|
If you ever get it, make sure to lock down access to it. We had a spearphishing attack on our CEO get through because it came from an Amazon SES email address and someone had whitelisted all Amazon domain emails. E: I had an interview today but I feel weird talking about it because it was at a company a goon works at and the goon was one of the people I interviewed with so let's just hope it goes well.
|
# ? Nov 12, 2021 01:15 |
|
|
# ? May 20, 2024 07:32 |
|
22 Eargesplitten posted:If you ever get it, make sure to lock down access to it. We had a spearphishing attack on our CEO get through because it came from an Amazon SES email address and someone had whitelisted all Amazon domain emails. Yeah thats pretty dumb. Not only because SES is such a common sender now but because if you're big enough to afford Mimecast you really ought to have some special C-level mail flows in place to counteract that sort of thing.
|
# ? Nov 12, 2021 01:43 |
|
cage-free egghead posted:So I just got into an argument with a coworker because I told them at a past job there was an unspoken expectation of working through lunch of after hours. As I was explaining it they just kept asking, "Yeah but what if this... or what if a coworker needed you.... We're a team so...". We have a dedicated person on-call so unless I'm that person I'm not looking at any work stuff once I leave for the day lol. The boss I have now would definitely comp time or money for any work we do extra but I forgot just how much people drink the koolaid. They're much later in their professional careers and have been with the company for over 10 years so maybe it's just an older mentality people have... Nah, I almost guarantee I'm older than you and it is not an "older mentality" I am definitely of the gently caress You Pay Me school of thought. Hell, I just worked almost 9 hours straight on a security incident earlier this week (started 3 hours into my day), and the first thing my boss said after the dust settled was "I do not expect you to sign in tomorrow". I have no problem trading 4 or 5 stress filled extra hours with a full comp day (which I could have taken anytime, honestly). I've also told people to go pound sand when expecting me to go above and beyond without any reciprocity like bonus pay or comp time.
|
# ? Nov 12, 2021 01:45 |
|
BaseballPCHiker posted:I got a chance to demo Mimecast and man oh man do I wish my company could afford it. Seems SO much better than IronPort or ProofPoint. It's quite good. Try to afford it.
|
# ? Nov 12, 2021 01:48 |
|
BaseballPCHiker posted:Yeah thats pretty dumb. Not only because SES is such a common sender now but because if you're big enough to afford Mimecast you really ought to have some special C-level mail flows in place to counteract that sort of thing. It's a MSP, we would much rather spend money on technology we can brag to customers about than staff to make that technology work right.
|
# ? Nov 12, 2021 01:52 |
|
Internet Explorer posted:It's quite good. Try to afford it. It is nice. They just showed us a new product add-on called cybergraph which also seems like an awesome product so I gotta try to convince management to get that as well.
|
# ? Nov 12, 2021 01:56 |
|
Spring Heeled Jack posted:It is nice. They just showed us a new product add-on called cybergraph which also seems like an awesome product so I gotta try to convince management to get that as well. Was that the thing that has dynamic HTML banners that are like an improved "external sender" warning? Because that was slick as hell and of you factored in the cost for our SOC effort chasing down malware delivered by email where staff ignored the initial banner totally worth it.
|
# ? Nov 12, 2021 02:29 |
|
I used Mimecast for years and it was effective, but a pain in the rear end to set up and administer. That said I would like to switch back to it from what my current workplace has.
|
# ? Nov 12, 2021 02:41 |
|
Back like 8 years ago when I admined an email server we had mimecast and it proved all it's worth when someone in the org got chosen for a ddos email attack. It would have melted our on prem email server, but a quick interface with support had it all blocked at the mimecast perimeter in like 10 minutes.
|
# ? Nov 12, 2021 03:09 |
|
Some dumbass here (in the past) whitelisted our domain name in the spam filter
|
# ? Nov 12, 2021 04:12 |
|
22 Eargesplitten posted:If you ever get it, make sure to lock down access to it. We had a spearphishing attack on our CEO get through because it came from an Amazon SES email address and someone had whitelisted all Amazon domain emails. You are willing to work with a goon? Does he post in this thread? Do we know him?
|
# ? Nov 12, 2021 04:40 |
|
it me, im the job fairy goon
|
# ? Nov 12, 2021 05:06 |
|
Boba Pearl posted:it me, im the job fairy goon Sprinkle your magic dust on the thread
|
# ? Nov 12, 2021 05:32 |
|
BaseballPCHiker posted:Was that the thing that has dynamic HTML banners that are like an improved "external sender" warning? Because that was slick as hell and of you factored in the cost for our SOC effort chasing down malware delivered by email where staff ignored the initial banner totally worth it. Hell yeah it is. We do the standard transport rule warning on external emails but this is next level. I can think of a handful of issues we had recently from spammers using display names of internal users where this would have flagged them right away.
|
# ? Nov 12, 2021 06:02 |
|
i've crashed my esxi box 5 times tonight, that's how my night is going.
|
# ? Nov 12, 2021 11:00 |
|
pretty cool you got esxi running on a Tesla
|
# ? Nov 12, 2021 11:13 |
|
jaegerx posted:Sprinkle your magic dust on the thread and then you both get to post the emoji
|
# ? Nov 12, 2021 11:37 |
|
My Crazy CISO logged into today, snooped around in Azure, saw a vm attached to a NSG she didnt' understand... and just deleting the production VM. She felt it was "exposed". If she would have talked to anyone , any loving person who touches azure in our environment, she would have known the NSG was perfect and at the worst, modifying it would have cut it off from everything so that she could reassess.
|
# ? Nov 12, 2021 19:00 |
|
Should have had some tags like "ASK SOMEONE DONT TOUCH"
|
# ? Nov 12, 2021 19:17 |
|
Amazing
|
# ? Nov 12, 2021 19:17 |
|
Did you not get the memo about the only safe vm being a terminated vm?
|
# ? Nov 12, 2021 19:21 |
|
I have a lengthy and pointless question for the chat, if there's a better place to ask this then I will. I've been getting into studying the linux kernel recently, and would someone be able to help point me to some resources going into detail of how keystrokes on a keyboard trigger a software or hardware interrupts? I'm a bit confused, which I think is largely a fault of not fully understanding the USB or HID specifications (or how drivers work for that matter), but the standards are hundreds and hundreds of pages long and I'm hoping someone here can help. Context is that I'm writing up the "bestest answer ever" to "what happens when I go to google.com" and I want to broaden my understanding of the physical layer. Let's assume we're talking about the mechanics of what occurs when you press the enter button (0xD/VK_RETURN) on a USB keyboard, on a single processor x64 machine running a web browser. The broad dataflow is: Keyboard -> Motherboard -> CPU -> Kernel -> X Server -> Application. https://unix.stackexchange.com/questions/116629/how-do-keyboard-input-and-text-output-work First things first, when you press a key an internal circuit completes and triggers a small amount of current in the keyboard's circuitry, which scans the state of each keyswitch, ultimately interpreting a keycode integer which is a common constant indicating which key, along with any modifier keys, was pressed. We store this scancode in a register local to the keyboard circuitry. For USB devices, my understanding is that the USB controller polls (per https://github.com/alex/what-happens-when#the-enter-key-bottoms-out) those keyboard registers every X ms to get the scancode (incorrectly referred to as the keycode in many pieces of documentation). It then sends the data to the USB Serial Interface Engine, which packages the scancode into a USB packet. We then send it (back??) to the USB controller, which then gets decoded by the HID driver. At this point, we have an HID event, which needs to get sent to either the input subsystem or the hiddev interface for regular events or power/monitor events respectively (https://www.kernel.org/doc/html/latest/hid/hiddev.html#introduction). We send this to the input subsystem by transmitting along the motherboard, presumably over PCI-e, to the CPU's interrupt controller. The interrupt controller triggers an interrupt pin on the processor. The CPU enters Kernel Mode, requests an interrupt number from the interrupt controller, uses that number as an offset into the Interrupt Descriptor Table Register (IDTR), which has the address in memory of a routine to handle that specific interrupt. This is where things get a little fuzzy for me. - What is the relationship between the USB Serial Interface Engine and the USB controller? - What does the interrupt routine handler in the IDTR actually do? How is that routine provided? --- I assume this is what records the scancode, and then the signals that there is data to be read from `/dev/input/eventXXX` --- Is this how we go from the hardware interrupt to communicating with the software device controllers? In software: At this point, we have an HID event that's been provided to the kernel containing a scan code. We convert this to a keycode by referencing a mapping table in the kernel (https://wiki.archlinux.org/title/map_scancodes_to_keycodes). The "input layer" maps the scan code (physical key position) to a keycode (literal key value, respects diff keyboard formats), and provides the result of that computation (the keycode) to `/dev/input/event*` (https://unix.stackexchange.com/questions/545274/how-does-a-keyboard-press-get-processed-in-the-linux-kernel). There are a number of different devices in that path created by device drivers (like usbhid). These may or may not exactly correspond to 1 mouse or 1 keyboard each because the X Org server does muxing of the input so applications don't need to know the difference between moving your mouse via the mouse, trackpad, or keyboard (https://unix.stackexchange.com/questions/340430/dev-input-what-exactly-is-this). X Server will open these device files and do I/O through them, reading events, and mapping them to a secondary set of keyboard layout tables to compute a key symbol (keysym). To do this, it uses the generic `evdev` handler (https://www.kernel.org/doc/Documentation/input/input.txt ref 3.2.4). User Applications connect as a client to the X server, and receive a notification when a key is pressed while a window of that application is in focus. Thus, the. X server ultimately sending a message to the `X client` application containing the key symbol. What the app does with that message is up to the application, some have hotkeys, others will just transpose the keysym as a string or char into the field in focus. Some questions: - What is the input layer in the above paragraph? Is it the combination of the hiddev interface, the usbhid driver, and the evdev handler? (https://www.kernel.org/doc/Documentation/input/input.txt) - I see precisely one reference to xorg server muxing inputs in the above stackexchange answer, and precisely nowhere else on the internet except in the context of multiplexing displays. is this actually something that's used? - When we refer to the "input layer" or "hardware abstraction layer", I believe that when we're referring to the "input layer" above, we are referring to the combination of device drivers and event handlers. Device drivers produce events, event handlers distribute the events from the device to the kernel, or userspace. The usbhid driver makes use of the HID input device interface (hiddev) described here: https://www.kernel.org/doc/html/latest/hid/hiddev.html#introduction --- Is this understanding correct? - How does communication on USB devices differ from communication of arbitrary I/O devices as describe here: https://linux-kernel-labs.github.io/refs/heads/master/labs/interrupts.html ? In this document, we discuss mapping I/O ports to physical memory addresses so the processor can communicate with the device, through instructions that work directly with the memory. We control these peripheral devices by reading and writing registers, which can be accessed through specific memory address space/IO address space (i.e. to regions of physical memory or on-keyboard memory). --- Is the above process of IO ports/busses, addresses, and interrupt events implemented by the USB controller polling the keyboard registers? I can see here: https://www.pearsonitcertification.com/articles/article.aspx?p=1681059 that the USB ports in the computer use a single interrupt request (IRQ) and a single IO port address. The interrupt request is what gets the CPU's attention, and the IO port address represents the range of circuits used by the CPU to actually read or write data. tl;dr help me understand how hardware events get turned into software events get turned into a string or char in my application containing the value I intended to press. The Iron Rose fucked around with this message at 20:19 on Nov 12, 2021 |
# ? Nov 12, 2021 19:35 |
|
Blinkz0rz posted:I'm not sure why folks sit and wait with bated breath for others to continue and/or finish their question. I mean i know that, I just am now waiting for a followup when I wouldn't have to "wait" if they'd have just opened with it. Or at least, have it ready after you send hello! They can type all they want before they message me. After they message me I just want them out of my hair.
|
# ? Nov 12, 2021 19:44 |
|
The Iron Rose posted:tl;dr help me understand how hardware events get turned into software events get turned into a string or char in my application containing the value I intended to press. I have no idea but this is something I've never thought to wonder about, and now you've made me curious too!
|
# ? Nov 12, 2021 20:50 |
|
Does anyone else do fun alert messages on your monitoring? At the end of the day the alert still tells me what I need to know but it does start off “Shitter's Full: AWS Disk Full (AWS VM Disk > 90%)” and I can’t help but smirk every time it comes across.
|
# ? Nov 12, 2021 21:03 |
|
George H.W. oval office posted:Does anyone else do fun alert messages on your monitoring? At the end of the day the alert still tells me what I need to know but it does start off “Shitter's Full: AWS Disk Full (AWS VM Disk > 90%)” and I can’t help but smirk every time it comes across. Gotten in trouble too many times for making messages like that
|
# ? Nov 12, 2021 21:05 |
|
The Iron Rose posted:
I seem to recall a website somewhere documenting a huge project where people could contribute their knowledge to this very question. It was very thorough: like hardware people were contributing information about interrupts, OS people were contributing, networking people were contributing, monitor manufacturers were contributing, etc. I recall it being a really really cool read and very in-depth. I wonder if I can dig it up somewhere. edit: No. I wasn't joking, and no I wasn't trying to be an rear end in a top hat. I was phone posting and legitimately wondering out loud of I recalled correctly that there was a web site dedicated to this very topic and also was wondering if I could find it. Iron Rose, I definitely did not mean any disrespect and I apologize if it came off that way! Agrikk fucked around with this message at 19:11 on Nov 13, 2021 |
# ? Nov 12, 2021 21:35 |
|
George H.W. oval office posted:Does anyone else do fun alert messages on your monitoring? At the end of the day the alert still tells me what I need to know but it does start off “Shitter's Full: AWS Disk Full (AWS VM Disk > 90%)” and I can’t help but smirk every time it comes across. It was a long time ago but at a NOC I worked in, our monitoring software allowed for custom sounds for alerts so we added this. https://www.youtube.com/watch?v=GtQpThwWQtQ&t=33s
|
# ? Nov 12, 2021 21:41 |
|
Agrikk posted:I seem to recall a website somewhere documenting a huge project where people could contribute their knowledge to this very question. It was very thorough: like hardware people were contributing information about interrupts, OS people were contributing, networking people were contributing, monitor manufacturers were contributing, etc. SA is less intimidating. still, next steps E: wait I'm now not sure if you're loving with me and referring to stackexchange or not The Iron Rose fucked around with this message at 21:46 on Nov 12, 2021 |
# ? Nov 12, 2021 21:42 |
|
The Iron Rose posted:E: wait I'm now not sure if you're loving with me and referring to stackexchange or not Ha maybe, but I seem to also recall something similar, in regards to the most over thorough explanation to the common interview question of "Tell me in detail what happens when you enter a search in Google?" and it going into like physics of the flow of electrons that result from pressing down a single key on a keyboard.
|
# ? Nov 12, 2021 23:08 |
|
BaseballPCHiker posted:Ha maybe, but I seem to also recall something similar, in regards to the most over thorough explanation to the common interview question of "Tell me in detail what happens when you enter a search in Google?" and it going into like physics of the flow of electrons that result from pressing down a single key on a keyboard. Yeah there’s this GitHub, but it hasn’t been updated in ages and doesn’t go nearly into the depth that I want. https://github.com/alex/what-happens-when. There’s also some inaccuracies. I intend on making a better and more comprehensive version.
|
# ? Nov 12, 2021 23:22 |
|
I was in the tech book section at a Border's bookshop underneath the WTC around 1999, got cornered by some old dude that wanted to know how the computer got data off the hard drive. Not like, you plug it in and the spinny thing sends data over the IDE bus to the processor. He wanted an explanation down to the electron level, like how electricity is used to get data to the screen. I just put on my dumb face and said "don't know, I'm here for a book on Perl." He looked unhappy there was no book to answer his questions.
|
# ? Nov 12, 2021 23:40 |
|
There’s no book because this question encompasses pretty much the sun total of all non-application-specific computer knowledge to date. Frankly I’ve always been curious to know how a mechanical action (a key press) results in an electronic reaction (a character appears on my screen). I’ve poked at it a few times but in the end and I left thinking “magic” was as good enough answer as any.
|
# ? Nov 13, 2021 00:29 |
|
George H.W. oval office posted:Does anyone else do fun alert messages on your monitoring? At the end of the day the alert still tells me what I need to know but it does start off “Shitter's Full: AWS Disk Full (AWS VM Disk > 90%)” and I can’t help but smirk every time it comes across. At $job-1 we had many alerts like that, but a bit more tame since pretty much anyone in the company could look up the ticket they spit data into. Only one I can remember was about an ACH file failing and it was called "NACHA gonna make this file" or something dumb. E: the above conversation is akin to asking "from metal in earth to finished product, how does my car get made". It's a sum of knowledge that few single individuals have.
|
# ? Nov 13, 2021 01:07 |
|
Agrikk posted:Frankly I’ve always been curious to know how a mechanical action (a key press) results in an electronic reaction (a character appears on my screen). I’ve poked at it a few times but in the end and I left thinking “magic” was as good enough answer as any. Electrical demons
|
# ? Nov 13, 2021 02:02 |
|
Agrikk posted:There’s no book because this question encompasses pretty much the sun total of all non-application-specific computer knowledge to date. isn’t it essentially pushing the key is completing a circuit that sends the electrical energy to the computer to interpret based on its specific energy?? idk.
|
# ? Nov 13, 2021 02:04 |
|
star eater posted:isn’t it essentially pushing the key is completing a circuit that sends the electrical energy to the computer to interpret based on its specific energy?? idk. Basically yeah. It’ll depend on the keyboard but you fluctuate the amount of voltage you send down the wire to represent 1s and 0s, and then once you have the binary data it’s off to the special purpose IO registers, then it gets handled by the IO controller (USB/Bluetooth/etc), then you register an interrupt to tell the CPU to read from the memory region allotted to the IO port corresponding to the IO device. Every IO stream will have both a data and address portion of memory to indicate what the data is and the address to which memory should be written or read from. Anyways, the device controller will set a kernel interrupt, and then from there the CPU will read from the registers in question with the highest priority and we start passing the data from the kernel by copying the data into user space memory regions through the kernel interrupt handler functions. I think I have that mostly right, phoneposting from memory! There may also be integrated logic boards, like scanning the state of all the keys in a keyboard to determine what selection of keys we’re depressing (or releasing) and then store that data in the register accessible to the CPU/IO controller. The Iron Rose fucked around with this message at 02:34 on Nov 13, 2021 |
# ? Nov 13, 2021 02:31 |
|
Computers are cool
|
# ? Nov 13, 2021 02:49 |
|
The Iron Rose posted:Basically yeah. It’ll depend on the keyboard but you fluctuate the amount of voltage you send down the wire to represent 1s and 0s, and then once you have the binary data it’s off to the special purpose IO registers, then it gets handled by the IO controller (USB/Bluetooth/etc), then you register an interrupt to tell the CPU to read from the memory region allotted to the IO port corresponding to the IO device. Every IO stream will have both a data and address portion of memory to indicate what the data is and the address to which memory should be written or read from. Anyways, the device controller will set a kernel interrupt, and then from there the CPU will read from the registers in question with the highest priority and we start passing the data from the kernel by copying the data into user space memory regions through the kernel interrupt handler functions. Now do N-key rollover
|
# ? Nov 13, 2021 02:57 |
|
|
# ? May 20, 2024 07:32 |
|
George H.W. oval office posted:Computers are cool We took sand and lightning and made a thinking machine. For all the good and bad that implies.
|
# ? Nov 13, 2021 02:58 |