|
hobbesmaster posted:what hardware are you running on its a 9900k and proxmox recently added cpu pinning, i just ran the rdr2 benchmark and the difference isn't as big as i remember, but still some drm doesn't work under virtualization, also running Speedometer2.1 is 15% slower in a vm
|
#
?
Mar 9, 2023 04:20
|
|
|
|
| # ? Oct 2, 2023 19:20 |
|
|
Perplx posted:its a 9900k and proxmox recently added cpu pinning, i just ran the rdr2 benchmark and the difference isn't as big as i remember, but still some drm doesn't work under virtualization, also running Speedometer2.1 is 15% slower in a vm what happens when you turn off hyperthreading and pin 4 cores
|
|
#
?
Mar 9, 2023 04:24
|
|
|
it's a little faster in speedometer 2.1 baremetal ht off and on 223 vm ht off 201 vm ht on 193 i'll do more testing when my pikvm comes in, changing the bios on this is a pain in the rear end
|
|
#
?
Mar 9, 2023 05:25
|
|
|
Minneapolis public school system got popped, and it is really not a good scene https://twitter.com/iancoldwater/status/1633860959633637376
|
|
#
?
Mar 10, 2023 01:24
|
|
|
|
|
#
?
Mar 10, 2023 10:15
|
|
|
I was talking a few years ago with the CIO of a large school district, think ~100k students. He basically said their cybersecurity was poo poo, everyone knew it was poo poo, and the parents regularly went to the school board complaining it was poo poo. The school board had recently voted down a proposal a bunch of parents put together asking the district to stand up a SOC. This guy said that every time the board voted down infosec funding they always justified it with "if we even had the money to do this we'd spend it hiring teachers".
|
|
#
?
Mar 10, 2023 15:52
|
|
|
why the hackers gotta steal data just give everyone good grades smh where all the white hats these days
|
|
#
?
Mar 10, 2023 17:24
|
|
|
Soylent Pudding posted:I was talking a few years ago with the CIO of a large school district, think ~100k students. He basically said their cybersecurity was poo poo, everyone knew it was poo poo, and the parents regularly went to the school board complaining it was poo poo. The school board had recently voted down a proposal a bunch of parents put together asking the district to stand up a SOC. This guy said that every time the board voted down infosec funding they always justified it with "if we even had the money to do this we'd spend it hiring teachers". assuming they're being honest about it, yeah, i can see that being justified at least
|
|
#
?
Mar 10, 2023 17:47
|
|
|
Soylent Pudding posted:I was talking a few years ago with the CIO of a large school district, think ~100k students. He basically said their cybersecurity was poo poo, everyone knew it was poo poo, and the parents regularly went to the school board complaining it was poo poo. The school board had recently voted down a proposal a bunch of parents put together asking the district to stand up a SOC. This guy said that every time the board voted down infosec funding they always justified it with "if we even had the money to do this we'd spend it hiring teachers". I've done some security consulting with the local school district, and yeah, same applies: I got my contract paid by the State but the school system itself had no money and minimal resources necessary to make the changes needed to really improve their security. It doesnt help that a lot of the School Systems IT is outsourced to "friendly" (i.e. corrupt and connected) bidders.
|
|
#
?
Mar 10, 2023 17:57
|
|
|
CommieGIR posted:I've done some security consulting with the local school district, and yeah, same applies: I got my contract paid by the State but the school system itself had no money and minimal resources necessary to make the changes needed to really improve their security. It doesnt help that a lot of the School Systems IT is outsourced to "friendly" (i.e. corrupt and connected) bidders. The state money grift is pretty insane.
|
|
#
?
Mar 10, 2023 20:06
|
|
|
Soylent Pudding posted:"if we even had the money to do this we'd spend it hiring teachers". this right here is probably the best argument against having digital records systems at schools unfortunately. teachers are always underpaid and undervalued, so it will be politically impossible to maintain a competent and well funded information technology staff next to this because it would be unfair to the teachers on the other hand, so much pii will make this kind of systems a really juicy target i suppose?
|
|
#
?
Mar 10, 2023 20:15
|
|
|
it's not all bad everywhere. my local school district is also my client
|
|
#
?
Mar 11, 2023 02:14
|
|
|
i really need to stop using t-mobile. lost my phone yesterday, so i walked to the t-mobile store today and asked to buy a replacement. was told they couldn't sell phones today but to come back tomorrow. asked if they could just activate a sim for me, they say no problem. dude then proceeds to activate a sim for me, verifying my last name and phone number. no id check, no further id questions, no payment for the sim even. just last name, phone number, and walked out the door with an activated sim
|
|
#
?
Mar 12, 2023 22:55
|
|
|
 did they at least try to explain why they can't sell phones
|
|
#
?
Mar 12, 2023 22:58
|
|
|
People keep walking out with their sim cards?
|
|
#
?
Mar 12, 2023 23:02
|
|
|
Beeftweeter posted:
"some sort of computer problem when trying to process upgrades" is all i got out of them
|
|
#
?
Mar 12, 2023 23:14
|
|
|
that kinda reminds me of when they were selling wrt54gs for cheap i walked into a t-mobile store (not a customer at the time) and the sales guy just asked me for a phone number of someone i knew that used t-mobile. i gave them my old roommate's and paid for it no idea if that ended up on his bill, but thanks steve
|
|
#
?
Mar 12, 2023 23:28
|
|
|
They used to have security questions, did that get folded?
|
|
#
?
Mar 12, 2023 23:38
|
|
|
nudgenudgetilt posted:i really need to stop using t-mobile. lost my phone yesterday, so i walked to the t-mobile store today and asked to buy a replacement. was told they couldn't sell phones today but to come back tomorrow. asked if they could just activate a sim for me, they say no problem.
|
|
#
?
Mar 13, 2023 00:15
|
|
|
mystes posted:was the only employee there like a teenager they didn't trust with the keys to where they kept the phones but who they nevertheless trusted enough to let them generate sim cards for literally any t-mobile customer in the country? Only one of those costs T-Mobile money.
|
|
#
?
Mar 13, 2023 14:51
|
|
|
CommieGIR posted:They used to have security questions, did that get folded? apparently mystes posted:was the only employee there like a teenager they didn't trust with the keys to where they kept the phones but who they nevertheless trusted enough to let them generate sim cards for literally any t-mobile customer in the country? i dunno. dude i was talking to was definitely a kid, but he kept going to the back room to relay pretty much any question i had to his "manager", and there was definitely a voice talking back to him. *shrug*
|
|
#
?
Mar 13, 2023 14:57
|
|
|
nudgenudgetilt posted:i dunno. dude i was talking to was definitely a kid, but he kept going to the back room to relay pretty much any question i had to his "manager", and there was definitely a voice talking back to him. *shrug* 
|
|
#
?
Mar 13, 2023 16:56
|
|
|
a couple people at my company's it dept have completely lost the plot and think that tiktok and other apps can read your emails and slack and we need to consider buying everyone in the company a "cheap" work phone  good luck.
|
|
#
?
Mar 13, 2023 18:52
|
|
|
post hole digger posted:a couple people at my company's it dept have completely lost the plot and think that tiktok and other apps can read your emails and slack and we need to consider buying everyone in the company a "cheap" work phone because unmanaged BYO devices have never caused anyone heartache or grief?
|
|
#
?
Mar 13, 2023 19:34
|
|
|
theres definitely a problem to be solved. i dont think the answer is buying everyone (or even most people) a phone. id love it if the answer was no slack or email on your personal device. i dont think thats very pragmatic either though. i think its probably going to be some form of MDM and maybe something like CFZT if we're lucky. i'm not really sure how mdm can even fully solve the problem of risk from a personal device if your concern is something like dlp from slack on someones phone.
post hole digger fucked around with this message at 20:25 on Mar 13, 2023 |
|
#
?
Mar 13, 2023 20:08
|
|
|
it’s absolutely pragmatic to say no work email on personal devices if employees have a shred of self respect. if work wants to reach me outside work hours the least they get to do is provide a phone and service
|
|
#
?
Mar 13, 2023 20:32
|
|
|
i agree, but itd be a pretty big culture shift for us to do that. people do have email and slack on their phones. i thought this was pretty common, maybe im wrong about that. i think thered be pushback about that but maybe thats not my problem.
|
|
#
?
Mar 13, 2023 20:45
|
|
|
Question from a friend: Is there a security key that exists that supports U2F and FIDO2, has a fingerprint scanner and NFC or BT?
|
|
#
?
Mar 13, 2023 20:47
|
|
|
Subjunctive posted:Question from a friend: Is there a security key that exists that supports U2F and FIDO2, has a fingerprint scanner and NFC or BT? there's a fingerprint yubi e: nevermind, apparently that has no nfc
|
|
#
?
Mar 13, 2023 20:49
|
|
|
cinci zoo sniper posted:there's a fingerprint yubi this was exactly what I said!
|
|
#
?
Mar 13, 2023 20:52
|
|
|
Subjunctive posted:Question from a friend: Is there a security key that exists that supports U2F and FIDO2, has a fingerprint scanner and NFC or BT? i have this thing https://www.amazon.com/dp/B084Q7YCKR but i really don't like it lol. it was a huge pain in the rear end to set up
|
|
#
?
Mar 13, 2023 21:11
|
|
|
Subjunctive posted:Question from a friend: Is there a security key that exists that supports U2F and FIDO2, has a fingerprint scanner and NFC or BT? If you can skip u2f, feitian makes one https://www.ftsafe.com/Products/FIDO/Bio
|
|
#
?
Mar 13, 2023 22:08
|
|
|
SlowBloke posted:If you can skip u2f, feitian makes one https://www.ftsafe.com/Products/FIDO/Bio mystes fucked around with this message at 22:25 on Mar 13, 2023 |
|
#
?
Mar 13, 2023 22:22
|
|
|
mystes posted:Is it really possible for a device to support fido2 without supporting u2f? IIRC fido2 is just u2f with an additional mode that allows keys to be stored on the device so I don't think it should be possible, and I would guess that this is just some sort of mistake in the feature comparison table. The underlying logic is the same but the user side api are different(ctap1+uaf vs ctap2+webauthn2), so it's possible that they only expose the current ones. A lot of sites calls fido2 as second factor u2f when it's not a fido1 api call.
|
|
#
?
Mar 13, 2023 23:07
|
|
|
I guess it's optional for FIDO2 authenticators to implement CTAP1 but I still wouldn't be surprised if it's just an error on that web page
|
|
#
?
Mar 13, 2023 23:22
|
|
|
post hole digger posted:theres definitely a problem to be solved. i dont think the answer is buying everyone (or even most people) a phone. id love it if the answer was no slack or email on your personal device. i dont think thats very pragmatic either though. i think its probably going to be some form of MDM and maybe something like CFZT if we're lucky. i'm not really sure how mdm can even fully solve the problem of risk from a personal device if your concern is something like dlp from slack on someones phone. WHO THE gently caress LETS WORK MDM THEIR PRIVATE poo poo
|
|
#
?
Mar 14, 2023 00:25
|
|
|
evil_bunnY posted:Why do people put loving work slack and email on their private poo poo ANYWAY because they don’t know what that is or those apps don’t need mdm
|
|
#
?
Mar 14, 2023 00:29
|
|
|
evil_bunnY posted:Why do people put loving work slack and email on their private poo poo ANYWAY I have a really hard time swallowing the idea anyone would go along with MDM on their personal poo poo (I wouldnt), we don't require Slack/email on personal devices but people do it, and anecdotally just about every person I know working in tech in the bay area, at companies big and small, has both on their phones. I was hoping CFZT might be something that can kind of bridge the gap for the sickos without going full MDM.
|
|
#
?
Mar 14, 2023 00:31
|
|
|
I was going to put work email on my phone but it would have given them perms to wipe my device remotely, no thanks.
|
|
#
?
Mar 14, 2023 00:51
|
|
|
|
| # ? Oct 2, 2023 19:20 |
|
|
there are actually secure ways to have work email, vpn and other access without enrolling in mdm that increases friction switching between personal to work and costs money though
|
|
#
?
Mar 14, 2023 00:55
|
|