|
TheCog posted:I mean really it would be irresponsible not to automate it in case it comes up again. My situation is one that doesn't really allow that. I'm a vendor contracted to a hospital system, and the mandate came from my company. The hospital system doesn't give two shits about it and doesn't provide the accesses on their network to allow it.
|
# ? Jun 12, 2019 19:27 |
|
|
# ? May 26, 2024 01:29 |
|
Also in short notice news.. We got a notification from Verifone yesterday that they where transitioning to different URLs for their credit card gateway, APIs, gateway website, etc.. the whole deal. Some of the URLs will be hard cut off on June 28th, while others won't be until August. Our integrator was told originally that only the gateway access URLs would be transitioned, so they did that months ago. They found out when we did that it was everything. So now they are scrambling to push a hotfix to update the rest of the URLs their software uses. Bonus: The notice says everyone was previously notified of this... Except they weren't. Our integrator didn't know, nor did our processor/gateway reseller. I was wondering when they where finally going to fix the the untrusted Symantec SSL certs they where using, guess I know now!
|
# ? Jun 12, 2019 20:01 |
|
I have a coworker that will immediately stop all brain function and slack me gigantic error logs without looking at them if anything fucks up ever. 90% of the time what is actually wrong is in the error code and it's driving me insane. At this point, I have even said "Stop pasting this poo poo and read the log before coming to me" to which that will mitigate him doing this for about a week, and then he starts doing it again. Shits infuriating. Edit* One time we were troubleshooting an issue together, and if the same issue came up, he would immediately copy and paste the EXACT SAME ERROR LOG again. So by the end of the conversation, he had the same error log pasted to me at least 20 times.
|
# ? Jun 12, 2019 20:21 |
|
Worst part about slack log posting is when people paste it blindly and don't use the snippet feature.
|
# ? Jun 12, 2019 20:37 |
|
Well the new Verifone website is much nicer, but they still have the same terrible password requirements. Their requirements actually substantially reduce the amount of possible passwords....
|
# ? Jun 12, 2019 20:48 |
stevewm posted:Well the new Verifone website is much nicer, but they still have the same terrible password requirements. 95% chance they're storing the password in plaintext somewhere. Edit: And no special characters? It's in plaintext and they're not escaping inputs. Time to use some kind of DROP TABLE phrase as your password to teach 'em that lesson. ConfusedUs fucked around with this message at 20:54 on Jun 12, 2019 |
|
# ? Jun 12, 2019 20:50 |
|
stevewm posted:Well the new Verifone website is much nicer, but they still have the same terrible password requirements. What's the max number of characters allowed? If it's high enough (128 chars or more) then is not that bad. Still, the "special character" requirement is a red flag, no doubt about it. edit: now I saw "No sequential, and no repeating". hmm....
|
# ? Jun 12, 2019 20:51 |
|
stevewm posted:Well the new Verifone website is much nicer, but they still have the same terrible password requirements. Bringing up the bottom while also bringing down the top is often an ok trade-off. Reducing the search space in such a way that the attacker can know that a password will never be nbmXYn8yP3V6vqQCm6YssabcB while also ensuring that a password will never be abc2019 is a net gain in security because the person who wanted to use nbmXYn8yP3V6vqQCm6YssabcB is still going to pick a relatively secure password and the person who wanted to pick abc2019 is going to pick a slightly more secure password. That said, I agree with you that it's dumb and there are better ways to ensure password security.
|
# ? Jun 12, 2019 20:55 |
|
Volguus posted:What's the max number of characters allowed? If it's high enough (128 chars or more) then is not that bad. Still, the "special character" requirement is a red flag, no doubt about it. It allows a max of 10 characters, minimum of 8.
|
# ? Jun 12, 2019 21:03 |
|
Comradephate posted:Bringing up the bottom while also bringing down the top is often an ok trade-off. Reducing the search space in such a way that the attacker can know that a password will never be nbmXYn8yP3V6vqQCm6YssabcB while also ensuring that a password will never be abc2019 is a net gain in security because the person who wanted to use nbmXYn8yP3V6vqQCm6YssabcB is still going to pick a relatively secure password and the person who wanted to pick abc2019 is going to pick a slightly more secure password. Agreed. Any bets on the limit being 8 characters? Edit: I was pretty close.
|
# ? Jun 12, 2019 21:06 |
|
Oyster posted:poo poo pissing me off: According to MS's timeline you have until July 9 to install that update. Unless these sites have already configured their WSUS to be SHA-2 only for win7 and server 2008, or something like that. I installed it through Windows Update this morning on a couple of our Win7 boxes that still needed it. We had to delay installing it because for some reason that update caused issues with Sohpos, and we had to wait on a Sophos update. Which means we also had to delay the RDP patch
|
# ? Jun 12, 2019 21:18 |
|
Lets not forget this is a credit card gateway, lol... Now, thankfully PAN data is impossible to retrieve on this website. You can only see the first 6 and last 4 and no EXP date. But you can do other functions to cards already listed. Like run reference sales, credits, process sales, etc..
|
# ? Jun 12, 2019 21:19 |
|
Hungry Computer posted:According to MS's timeline you have until July 9 to install that update. Unless these sites have already configured their WSUS to be SHA-2 only for win7 and server 2008, or something like that. I installed it through Windows Update this morning on a couple of our Win7 boxes that still needed it. We had to delay installing it because for some reason that update caused issues with Sohpos, and we had to wait on a Sophos update. Which means we also had to delay the RDP patch Unfortunately these are printers and the servers they report meters and such to were upgraded on the 30th. Hence the past deadline.
|
# ? Jun 12, 2019 22:48 |
|
Not pissing me off: Got told today I've been given a raise effective the first day of this pay period.
|
# ? Jun 13, 2019 01:29 |
|
dragonshardz posted:Not pissing me off: Got told today I've been given a raise effective the first day of this pay period. Got told today I've been given a promotion effective the first of the month!
|
# ? Jun 13, 2019 03:47 |
|
The new guy at work, not my department, talks really loudly and has an annoying voice. Really tempted to leave a note at his desk letting him know that he should turn it down. The previous guy never stopped talking, and never seemed to listen, but this guy is too loud.
Maigius fucked around with this message at 07:02 on Jun 13, 2019 |
# ? Jun 13, 2019 07:00 |
|
Maigius posted:The new guy at work, not my department, talks really loudly and has an annoying voice. Really tempted to leave a note at his desk letting him know that he should turn it down. The previous guy never stopped talking, and never seemed to listen, but this guy is too loud. Our new guy is a compulsive pen-clicker when he's thinking or reading. We don't do anything that involves handwriting, all our work is done on PC's.
|
# ? Jun 13, 2019 09:47 |
|
stevewm posted:Lets not forget this is a credit card gateway, lol... gently caress I could Hashcat hashes quite quickly (relatively speaking). EDIT: To clarify, bruting hashes with a custom dictionary with those parametres. Humphreys fucked around with this message at 14:31 on Jun 13, 2019 |
# ? Jun 13, 2019 14:25 |
|
Oyster posted:My situation is one that doesn't really allow that. I'm a vendor contracted to a hospital system, and the mandate came from my company. The hospital system doesn't give two shits about it and doesn't provide the accesses on their network to allow it. Hospital: We sure do love our Megacorp defibrillators! Megacorp: Hey, we're going to discontinue those in 2 years. Hospital: We still love our Megacorp equipment! Megacorp: Just kidding, we've moved up the schedule and we're discontinuing our entire defib line effective 12 months from today. No support or further sales. Hospital: Go Megacorp, yay! -- 12 months later -- Hospital Lawyers: WHAT THE ACTUAL gently caress?! Hospital: Uh, poo poo, let's find a new vendor and retrain 10K employees in the next 6 weeks!
|
# ? Jun 13, 2019 14:46 |
|
Windows 10 is showing me ads for various 3d printers and 3d printing products approximately 10 times a day. I don't own a 3d printer. I've never thought about owning a 3d printer. I've never researched 3d printers. I don't click on ads for 3d printers. I don't want a 3d printer. If one magically landed on my doorstep I would sell it.
|
# ? Jun 13, 2019 16:04 |
|
Wait. Windows 10, the operating system on your computer, is pushing ads?
|
# ? Jun 13, 2019 16:08 |
|
Proteus Jones posted:Wait. Windows 10, the operating system on your computer, is pushing ads? Oh yeah. I've had Candy Crush show up when I was typing the name of a program I wanted to run. On a Win10 Enterprise system, using a recent corporate image. gently caress Microsoft, delete Cortana.
|
# ? Jun 13, 2019 16:11 |
|
|
# ? Jun 13, 2019 16:17 |
|
|
# ? Jun 13, 2019 16:18 |
|
Proteus Jones posted:Wait. Windows 10, the operating system on your computer, is pushing ads? I can’t tell if this is sarcastic or not. Windows 10 has been riddled with ads since launch.
|
# ? Jun 13, 2019 16:22 |
|
Weedle posted:I can’t tell if this is sarcastic or not. Windows 10 has been riddled with ads since launch. Maybe something like PiHole would help? I am not personally running PiHole but something similar, but i don't remember seeing ads in windows. I only boot windows once a month or so, so it's either the ads blocking feature or the rarity of it being live that stops them ( or completely something else and im just lucky). Volguus fucked around with this message at 16:27 on Jun 13, 2019 |
# ? Jun 13, 2019 16:25 |
|
You can turn off the ads pretty easily in the OOBE but you have to click into a specific menu and people usually just mash Next until they're booted to the desktop.mllaneza posted:Oh yeah. I've had Candy Crush show up when I was typing the name of a program I wanted to run. On a Win10 Enterprise system, using a recent corporate image. gently caress Microsoft, delete Cortana. Whoever setup your image is bad.
|
# ? Jun 13, 2019 16:28 |
|
Volguus posted:Maybe something like PiHole would help? I am not personally running PiHole but something similar, but i don't remember seeing ads in windows. I only boot windows once a month or so, so it's either the ads blocking feature or the rarity of it being live that stops them ( or completely something else and im just lucky). Naw, you can pretty easily turn them off in the settings somewhere. You just have to know that you can since Microsoft isn't going to volunteer that information. Neddy Seagoon posted:Our new guy is a compulsive pen-clicker when he's thinking or reading. I do the same thing, so I got a fidget cube from Target so that I'm not making noise when I do it anymore.
|
# ? Jun 13, 2019 16:44 |
|
Weedle posted:I can’t tell if this is sarcastic or not. Windows 10 has been riddled with ads since launch. I haven't gotten an ad on windows 10 ever. Home machine or not. Am I just lucky or do I lack the proper spyware?
|
# ? Jun 13, 2019 17:09 |
|
Sickening posted:I haven't gotten an ad on windows 10 ever. Home machine or not. Am I just lucky or do I lack the proper spyware? Might have just made the proper settings changes/registry updates early on. What annoyed me was when they changed the search to always go out to the internet by default with a reg edit the only way to turn it off.
|
# ? Jun 13, 2019 17:18 |
|
it's terrible and bad that windows has "sponsored links" or whatever to candy crush and a few other games, but it's very easy to uninstall them all with powershell. Also, forums user Weedle, your avatar is very enjoyable.
|
# ? Jun 13, 2019 17:19 |
|
Sickening posted:I haven't gotten an ad on windows 10 ever. Home machine or not. Am I just lucky or do I lack the proper spyware? I'm reasonably sure that if you are suitably anti-ads, anti-'personalised experience' when you choose your customs settings when you install win 10, you avoid them.
|
# ? Jun 13, 2019 17:23 |
|
Pissing me off: A company putting explicit references to "biblical principles" in their otherwise really awesome job ad. Not cool and is explicitly prohibited by the EEOC. Not pissing me off, though: I'M SWITCHING TEAMS ON MONDAY!!!!!!!!!!!! The re-org isn't happening until July, but in the meantime another team is overloaded and I'm twiddling my thumbs over here with version upgrades and L3 support crap. They're moving me over to that other team, led by one of the half dozen people still around from when I was first hired that I actually like, to help them push through this sudden priority project during the transition. I also wonder if the big boss man finally got the hint that I'm just done with the "tactical" work we've been stuck with for months and really dissatisfied. I also got messaged to ask my preference between two of the new teams, both led by guys I like. I needed that little boost that apparently two teams are fighting over me this week; it's nice to feel wanted here again It's not entirely outside the realm of possibility that I stay put if this re-org fixes some problems, but I'm not pulling my apps just yet, especially when most of them would come with a solid 20k+ raise.
|
# ? Jun 13, 2019 17:35 |
Why is everything having to do with RS232 such a tremendous headache? Oh this spare switch only has a 232 console even though it's from 2016. Oh the blue rollovers everything else uses can't work in reverse. Oh wait, every cable on site is male/female. Oh wait the USB adapters that are around only have male plug. Guess I have to buy a cable. gently caress this poo poo.
|
|
# ? Jun 13, 2019 17:55 |
|
I don't know if it's still true, but Windows 10 would actually install and download Candy Crush / Minecraft etc without telling you. I had a month old Win 10 computer and was going through the install logs and found them installed a few weeks after setting up the computer (couple hundred mb each). Must be hell for people on metered connections.
|
# ? Jun 13, 2019 17:58 |
|
Comradephate posted:Also, forums user Weedle, your avatar is very enjoyable. Thank you. Someone from the Pokémon thread in Games bought it for me anonymously almost a decade ago.
|
# ? Jun 13, 2019 18:58 |
|
skooma512 posted:Why is everything having to do with RS232 such a tremendous headache? Was just on a site with this situation on Tuesday. Luckily there was an appropriate female on both ends RS232 cable sitting around behind some long-dead spare desktops after 20 minutes of digging through other spare cables!
|
# ? Jun 13, 2019 19:03 |
|
Weedle posted:I can’t tell if this is sarcastic or not. Windows 10 has been riddled with ads since launch. I don't use Windows (except as a headless box for Steam Link), so I had no idea.
|
# ? Jun 13, 2019 19:30 |
|
Proteus Jones posted:I don't use Windows (except as a headless box for Steam Link), so I had no idea. Headless? When I tried to use my Steam link one of the few times it made me change the resolution on the host computer down to match the tv I was trying to use. Plus the lag was bad for a racing game and it was a wired connection from internet <> pc <> steam link.
|
# ? Jun 13, 2019 19:54 |
|
|
# ? May 26, 2024 01:29 |
|
Finally Asana lets you enforce SAML without needing a pricing tier higher than 'Premium'. Before I could enforce Google Login or have optional SAML but it would still let people in with just a username and password that bypassed all 2FA. Obviously SAML and provisioning should be in every single paid tier of a product because it allows the app vendor to outsource authentication, but I'm not in charge of the world yet.
|
# ? Jun 13, 2019 20:24 |