Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Perplx
Jun 26, 2004


Best viewed on Orgasma Plasma
Lipstick Apathy

hobbesmaster posted:

what hardware are you running on

its a 9900k and proxmox recently added cpu pinning, i just ran the rdr2 benchmark and the difference isn't as big as i remember, but still some drm doesn't work under virtualization, also running Speedometer2.1 is 15% slower in a vm

Adbot
ADBOT LOVES YOU

hobbesmaster
Jan 28, 2008

Perplx posted:

its a 9900k and proxmox recently added cpu pinning, i just ran the rdr2 benchmark and the difference isn't as big as i remember, but still some drm doesn't work under virtualization, also running Speedometer2.1 is 15% slower in a vm

what happens when you turn off hyperthreading and pin 4 cores

Perplx
Jun 26, 2004


Best viewed on Orgasma Plasma
Lipstick Apathy
it's a little faster in speedometer 2.1

baremetal ht off and on 223
vm ht off 201
vm ht on 193

i'll do more testing when my pikvm comes in, changing the bios on this is a pain in the rear end

Subjunctive
Sep 12, 2006

✨sparkle and shine✨

Minneapolis public school system got popped, and it is really not a good scene

https://twitter.com/iancoldwater/status/1633860959633637376

cinci zoo sniper
Mar 15, 2013




:stonk:

Soylent Pudding
Jun 22, 2007

We've got people!


I was talking a few years ago with the CIO of a large school district, think ~100k students. He basically said their cybersecurity was poo poo, everyone knew it was poo poo, and the parents regularly went to the school board complaining it was poo poo. The school board had recently voted down a proposal a bunch of parents put together asking the district to stand up a SOC. This guy said that every time the board voted down infosec funding they always justified it with "if we even had the money to do this we'd spend it hiring teachers".

Fart Sandwiches
Apr 4, 2006

i never asked for this
why the hackers gotta steal data just give everyone good grades smh where all the white hats these days

Zamujasa
Oct 27, 2010



Bread Liar

Soylent Pudding posted:

I was talking a few years ago with the CIO of a large school district, think ~100k students. He basically said their cybersecurity was poo poo, everyone knew it was poo poo, and the parents regularly went to the school board complaining it was poo poo. The school board had recently voted down a proposal a bunch of parents put together asking the district to stand up a SOC. This guy said that every time the board voted down infosec funding they always justified it with "if we even had the money to do this we'd spend it hiring teachers".

assuming they're being honest about it, yeah, i can see that being justified at least

CommieGIR
Aug 22, 2006

The blue glow is a feature, not a bug


Pillbug

Soylent Pudding posted:

I was talking a few years ago with the CIO of a large school district, think ~100k students. He basically said their cybersecurity was poo poo, everyone knew it was poo poo, and the parents regularly went to the school board complaining it was poo poo. The school board had recently voted down a proposal a bunch of parents put together asking the district to stand up a SOC. This guy said that every time the board voted down infosec funding they always justified it with "if we even had the money to do this we'd spend it hiring teachers".

I've done some security consulting with the local school district, and yeah, same applies: I got my contract paid by the State but the school system itself had no money and minimal resources necessary to make the changes needed to really improve their security. It doesnt help that a lot of the School Systems IT is outsourced to "friendly" (i.e. corrupt and connected) bidders.

Sickening
Jul 16, 2007

Black summer was the best summer.

CommieGIR posted:

I've done some security consulting with the local school district, and yeah, same applies: I got my contract paid by the State but the school system itself had no money and minimal resources necessary to make the changes needed to really improve their security. It doesnt help that a lot of the School Systems IT is outsourced to "friendly" (i.e. corrupt and connected) bidders.

The state money grift is pretty insane.

4lokos basilisk
Jul 17, 2008


Soylent Pudding posted:

"if we even had the money to do this we'd spend it hiring teachers".

this right here is probably the best argument against having digital records systems at schools unfortunately. teachers are always underpaid and undervalued, so it will be politically impossible to maintain a competent and well funded information technology staff next to this because it would be unfair to the teachers
on the other hand, so much pii will make this kind of systems a really juicy target i suppose?

Kesper North
Nov 3, 2011

EMERGENCY POWER TO PARTY
it's not all bad everywhere. my local school district is also my client

nudgenudgetilt
Mar 18, 2003

i really need to stop using t-mobile. lost my phone yesterday, so i walked to the t-mobile store today and asked to buy a replacement. was told they couldn't sell phones today but to come back tomorrow. asked if they could just activate a sim for me, they say no problem.

dude then proceeds to activate a sim for me, verifying my last name and phone number. no id check, no further id questions, no payment for the sim even.

just last name, phone number, and walked out the door with an activated sim

Beeftweeter
Jun 28, 2005

a medium-format picture of beeftweeter staring silently at the camera, a quizzical expression on his face
:wtc:

did they at least try to explain why they can't sell phones

Volmarias
Dec 31, 2002

I'm sure I'll think of something.
People keep walking out with their sim cards?

nudgenudgetilt
Mar 18, 2003

Beeftweeter posted:

:wtc:

did they at least try to explain why they can't sell phones

"some sort of computer problem when trying to process upgrades" is all i got out of them

Beeftweeter
Jun 28, 2005

a medium-format picture of beeftweeter staring silently at the camera, a quizzical expression on his face
that kinda reminds me of when they were selling wrt54gs for cheap

i walked into a t-mobile store (not a customer at the time) and the sales guy just asked me for a phone number of someone i knew that used t-mobile. i gave them my old roommate's and paid for it

no idea if that ended up on his bill, but thanks steve

CommieGIR
Aug 22, 2006

The blue glow is a feature, not a bug


Pillbug
They used to have security questions, did that get folded?

mystes
May 31, 2006

nudgenudgetilt posted:

i really need to stop using t-mobile. lost my phone yesterday, so i walked to the t-mobile store today and asked to buy a replacement. was told they couldn't sell phones today but to come back tomorrow. asked if they could just activate a sim for me, they say no problem.

dude then proceeds to activate a sim for me, verifying my last name and phone number. no id check, no further id questions, no payment for the sim even.

just last name, phone number, and walked out the door with an activated sim
was the only employee there like a teenager they didn't trust with the keys to where they kept the phones but who they nevertheless trusted enough to let them generate sim cards for literally any t-mobile customer in the country?

Soylent Pudding
Jun 22, 2007

We've got people!


mystes posted:

was the only employee there like a teenager they didn't trust with the keys to where they kept the phones but who they nevertheless trusted enough to let them generate sim cards for literally any t-mobile customer in the country?

Only one of those costs T-Mobile money.

nudgenudgetilt
Mar 18, 2003

CommieGIR posted:

They used to have security questions, did that get folded?

apparently

mystes posted:

was the only employee there like a teenager they didn't trust with the keys to where they kept the phones but who they nevertheless trusted enough to let them generate sim cards for literally any t-mobile customer in the country?

i dunno. dude i was talking to was definitely a kid, but he kept going to the back room to relay pretty much any question i had to his "manager", and there was definitely a voice talking back to him. *shrug*

theflyingexecutive
Apr 22, 2007

nudgenudgetilt posted:

i dunno. dude i was talking to was definitely a kid, but he kept going to the back room to relay pretty much any question i had to his "manager", and there was definitely a voice talking back to him. *shrug*

post hole digger
Mar 21, 2011
a couple people at my company's it dept have completely lost the plot and think that tiktok and other apps can read your emails and slack and we need to consider buying everyone in the company a "cheap" work phone :cawg: good luck.

Kesper North
Nov 3, 2011

EMERGENCY POWER TO PARTY

post hole digger posted:

a couple people at my company's it dept have completely lost the plot and think that tiktok and other apps can read your emails and slack and we need to consider buying everyone in the company a "cheap" work phone :cawg: good luck.

because unmanaged BYO devices have never caused anyone heartache or grief?

post hole digger
Mar 21, 2011
theres definitely a problem to be solved. i dont think the answer is buying everyone (or even most people) a phone. id love it if the answer was no slack or email on your personal device. i dont think thats very pragmatic either though. i think its probably going to be some form of MDM and maybe something like CFZT if we're lucky. i'm not really sure how mdm can even fully solve the problem of risk from a personal device if your concern is something like dlp from slack on someones phone.

post hole digger fucked around with this message at 20:25 on Mar 13, 2023

Jenny Agutter
Mar 18, 2009

itís absolutely pragmatic to say no work email on personal devices if employees have a shred of self respect. if work wants to reach me outside work hours the least they get to do is provide a phone and service

post hole digger
Mar 21, 2011
i agree, but itd be a pretty big culture shift for us to do that. people do have email and slack on their phones. i thought this was pretty common, maybe im wrong about that. i think thered be pushback about that but maybe thats not my problem.

Subjunctive
Sep 12, 2006

✨sparkle and shine✨

Question from a friend: Is there a security key that exists that supports U2F and FIDO2, has a fingerprint scanner and NFC or BT?

cinci zoo sniper
Mar 15, 2013




Subjunctive posted:

Question from a friend: Is there a security key that exists that supports U2F and FIDO2, has a fingerprint scanner and NFC or BT?

there's a fingerprint yubi

e: nevermind, apparently that has no nfc

Subjunctive
Sep 12, 2006

✨sparkle and shine✨

cinci zoo sniper posted:

there's a fingerprint yubi

e: nevermind, apparently that has no nfc

this was exactly what I said!

Beeftweeter
Jun 28, 2005

a medium-format picture of beeftweeter staring silently at the camera, a quizzical expression on his face

Subjunctive posted:

Question from a friend: Is there a security key that exists that supports U2F and FIDO2, has a fingerprint scanner and NFC or BT?

i have this thing https://www.amazon.com/dp/B084Q7YCKR

but i really don't like it lol. it was a huge pain in the rear end to set up

SlowBloke
Aug 14, 2017

Subjunctive posted:

Question from a friend: Is there a security key that exists that supports U2F and FIDO2, has a fingerprint scanner and NFC or BT?

If you can skip u2f, feitian makes one https://www.ftsafe.com/Products/FIDO/Bio

mystes
May 31, 2006

SlowBloke posted:

If you can skip u2f, feitian makes one https://www.ftsafe.com/Products/FIDO/Bio
Is it really possible for a device to support fido2 without supporting u2f? IIRC fido2 is just u2f with an additional mode that allows keys to be stored on the device so I don't think it should be possible, and I would guess that this is just some sort of mistake in the feature comparison table.

mystes fucked around with this message at 22:25 on Mar 13, 2023

SlowBloke
Aug 14, 2017

mystes posted:

Is it really possible for a device to support fido2 without supporting u2f? IIRC fido2 is just u2f with an additional mode that allows keys to be stored on the device so I don't think it should be possible, and I would guess that this is just some sort of mistake in the feature comparison table.

The underlying logic is the same but the user side api are different(ctap1+uaf vs ctap2+webauthn2), so it's possible that they only expose the current ones. A lot of sites calls fido2 as second factor u2f when it's not a fido1 api call.

mystes
May 31, 2006

I guess it's optional for FIDO2 authenticators to implement CTAP1 but I still wouldn't be surprised if it's just an error on that web page

evil_bunnY
Apr 2, 2003

post hole digger posted:

theres definitely a problem to be solved. i dont think the answer is buying everyone (or even most people) a phone. id love it if the answer was no slack or email on your personal device. i dont think thats very pragmatic either though. i think its probably going to be some form of MDM and maybe something like CFZT if we're lucky. i'm not really sure how mdm can even fully solve the problem of risk from a personal device if your concern is something like dlp from slack on someones phone.
Why do people put loving work slack and email on their private poo poo ANYWAY
WHO THE gently caress LETS WORK MDM THEIR PRIVATE poo poo

hobbesmaster
Jan 28, 2008

evil_bunnY posted:

Why do people put loving work slack and email on their private poo poo ANYWAY
WHO THE gently caress LETS WORK MDM THEIR PRIVATE poo poo

because they donít know what that is or those apps donít need mdm

post hole digger
Mar 21, 2011

evil_bunnY posted:

Why do people put loving work slack and email on their private poo poo ANYWAY
WHO THE gently caress LETS WORK MDM THEIR PRIVATE poo poo

I have a really hard time swallowing the idea anyone would go along with MDM on their personal poo poo (I wouldnt), we don't require Slack/email on personal devices but people do it, and anecdotally just about every person I know working in tech in the bay area, at companies big and small, has both on their phones. I was hoping CFZT might be something that can kind of bridge the gap for the sickos without going full MDM.

Trapick
Apr 17, 2006

I was going to put work email on my phone but it would have given them perms to wipe my device remotely, no thanks.

Adbot
ADBOT LOVES YOU

hobbesmaster
Jan 28, 2008

there are actually secure ways to have work email, vpn and other access without enrolling in mdm

that increases friction switching between personal to work and costs money though

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply