|
ilkhan posted:Just had 3 brand new dot matrix printers delivered to our office for delivery to a client. Because dot matrix is cutting edge stuff. Still need them for carbon forms.
|
#
?
Aug 16, 2018 00:12
|
|
|
|
| # ? Apr 23, 2024 17:12 |
|
|
I want one so I can have it just print out AP newswire when coworkers are talking to me and wasting time.
|
|
#
?
Aug 16, 2018 00:33
|
|
|
ilkhan posted:Just had 3 brand new dot matrix printers delivered to our office for delivery to a client. Because dot matrix is cutting edge stuff. As long as you need to have a duplicate copy those things will always have a use. Also for continuous feed printing, something it'd be tricky to do with a laser. And the fact those loud, clanky and slow things jam less and are more reliable then every laser printer I've seen for the last 15 years also helps.
|
|
#
?
Aug 16, 2018 00:49
|
|
|
Why hate on dot matrix? They're reliable and pretty much foolproof. I have an Oki microline 182 (iirc) somewhere that probably still works if I drop in a new ribbon...
|
|
#
?
Aug 16, 2018 01:02
|
|
|
Chunjee posted:
How do you troubleshoot user issues or audit actions without storing the usernames?
|
|
#
?
Aug 16, 2018 01:07
|
|
: I found this username/password combo in plaintext logs
: Ok what do you want fixed?
: fascinating, can you mask these logs now?
|
I think the issue is more with the password part.
|
|
#
?
Aug 16, 2018 01:09
|
|
|
Ghostlight posted:I think the issue is more with the password part. Yeah, fair point but why say "we don't allow usernames/passwords in logs" instead of just "we don't allow passwords in logs"? Sounds like a perfect opportunity for malicious compliance. "What? You want to know who accessed XYZ? Sorry, I don't have any record of who did that. Three months ago you asked me to remove usernames from the logs."
|
|
#
?
Aug 16, 2018 01:22
|
|
|
While I instantly assumed that "usernames/passwords" means that there's a direct mapping in the logs I can see why that'd confuse someone who doesn't already understand the shorthand.
|
|
#
?
Aug 16, 2018 01:41
|
|
|
Arquinsiel posted:While I instantly assumed that "usernames/passwords" means that there's a direct mapping in the logs I can see why that'd confuse someone who doesn't already understand the shorthand. "usernames/passwords" is shorthand for passwords? One of us doesn't understand what shorthand means. (And I'm hoping it's not me)
|
|
#
?
Aug 16, 2018 01:51
|
|
|
PBS posted:"usernames/passwords" is shorthand for passwords? One of us doesn't understand what shorthand means. (And I'm hoping it's not me) Nah, it's pretty straight forward, and unless you're a moron fairly clear in the context.
|
|
#
?
Aug 16, 2018 02:01
|
|
|
Maybe I'm just missing something. Is there a benefit to saying usernames/passwords, when just referring to passwords? Or does username/password denote a specific situation?
|
|
#
?
Aug 16, 2018 02:21
|
|
|
A password doesn't do you much good if you don't know what it's for.
|
|
#
?
Aug 16, 2018 03:09
|
|
|
A plain text document containing only usernames isn't necessarily a huge security risk. It would provide a starting point for someone with malicious intent, perhaps especially so if those usernames are email addresses, but it's a forgivable offense if no other details are present. Having usernames AND their corresponding passwords stored in plain text is a giant problem. You're basically handing someone the keys to the kingdom, at that point. The post in question tells us that both usernames and passwords were stored in that plain text format, hence "usernames/passwords" -- a common enough shorthand. Maybe you've not run into that before? No need to feel dumb about it, anyway. my cat is norris fucked around with this message at 03:17 on Aug 16, 2018 |
|
#
?
Aug 16, 2018 03:14
|
|
|
my cat is norris posted:A plain text document containing only usernames isn't necessarily a huge security risk. It would provide a starting point for someone with malicious intent, perhaps especially so if those usernames are email addresses, but it's a forgivable offense if no other details are present. No, I haven't. I can't imagine a situation in which it'd be acceptable to log passwords, even if there's no obvious corresponding user id. I can see user names both ways I guess, they have a lot of utility though IMO. What would be the proper way to handle user attribution without logging user name? A separate unique id? PBS fucked around with this message at 03:33 on Aug 16, 2018 |
|
#
?
Aug 16, 2018 03:29
|
|
|
Wibla posted:Why hate on dot matrix? They're reliable and pretty much foolproof. Back in the day I worked 3rd shift weekends at a hospital and I'd print the charts and labs and whatnot for everyone that day. We used these huge 4' tall things with doors and a hood to keep the sound down. I'd use most of a full box of continuous feed paper. Once the reports were done printing I'd take the stack over to a machine that would slice the side holes off while separating the carbon copies into different piles. Then another machine called the burster would put a bit of tension on the pages to separate them and stack them up. The printing part generally went pretty well with very few issues and jams. The other two machines, on the other hand were a huge bitch depending on how humid it was and were sometimes unusable and I'd need to do it all myself. A bit before I quit they installed a pair of Lexmark laser printers and holy poo poo they were amazing. I don't remember them ever jamming and were just workhorses. And no more loving with the burster and the other thing and all I'd need to do is sort into the various offices, it was great. But in reality, gently caress printers.
|
|
#
?
Aug 16, 2018 03:51
|
|
|
PBS posted:No, I haven't. I can't imagine a situation in which it'd be acceptable to log passwords, even if there's no obvious corresponding user id. This has happened at some high profile organizations, like Twitter. What happens isn't some dev says "let's dump usernames and passwords to a text file !" and does it. What actually happens is that fully verbose logging for debugging purposes ends up including memory dumps. Which include user names and passwords in plain text. Remember, apps like Twitter only store the salted and hashed password. That's safe. But at some point they have to salt and hash the password the user actually typed. That happens in plain text form in memory. Log everything, get U/P.
|
|
#
?
Aug 16, 2018 04:20
|
|
|
Chunjee posted:
|
|
#
?
Aug 16, 2018 11:57
|
|
|
Came into work 3 hours early to help a customer in Finland and they didn't even join our meeting  e: actually they joined, but they never joined the call or shared their screen so I couldn't do anything.
|
|
#
?
Aug 16, 2018 13:04
|
|
|
mllaneza posted:This has happened at some high profile organizations, like Twitter. What happens isn't some dev says "let's dump usernames and passwords to a text file !" and does it. What actually happens is that fully verbose logging for debugging purposes ends up including memory dumps. Which include user names and passwords in plain text.  but there's more ways to mitigate that than there are with "login: bob, password: fuckyoutrudy" stored in the plain.
|
|
#
?
Aug 16, 2018 13:19
|
|
|
angry armadillo posted:why wouldn't you just do it and then log a ticket with whoever fixes those issues What? Who gives everybody access to make unrestricted Dev changes to software? A) change control is important B) separation of access is important C) RBAC is important You should absolutely not make changes to another team's poo poo with the ideal of 'I'll tell them about it later'
|
|
#
?
Aug 16, 2018 13:28
|
|
|
Judge Schnoopy posted:A) change control is important 
|
|
#
?
Aug 16, 2018 13:41
|
|
|
Judge Schnoopy posted:What? What? Where did I say anything to the contrary? I am making the assumption: "fix it" meant "follow due process to implement fix appropriately, even if that was just raising some kind of CR to get someone else to do it" Implying Chunjee was the person to set off that chain reaction. Sorry if that gets in the way of jumping to conclusions, but lets just be chill.
|
|
#
?
Aug 16, 2018 14:03
|
|
|
Corsair Pool Boy posted:Man, after that exchange I'd be going out of my way to look for plantext login info on everything I touched. It's poo poo like this that made me glad I moved to using a password generator.
|
|
#
?
Aug 16, 2018 15:53
|
|
|
ilkhan posted:My whole company just got invited to a rafting day, with the company paying for the rafts. What about the life-jackets though? Is this part of a RIF plan? 
|
|
#
?
Aug 16, 2018 20:07
|
|
|
Schadenboner posted:What about the life-jackets though? Is this part of a RIF plan? The execs get golden rafts
|
|
#
?
Aug 16, 2018 20:36
|
|
|
An email came inquote:I can log into my account, but in my Contact information, it says [other campus] and I cannot change it.
|
|
#
?
Aug 16, 2018 22:10
|
|
|
Password control aside, who can change her contact information? Ostensibly, she was e-mailing you because she thought you were the admin.
|
|
#
?
Aug 16, 2018 22:17
|
|
|
The Fool posted:Password control aside, who can change her contact information? Ostensibly, she was e-mailing you because she thought you were the admin.
|
|
#
?
Aug 16, 2018 22:39
|
|
|
Wrong thread!
|
|
#
?
Aug 16, 2018 22:51
|
|
|
Corsair Pool Boy posted:My company is doing a summer picnic thing which is neat, it's at some golf and sports park with some arcade games, volleyball, and lots of other stuff, which is neat. At least its working hours. I find I can't even stay for company paid happy hours if they aren't during office hours.
|
|
#
?
Aug 16, 2018 22:53
|
|
|
We just got a demo unit of the fancy new bleeding-edge Avaya touchscreen SIP desk phone. lol this thing is garbage. It's basically a glorified Android tablet except it probably costs twice as much for half the hardware specs, doesn't have a battery in it, is designed to lock you out of the Google Play store by default, and is a pain in the rear end to actually get working with existing Avaya phone systems. Also the default Avaya Vantage dialer app is hastily-thrown-together garbage and actually has fewer features in it than their standard digital phones do. You don't get programmable feature buttons, so there's no Park / Page / group membership toggling / night service toggling / etc functionality. And it doesn't even have visual voicemail, it's straight back to the old-school listen-to-a-recording-that-tells-you-what-numbers-to-press-for-options system. Meanwhile their cheapest digital phones have supported visual voicemail for like a decade at this point.
|
|
#
?
Aug 17, 2018 03:31
|
|
|
Sickening posted:At least its working hours. I find I can't even stay for company paid happy hours if they aren't during office hours. Update: I'm not going, gonna work from home that day and log out a few hours early instead. Finally got permission to WFH twice a week as long as I'm there on Wednesdays.
|
|
#
?
Aug 17, 2018 03:59
|
|
|
Schadenboner posted:What about the life-jackets though? Is this part of a RIF plan?
|
|
#
?
Aug 17, 2018 04:58
|
|
|
Entropic posted:We just got a demo unit of the fancy new bleeding-edge Avaya touchscreen SIP desk phone. Avaya throwing poo poo at a wall, and showing no evidence of a strategy that results in their products integrating with each other? It can't be true!
|
|
#
?
Aug 17, 2018 07:26
|
|
|
Entropic posted:We just got a demo unit of the fancy new bleeding-edge Avaya touchscreen SIP desk phone. So they pretty much copied ubiquiti unifi phones strategy with the same grade of success :V
|
|
#
?
Aug 17, 2018 07:33
|
|
|
SlowBloke posted:So they pretty much copied ubiquiti unifi phones strategy with the same grade of success :V Kinda been wondering about those phones. Also about Meraki's. Has anyone actually used the Meraki ones? Are they any good?
|
|
#
?
Aug 17, 2018 08:19
|
|
|
Super Soaker Party! posted:Also about Meraki's. Has anyone actually used the Meraki ones? Are they any good? No. Also Meraki says "MC is not being killed, only de-emphasized (temporarily removed from website and webinars) for some additional development and feature work, to be relaunched in the coming months although the timeline is TBD.". So given that's the state of things nearly 3 years after launch, that should pretty much be all you need to know. Sheep fucked around with this message at 12:44 on Aug 17, 2018 |
|
#
?
Aug 17, 2018 12:37
|
|
|
Meraki have given up on their phones, so have Ubiquiti. Wait until they’ve shown a couple of years of continual development before thinking about buying into either.
|
|
#
?
Aug 17, 2018 13:02
|
|
|
What phones are good? We currently have Gamma/Horizon SIP on Polycom VVX 410s and it works but it's pretty clunky and we're out of contract next year.
|
|
#
?
Aug 17, 2018 13:09
|
|
|
|
| # ? Apr 23, 2024 17:12 |
|
|
All phones are bad in their own way. Cisco UCM is good if it’s set up right but if you’re currently running a cloud service then it’s likely overkill. Maybe look at Fuze?
|
|
#
?
Aug 17, 2018 13:11
|
|