|
Silly Burrito posted:If they start talking about their pihole will you be offended? Nope, not at all. 
|
#
?
Apr 22, 2021 15:17
|
|
|
|
| # ? May 23, 2024 20:20 |
|
|
I setup Google WiFi in my house a few years ago and promptly ceased caring about my home network. I have a guest network, I can easily setup reservations for stuff like my printer from the app, and I never have to think about updates. About the only thing I would change if I wasn't lazy is running wired backhaul to each puck, but I don't think it would actually produce a noticable difference. I had a friend that went all in creating separate VLANs for IOT stuff Anne constantly complained about how none of his smart stuff worked correctly. He wanted the network isolated so that the IOT devices couldn't become a vector to compromise.... and that's where the logic fell apart. Compromise what exactly? The single patched windows 10 computer running on your home network? Your patched phone? Unless you are creating a separate VLAN for ever IOT device, it's folly since they are simultaneously the most easily compromised AND the actual things you want protected. He finally gave up and went Google WiFi as well.
|
|
#
?
Apr 22, 2021 15:30
|
|
|
On the one hand, you do you want to try to keep your non-computer devices from being owned just so they can’t be used to do shady illegal poo poo to other people. But on the other hand my smart TV getting owned and being used in a botnet is usually someone else’s problem. I am security conscious enough to keep my firmware off non-default passwords and up-to-date, so everything else is Samsung’s problem. There is a point in the shared responsibility model that i am up holding my side of things.
|
|
#
?
Apr 22, 2021 15:36
|
|
|
I thought about the VLAN route for IoT but it broke smart devices so I just gave up and run everything on the same SSID. There are plenty of Rogers8734 and Bell863 wireless networks in my neighborhood running default passwords that the script kiddies will probably go after first. Regarding interview questions. I like to ask very basic troubleshooting questions. "A customer calls you and says the portal is running slow. What do you do?" You would be shocked and how many people can't answer that. You can take all the Udemy classes you want but if you can't do basic troubleshooting then what's the point? Lately I find even people with experience have trouble answering basic questions about windows Task Manager or how to even find the IP of your machine using CLI. We also do a test with two sets of logs files, one from the web server, one from the DB server, but we intentionally give them logs that don't have matching timestamps (48 hours apart) and lots miss that too.
|
|
#
?
Apr 22, 2021 15:56
|
|
|
Bonzo posted:I thought about the VLAN route for IoT but it broke smart devices so I just gave up and run everything on the same SSID. It's a conundrum. The stuff that needs the most protection are IOT devices, but you really need to protect them from other IOT devices. The only way to do that is isolation and then you basically break their functionality so you might as well not have them. There are edge cases though. The LG TV exploit that could be run from just visiting a webpage with a device on the same network is a good example of being able to jump to an IOT device without needing a compromised vector on your network in the first place. But if something is that badly broken, you are better off just keeping it off a network altogether.
|
|
#
?
Apr 22, 2021 16:17
|
|
|
I just have the ikea lightbulbs and I live in a dense urban area with a bunch of networks running WPA so I’m just hoping to be faster than the other runners than the bear, plus the range of my WAP is like 12 feet.
|
|
#
?
Apr 22, 2021 16:19
|
|
|
bull3964 posted:I setup Google WiFi in my house a few years ago and promptly ceased caring about my home network. Saaaaame. I'm not about to be tech support for my wife and kids, I need their poo poo to Just Work (tm). My company that I have two days left at recommends books on their intranet page. Side by side at the top of the list are the books "The Upside of Stress" and "Burnout: The Secret to Unlocking the Stress Cycle". They are so close to being self aware, and then shy away before making meaningful improvements lol
|
|
#
?
Apr 22, 2021 16:26
|
|
|
GreenNight posted:My goal is to do those things. If you really want to nail it, make sure you keep harrassing the teams to fix these vulnerabilities without offering any guidance or how to do this. Bonus points if you double down on not applicable or false positive results.
|
|
#
?
Apr 22, 2021 17:39
|
|
|
LochNessMonster posted:If you really want to nail it, make sure you keep harrassing the teams to fix these vulnerabilities without offering any guidance or how to do this. No no, I'm also the team that would have to fix the vulns too. That's how it works today at my job. My dream is to not have to be on all the sides of it.
|
|
#
?
Apr 22, 2021 17:42
|
|
|
LochNessMonster posted:If you really want to nail it, make sure you keep harrassing the teams to fix these vulnerabilities without offering any guidance or how to do this.
|
|
#
?
Apr 22, 2021 18:01
|
|
Cenodoxus posted:You can also put yourself on top by threatening to disable their network ports if they haven't fixed all their vulnerabilities by X date (usually next Friday). When they push back about "change control", "production impact", blah blah blah, CC the next 2-3 people in their chain of command and state unequivocally that they don't care about security and are just trying to avoid doing work. Bonus points when it’s port 443 on the front end of an app that makes the company all its money
|
|
|
#
?
Apr 22, 2021 18:13
|
|
|
Gonna be like that the old dude in NCIS during that 2 people one keyboard hacking scene
|
|
#
?
Apr 22, 2021 20:13
|
|
|
Happiness Commando posted:What's the word to describe a work environment that has all the dysfunctions of startups amd also simultaneously the dysfunctions of mega-enterprises?
|
|
#
?
Apr 22, 2021 20:47
|
|
|
We are doing some redundancy redesign in AWS which is allowing us to reclaim something like 250 t3.medium and a bunch of other RIs for another 2 years, so one of my guys had the great idea to set up our AWS account on the reseller marketplace. We got approvals and whatnot and had finance zoom with us on setting up the bank account info, but they thought maybe our accountants should be involved. Now the whole thing has blown way up where we are getting asked why we're trying to sell company property and have we considered the net benefits to our tax liability and now we have to have all these other meetings with AWS to confirm we're not...I don't know, laundering money maybe? This is what we get for trying to save the company money instead of spending it.
|
|
#
?
Apr 23, 2021 00:03
|
|
|
Sepist posted:We are doing some redundancy redesign in AWS which is allowing us to reclaim something like 250 t3.medium and a bunch of other RIs for another 2 years, so one of my guys had the great idea to set up our AWS account on the reseller marketplace. We got approvals and whatnot and had finance zoom with us on setting up the bank account info, but they thought maybe our accountants should be involved. Now the whole thing has blown way up where we are getting asked why we're trying to sell company property and have we considered the net benefits to our tax liability and now we have to have all these other meetings with AWS to confirm we're not...I don't know, laundering money maybe? That's also why big companies wheel a dumpster up to the data center and/or pay someone to come in and "recycle" a room full of enterprise hardware that's fully depreciated but still worth 7 figures. Because a financial analyst making 60k/year would have to spend a few hours every quarter putting more numbers in a spreadsheet.
|
|
#
?
Apr 23, 2021 02:18
|
|
|
This is why you shouldn’t care about how much money your company wastes. It’s way funnier to spend their money on horseshit tbh
|
|
|
#
?
Apr 23, 2021 02:25
|
|
|
Yea he has only been here for a few months and was trying to do the right thing. This whole cost savings thing came from a new C demanding 30% cut across the board but then that C quit abruptly after 2 weeks because he joined from a SaaS thinking we were a SaaS but we're not and he was out of his league so BAU I guess.
|
|
#
?
Apr 23, 2021 02:51
|
|
|
Happiness Commando posted:My soon to be ex boss just asked if I had any suggestions for how write the job posting (to hire my replacement) to more accurately select for successful candidates. "An agile goal-oriented organization"
|
|
#
?
Apr 23, 2021 07:32
|
|
|
Cenodoxus posted:That's also why big companies wheel a dumpster up to the data center and/or pay someone to come in and "recycle" a room full of enterprise hardware that's fully depreciated but still worth 7 figures. Because a financial analyst making 60k/year would have to spend a few hours every quarter putting more numbers in a spreadsheet. When one of my clients moved offices they decided to sell all inventory to a scrapper. He paid 5 bucks per desk (which included desk, chair, desktop, screen, keyboard, mouse and kvm switch). People asked if they could buy some of the hardware before it went to the scrapper but it was an all or nothing deal so nobody got to buy anything. This wall perfectly fine hardware but with the new office they just bought everything new instead of moving the 'old' stuff. From what I saw in the last week people just took poo poo home, and tbh I can't blame them at that price. Company is throwing away so much money (which comes at the expense of the employees bonus in the end), so better take home everything that's not bolted to the floor. It's coming out of your paycheck anyway.
|
|
#
?
Apr 23, 2021 08:26
|
|
|
My 2nd to last business unit worked with a guy who bought and refurbished our old PCs, and the money from that was essential and built into the refresh budget. It was a LOT of extra labor hours to do it right and I'm not really sure it made financial sense. My last job just didn't give a poo poo and gave everything away without a hard drive (HIPAA, we just shredded them) and sent everything straight to recycling even if it was basically new. Nobody wanted to deal with the financials inside a massive multi-billion dollar university accounting system. It was the only job I ever had that properly understood that if we are THROWING IT OUT, we'd rather someone just have it. We used to raffle off totally cromulent iMacs and stuff all the time. We refreshed a buncha old optiplexes and i'm pretty sure the 990s we got rid of got the employees through covid Also I started at my new job on Wed & so far I really really like it. I'm the only IT person in the US so while I don't have to do performance management, I retain -most- of the site manager autonomy I used to have. My boss told me that NOTHING is being done 'on purpose' there - so feel free to question or suggest improvements on literally every process. He started in Mar 2020 and lives in London, so nobody has even been out here. Oh also on my first day he was like "yeah sorry couldn't tell you this in the interview but the company is planning a large expansion in the US over the next few years" so I'm really hoping for some growth
|
|
#
?
Apr 23, 2021 11:25
|
|
|
We used to basically give all our hardware to this recycler guy. I made the mistake of starting a conversation with him to be friendly and he told me alll about the supercomputer cluster he is building in his basement.
|
|
#
?
Apr 23, 2021 11:38
|
|
|
Bob Morales posted:We used to basically give all our hardware to this recycler guy. I made the mistake of starting a conversation with him to be friendly and he told me alll about the supercomputer cluster he is building in his basement. Why do you have to be like this? He has a hobby that involves a bunch of hardware he's been able to scrounge up. Sure it's not really anything productive, but you can learn a whole lot from tinkering like that, and it's better than drinking beer and beating your wife. Wear your mask, Bob. Make sure you sharpie "I'm an idiot, don't talk to me" on it first.
|
|
#
?
Apr 23, 2021 11:45
|
|
|
Wibla posted:Why do you have to be like this? He has a hobby that involves a bunch of hardware he's been able to scrounge up. Sure it's not really anything productive, but you can learn a whole lot from tinkering like that, and it's better than drinking beer and beating your wife. Be like what? I didn't insult him. He's just one of those people that will latch on and talk to you forever. Sorry, I'll send him over to you to talk about it for an hour next time.
|
|
#
?
Apr 23, 2021 13:02
|
|
|
Bob Morales posted:Be like what? I didn't insult him. He's just one of those people that will latch on and talk to you forever. Sorry, I'll send him over to you to talk about it for an hour next time. That honestly sounds like a pretty fascinating conversation. People are at their best when you ask them about a subject they're passionate about.
|
|
#
?
Apr 23, 2021 14:09
|
|
|
Or it’s insanely annoying rambling from a professional scrounger
|
|
|
#
?
Apr 23, 2021 14:15
|
|
|
Sickening posted:I sometimes despise the Infosec side of our industry because it doesn't understand how to evaluate talent. Your average infosec grognard middle manager is going to look at a resume and only measure a candidate by its infosec experience with an infosec title. They don't probably respect the infrastructure and other ops experience a candidate can bring to an infosec position. This is how you end up with infosec folks with decades of experience, but little to no functional skillsets. Its a broken cycle of sadness. I've only been in a dedicated infosec role for like 6 months now, but this mindset really shocked me. I work with a mix of people who have dev or infrastructure backgrounds and some others that have worked exclusively in security. By far our best infosec employees have some sort of "real world" experience. The people who have just worked in security roles are OK, they're really good at malware analysis or at running some niche security tools but have no experience or insight beyond that. A question will come up about secure design of some system and they'll just have a blank look on their faces, totally unable to even have a discussion on it beyond the most vague "make sure its fully patched" type of statements. It sucks, because when you have to reach out to someone who works in networking or a developer you have to earn their trust or at least be able to explain why you are coming to them with whatever security problem you're dealing with, and that you can read beyond whatever alert your security tools just generated for you and actually understand the underlying issue that triggered the alert. Mostly I guess I just hate the one guy I work with who got his OSCP and is beyond useless. He just does a really good job talking himself up to the bigwigs and impressing them with his simple NMAP scans. Really glad we're paying that guy $150K a year to impress the suits...
|
|
#
?
Apr 23, 2021 14:21
|
|
|
i am a moron posted:Or it’s insanely annoying rambling from a professional scrounger Also sounded like he was 100% full of poo poo. Harvesting processors and stuff. "Oh man that sounds crazy, it'll be probably awesome when you get it going!"
|
|
#
?
Apr 23, 2021 14:32
|
|
|
BaseballPCHiker posted:Mostly I guess I just hate the one guy I work with who got his OSCP and is beyond useless. He just does a really good job talking himself up to the bigwigs and impressing them with his simple NMAP scans. Really glad we're paying that guy $150K a year to impress the suits...
|
|
#
?
Apr 23, 2021 14:33
|
|
|
This may be a shocking revelation, but Windows 10 cannot update itself when running from a 100GB SSD. That's 100GB, not 1000.
|
|
#
?
Apr 23, 2021 14:40
|
|
|
Honestly though windows has really high storage minimum requirements. A Windows 2012 R2 server supposedly requires 50GB to install which is pretty absurd IMO.
|
|
#
?
Apr 23, 2021 14:57
|
|
|
Those candy crust assets are ENORMOUS.
|
|
#
?
Apr 23, 2021 14:59
|
|
|
Reminds me of the days where a lot people made 20GB or 40GB C: partitions on Windows servers
|
|
#
?
Apr 23, 2021 15:06
|
|
|
Dell was really bad about that
|
|
#
?
Apr 23, 2021 15:13
|
|
|
I don't think 50 gig is alot when game patches are larger nowadays.
|
|
#
?
Apr 23, 2021 15:16
|
|
|
Thankfully the solution was to just clone the SSD over to a 512GB SSD and then expand the volume.
|
|
#
?
Apr 23, 2021 15:25
|
|
Bob Morales posted:Reminds me of the days where a lot people made 20GB or 40GB C: partitions on Windows servers Don’t come at me like this I was trying to provision small web servers using core how would I know windows update is insane 
|
|
|
#
?
Apr 23, 2021 16:28
|
|
|
 update Had a fantastic interview with the team earlier this week. I am now  my gmail hoping to see an offer letter come in. It's small shop (less than 50 people) so is it typical to expect a reply within 48 hours? Should I follow up on Monday if I don't hear today?Can you tell I don't interview often?
|
|
#
?
Apr 23, 2021 16:29
|
|
|
It’s always a crapshoot, if you feel it went well I don’t think there’s any harm in following up two days later. Anymore I just don’t ask and put it out of my mind til I see an offer
|
|
|
#
?
Apr 23, 2021 16:30
|
|
|
The Fool posted:Dell was really bad about that Yeah this was Dell's default configuration for a long time after it started to become a problem. I'm pretty sure I had to go out of my way when ordering 2012R2 era servers to get a sane partition scheme
|
|
#
?
Apr 23, 2021 19:10
|
|
|
|
| # ? May 23, 2024 20:20 |
|
|
Bonzo posted:
Every time I post about this, they call me. Pay is only slightly more but no more weekends, no more rotating holidays, no more Pager Duty, no more night shifts, and a VERY strict 9-5 policy. WFH but will be back in office when things settle. The office is a 10 minute walk from my house so not a big deal. I'll gladly take it Bonzo fucked around with this message at 20:59 on Apr 23, 2021 |
|
#
?
Apr 23, 2021 20:57
|
|