E&I teams used to be all ANG. The ANG can hire, and retain the pro's. I've got to try and build an Amn, that's got all the queep (and more) that we complain about, plus deployments and PCS's after 3~5 years to a base with mostly a different architecture. Also, we're not the Cyber Service. We're the Air Force and we excel at Cyber but lets not act like with the way we're currently arranged we're placing a real focus on the leadership Cyber (support). I can't speak for Cyber (offense). We're not penny pinching on aircraft weapons systems, but every Cyber initiative automatically gets a cut off the top and then the negotiations begin.

It's a long read. But this article goes into good detail about how the Great Firewall of China works. It also details the new state-cyber weapon (coined as the Great Cannon) that was used to take down github.com and greatfire.org https://citizenlab.org/2015/04/chinas-great-cannon/ It is also a good write up of enumeration and discovery on a foreign network and "cyber-minded" thinking that the Cyber-muckety mucks are talking about.

And then there's this - https://www.youtube.com/watch?v=AI6vn0HHTmU&feature=youtu.be

That's like the original run aircraft carriers the Navy's moving away from now.

Very much enjoyed your comments Hacker. I get in discussions with people who're loudly right-wing all the time and blame the current Pres for everything. Like this shift happened in just a few years. I've got family that think the net neutrality thing is already a failure because there could be fees/charges/taxes, all gov't regulation is bad, and the companies will find a way to get us all internet "through competition." All of these things take much longer to resolve, and are influenced by more than the dude in the Oval Office. Christ.. it's why they're always talking about legacy.

No. PST's aren't allowed to reside on the fileshare. There's good reason for this. PST's get huge, into the GBs. You really should try to keep them below 2Gb or they start to corrupt. You can keep organizational PST's on the share. Legit org, like a flight's org box or a CSS org box. Plus those legit boxes can get increased size as well. Talk to your CS. Additionally your file share.. clean that shit out fellas and ladies. We're doing scans at the wing king's direction and there's so much duplicated data that's just eating space. I know to you guys it's "free" but imagine if that was paper docs. That space is precious to us for numerous reasons below. 1) Regulations - Your electronic records should be filed in accordance with your file plan. A fair chunk of your emails probably could be filed under this. The CS is required to make sure the ERM drive is big enough to support that. We are not required to maintain the Share Drive. That's right. The ERM drive and Share Drive both run off the same equip. Which leads to more problems - 2) Tech Challenges - Sure, we could connect a 3TB disk via usb to the SAN (Storage Area Network has diagrams). It'll void the storage array warranty (haha, just kidding. ACC didn't pay for it to be continued, but didn't bother to tell us.) The storage stuff isn't as easy as plugging in another hard drive. The APC have had problems because they populated storage arrays with different speed disks (ex. 10K vs 5Krpm) and its causes write/read errors. There are whole certifications around the management of data and data storage products. Just look at the product break down here - EMC Toys So, we have to get vendor approved hard drives, installed by trained professionals (i.e. generally not my Amn) and expand the arrays through their software tools. Now, we can buy more drives. Except that they're usually red/business/special and cost much more than your normal drive. Here's a EMC approved 15K RPM, 1.7TB drive.. for ~$14K. Much like our aircraft I can't pop down to Frys/Best Buy and stick any hard drive in this specialty equipment. 3) Programming Challenges - I don't mean code, I mean money. Your base stuff is old (probably). Almost all of our expansion/new stuff is fought over at end of year. I'm not going to get into how much of my current bases equipment is pushing against the EOL/EOS. Just this year the AF decided to move off of Windows Server 2003. Why? Because MS said they were going to charge millions for continued patches past the July drop dead date. Even this move was couched with "show us if you really need it and we might pay." This is a double impact. I can't get a new array when it starts failing, because Comm/Cyber support equipment doesn't get regular updates from MAJCOM/HQAF. We fight for end of year funds to make sure we can expand services (VoIP) or continue with vendor warranties and/or equip. Imagine if you had to fight for F16 block upgrades at end of year against the new gym/finance offices. Kinda like that. Remember when I said we weren't required to support a shared drive? This is why. If we were, it might get programmed against. 4) Old. Sure I kinda mentioned this before, but think about how well old hard drives work. Touchy, special dedicated hard drives. I've no kidding seen a 50% disk failure rate on a base's share drive array. And the only thing you can do is plunk down more $$$ and hope they work. Once the disks are no longer provided by the vendor all bets are off. Now - I bitch about the APC's and move to consolidate. BUT - this is where things are getting programmed against and regular updates are being applied. The cash isn't flowing to your bases even close to the way it was, but it is flowing to these Orgs. So, that's better. Unfortunately, the service isn't on-par with what can be supplied locally. I'll have another post about consolidation, security and cyber later. It's Friday and my D&D group is starting. Hope this answered your question, I rambled a bit. EDIT - TL;DR - Regulations, Money, old tech and specialized equipment make PST's on the network shares bad. But mostly expensive old specialized equipment. Also, I'm trying to spell out all the acronyms, but if I miss one let me know.

Believe me when I say I understand the workstation requirements that the Ops group is under. As I've said other threads, I've made it a point to get over with the Mission folks to get their bead on things. You guys don't all have workstations. At my location the Training Sq doesn't even have a 5:1 ratio. I've also not given myself the extra space a higher tier user would get, because if the masses are suffering with 90mbs I need to figure it out. Not saying that to brag or anything, but I believe our leadership doesn't understand how little that space really is. Perspective is key when dealing with these things and being out of touch is a serious problem. I don't know why the powers that be decided that little space would be adequate for most of us. 90 Mbs.. is nothing. 1/2 of that is one music album these days or maybe 10 pictures. But the AF decided that was the size, and we're trying to make it work. Perhaps once the APC's have stabilized we'll be able to add more space. I hope so.

Are you happy with the service and availability of your email now? Do you think more space would make it better? Not a /s question. There's a few reasons: 1) Google is a professional service organization that uses your email to sell you shit 2) They have good engineers 3) They don't use the lowest bidder 4) Did I mention the engineers? 5) They throw more money at gmail than the AF throws at the whole Cyber enterprise However, you're looking back a little too fondly. GMail didn't come around until 2004 (invite only), opened wide in 2007 and dropped the beta tag in 2009. We can debate the meaning of "beta" but Google felt it was a product that had to come with a default warning. Also, you access through a web interface and not Outlook. Outlook is chatty and laggy. Your speed connection to the APC determines how fast you're going to access your email. If you're in Osan and your APC is Andrews... you go to Andres. Google can mirror your data around the world. We can't. Google also has overall less regulations that bind it's hands when rolling out services to new customers (say hi to your records custodian for me). AF doesn't have the engineers, doesn't have the cash and frankly doesn't think either of those things are a problem. There have been serious failures with the APC model. I'm not sure I can get into it on here. Lets just say that the AF doesn't commission or enlist data center experts, but thinks that we're going to do it on our own w/ those online Masters. Our data centers are awful. More space won't fix it. You'll probably have less availability. If you guys just made it to General and became a Tier 1 user you'd have unlimited space. What's the problem? Happened here as well. Chapel sent out a 30Mb advert. We had a FSS Family person thing bug my Commander about getting rights to send another flyer to the whole base. I tried to convince the AO that they should host it on SharePoint and send a notice it was there. Nope, "It's small, it won't be that big a deal." O6's get involved. I now have an auto-delete rule and I think those that don't get a 1Mb flyer every week. I'm assuming you're AFNG. Godspeed.

The AF has been looking to "secure" NIPR for a long time. Patches, Detection Systems and all that. However, we've been securing PMO systems by writing little slips of paper that say "We can't patch this and it's a mission system, so fuck off." Inspections of the network took those slips of paper and used them to stop "attackers" from doing bad things to your email. Well, that's not how things actually work. So DISA is now doing full, no-notice CCRI's that include ALL systems on the network. PMO (ex. PEX and Medical), SCADA (CE's environmental systems), NIPR/SIPR and other. The AF has not looked at the network, cyber.. whatever as a whole domain. Sure.. all those servers are patched, but that CE network isn't, and it rides NIPR or is otherwise exposed to the internet. So I don't have to attack the servers.. I turn off the AC/power to the server room and generate an effect. These team is to reach really long arms around the whole domain for the AF and stop looking at it as stove-pipes. This becomes even more serious with the networking capabilities of the 5th Gen fighters.