Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
KoRMaK
Jul 31, 2012



I got roped into a call with a client mid... call (Im our lead developer) because our support guy couldn't answer some api questions. That's wierd because he is real good at it.


Turns out I walked into a loving lions den. These people, like 5 of them on the phone, start asking me about our process for being deleivered an xls file for importing: "you transmit the file to us via our restful api, and we process it on our side." They ask about encryption: "The file is sent through https and uses SSL so it's encrypted while transmitting and on our systems via the data layer"

I heard the smuggest condescending laughter in a professional setting ever "uhhh so WAIT, your saying its NOT encrypted???"

Bruh I just said that its loving encrypted as you send it to me. Do you not trust the computer you are sending it from? Then they start talking about PGP keys for some reason, then talk about ftp. LOL

Yea with ftp, or email, I see why you would wanna do pgp encrpytion. But get with it my dudes I got a restful api over https. OH, then they said "Well I'm sure you know MITM attacks could let you peer in the stream" yea sure, that sounds like a different loving problem though with your info sec people if your network is getting MITM

Adbot
ADBOT LOVES YOU

Proteus Jones
Feb 28, 2013



KoRMaK posted:

I got roped into a call with a client mid... call (Im our lead developer) because our support guy couldn't answer some api questions. That's wierd because he is real good at it.


Turns out I walked into a loving lions den. These people, like 5 of them on the phone, start asking me about our process for being deleivered an xls file for importing: "you transmit the file to us via our restful api, and we process it on our side." They ask about encryption: "The file is sent through https and uses SSL so it's encrypted while transmitting and on our systems via the data layer"

I heard the smuggest condescending laughter in a professional setting ever "uhhh so WAIT, your saying its NOT encrypted???"

Bruh I just said that its loving encrypted as you send it to me. Do you not trust the computer you are sending it from? Then they start talking about PGP keys for some reason, then talk about ftp. LOL

Yea with ftp, or email, I see why you would wanna do pgp encrpytion. But get with it my dudes I got a restful api over https. OH, then they said "Well I'm sure you know MITM attacks could let you peer in the stream" yea sure, that sounds like a different loving problem though with your info sec people if your network is getting MITM

God I hate that “I’m going to ambush” bullshit.

A few years ago, I was on a call with one of our customer’s CISO and acting CIO (which should have been a warning sign right there) and some of their other executives. Apparently he was asking “hard questions” the accounts team couldn’t answer.

I jump on and he starts grilling me about all the different wireless stuff we can detect and monitor. He asks for details between how we differentiate between events that look similar. I give him as much detail as I can without revealing secret-sauce type stuff. He seems satisfied.

He then asks if there are certain types of wireless activities that “the Hacker” would do that we can’t see. And I replied “Sure, for instance if someone sat in your parking lot passively collecting all wireless packets that leak out of the building, short of looking out a window and seeing some sketchy dude in a car you won’t see that.”

Dude blew up. That’s unacceptable! How are you unable to detect a completely passive act that doesn’t interact in a meaningful way with the RF profile at this location? (Not his words, but what his argument boiled down to) I told him no vendor is going to be able to do this.*

I have friends and previous co-workers who are CISOs, and I’ve been offered that position at a smaller firm recently (offering less money than you would think, so pass). So at first I thought he was joking. He was not.

He also kept using the phrase “soup to nuts” which almost annoyed me more than the WHY CAN’T YOU DO MAGIC explosion. At this point I pretty much realized he was probably new to the field and given the position because “he’s a good manager”.


* - theoretically you *could*. But it would require some luck, really sensitive measurements, and the ability to eliminate all the typical attenuation and interference seen in an RF saturated business campus. So no, I can’t.

Proteus Jones fucked around with this message at 09:06 on Feb 10, 2018

Arquinsiel
Jun 1, 2006

"There is no such thing as society. There are individual men and women, and there are families. And no government can do anything except through people, and people must look to themselves first."

God Bless Margaret Thatcher
God Bless England
RIP My Iron Lady
The most valuable thing I learned in the last year is the difference between "threat" and "risk". Sometimes it's just not worth worrying about aliens hacking your gibson via laser guided dust bunnies.

Collateral Damage
Jun 13, 2009

KoRMaK posted:

I heard the smuggest condescending laughter in a professional setting ever "uhhh so WAIT, your saying its NOT encrypted???"
Are you one of our outsourcing partners?

We're in the process of deploying a web portal where customers will enter some information which will be put in an XML message and sent into our integration platform, and our "security" department is riding our rear end about sensitive information and how it has to be encrypted ALL the way. The client connection is https of course, and so is the connection between the web server and the ESB. Nothing is stored on the web server's file system, but they argue that because the information is unencrypted in the web server's memory it's completely insecure.

This is the same security department who approved some random non-IT dude's (accidental) request for Domain Admin rights without questioning. Fortunately another team caught it and nixed the request before it could be fulfilled.

:ughh:

Weatherman
Jul 30, 2003

WARBLEKLONK

Don't forget Slenderman.

BlankSystemDaemon
Mar 13, 2009



Weatherman posted:

Don't forget Slenderman.
That's far from the only meme that SA has had a hand in: AYBABTU springs to mind as one of the first that got really big -I don't remember the whole story anymore as it's been way too loving long and I have chemo-brain now, but at the very least, Invasion Of The Gabber Robots is goon-made.
Ignore me, I'm stupid.

BlankSystemDaemon fucked around with this message at 17:36 on Feb 10, 2018

Bunni-kat
May 25, 2010

Service Desk B-b-bunny...
How can-ca-caaaaan I
help-p-p-p you?

D. Ebdrup posted:

That's far from the only meme that SA has had a hand in: AYBABTU springs to mind as one of the first that got really big -I don't remember the whole story anymore as it's been way too loving long and I have chemo-brain now, but at the very least, Invasion Of The Gabber Robots is goon-made.

It’s more people killing in the name of Slenderman.

Bigass Moth
Mar 6, 2004

I joined the #RXT REVOLUTION.
:boom:
he knows...
I think his point was About the girls who killed their friend because of slender man related mental problems.

BlankSystemDaemon
Mar 13, 2009



Oh gently caress, yeah, that happened.

fishmech
Jul 16, 2006

by VideoGames
Salad Prong
The girl they tried to kill survived. Still hosed up, but at least nobody actually died.

BlankSystemDaemon
Mar 13, 2009



fishmech posted:

The girl they tried to kill survived. Still hosed up, but at least nobody actually died.
I'm not sure that makes it any better.

The Iron Rose
May 12, 2012

:minnie: Cat Army :minnie:

fishmech posted:

The girl they tried to kill survived. Still hosed up, but at least nobody actually died.

I actually didn't know that and it makes it significantly better


Still horrible of course

BlankSystemDaemon
Mar 13, 2009



Yeah, it's obviously not as black and white as I was making it out to be. I should know better, too.

Ghostlight
Sep 25, 2009

maybe for one second you can pause; try to step into another person's perspective, and understand that a watermelon is cursing me



Collateral Damage posted:

Are you one of our outsourcing partners?

We're in the process of deploying a web portal where customers will enter some information which will be put in an XML message and sent into our integration platform, and our "security" department is riding our rear end about sensitive information and how it has to be encrypted ALL the way. The client connection is https of course, and so is the connection between the web server and the ESB. Nothing is stored on the web server's file system, but they argue that because the information is unencrypted in the web server's memory it's completely insecure.

This is the same security department who approved some random non-IT dude's (accidental) request for Domain Admin rights without questioning. Fortunately another team caught it and nixed the request before it could be fulfilled.

:ughh:
I mean, it's stupid, but in all fairness it's barely been a month since a vulnerability that granted arbitrary access to the contents of a server's memory was widely publicised.

Judge Schnoopy
Nov 2, 2005

dont even TRY it, pal
A study in X Y problems came in:

Lady accidentally unplugged Ethernet cable from computer. It connected to the public WiFi. Because it's on public WiFi, she can't print anything.

Lady is requesting internal WiFi key so she can print.

It never crossed her mind to solve the problem by figuring out how to plug the computer back in.

Collateral Damage
Jun 13, 2009

Ghostlight posted:

I mean, it's stupid, but in all fairness it's barely been a month since a vulnerability that granted arbitrary access to the contents of a server's memory was widely publicised.
True, but I argue that if you're in a position to exploit that it wouldn't matter what measures we take because the server is owned anyway.

I'm not sure what you could do to satisfy them, is it even possible to keep the information encrypted in memory in a way that is not immediately defeated by someone who has potential full access to all memory content?

wolrah
May 8, 2006
what?

Judge Schnoopy posted:

A study in X Y problems came in:

Lady accidentally unplugged Ethernet cable from computer. It connected to the public WiFi. Because it's on public WiFi, she can't print anything.

Lady is requesting internal WiFi key so she can print.

It never crossed her mind to solve the problem by figuring out how to plug the computer back in.

I've started ripping the WiFi cards out of desktop PCs I set up for customers that have them because this always happens. Somehow the wired network gets disconnected, the user knows how to connect to WiFi, and the obvious happens from there leading to inevitable problems some time down the road.

redeyes
Sep 14, 2002

by Fluffdaddy
Speaking of that, companies that buy laptops instead of proper workstations. RAGE

Dick Trauma
Nov 30, 2007

God damn it, you've got to be kind.
I have had to exclusively buy laptops the last two years. Everyone wants a laptop. Everyone. Out goes a desktop in comes another laptop. OH I NEED TO BE MOBILE I NEED TO WORK AT HOME I NEED TO WORK WHEN I TRAVEL I NEED TO WORK DURING MEETINGS.

Then they come to me and complain that their laptop is "slow" when they perform crazy stat analysis.

I now configure laptops with 16 gigs of RAM and 500-1TB SSDs, i7 whenever possible. O365 64 bit for everyone. Go ahead and open 20 emails and 30 pdfs and 40 spreadsheets you dumbfucks. I just want to earn more points on my credit card for buying all this poo poo! I have a few hundred bucks saved up on my Amazon account.

I need to enjoy it before they finally implement a purchasing card program. Here's hoping it takes them a long time. :q:

GreenNight
Feb 19, 2006
Turning the light on the darkest places, you and I know we got to face this now. We got to face this now.

I hope you use eBates too for the poo poo you buy on Newegg, or Dell, etc.

Thanks Ants
May 21, 2004

#essereFerrari


I feel sorry for people working on reception desks who have to sit at a laptop all day at a desk chosen because it looked nice rather than for any ergonomic benefits at all.

Arquinsiel
Jun 1, 2006

"There is no such thing as society. There are individual men and women, and there are families. And no government can do anything except through people, and people must look to themselves first."

God Bless Margaret Thatcher
God Bless England
RIP My Iron Lady
Those people get docking stations and eleventy monitors.

ElehemEare
May 20, 2001
I am an omnipotent penguin.

Work gave me a quad core Xeon desktop workstation with 24GB of fast RAM and about 6TB of SSD+spinners.

They also gave me a quad core workstation laptop because of on-call responsibilities.

I use the laptop to RDP into the desktop to RDP into servers.

Judge Schnoopy
Nov 2, 2005

dont even TRY it, pal
I'm phasing out desktops for laptops. Our CRM is web based, our folders are redirected, and other line of business apps don't require heavy resources. For my users it's way more productive to take their laptop to a meeting than to have a beefy desktop.

aaronp
Jul 7, 2002

redeyes posted:

Speaking of that, companies that buy laptops instead of proper workstations. RAGE

I guess it really depends on the work being done, but the places I've worked for the past 10 years have only provided laptops, at least at the corporate level. 100% of our services run "in the cloud" and users only work from the office three days a week, so desktop workstations just wouldn't cut it.

Judge Schnoopy posted:

I'm phasing out desktops for laptops. Our CRM is web based, our folders are redirected, and other line of business apps don't require heavy resources. For my users it's way more productive to take their laptop to a meeting than to have a beefy desktop.

Yeah, this.

IrvingWashington
Dec 9, 2007

Shabbat Shalom
Clapping Larry

KoRMaK posted:

I heard the smuggest condescending laughter in a professional setting ever "uhhh so WAIT, your saying its NOT encrypted???"

Reminds me of meetings with gov security but in general I was told to let them score their points because a) they don't understand how you secure stuff in the cloudbutt and b) no security implementation will ever be more important than meeting the arbitrary deadline set 6 months ago anyway and man I'm glad I don't do that kind of stuff anymore.

Now I just get to fix fun stuff like making an OOM event not take out all of our infrastructure on a single continent :yotj:

Also, as far as the forums being monitored, that's waaaaaaaaay small change compared to what happens on a certain social media site every single time anyone interacts with it :tinfoil:

Collateral Damage posted:

True, but I argue that if you're in a position to exploit that it wouldn't matter what measures we take because the server is owned anyway.

It blows my mind how many times I've had this argument (I agree with you)

Spring Heeled Jack
Feb 25, 2007

If you can read this you can read
I just replaced my work desktop with a T470 + USB C dock, so I have 3 usable screens. (I still use the desktop for tooling around in VMware workstation)

Bob Morales
Aug 18, 2006


Just wear the fucking mask, Bob

I don't care how many people I probably infected with COVID-19 while refusing to wear a mask, my comfort is far more important than the health and safety of everyone around me!

"Why are emails being delayed? <whoever> sent me an email at 8:47 and it just came in at 9:07a."

:derp:

Should I reply with:

"It's not called instant messenger"

"Your fat rear end didn't even get to work until 8:52"

"Rackspace is looking into it"

Collateral Damage
Jun 13, 2009

"The NSA is short staffed"

Judge Schnoopy
Nov 2, 2005

dont even TRY it, pal
The pipes are full. It's not a big truck.

Sending less emails to me will help unclog the pipes thanks

GreenNight
Feb 19, 2006
Turning the light on the darkest places, you and I know we got to face this now. We got to face this now.

Go thank Bill Gates for not making email faster.

AlexDeGruven
Jun 29, 2007

Watch me pull my dongle out of this tiny box


*nixers can do 90-95% of our entire jobs on a Pi Zero W.

So if course I have a 2017 MBP with the i7, 16GB of RAM, and a 500GB NVMe SSD.

Bob Morales
Aug 18, 2006


Just wear the fucking mask, Bob

I don't care how many people I probably infected with COVID-19 while refusing to wear a mask, my comfort is far more important than the health and safety of everyone around me!

Our standard accounting laptop is:
Lenovo P51
512GB NVME
16GB RAM

:lol:

Because otherwise Excel doesn't work.

Renegret
May 26, 2007

THANK YOU FOR CALLING HELP DOG, INC.

YOUR POSITION IN THE QUEUE IS *pbbbbbbbbbbbbbbbbt*


Cat Army Sworn Enemy

Bob Morales posted:

Because otherwise Excel doesn't work.

it probably still doesn't

Proteus Jones
Feb 28, 2013



Renegret posted:

it probably still doesn't

Those specs will be fine for a 20 x 70 spreadsheet. It's fine.

The Iron Rose
May 12, 2012

:minnie: Cat Army :minnie:
yeah i'm 100% okay with giving finance and accounting overpowered laptops so they can brute force their way through pivot tables rather than calling us in

spankmeister
Jun 15, 2008






What's 16gb and 512gb in this day and age anyway? Pretty standard stuff imo.

stevewm
May 10, 2005

Bob Morales posted:

Our standard accounting laptop is:
Lenovo P51
512GB NVME
16GB RAM

:lol:

Because otherwise Excel doesn't work.

Wow... We go bottom of the barrel, because no one needs an i7 for office work.

Other than servers, We don't have a single machine, desktop or laptop, that has more than 8GB and anything faster than a i5. i3 is far more common. SSD at the least is standard though, I don't get machines with HDDs anymore.

i3/i5
4-8GB
128GB SSD

Thats all anyone here needs.

Jaded Burnout
Jul 10, 2004


I'm not sure I've seen anything other than a macbook in use by anyone in any company I've been in since.. 2012 when some people still used Mac Pros.

Adbot
ADBOT LOVES YOU

Bob Morales
Aug 18, 2006


Just wear the fucking mask, Bob

I don't care how many people I probably infected with COVID-19 while refusing to wear a mask, my comfort is far more important than the health and safety of everyone around me!

stevewm posted:

Wow... We go bottom of the barrel, because no one needs an i7 for office work.

Other than servers, We don't have a single machine, desktop or laptop, that has more than 8GB and anything faster than a i5. i3 is far more common. SSD at the least is standard though, I don't get machines with HDDs anymore.

i3/i5
4-8GB
128GB SSD

Thats all anyone here needs.

We do that for everyone, but we do a 256GB SSD because Windows likes hogging space, huge local OST/PST files, blah blah

  • 1
  • 2
  • 3
  • 4
  • 5