|
If your internal sev1 isn’t a sev1 for your 3rd party you either make it a sev1 for them (make management spend money on a better contract effectivie immediately) or downgrade the internal severity and go home. Or if it’s such a clusterfuck you just 
|
#
?
Dec 29, 2018 09:20
|
|
|
|
| # ? May 26, 2024 00:25 |
|
|
SeaborneClink posted:Oh yes I forgot the "how inconvenienced is management" column in the incident response severity matrix. It’s this one. Docjowles posted:What impact is this having on the value of Fishcoin? I feel like I have to have a discussion about blockchain like every two weeks these days. LochNessMonster posted:If your internal sev1 isn’t a sev1 for your 3rd party you either make it a sev1 for them (make management spend money on a better contract effectivie immediately) or downgrade the internal severity and go home. is definitely on my 2019 list of things to do
|
|
#
?
Dec 29, 2018 14:10
|
|
|
Kashuno posted:Long story short, a non reversible change was made to a thing that caused our older in house customized EDI solution to be hosed permanently and we’ve had little to no EDI with our main 3rd party storage facilities this entire week. Did somebody overwrite all the maps or something? I've had a GENTRAN server gently caress up so bad that we've had to do a VM restore. I also had to build an EDI server from scratch once, that wasn't really fun!
|
|
#
?
Dec 29, 2018 14:25
|
|
|
Vargatron posted:Did somebody overwrite all the maps or something? I've had a GENTRAN server gently caress up so bad that we've had to do a VM restore. I also had to build an EDI server from scratch once, that wasn't really fun! It had to do with when we migrated our web hosting over to a new thing and the loss of an outbound ftp service running through our website that handled EDI and a separate but related certificate issue. Our old EDI company told us “hey we arent changing anything at all until after New Years so make it work on your end don’t know what to tell you” which, we are moving to a new EDI provider anyway so we just swapped things over! But then we were not fixing our EDI issues internally with any consistency in the past so some issues with our 940s were fixed in the custom EDI program we had, some were fixed via batch files, etc. so now we are dealing the ramifications of all that. At this point, most of our warehouse connections are working smoothly minus 2 major issues so I’ve put it on the “we will work on it after New Years” list. I’ve made a very angry and serious case about why marketing should not have final say over changing anything including technical, I don’t care if they tell the CEO nothing will break they frankly don’t know poo poo about the technical side of stuff
|
|
#
?
Dec 29, 2018 14:35
|
|
|
Yeah that definitely should have been something that was done after New Years with full support available. We had to do a forced change due to our VAN deprecating the communication method we were using to pull down EDI docs, but thankfully they set us up with a test mailbox and provided an extension on the deadline to help us limp along. Managing EDI is a tough job and most companies don't understand that. They have the idea that it's just like sending e-mails but for ERP systems. I'm not super well versed in EDI, but I dipped my toes in at a previous job because I basically wore every hat in the IT operation. There's a reason larger companies have a dedicated EDI specialist...
|
|
#
?
Dec 29, 2018 14:41
|
|
|
Kashuno posted:I’ve made a very angry and serious case about why marketing should not have final say over changing anything including technical, I don’t care if they tell the CEO nothing will break they frankly don’t know poo poo about the technical side of stuff The real wtf is that marketing has anything to say about the risk analysis of IT. The moment that happened you should make them responsible for on call and fixing poo poo I wish I couldn’t believe that there are morons running a business like this but I’ve seen enough to know better. Do yourself a favor and in January. Don’t wait, just start looking for something new.
|
|
#
?
Dec 29, 2018 15:47
|
|
|
LochNessMonster posted:The real wtf is that marketing has anything to say about the risk analysis of IT. Our CEO is like maximum possible level computer illiterate and had negative interest in meeting with me on things even though I’m the IT Director and our CFO, while a really great boss to have and willing to acknowledge he doesn’t know pretty much anything technically, specifically doesn’t know anything technically. I’ve been keeping my resume up to date and casually searching the last few weeks while stacking some relevant certs with one more cert coming in a few weeks. The issue is that I am definitely overpaid/over-titled for my length of time in the industry so it’s touch finding somewhere that will meet me on salary. I’m hoping the certs bump my hire ability at a higher wage so I can hunt seriously through Jan and Feb
|
|
#
?
Dec 29, 2018 16:45
|
|
|
I had promised myself I’d put at least 12 months in at this little MSP, just to get some MSP experience on my resume before jumping to a (better/bigger/more focused on my specific interests) one A month in, I like the solitude and that I get sent to the hard problems, but we’re selling these tiny little companies on-prem hardware that they have no possible use for, and we have no plans to change this because we get a good margin on hw sales. I know business is business and there’s no such thing as ethical consumption &c. &c. but goddamn does this make me feel dirty and wrong. E: I guess what I feel like is that this place should have built or bought a private/virtual private cloud 5, 3, or 2 years ago and P2V’ed everything rather than selling our customers dells or HPs that’ll be useless scrap metal in 18 months. A tiny little dry cleaner chain with three locations in the metro area has no need to be running an on-prem vcenter. It’s loving malpractice. Schadenboner fucked around with this message at 17:14 on Dec 29, 2018 |
|
#
?
Dec 29, 2018 16:55
|
|
|
There's nothing in it for you to try and turn that particular ship around - if sales are addicted to hardware margin and people like shifting boxes then the company will likely have no clients left in a few years anyway, so 
|
|
#
?
Dec 29, 2018 17:53
|
|
|
Docjowles posted:Something that was not actually a sev 1 tier service, if it's down for a week and the company remains in business
|
|
#
?
Dec 29, 2018 17:57
|
|
|
Schadenboner posted:I had promised myself I’d put at least 12 months in at this little MSP, just to get some MSP experience on my resume before jumping to a (better/bigger/more focused on my specific interests) one Oof, yeah sounds like they're getting taken to the cleaners.
|
|
#
?
Dec 30, 2018 01:37
|
|
|
BallerBallerDillz posted:Oof, yeah sounds like they're getting taken to the cleaners. 
|
|
#
?
Dec 30, 2018 01:37
|
|
|
Schadenboner posted:I had promised myself I’d put at least 12 months in at this little MSP, just to get some MSP experience on my resume before jumping to a (better/bigger/more focused on my specific interests) one Yep sounds like MSP work. Just be happy your company either doesn't, or has not made obvious, that they are lovely support. lovely support makes a lot of money. Why fix something in 20mins when it can take you 5hrs because you have no idea what you're doing?
|
|
#
?
Dec 31, 2018 16:48
|
|
|
Christmas eve: switched over to new adfs 2016 servers on the internal VIP. Today: got the firewall rules in place, set up the new adfs proxy servers in the DMZ, and flipped them over in the VIP. Completely removed the 2012r2 servers from the farm and upped the adfs farm behavior level. I left the office at 1030, I couldn’t get a change control in because I lost access to it in servicenow. I give no fucks, it either works or it doesn’t and it tested out fine.
|
|
#
?
Dec 31, 2018 17:19
|
|
|
devmd01 posted:Christmas eve: switched over to new adfs 2016 servers on the internal VIP. Everything about this is wrong and it triggers me.
|
|
#
?
Dec 31, 2018 18:14
|
|
|
Sickening posted:Everything about this is wrong and it triggers me.
|
|
#
?
Dec 31, 2018 18:33
|
|
|
All of the makes sense but don't do stuff like that on a holiday are you crazy?
|
|
#
?
Jan 1, 2019 01:22
|
|
|
devmd01 posted:Christmas eve: switched over to new adfs 2016 servers on the internal VIP. Wowzers at this post.
|
|
#
?
Jan 1, 2019 14:55
|
|
|
BallerBallerDillz posted:Oof, yeah sounds like they're getting taken to the cleaners. Top this. Corporate Communications needed to drive 4 monitors in a building lobby times at least 6 buildings. In-house IT suggested 4 HP minis per lobby, each driving one monitor. What did they buy ? 4 Z2X0 workstations per lobby. Each has 2 DisplayPort ports, 1 VGA port, and one add-in video card with four miniDisplayPort ports per card. Each of those is driving one monitor. We figure that cost about 6 times what IT pitched. Just to be clear, there are 28 video ports driving a total of four displays. And those stupid SOBs in CorpComm bought workstation-class machines that were put on our network with an OEM image. They're managed by the vendor using an in-house program they developed that gets routinely blocked by the anti-virus package that they installed. I'd love to meet that salesperson and shake their hand. I'd just be sure to count my fingers afterwards.
|
|
#
?
Jan 1, 2019 15:20
|
|
|
if you had dot1x on your switchports you wouldn't have to worry about these chucklefucks plugging random poo poo in 
|
|
#
?
Jan 1, 2019 16:16
|
|
|
New Year already off to a great start. All of our sites lost all internet connectivity yesterday around 9. RCN, Verizon, and Cox. Dude on call handled it but had to involve me and another coworker for assistance, which is fine. He's never dealt with an on-call event before so I walked him through it including who to email with updates and what to say. The great part is that I still haven't seen a reply from our boss asking for more details or telling us that we're all incompetent. uhhhhahhhhohahhh posted:if you had dot1x on your switchports you wouldn't have to worry about these chucklefucks plugging random poo poo in we use .1x and it makes things a loving nightmare in public places. Inevitably some asshat will go around trying to plug his laptop into EVERY port or unplug every public desktop and plug in his laptop to try and beat the system. All the ports get shut down. Then our helpdesk guy will spend a half a day scratching his head wondering why none of the public computers can get to the internet. GnarlyCharlie4u fucked around with this message at 16:46 on Jan 1, 2019 |
|
#
?
Jan 1, 2019 16:40
|
|
|
If you have public use computers then you're probably best off having the network points and the actual PCs locked away somewhere.
|
|
#
?
Jan 1, 2019 16:49
|
|
|
Gonna start 2019 piloting a new project using containers. This is coming from our currently .NET Windows/IIS setup we normally use with a lot of little variations between dev/test/prod environments. Working with containers is new to me and the devs but there’s enthusiasm. The company wants our apps to run entirely out of a cloud provider in 2020 so they need to understand this is their best bet going forward if they don’t want to pay out the rear end for a lift and IaaS.
|
|
#
?
Jan 1, 2019 17:34
|
|
|
GnarlyCharlie4u posted:we use .1x and it makes things a loving nightmare in public places. Inevitably some asshat will go around trying to plug his laptop into EVERY port or unplug every public desktop and plug in his laptop to try and beat the system. So have them unlock? Or put them in a vlan that serves up a hotspot compliant website that says they just need to call x to get access. That number plays a recording that says "stop unplugging random poo poo on our network."
|
|
#
?
Jan 1, 2019 18:23
|
|
|
yeah i dont understand why your radius server is shutting ports that fail an authentication, it's unnecessary
|
|
#
?
Jan 1, 2019 18:24
|
|
|
uhhhhahhhhohahhh posted:yeah i dont understand why your radius server is shutting ports that fail an authentication, it's unnecessary Perhaps I'm misreading but I think this is about port security, it's seeing more than the (presumably) one MAC address that it learned and shutting the ports down.
|
|
#
?
Jan 1, 2019 18:43
|
|
|
Then why would you have port security and .1x on the same port??
|
|
#
?
Jan 1, 2019 19:39
|
|
|
H110Hawk posted:So have them unlock? Or put them in a vlan that serves up a hotspot compliant website that says they just need to call x to get access. That number plays a recording that says "stop unplugging random poo poo on our network." This. Or just have the captive portal site say "unauthorized device detected, this incident has been reported to security."
|
|
#
?
Jan 1, 2019 20:35
|
|
|
I'm currently looking into improving secrets management for my CI/CD pipeline and was wondering what decent options there are, preferably open source and free to start with. I don't mind getting licenses in the (near) future but I'd like to set up a proof of concept to begin with. I'm aware of Hashicorp Vault but I was wondering if there are any decent competitors I should have a look at.
|
|
#
?
Jan 2, 2019 11:22
|
|
|
AWS s3 with KMS and gcs do similar things if you aren’t looking for rotation.
|
|
#
?
Jan 2, 2019 15:42
|
|
|
We’re using AWS System Manager Parameter Store with KMS to encrypt secrets. It’s extra nice since Ansible supports it out of the box.
|
|
#
?
Jan 2, 2019 17:16
|
|
|
We use VSTS/Key Vault, which I guess is pretty much equivalent.
|
|
#
?
Jan 2, 2019 17:36
|
|
|
I did get an email a while back from a secretary who had all her passwords on a Sticky Note and she accidentally deleted it and needed it back. Yeah you can't recover though.
|
|
#
?
Jan 2, 2019 17:38
|
|
|
guppy posted:Perhaps I'm misreading but I think this is about port security, it's seeing more than the (presumably) one MAC address that it learned and shutting the ports down. uhhhhahhhhohahhh posted:yeah i dont understand why your radius server is shutting ports that fail an authentication, it's unnecessary Thanks Ants posted:If you have public use computers then you're probably best off having the network points and the actual PCs locked away somewhere. Thanks for your suggestions. I've forwarded them onto the one and only person who has any access to administer the network. He placed them in his suggestion box. 
|
|
#
?
Jan 2, 2019 18:13
|
|
|
Forgot to mention I can’t get our finance department to pay bills from AWS/GCP/Azure instead of our MSP, so at the moment cloud isn’t an option. That’ll change in Q3/Q4 and I’d rather have something before that time. Is Vault my only (decent) option?
|
|
#
?
Jan 2, 2019 18:38
|
|
|
LochNessMonster posted:Forgot to mention I can’t get our finance department to pay bills from AWS/GCP/Azure instead of our MSP, so at the moment cloud isn’t an option. That’ll change in Q3/Q4 and I’d rather have something before that time. That is one hell of a thing to have to work around. I wouldn’t want to half rear end managing secrets to satisfy this weird issue.
|
|
#
?
Jan 2, 2019 18:41
|
|
|
LochNessMonster posted:Forgot to mention I can’t get our finance department to pay bills from AWS/GCP/Azure instead of our MSP, so at the moment cloud isn’t an option. That’ll change in Q3/Q4 and I’d rather have something before that time. Have your MSP re-sell you AWS/GCP/Azure at a 1% markup?
|
|
#
?
Jan 2, 2019 18:48
|
|
|
Make your own LLC and resell cloud services to your employer
|
|
#
?
Jan 2, 2019 19:26
|
|
|
We are also talking in the $10 range as long as you don’t go insane. Can you link it to your Corp card?
|
|
#
?
Jan 2, 2019 19:46
|
|
|
|
| # ? May 26, 2024 00:25 |
|
|
Hell it might even run under the free tier on AWS if you go the kms/s3 route.
|
|
#
?
Jan 2, 2019 20:10
|
|