|
22 Eargesplitten posted:I hope you don't think it's creepy or anything that I remember that about you. I just remember you from TFR as the one who can authoritatively tell people that 5.56 isn't "basically a .22." No problem! Backstory: I have a bullethole shaped scar on my calf courtesy of the Panamanian Defense Force as a souvenir. I am an ex-American soldier who was shot in anger with a Foreign Power's M16A1.
|
# ? Sep 4, 2015 22:54 |
|
|
# ? Jun 5, 2024 04:38 |
|
Humbug Scoolbus posted:No problem! Well at least it wasn't a 7.62, right? (and let's not get into the differences between 7.62x51 and .308...) Not pissing me off today: 7% pay increase
|
# ? Sep 4, 2015 23:00 |
|
Humbug Scoolbus posted:Alcoholism. And I've been sober for fourteen years now so I'm good. IT drove me to it. Congrats, that's an impressive achievement. Humbug Scoolbus posted:I have a bullethole shaped scar on my calf courtesy of the Panamanian Defense Force as a souvenir. I am an ex-American soldier who was shot in anger with a Foreign Power's M16A1. Didn't you train those guys with that weapon?
|
# ? Sep 4, 2015 23:04 |
|
I can't use Google Chrome to log into my own production equipment anymore because "server has a weak ephemeral Diffie-Hellman public key" which Chrome won't let you bypass. What the absolute gently caress? Users on Google's product forums are reporting that in order to bypass it, they have to disable HTTPS/SSL on the website they want to access, thereby making it LESS secure. loving brilliant support of legacy applications, Google. Back to Firefox it is.
|
# ? Sep 4, 2015 23:07 |
|
The java update to not longer support NPAPI in Chrome 45 will also cause some pretty sweet havoc for users I'm sure.
|
# ? Sep 4, 2015 23:09 |
|
Our VP of IT/CIO resigned today, effective immediately. On the last work day before the start of Fall Semester. He told the local paper that it was because his passions lie elsewhere. Yeah, you don't pursue your passions by resigning immediately on the day before the academic year starts.
|
# ? Sep 4, 2015 23:20 |
|
MC Fruit Stripe posted:I can't use Google Chrome to log into my own production equipment anymore because "server has a weak ephemeral Diffie-Hellman public key" which Chrome won't let you bypass. What the absolute gently caress? Users on Google's product forums are reporting that in order to bypass it, they have to disable HTTPS/SSL on the website they want to access, thereby making it LESS secure. loving brilliant support of legacy applications, Google. I believe the logic goes: there are no levels of security, it is either secure or not, a weak public key is security theatre and you might as well use plain HTTP and save the on the certificate. The blame should go to the people setting up the servers with terrible security, because why bother setting up something like that?
|
# ? Sep 4, 2015 23:40 |
|
MrMoo posted:I believe the logic goes: there are no levels of security, it is either secure or not, a weak public key is security theatre and you might as well use plain HTTP and save the on the certificate. The blame should go to the people setting up the servers with terrible security, because why bother setting up something like that? Because it wasn't always terrible security, and some thing(like legacy apps) cannot be reasonably updated or gotten rid of. This is why quite a few companies still mandate IE8. Sure, it sucks, is full of security holes, and is the cause of countless IT nightmares, but it still works with the 20 year old software that the company relies on to stay in business.
|
# ? Sep 4, 2015 23:50 |
|
RFC2324 posted:Because it wasn't always terrible security, and some thing(like legacy apps) cannot be reasonably updated or gotten rid of. Key security and similar is always getting weaker though so I guess only now people are starting to realize one needs a long term plan. I wonder if it creates a new product line, can you simply stick a reverse proxy with SSL accelerator in front of the insecure devices running plain HTTP? I'm surprised no one has been super smart and created a modifying proxy that fixes many of the known IE compatibility issues, or even an emulator in NaCl or JavaScript.
|
# ? Sep 5, 2015 00:07 |
|
ChubbyThePhat posted:Daily dose of gently caress PRINTERS. You sure you didn't use the Class drivers? They are universal garbage, and won't print much of the time.
|
# ? Sep 5, 2015 00:37 |
|
spog posted:Congrats, that's an impressive achievement. Not me personally...I hope. I was on an MTT in Panama a couple of years earlier, so I actually might have trained the guy who shot me...militaryadvisor.txt
|
# ? Sep 5, 2015 01:05 |
|
MC Fruit Stripe posted:I can't use Google Chrome to log into my own production equipment anymore because "server has a weak ephemeral Diffie-Hellman public key" which Chrome won't let you bypass. What the absolute gently caress? Users on Google's product forums are reporting that in order to bypass it, they have to disable HTTPS/SSL on the website they want to access, thereby making it LESS secure. loving brilliant support of legacy applications, Google. The thought behind this was to get everyone to stop using weak rear end key exchange protocols. I get that, but all they succeeded in doing was pissing everyone off. The latest major revision of OpenSSH did the same thing, broke all my python scripts that touched sites using EOL'd cisco switches. I literally can't make them change the key exchange protocol (for both political and technical reasons). Fortunately, it was easy to put an override in for that, but god drat. Of course most to the blame goes to the Linux testing team not catching this poo poo before rolling out a bunch of updates. The fallout of "how can we know you're actually testing the patches when this happens" was something to see and they ended up getting buried with all sorts of validation checklists and sign-offs they have to personally certify before they move things into production. The Windows team is *pissed* because they're thinking about making it standard now.
|
# ? Sep 5, 2015 01:19 |
|
Humbug Scoolbus posted:Alcoholism. And I've been sober for fourteen years now so I'm good. IT drove me to it. Thanks for sharing. We joke a lot about heavy drinking being a part of the job, but substance abuse is serious business. If your drinking is out of control but you still can't stop doing it, please ask for help. Addiction is a disease, and it can kill you.
|
# ? Sep 5, 2015 01:22 |
|
Similarly, there's a lot of suicide jokes in this thread, and that's cool. But if you're in a spot where on your way to work you're thinking things like "man, if I get in a car accident that wouldn't be that bad." you really need to get in touch with professional assistance. The forums have lost quite a few people to suicide, I can think of one person in particular that I miss a lot.
|
# ? Sep 5, 2015 01:53 |
|
Really, we all just need to make sure we go in for our regular brain maintenance and tune up, ESPECIALLY in this line of work. Not kidding, go in and have your mind checked every now and then, it should be covered under your insurance as a specialist visit.
|
# ? Sep 5, 2015 01:56 |
|
MC Fruit Stripe posted:I can't use Google Chrome to log into my own production equipment anymore because "server has a weak ephemeral Diffie-Hellman public key" which Chrome won't let you bypass. What the absolute gently caress? Users on Google's product forums are reporting that in order to bypass it, they have to disable HTTPS/SSL on the website they want to access, thereby making it LESS secure. loving brilliant support of legacy applications, Google. Pretty sure Firefox actually started blocking that before Chrome - we had a bunch of issues with internal stuff a few months back e. Ha yep Back to IE for legacy poo poo I guess dissss fucked around with this message at 02:30 on Sep 5, 2015 |
# ? Sep 5, 2015 02:22 |
|
Can disable it in Firefox at least! Make your stuff as secure as you like out of the box, but you've gotta let people who think they know better work around it.
|
# ? Sep 5, 2015 02:33 |
|
flosofl posted:The thought behind this was to get everyone to stop using weak rear end key exchange protocols. I get that, but all they succeeded in doing was pissing everyone off. The latest major revision of OpenSSH did the same thing, broke all my python scripts that touched sites using EOL'd cisco switches. I literally can't make them change the key exchange protocol (for both political and technical reasons). It all comes down to money, throw enough money at Cisco and they could patch it. Comedy answer of course is that you should be using an open router platform like Vyatta These days any audit should flag components that cannot be updated and junked, they are a security time bomb. MrMoo fucked around with this message at 03:15 on Sep 5, 2015 |
# ? Sep 5, 2015 02:59 |
|
MrMoo posted:These days any audit should flag components that cannot be updated and junked, they are a security time bomb. Absolutely agree, and I've raised the issue more than once. But, as apathetic as this sounds, it's not my responsibility to secure them and I'm not willing to die on that hill.
|
# ? Sep 5, 2015 05:42 |
|
MC Fruit Stripe posted:I can't use Google Chrome to log into my own production equipment anymore because "server has a weak ephemeral Diffie-Hellman public key" which Chrome won't let you bypass. What the absolute gently caress? Users on Google's product forums are reporting that in order to bypass it, they have to disable HTTPS/SSL on the website they want to access, thereby making it LESS secure. loving brilliant support of legacy applications, Google. This happened to us as well, except iirc it was our RSA Admin console. That was a fun couple of weeks
|
# ? Sep 5, 2015 08:49 |
|
Humbug Scoolbus posted:Not me personally...I hope. I was on an MTT in Panama a couple of years earlier, so I actually might have trained the guy who shot me...militaryadvisor.txt When you posted that story, I was always mildly curious as to whether you thought 'Good job! you hit the target, just like I taught you! B+' or 'You idiot, you missed the torso entirely, you were always crap, D-' Never considered that you might say 'I've had enough of my users making my life miserable, I'll switch to IT support where that never happens'
|
# ? Sep 5, 2015 11:15 |
|
spog posted:When you posted that story, I was always mildly curious as to whether you thought 'Good job! you hit the target, just like I taught you! B+' Never had any of my users shoot me, so I consider that a plus.
|
# ? Sep 5, 2015 14:11 |
|
MC Fruit Stripe posted:Make your stuff as secure as you like out of the box, but you've gotta let people who think they know better work around it. MrMoo posted:These days any audit should flag components that cannot be updated and junked, they are a security time bomb. This particular vulnerability could be worked around by a cheap *nix appliance running a proxy inline on the management port as suggested, but eventually there will be one that's not so easy to work around. If you're not equipped to apply security updates to something network connected you're in a lovely spot and should consider fixing that a high priority.
|
# ? Sep 5, 2015 14:34 |
|
spog posted:When you posted that story, I was always mildly curious as to whether you thought 'Good job! you hit the target, just like I taught you! B+' I don't do IT anymore either. I write tech docs.
|
# ? Sep 5, 2015 16:35 |
|
RFC2324 posted:Really, we all just need to make sure we go in for our regular brain maintenance and tune up, ESPECIALLY in this line of work. Unfortunately, according to my doctor, more companies are dropping mental health care from their plan. The insurance I get through my father is one of them. They don't cover anything but addiction/rehab. Which makes sense considering it's a construction union.
|
# ? Sep 5, 2015 17:56 |
|
22 Eargesplitten posted:Unfortunately, according to my doctor, more companies are dropping mental health care from their plan. The insurance I get through my father is one of them. They don't cover anything but addiction/rehab. Which makes sense considering it's a construction union. Call it addiction counseling for your impending alcoholism. Might have a little argument, but generally they prefer preventative to corrective treatment and are more likely to help in that direction. You probably need to work with your PCP to get him to give you a referral for this, but if you think you need it, it can't hurt to try.
|
# ? Sep 5, 2015 22:20 |
|
I'm getting new insurance next month anyway, I've got the medicine to hold me over until then. I'll try the preventative addiction care if I run into that problem again.
|
# ? Sep 5, 2015 22:46 |
|
I got the idea from my girls doc. He uses tricks like this to get around insurance frequently(he works in a facility with quite a few specialists, so will send you to the specialist your insurance doesn't cover, and say it was part of your visit to him and charge it as one line item so they can't refuse). Lots of tricky ways around insurance being weasels like this, but you have to have a PCP who will work with you to fudge the system.
|
# ? Sep 5, 2015 23:44 |
|
MC Fruit Stripe posted:Back to Firefox it is. While chrome is doing that, firefox isn’t allowing you to install addons that aren’t specifically signed. Likewise, no way to disable it. At this rate I’m going to end up using lynx. loving browsers.
|
# ? Sep 5, 2015 23:45 |
|
Would like a console browser that supports a slightly less minimal subset of HTML/CSS than links. poo poo actually pissing me off: partprobe not working on servers that insist on dumping a bunch of huge logs to a tiny partition that / is mounted on. And by association, applications that just tar their log files and don't gzip them. OWLS! fucked around with this message at 15:58 on Sep 6, 2015 |
# ? Sep 6, 2015 15:53 |
|
OWLS! posted:Would like a console browser that supports a slightly less minimal subset of HTML/CSS than links. ELinks https://en.wikipedia.org/wiki/ELinks
|
# ? Sep 6, 2015 16:47 |
|
OWLS! posted:Would like a console browser that supports a slightly less minimal subset of HTML/CSS than links. Lynx
|
# ? Sep 6, 2015 17:45 |
|
Looks like I"m going to have fun getting back on my VPN sub so I can actually listen to Pandora at my desk again. They have these goofy rear end content filters in place. You can facebook and youtube all day long (Video streaming for music, woop!), but you can't use Pandora, or something like Stack Overflow because it's a "Social media" site and Imgur because reasons. I'm honestly surprised they allowed SA back through their content filter. It used to be filtered because of "guns"
|
# ? Sep 7, 2015 00:56 |
|
Gothmog1065 posted:Looks like I"m going to have fun getting back on my VPN sub so I can actually listen to Pandora at my desk again. They have these goofy rear end content filters in place. You can facebook and youtube all day long (Video streaming for music, woop!), but you can't use Pandora, or something like Stack Overflow because it's a "Social media" site and Imgur because reasons. I always assume SA will be filtered because "holy poo poo it hits ALL the filters!" That said, a couple places I have worked the SA front page was filtered, but not the forums. Go figure.
|
# ? Sep 7, 2015 02:05 |
|
RFC2324 posted:That said, a couple places I have worked the SA front page was filtered, but not the forums. Go figure. A lot of blacklists still make the mistake of filtering www.blahblahblah.com rather than *.blahblahblah.com Or whoever runs your filter is a goon and wants to be able to say "see, I blocked that evil internet comedy site" but still get their forum fix.
|
# ? Sep 7, 2015 02:14 |
|
I'm petition to get stack overflow excepted. How will you write code if you can't browse stack overflow?
|
# ? Sep 7, 2015 02:17 |
|
wolrah posted:A lot of blacklists still make the mistake of filtering https://www.blahblahblah.com rather than *.blahblahblah.com I think its a subscription based on, so probably a goon working for websense or whoever it was. or a goon overriding to get their forum fix for the company.
|
# ? Sep 7, 2015 02:28 |
|
RFC2324 posted:I think its a subscription based on, so probably a goon working for websense or whoever it was. Sometimes its a previous filter admin and the forums go away when you switch webfilters. You then can either use your phone, go to the IP, or make a case of why the forums are valid use of company time.
|
# ? Sep 7, 2015 03:17 |
|
pixaal posted:Sometimes its a previous filter admin and the forums go away when you switch webfilters. You then can either use your phone, go to the IP, or make a case of why the forums are valid use of company time. Or do like I did and get a remote position and not deal with webfilters at all v0v
|
# ? Sep 7, 2015 03:25 |
|
|
# ? Jun 5, 2024 04:38 |
|
RFC2324 posted:Or do like I did and get a remote position and not deal with webfilters at all v0v Split tunneling forever!
|
# ? Sep 7, 2015 03:28 |