|
I just started a new job and got explicitly told to start with a greeting and await a response before continuing
|
#
¿
Apr 20, 2020 17:04
|
|
|
|
| # ¿ Apr 25, 2024 17:38 |
|
|
grillster posted:I've tried disabling all of these features but no dice. The 423 "too many tries" with one single POST request being sent to them on a fresh connection makes me think it is on their end. Or they could be tracking tries in their backend for the account. You’re probably locked out for many attempts and someone thought it’d be clever to use that HTTP code as the error message.
|
|
#
¿
Sep 25, 2020 07:10
|
|
|
Bob Morales posted:We have some scary old web apps that are IE only. Like they launch their own network agent and basically disconnect you from your domain while you use them scary We still have a business critical (used to process orders for items costing €100k-500k) that only works in IE, forces you to change the security setting to “I trust this website website with the lives of my children”. It uses ActiveX to find windows (Java)scripts that starts Word and uses word automation to type out documents for you. The web app is hosted on Windows Server 2003... It finally getting replaced this summer!
|
|
#
¿
Mar 6, 2021 08:15
|
|
|
Biowarfare posted:at what point does this stop being called a 'web app' wtf Windows 10, at least that’s what I used when I had to dig into the multiple 3-5k line scripts to implement similar functionality to make the equivalent documents for a newer product architecture. Thanks Ants posted:Honestly I’d love to know how some of these design decisions get made It was the early 00s and they wanted to replace things more or less typed with typewriters. And it has worked since then, and as I said it’s used to make documents for some very expensive machines so we ain’t doing anything that risks breaking things. I mean it’s 4 years since I made this for more modern machines using real things, and we are finally getting this old monster replaced now
|
|
#
¿
Mar 7, 2021 09:54
|
|
|
Biowarfare posted:Windows 10 even lets you run activex or vbscript and remotely control and execute local software? Please tell me there's some addon or BHO helping this because I haven’t touched it in years, because yuck! But I’m pretty sure we ran win10 when I was last involved. That said it was IE only and security/trust settings set to nihilism. Which reminds me, we are using regular cmd poo poo and not powerkjell for almost everything because there is no RemoteExecutionPolicy involved then  We’re caught between not wanting to touch it on our servers and IT just looking at us vacantly when we bring up wanting code signing...
|
|
#
¿
Mar 7, 2021 16:00
|
|
|
Apparently a lot of Dell notebooks have some lovely fan that needs to be replaced. So I open a ticket and tell my boss that I won’t be working that much because he noise is driving me insane. She replies: oh, lots of people have that issue just call they help desk and they’ll give you the number to Dell and you get to book a technician to come visit. So I call help desk and they recognize the issue and tell me that they will add the number as a comment to the ticket and then I should call that number. Can I just have it now? No, you have to wait for someone to handle the ticket first. The dude on the phone even made sure to tell me it doesn’t matter who takes the ticket because everyone knows that it’s a common hardware error blah blah blah. That was before lunch today, and now it’s bed time. Still nothing in the ticket.
|
|
#
¿
Apr 29, 2021 21:08
|
|
|
The Iron Rose posted:spending 12K/mo for the past year on synthetic ping checks for services in k8s Could be worse, could be that your health checks have your micro services check in their dependent micro services health also so if one thing goes down everything just breaks in a big failure cascade and k8s never has a chance to like restart failing nodes. Or even better, some of the services might trigger exceptions in their health checks because of lazy backend programmers so now the first thing you need to do to see anything interesting in the log is to filter the 20k exceptions caused daily by the health check. 
|
|
#
¿
May 3, 2021 20:04
|
|
|
Why is my team the only ones that actually take responsibility for poo poo and when someone contacts us about an issue we verify before saying everything works correctly? A dependency we have has added auth, specifically Kerberos. We were the final team to start using the auth endpoint, only we use Java and everyone else is .NET. A senior developer but new in the team is put on it and he can’t get it working. I decide to involve myself and since it’s a total clown show outside of our team I first verify that the service can do Kerberos because WindowsAuthetication is going to fallback to NTLM if Kerberos fails. And of loving course they setup poo poo incorrectly and it works for everyone else because it fallsback to NTLM… Turns out our new guy has mentioned that more than a week ago to the team responsible for the service but they just said that since it works for everyone, it must be you who are the problem. Not until I dragged them in a meeting and shoved their noses in the pile of poo poo they had created did they take responsibility. Now it’s all: fixing this, will contact you when it’s done. Ask me about spending a week understanding PerfView to get enough data to prove that the massive spikes in latency another teams services were having was actually their fault.
|
|
#
¿
Nov 16, 2021 18:04
|
|
|
Call him out in a polite way? You should have plenty of documentation by now of all the half-baked and unfinished projects. Also if asking him for opinions is causing problems for you, maybe stop asking for them? Trust yourself and finish it the way you would want them done. If you think the project is a dumb idea try to delay even starting by doing something else worthwhile. If other people are getting in your way to accomplish his stupid ideas don’t take it upon yourself to champion the project through those people. Instead have them bring up their objections to your manager and have him solve the politics or whatever.
|
|
#
¿
Jan 8, 2022 12:08
|
|
|
Just got an email from “client management” that they will be force uninstalling some applications shortly. Included in the lists: Notepad++, Beyond Compare, and 7-Zip Nice…
|
|
#
¿
Sep 6, 2022 12:45
|
|
|
What pisses me if about all these infosec people is that they just say: you can’t do that! But they never suggest a solution to the problem people have been solving using the “forbidden” thing. So when we suggest an alternative way of doing things the answer to if it will be OK or not is: implement it and we will rescan, if you can fool the scanner it’s OK From our monitoring we can see all the weird requests the scanner sends and it seems to be the same things in the same order every time. We are so loving close to just using that to know when to run in “compliant mode” and then when the scanner stops go back to normal operations.
|
|
#
¿
Jan 13, 2023 08:03
|
|
|
There is so much brain dead stuff at my job, luckily I’m mostly insulated. Because people have been installing stuff like git, nodejs, notepad++, BeyondCompare, 7zip and other nice things on their machines and not keeping it updated stuff got flagged by some scanner. So Security sends a stern warning to “Client Management” who sends out a corporate wide email saying by some date all of these applications (any version) will be uninstalled automatically because they are not supported. No effort to check if maybe people are using those programs for things like doing their job. Luckily my closest management are sane people and quickly shut that down. Still waiting for an answer about how I can guarantee CrowdStrike won’t delete an .exe I just compiled…
|
|
#
¿
Jan 13, 2023 20:12
|
|
|
They should focus on fostering good security practices and helping everyone work in a more secure manner. Instead they want to fight me about if a GraphQL schema is publicly available.
|
|
#
¿
Jan 14, 2023 18:51
|
|
|
Apparently ssh is now a security vulnerability and they want to remove it as an option to connect to git. Also it’s apparently forbidden to push commits with emails that are not @companyname so when I wanted to host a fork of a open source project I need to extend I have to option of bypassing this bullshit and losing history, rewriting the git history to only have allowed e-mail domains , or emailing itsec to get an exception.
|
|
#
¿
Jan 27, 2023 20:52
|
|
|
The supposed reason for removing ssh support from Axure DevOps is that the keys don’t expire and as such of someone gets a key and it doesn’t have a passcode they have permanent access. The keys do expire after one year… And in what scenario where a key does get compromised do we not have much bigger problems? I mean if someone managed to exfiltrate mine they could absolutely also install a key logger or find some nice cookies to session highjack
|
|
#
¿
Jan 28, 2023 13:13
|
|
|
My employer is swapping out Cisco AnyConnect with Zscaler, Zscaler includes what they call a “‘trusted’ man in the middle” that intercepts and inspect all non Alli listed ssl traffic. They say it’s a critical part of setting up Zero Trust.
|
|
#
¿
Mar 2, 2023 19:33
|
|
|
They are rolling it out with the MITM bullshit, because thing that don’t use the windows cert store like WSL could no longer use git because it rightly did not trust the Zscaler cert.
|
|
#
¿
Mar 2, 2023 23:30
|
|
|
Still fighting the good fight against MITM at my job, and found a new thing to be pissed about. A colleague is dependent on a PowerBI solution, and it stopped working because there is a firewall in Azure that only allows allow listed IPs to touch the database. The solution is apparently to allow list ALL KNOWN ZSCALER EGRESS POINTS. Kinda defeats the whole purpose of the allow list in the first place…
|
|
#
¿
Mar 23, 2023 10:15
|
|
|
Raises would only lead to further inflation if wages was the thing driving the current inflation we see instead of the war in Ukraine, the pandemic, the global chip shortage &c.
|
|
#
¿
Nov 29, 2023 14:24
|
|
|
I assume you are in the US so it being a massive invasion of privacy might be that much of an issue. But if you are working for a big company I’m sure that states like NY or CA might have some relevant state legislation that would ban this kind of thing. If your company employs people in the EEA then this is a major no no
|
|
#
¿
Dec 29, 2023 17:16
|
|
|
How could a system developed to track if people are at their computer or not that is running continuously not be an invasion of privacy? A non-program analog would literally be someone standing there just looking at you. And your right to privacy isn’t something that just disappears at work.
|
|
#
¿
Dec 30, 2023 09:15
|
|
|
bull3964 posted:How does this differ from an office situation where this can actually happen? If a manager can look up from their desk and see what everyone is actually doing whenever they want, they can easily see if someone is messing around on Facebook or spending all their time on their phone. Because it’s someone’s home, because someone taking a glance or walking around is different from continuous surveillance and monitoring. Because it’s looking at group of people (a public if you will) versus looking at them each as isolated individuals. Because you can see the manager doing the looking when they are doing it, instead of knowing that you are monitored every single millisecond of every second of every minute of every hour of every day. Because a person doing it normally leaves no record, but a program probably does. Like if you go inside a conference room or whatever, and sit down with your monitor facing a wall opposite the door. Then the manager enters and walks around the table to stand behind you just to look at your screen, is that not creepy? Not an invasion of privacy?? zokie fucked around with this message at 19:10 on Dec 30, 2023 |
|
#
¿
Dec 30, 2023 19:07
|
|
|
Wow, you really are broken over there. You all seem to agree that it’s stupid, creepy, unproductive, and that the only purpose of this kind of monitoring is to demean and dehumanize workers. BUT it’s well within the rights of a company or individual manager to do this, so really can tell…
|
|
#
¿
Dec 30, 2023 23:55
|
|
|
|
| # ¿ Apr 25, 2024 17:38 |
|
|
That notepad++ “vuln” was/is awesome, iirc it is that if someone replaces this windows component used by notepad++ with a malicious version you get an RCE. But that’s kind like saying installing Visual Studio allows arbitrary code execution… If an attacker has that much access you are already hosed
|
|
#
¿
Jan 24, 2024 14:24
|
|