trademarq

official blog of marquis montgomery: complete with notes, rants, reviews, tips, and tricks.

AUTHOR: marq

Disabling SSL v3 in Splunk Web to mitigate POODLE

I’ve been poking around trying to figure out the best way to handle POODLE in Splunk for situations that warrant it (i.e. concern about untrusted networks and Splunk Web being accessible via the Internet). I have tested that the following settings in web.conf will disable SSLv3 and should be compatible with the latest version of all web browsers (except Firefox, which has some issue I haven’t been able to figure out yet):

in web.conf

[settings]

startwebserver = 1
httpport = 443
enableSplunkWebSSL = true
cipherSuite = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SSLv3

Switching from MacBook Air to Surface Pro 3

Most folks who know me know that I always have at least two to three pieces of technology on me at all times. Generally, I always have a smartphone and my iPad with me, but more often these days I find myself with a full notebook computer as well. Most folks who know me also know I have been exclusively a Mac guy since middle school.

The Apple Retina MacBook Pro is my current go-to workhorse machine. I started off with the original Retina MBP, but quickly figured out the stock Intel processor and 256GB SSD were not going to cut it for my needs. I sold it, and invested in the top-of-the-line model, and haven’t looked back since. Unfortunately, the high-end powerhouse that is the top-of-the-line Retina MacBook Pro comes at a high cost: weight, and battery life. As much as I love the machine, I can’t use it every day because of those two constraints, and I found myself looking for another full notebook computer that could last through all-day conferences and cross country flights. Right around this time, Apple announced the new MacBook Air with Intel Haswell processors. They claimed 12 hours battery life on the 13-inch model, which if true, would solve my weight and battery life issues when I am away from my real machine. So I plunked down for the base model 13-inch (the real work still happens on the rMBP), and boy they were not kidding about the battery life on the 13 inch MacBook Air. It lasts all day, and seemingly for a few days if you only use it for sparingly brief note-taking and what I call email-fu while traveling. There is something hugely liberating about leaving home without the charger, and its great. So much so, I began regretting having purchased the base model and wished I had a higher capacity and higher spec version for more real work. But there is one major issue with the MacBook Air that become harder and harder to deal with over all other issues… and that issue was the fact it had no retina display.

High Resolution and High-DPI displays have become a soft-spot for my favorite devices – it has definitely gone from a “nice to have” to necessity – at least in my eyes. Once you start using a High-DPI display regularly, using a lesser quality display really becomes noticeable and unpleasant.

Switching gears a little bit, one other thing that has become an issue over the years is the fact that my career has taken me out of the arena where I control everything I do. I, like everyone else who works, have to use software and websites that my job say I need to use. As much as I love Apple and Mac OS X, it is still a pain to use effectively in the enterprise. Don’t get me wrong, they’ve come a long way. But Microsoft Office for the Mac just isn’t the real Microsoft Office, its a watered down and somewhat questionable interpretation of what Microsoft Office is on Windows. That isn’t Apple’s fault, but it is the reality. Office for the Mac just isn’t as good. And, while Apple’s own software is amazing in how it works together and generally works without issue, it is designed for the consumer and creative, and arguably not for the project manager, consultant, or business director. Apple has the iWork suite of apps, however it doesn’t replace Office. I would argue that Apple doesn’t want the iWork suite to replace Office – it wants iWork to be something different (perhaps better) than Office. In that vain, Apple has succeeded. Many people love iWork as a set of apps that are simple enough to learn and create beautiful ‘stuff.’ But Office replacement, it is not. The counterpoint here is that while iWork doesn’t replace Office, it is compatible and will save and open the Word and Excel formats we need to be able to share with Windows users. Most of the time, thats true, until the one day it isn’t. When your working with clients who pay you to solve problems, and your causing problems when they can’t read what you send them, your going to have a bad day.

While we are on the subject of shortcomings, for some really unfortunate reason I continue to come across web based applications and sites that require Internet Explorer to function properly. Its truly disappointing, every time I realize, “It needs IE,” and grudgingly fire up my Windows 7 VM just to get this website to work the way it was intended to. This happens far to often to me still, but I can’t control it. It is catastrophic when I’m on my MacBook Air, because running a VM on the base model is PAINFUL. I don’t even attempt it. Which brings my back to my topic:

The MacBook Air does not meet my needs for the work I need to do.

It hurt to write that sentence, but its true. I need a Retina or High DPI display. I need All-Day battery life. I need (the real) Microsoft Office. And, occasionally, quite unfortunately, I need Internet Explorer.

I came to this realization about 2 months ago, and I began leaving my MacBook Air at home when I went on trips, opting instead for the Retina MacBook Pro. I knew it wasn’t cutting it, and I began looking at, gasp, Windows machines.

There was (is?) a really interesting promotion for the Surface Pro 3, which just recently launched, involving $650 credit for trading in a MacBook Air for a Surface Pro 3. The offer was reasonable, and the more and more I thought about it, the more the Surface Pro 3 fit my needs better than the MacBook Air did. So, on impulse one Sunday afternoon, I took the MacBook Air I didn’t use to the Microsoft Store, and traded it for a mid-level Intel i5 Surface Pro 3.

So, lets talk about the Surface for a minute. It is a very uniquely designed piece of hardware meant to double as both a tablet and a laptop, running Microsoft’s Windows 8 Pro OS. It has a kickstand on the back with a hinge that articulates almost a full 180 degrees. That tablet piece of the equation dictates relatively low weight, and relatively high battery life. It has a 12-inch Hi-DPI display. The keyboard (sold separately, but a requirement, really), is detachable. It comes with a handy pen that works with the touchscreen for writing and drawing, however you can use it as a cursor for clicking and selecting things as well. Hardware wise, its a winner. The screen is great. The size is great. The weight is great. The thickness, considering there is a real Intel processor and SSD in there, is great. The only hardware complaint I have is the detachable and super thin keyboard, which is noisy when you type at full tilt and its slightly smaller than a real keyboard. But that won’t stop me from using it.

Then there’s Windows 8. Sigh. The jumping back and forth from Desktop land to “Modern UI” land is annoying. But, when in the Modern UI, things are surprisingly good. All apps are Hi-DPI. There is a nod to increased security in this part of the system as well. I was able to find all the apps I really cared about in the Windows Store, and the quality of these apps I was impressed with (not something I can say about the Android Google Play store.) But when you come across the need to drop back into Desktop land, a daily occurrence for me since I prefer Google Chrome with plugins, things get really rough. Some apps are not Hi-DPI and take a little tweaking to make them not look like garbage. There is a weird “zoom” level setting in Windows that defaults to 150%, which is good for being able to fit things on screen and somewhat tap them with a finger on the touchscreen. The next setting is 200%, which is great – with nice big surface areas on all controls that make it easy to tap them on screen. The problem there is not enough surface area for anything else, so you have to do a lot of scrolling to read web pages and documents. There are other things in Windows 8 on the Surface Pro 3 that I wonder about. The on-screen keyboard pops up dutifully whenever I select a text box, even when I have the keyboard attached. Why? Also, sometimes when I wake the thing from sleep, the Wifi doesn’t work. Like – there’s no Wifi adaptor present in the settings – won’t work. A restart quickly fixes it, hence the reason I haven’t gotten around to taking it in yet, but this is one of those annoying things you just ask yourself, “Why?” Update: Microsoft says this a known issue on their website, but they don’t have a fix for it yet. Sigh. Never had this problem on the MacBook Air I didn’t use.

With all the shortcomings, the Surface Pro 3 is still what I have on me when I decide to carry a real computer. Windows 8 annoyances aside, I can multitask on the thing. I can open up the admittedly very impressive Microsoft Office 2013 suite and handle some things for work without fighting with compatibility settings or missing features altogether. I can use the pen to take notes in the very impressive OneNote app, which has made the device handy enough to replace the legal pad or LiveScribe smartpen I carry around as well. I can deal with IE in small doses when necessary. And I finally have a Windows machine in the house my Android tinkering and flashing says I need it. For the first week of owning it, I wasn’t sure if it would pass the test or if I would be able to deal with the Windows 8 issues. But now I’m sure, I’m keeping it. At least until there’s touchscreen Retina MacBook Air with amazing battery life and the power to run Windows in a VM without issue.

P.S.: The Surface Pro 3, unfortunately, is a terrible tablet. I almost never use it that way. Why? Because I have an iPad Air, which is an AMAZING tablet. Compare the two and you will see which is a proper tablet and which is not. The Surface Pro is too big, too thick, and too heavy to be held for any amount of time doing tablet things, like reading the news or a book. It is much better suited on a tabletop, or on your lap, keyboard attached, doing work. The only time the keyboard comes off my Surface Pro 3 is when I have the pen in hand and I’m writing in OneNote.