|
Currently doing an MFA roll-out and it's going as well as I expected. Not because of the implementation, but because of the users. User calls me up, same office so I go help him out. This is what transpired: Ask user to open their phone and download the Microsoft Authenticator. Can't. Doesn't use an apple ID. Ok ask user to create an apple ID. Watch him for 15 minutes try to create and confirm a secure password typing at 1 letter per minute. Finally gets apple id created after moaning about privacy and them needing his birth date, etc. Ok, ask user to go download the microsoft authenticator. Can't. apple id needs to verify email address first. gently caress, walk my rear end back to my desk to disable MFA for this user because they can't check email without MFA. Walk back tell them to check email and verify. Ok verified now. Ask user to go back to app store and download the microsoft authenticator. Can't, apple id needs a billing address even if you're downloading a free app. Again, watch this user type the address and other details at 1 letter per minute. Continue to watch as they struggle to type their phone number wrong at least 5 times with missing digits Finally all setup, great, ask user to go to app store and download the microsoft authenticator. Downloaded. Ok walk my rear end back to my desk to re-enable MFA. Walk my rear end back to employee and ask them to try signing into Teams to prompt the MFA setup. Ok done, now open the microsoft authenticator. Can't. User doesn't use a pin/passcode on the phone itself. Wait for user to create a pin on their phone after arguing why its required. 1 letter per minute later. Ok, open the authenticator and scan that QR code Popup appears to allow camera access, user clicks dont allow before I can say anything. gently caress. Walk the user through the settings to go allow camera access for the authenticator. Great, now scan this QR code. Scans it, then another popup appears to allow notifications (for the MFA prompt). User again clicks dont allow. Kill me. Walk the user through settings again to re-enable notifications. Go scan the QR code again, scans it and gets the code to type. Great, we're done. User complains that this is overly complicated and doesn't want to use MFA. Not exaggerating that this 2 minute process took an hour. Also, no, we don't use an MDM currently (small business)
|
#
?
May 14, 2024 17:34
|
|
|
|
| # ? May 29, 2024 01:14 |
|
|
How were they using an iPhone without any apps
|
|
#
?
May 14, 2024 17:46
|
|
|
Safari is all anyone really needs. And I can kind of respect people having the first instinct to deny camera and notifications access. Better than the alternative.
|
|
#
?
May 14, 2024 17:47
|
|
|
explaining how TLS/SSL works to developers 
|
|
#
?
May 14, 2024 19:20
|
|
Cat Army 
|
Thanks Ants posted:How were they using an iPhone without any apps Lotta people just use the stock phone with the apps that come with it. Same reason they cannot understand why someone would have a pin/password to protect their device from access. From there POV, there is "nothing" of worth on that phone.
|
|
#
?
May 14, 2024 19:51
|
|
|
There's nothing of worth on my phone beyond the MS Authenticator I use for work stuff. My tablet however...
|
|
#
?
May 14, 2024 20:06
|
|
|
The Iron Rose posted:explaining how TLS/SSL works to developers https://tls12.xargs.org and mic drop
|
|
#
?
May 14, 2024 20:35
|
|
|
I've come across quite a few people that don't have an apple id on their phones and use it stock. They've all been of boomer age, it's never the young folk.
|
|
#
?
May 14, 2024 20:44
|
|
|
rafikki posted:https://tls12.xargs.org and mic drop oh it’s just basically the worst app ever, cubeJS. It’s a cacheing and query normalization layer between a client and a variety of data sources… and it has precisely 0 documentation about how to terminate TLS via its HTTP or Postgres compatible SQL API. That’s fine for the HTTP API because we can terminate TLS at the nginx proxy level, but obviously not for the SQL API since nginx cannot terminate TLS for an encrypted Postgres connection.
|
|
#
?
May 14, 2024 20:46
|
|
|
kiwid posted:Currently doing an MFA roll-out and it's going as well as I expected. Not because of the implementation, but because of the users. You work for a law firm, don't you?
|
|
#
?
May 14, 2024 23:00
|
|
|
Internet Explorer posted:You work for a law firm, don't you? Farm/agriculture. Lots of tech illiterate.
|
|
#
?
May 15, 2024 00:12
|
|
|
I never knew there was so much of an overlap between attorneys and farmers!
|
|
#
?
May 15, 2024 00:18
|
|
|
kiwid posted:Farm/agriculture. Lots of tech illiterate. They were happy people that did not need that poo poo. Until you came along.
|
|
#
?
May 15, 2024 02:00
|
|
|
Volguus posted:They were happy people that did not need that poo poo. Until you came along. Two of our competitors were ransom-wared. I'd hope at least some of them understand.
|
|
#
?
May 15, 2024 03:21
|
|
|
Internet Explorer posted:I never knew there was so much of an overlap between attorneys and farmers! It makes sense, both professions are masters at exploiting the system to get paid.
|
|
#
?
May 15, 2024 03:42
|
|
|
We are starting a rollout of new switches at our branches as we are hitting EOL at the end of the year. A date we will absolutely not hit, but that is for other reasons. I started a location close to me that only has a handful of users, and they almost always leave right at 5, or maybe stay until about 5:30. Not today, as two them decided to sit and have a long conversation in an office for over 90 minutes. I was able to do some prepwork while waiting, but couldn't turn things up until they were done. Then they just left without either of them stopping by to let me know they were done. Big thanks to them.
|
|
#
?
May 15, 2024 03:57
|
|
|
To a point that's on you for not asking them if they needed the network for business purposes at whatever time you wanted to start at. Just inform them at like 5PM that you're gonna cut it at 5:30 and then let them deal with that info as they please.
|
|
#
?
May 15, 2024 04:29
|
|
|
I'd tell them I would be doing network maintenance at 5pm. They can choose what to do about it. I also wouldn't do it at 5pm, I'd do it at lunch time.
|
|
#
?
May 15, 2024 05:20
|
|
|
Not much stuff is important enough to need to be done out of hours, which is something you quickly find out if you are a company that charges an uplift to clients to do evening/weekend work. They will always take the "take a longer lunch" or "go home a bit early" option over paying more.
|
|
#
?
May 15, 2024 07:32
|
|
|
Day three and I’ve met my team and have most of my tools sorted. Half the people say we’re busy, half the people say we’re quiet. My responsibilities seem to be none. This may just be good.
|
|
#
?
May 15, 2024 07:38
|
|
|
If you need a change to be made outside of business hours you a) Have one of the teams in a different time zone do it or b) You don't need to do that outside of business hours. Big Change Wednesday or GTFO.
|
|
#
?
May 15, 2024 07:50
|
|
|
I work for a small company of four employees and one financial consultant. We had a funded project several years ago and somewhere a Mistake was made and we had to return a considerable amount of money. Nobody in the leadership could adequately explain to me what the Mistake exactly was. Only that It was made. I was sidelined from any meetings on it because I'm just a lowly developer, but our General Co-ordinator was also sidelined. The one person who should follow this up and keep an eye out in the future to make sure we don't make the same Mistake again. Now we're in another funded project and we had to deliver an interim financial report. Our General Co-ordinator is out with a burn-out, which is another story in itself, so I volunteered to pore over the numbers. I figure out that a part of the received budget is overinflated with a surplus that will have to be returned when the project is finished. I report this to my colleagues and they go "Oh, that must have been what the Mistake was last time" and now they're panicking over it. And I'm just flabbergasted. How the gently caress did they make the same Mistake again? How the gently caress did none of the leadership know what It was? Why are we only figuring this out a year into the project, just because I pored over the numbers on the side? Maybe if they had involved our General Co-ordinator we might have averted it? Maybe if they involved her a lot more she wouldn't be out with a burnout, rather than just burdening her with the stress and mental load for issues like this that we had flagged a long time ago. Heck, I'm not even trained in this. I just know how to work with a spreadsheet. I suggested them to consult an accountant or financial planner to double check my numbers but that got ignored. Whatever, I don't loving know and I don't care anymore. I've already decreased my hours and now I'm working on the side on my own projects.
|
|
#
?
May 15, 2024 20:41
|
|
|
Arquinsiel posted:To a point that's on you for not asking them if they needed the network for business purposes at whatever time you wanted to start at. Just inform them at like 5PM that you're gonna cut it at 5:30 and then let them deal with that info as they please. Sadly, both of their job titles are C level, so I just wait. Also its the time of year where people rediscover how cameras work, and if you have a room with not bright lighting and very bright light outside, that it will make it difficult for the camera. The solution is to bring down the blinds, but then they lose the nice view.
|
|
#
?
May 15, 2024 21:08
|
|
|
Fragrag posted:How the gently caress did they make the same Mistake again? How the gently caress did none of the leadership know what It was? Why are we only figuring this out a year into the project, just because I pored over the numbers on the side? Grant/non-profit accounting is a tremendous pain in the dick. Especially when there are 14 pages of clauses and procedures you must follow to spend the money. Going 'oh, whoospie' when there is a 6 figure clawback because you never should have spent that money in the first place despite it sitting in project's account is just how your company seems to roll. Because there's just know way to know how to budget things, best to just guess and see where things end up.
|
|
#
?
May 15, 2024 22:36
|
|
|
CitizenKain posted:Sadly, both of their job titles are C level, so I just wait.
|
|
#
?
May 16, 2024 00:16
|
|
|
kiwid posted:Currently doing an MFA roll-out and it's going as well as I expected. Not because of the implementation, but because of the users. Honestly you should have encouraged the user to argue their case about privacy and whatever with management, just to see the hilarity of where that goes.
|
|
#
?
May 16, 2024 00:38
|
|
|
(for real I'm sorry you're not in a position where you can manage this user out}
|
|
#
?
May 16, 2024 00:38
|
|
|
Methylethylaldehyde posted:Grant/non-profit accounting is a tremendous pain in the dick. Especially when there are 14 pages of clauses and procedures you must follow to spend the money. Going 'oh, whoospie' when there is a 6 figure clawback because you never should have spent that money in the first place despite it sitting in project's account is just how your company seems to roll. Because there's just know way to know how to budget things, best to just guess and see where things end up. That's fair enough. The manual for the report was well over 300 pages. I guess it might have been a bit too much to ask for some due diligence from my company to prevent this boondoggle from happening again, but that's non-profit life for you.
|
|
#
?
May 16, 2024 09:31
|
|
|
The person without a company phone probably has a point and that’s what those OTP fobs are for. If your security posture insists on push notification MFA then it should be on company devices that are managed.
|
|
#
?
May 16, 2024 10:28
|
|
|
Depending on where they are in the world, they may have legal backing too. I caused some minor problems a few years back when the place I was interning at decided to pay for Facebook Workplace and I told them that I'd rather not have my details handed over for Facebook to do what they please with after a decade or so of preventing exactly that happening.
|
|
#
?
May 16, 2024 10:58
|
|
|
Thanks Ants posted:The person without a company phone probably has a point and that’s what those OTP fobs are for. If your security posture insists on push notification MFA then it should be on company devices that are managed. Every currently supported mobile operating system support security keys. Just grab a tray of https://www.yubico.com/us/product/yubikey-5ci/ for people that (rightfully) don't want to put work items on personal phones.
|
|
#
?
May 16, 2024 12:16
|
|
|
2 jobs ago used Concur for expenses and poo poo, initially for mileage we'd just use google maps and then put the mileage in for the trips manually in concur. Corp wanted us to switch to using the concur app w/ GPS, part of the EULA was basically that they would track us everywhere and were allowed to sell the data; the whole engineering team collectively said "gently caress you, no we are not doing that" it was glorious.
|
|
#
?
May 16, 2024 16:21
|
|
|
I want to rant about our corporate takeover/absorption, but figure someone involved is reading this since somethingawful.com is a white-listed url.
|
|
#
?
May 16, 2024 20:56
|
|
|
We got acquired by private equity and it feels like they're just buying a customer base as there really doesn't seem to be any sort of logic in what is going on
|
|
#
?
May 16, 2024 21:04
|
|
|
teethgrinder posted:I want to rant about our corporate takeover/absorption, but figure someone involved is reading this since somethingawful.com is a white-listed url. Use code words, describe it as if it's a children's birthday party. No one will figure it out.
|
|
#
?
May 16, 2024 21:18
|
|
|
We had to placate the C-levels with ice cream but there were still two or three pant-making GBS threads occurrences
|
|
#
?
May 16, 2024 21:21
|
|
|
teethgrinder posted:I want to rant about our corporate takeover/absorption, but figure someone involved is reading this since somethingawful.com is a white-listed url.
|
|
#
?
May 16, 2024 21:50
|
|
|
is it actually white listed or just not blocked
|
|
#
?
May 16, 2024 21:53
|
|
|
Fragrag posted:That's fair enough. The manual for the report was well over 300 pages. I guess it might have been a bit too much to ask for some due diligence from my company to prevent this boondoggle from happening again, but that's non-profit life for you. Oh god, your budget is hosed. Those manuals are the dryest reading imaginable, and half the time are put together by someone actively hostile to the idea of you not being as miserable as they currently are. It takes a very special kind of compliance person to handle those and do it well, which is probably why your Sr. Leadership skimmed it, went TL;DR and assumed nothing bad would happen because of it. Some not for profits will actively avoid smaller grants, even when they're "here's free money, take it", because a lot of times the reporting burden ends up costing more man hours than the grant was worth. "Here's 5k for STD prevention education", but it comes with the caveat that you now need to collect a ton of specific information about everyone who shows up at your clinic, how much they like dick, how often the dick was enjoyed raw, etc. Then make a very specifically formatted report with a bunch of analysis spelled out in a similarly awful reporting manual.
|
|
#
?
May 16, 2024 22:37
|
|
|
|
| # ? May 29, 2024 01:14 |
|
|
The Fool posted:is it actually white listed or just not blocked
|
|
#
?
May 16, 2024 23:04
|
|