|
.local AD domains will still be common in 2025, and finally on their way out in 2030. Azure AD is good, but it's nowhere near replacing actual Active Directory*. Even AADDS is a dumb kludge solution. *in the hundreds of thousands of small businesses that depend on business apps last updated in 2009 because the support contract lapsed and now the original vendor is out of business but GOD HELP YOU if you propose modernizing business processes. eta: it's a lovely snipe because it's true.
|
#
?
Dec 8, 2021 06:40
|
|
|
|
| # ? May 28, 2024 09:23 |
|
|
Azure AD is getting closer. They just figured out Kerberos for Azure AD and it looks pretty cool.
|
|
#
?
Dec 8, 2021 06:46
|
|
|
jaegerx posted:Santa is making a list and checking it twice and three times in this thread, none of you are getting Christmas bonuses. I rebuilt my home server and am using service.lan.vanity.com as a pattern I set up nginx reverse proxy and pull le certs for all of the domains other fun things: the nginx.conf is generated from a template that takes values from docker-compose.yml GitHub actions is setup to push the configuration files to my server and run ansible when a change to the configuration is pushed to the repo
|
|
#
?
Dec 8, 2021 06:48
|
|
|
The Fool posted:I rebuilt my home server and am using service.lan.vanity.com as a pattern Santa is getting a semi right now
|
|
#
?
Dec 8, 2021 06:52
|
|
|
Internet Explorer posted:. local and .internal were "best practices" for so long. We are all going to be dealing with that poo poo until the day we die. I'm not sure we'll ever pry them out at work, and I certainly don't trust the people currently running things to make work if they try. I can't even trust them to make internal certs properly.
|
|
#
?
Dec 8, 2021 07:02
|
|
|
My crazy ciso job is so painless now. I am going to burn up all that goodwill by going on a content filtering blocking spree. Slack and everything else shadow IT I could find. As if millions of voices cried out in terror, and suddenly silenced. I look forward to hearing tomorrow about why someone needs to check their yahoo email on their work laptop.
|
|
#
?
Dec 8, 2021 07:05
|
|
|
Sickening posted:My crazy ciso job is so painless now. I am going to burn up all that goodwill by going on a content filtering blocking spree. Slack and everything else shadow IT I could find. As if millions of voices cried out in terror, and suddenly silenced. truly in the end we learned, sickening was the crazy ciso after all.
|
|
#
?
Dec 8, 2021 07:18
|
|
|
the twists and turns in sickenings story was amazing
|
|
#
?
Dec 8, 2021 07:19
|
|
|
I emailed my boss with a question and he IMd me back to say let me ring you and talk it through in 8 minutes. My old boss used to take days to reply, if at all for anything, unless it was something specifically high profile that the c levels had interest in I've come to the realisation I'm now hesitating to contact my boss because I'm like "I don't want to bother you with relatively trival issues and then not get a reply and be stuck" But new boss is like "nope you are new I expect this sort of thing" It's weird having a helpful boss For clarity my old boss was nice just way too busy but I think it has caused me to not have normal expectations around how much to bother my boss haha. I'm used to being 99.9% autonomous, this is so strange
|
|
#
?
Dec 8, 2021 11:28
|
|
|
Sickening posted:My crazy ciso job is so painless now. I am going to burn up all that goodwill by going on a content filtering blocking spree. Slack and everything else shadow IT I could find. As if millions of voices cried out in terror, and suddenly silenced. I want so badly to do this at my job. Current gig up until 4 years ago?!? actually had it written in their AUP that you could use your work laptop as a personal machine as a "fun" little "perk" for staff. They just finally removed that from the AUP but its still very much in the company ethos that its fine to use your work laptop for whatever. So much poo poo to fix here, thats low on my list, and a battle I dont want to fight yet.
|
|
#
?
Dec 8, 2021 12:18
|
|
|
Anyone ever work for a startup? A recruiter reached out to me about one that is rather new but seems to be gaining popularity and secured a bunch of funding. The first sentence he said to me was "Hey egghead, I have a KICKASS opportunity for you". What a weird intro.
|
|
#
?
Dec 8, 2021 15:22
|
|
|
cage-free egghead posted:Anyone ever work for a startup? A recruiter reached out to me about one that is rather new but seems to be gaining popularity and secured a bunch of funding. The first sentence he said to me was "Hey egghead, I have a KICKASS opportunity for you". What a weird intro. I've got a line on a startup that's gone from 4 to 104 people in the span of 7 months. Which seems insane to me. Fintech!
|
|
#
?
Dec 8, 2021 15:24
|
|
Cat Army
|
cage-free egghead posted:Anyone ever work for a startup? A recruiter reached out to me about one that is rather new but seems to be gaining popularity and secured a bunch of funding. The first sentence he said to me was "Hey egghead, I have a KICKASS opportunity for you". What a weird intro. It can be challenging, rewarding work. It can also be a colossal clusterfuck of mismanagement, bad direction, and ego. Either way, you need to be comfortable with risk: the next round of funding might not come or you might be sold to a competitor before you get your stock options. Also- decide why you are doing this. Are you in it for the sweet, sweet promise of IPO wealth? Is this just a salary gig and you are a mercenary? Do you believe in the product and are willing to put in 80-hour weeks on a passion project? Is this an opportunity for skill growth? The answers to these questions define how you will live in this environment and it’s impact on your personal life. I’ve worked at great startups and not so great startups. And in 33 years of IT work I’ve hit it big exactly once on stock and also have a portfolio littered with the worthless wreckage of failed gigs. YMMV
|
|
#
?
Dec 8, 2021 16:46
|
|
|
cage-free egghead posted:Anyone ever work for a startup? A recruiter reached out to me about one that is rather new but seems to be gaining popularity and secured a bunch of funding. The first sentence he said to me was "Hey egghead, I have a KICKASS opportunity for you". What a weird intro. At one right now - very much YMMV, but I am glad for how fast my career has taken off and have even hit it big on equity payout If you go through with the interview, grill them hard about hustle culture, wlb, profitability/runways
|
|
#
?
Dec 8, 2021 16:51
|
|
|
I got to go in a classroom yesterday and in seriousness tell a room full of college students that the Internet was broken on the East Coast. This AWS issue also caused a bunch of exams to get canceled since they were administered using an application that uses the AWS service. Turns out the university I work at has no plan on what to do if an exam has to get canceled and it was basically "talk to your department chair". In other news, I'm about 4 years of part time classes away from getting my bachelor's degree. Just chipping away at this thing every semester seems like the best way to do it and balance a full time job. My pay in the public sector may not be good, but I got state pension and excellent benefits so I don't see myself moving on from this position any time soon.
|
|
#
?
Dec 8, 2021 16:56
|
|
|
air- posted:At one right now - very much YMMV, but I am glad for how fast my career has taken off and have even hit it big on equity payout If there's one thing I've been good at in interviews it's been really selling my personality and social skills and really trying to dig into company culture. I honestly think that those have been a more important asset to get jobs than my skills or education has been. But this thread and others have taught me too the importance on really trying to find a company that tries to take care of its employees or doesn't expect the world out of people. I've lucked out with the last few as I've had excellent managers who fought back against their higher ups to take care of the underlings. And working for a startup sounds just like my luck at these last few jobs, basically having had the rug pulled out from under me and being let go on a whim. Also have been asked NOT to work over 40 not because of overtime but for the sake of our personal lives. Honestly don't think I could ever do a job that was any more than that.
|
|
#
?
Dec 8, 2021 17:14
|
|
|
cage-free egghead posted:If there's one thing I've been good at in interviews it's been really selling my personality and social skills and really trying to dig into company culture. I honestly think that those have been a more important asset to get jobs than my skills or education has been. Yep it's super important to suss out those red flags asap! This just happened a week ago: recruiter at a series B cybersecurity startup pinged me and comp etc seemed fine. Set up an initial meeting and ask the usual questions about what's the interview/hiring process like etc - they have no clue how many rounds the interview process will be nor what will actually happen on the interviews for the role because "they're still in the early stages of talking to candidates"  Uhhhh why the hell did you even start talking to applicants? Backed outta that SO fast
|
|
#
?
Dec 8, 2021 17:20
|
|
|
Company I work for is getting an uptick in bad social media presence and our marketing guy is trying to stem the tide of potential websites created to trash us by wanting me to buy domains and squatting in them. “corpsucks.com” “corpblows.com” Etc Like I get the sentiment but there are so so so many permutations that if I were putting in the effort to make an anti business and “corpsucks.com” wasn’t available I’d simply move on to .net, .co, .wtf and so on. Just lol at this request.
|
|
#
?
Dec 8, 2021 17:25
|
|
|
George H.W. oval office posted:Company I work for is getting an uptick in bad social media presence and our marketing guy is trying to stem the tide of potential websites created to trash us by wanting me to buy domains and squatting in them. We have a 3rd party service that suggests available domain names that could be used as spoofing against us or out customers, and then buys them for us. We own about 200+ domain names that fit this category.
|
|
#
?
Dec 8, 2021 17:30
|
|
|
Sickening posted:We have a 3rd party service that suggests available domain names that could be used as spoofing against us or out customers, and then buys them for us. We own about 200+ domain names that fit this category. Who is this service? I’d rather someone else do it if I’m being asked to go down this route
|
|
#
?
Dec 8, 2021 17:33
|
|
|
Vargatron posted:I got to go in a classroom yesterday and in seriousness tell a room full of college students that the Internet was broken on the East Coast. This AWS issue also caused a bunch of exams to get canceled since they were administered using an application that uses the AWS service. D2L? For folks looking for more Cloud "homework" check out this DevOps exercise. https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS
|
|
#
?
Dec 8, 2021 17:51
|
|
|
All of our cloud PoCs got shitcanned today, so any hope of interesting work coming my way in the future just went out the window. Guess I'm polishing the ol' resume after my christmas holiday.
|
|
#
?
Dec 8, 2021 18:02
|
|
|
Bonzo posted:D2L? Canvas and Blackboard.
|
|
#
?
Dec 8, 2021 18:10
|
|
|
Bonzo posted:For folks looking for more Cloud "homework" check out this DevOps exercise. https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS This looks great at first glance
|
|
#
?
Dec 8, 2021 18:19
|
|
|
Sprechensiesexy posted:All of our cloud PoCs got shitcanned today, so any hope of interesting work coming my way in the future just went out the window. Guess I'm polishing the ol' resume after my christmas holiday. Any rationale? I am curious about any enterprise refusing to move away from on-prem in any capacity right now. While I'm posting, is anyone bored enough to help me understand the .local cert business you all have been talking about? I haven't been involved in generating or configuring certificates beyond very basic dropdown -> select .cert file for various software. I need to do more reading to understand SSL at a deeper level anyway :-/ since I don't really get what you all are mentioning yet.
|
|
#
?
Dec 8, 2021 18:20
|
|
|
I assume it’s a knee-jerk reaction to yesterdays outage.
|
|
#
?
Dec 8, 2021 18:37
|
|
|
Vargatron posted:Canvas and Blackboard. Aleks had problems too, which messed up my wife’s math final. The Fool fucked around with this message at 18:41 on Dec 8, 2021 |
|
#
?
Dec 8, 2021 18:38
|
|
|
Inner Light posted:Any rationale? I am curious about any enterprise refusing to move away from on-prem in any capacity right now. I'd like to introduce you to my friend, the middle east region
|
|
#
?
Dec 8, 2021 18:38
|
|
|
All computer systems come with a “Trust Store” that holds copies of the root level public certificate of preselected organizations that have negotiated with OS providers and in the case of Firefox, browsers so that they are trusted to issue certificates. Nominally they all have to agree to some standards around what they will and won’t issue; and how they verify ownership of a domain prior to issuing. These root level certificates then sign intermediate certificates who agree to their rules who in turn are the first level at which a regular person can get a signed certificate. Often times the cheaper the cert the further down it goes the trust chain, which can make it more finicky to deal with. If your familiar with NTP think of it like stratum 1 vs like 5; if your super important you might get access to further up the chain, but most of the time you are several chains down. Now when you buy butt.com you have to then prove to one of the SSL providers you own that cert and to issue it to you. You can get wildcard ssl certs that cover *.butt.com and that will work for https://www.butt.com or inthe.butt.com but not in.the.butt.com or butt.com You also can’t buy butt.local; because you can’t prove you own it because you don’t. .local is just a reserved name like 10.0.0.0/8 that folks can use however they want. So therefor if you want to have an ssl cert for butt.local you can set up your own root certificate and issue your own certs for that as well as https://www.butt.com. The issue is that browsers and OSes aren’t gonna trust it, so getting that root certificate in everywhere is a pain in the rear end as there are all kinds of places it needs to be inserted and makes it way more complex.
|
|
#
?
Dec 8, 2021 18:40
|
|
|
Sickening posted:My crazy ciso job is so painless now. I am going to burn up all that goodwill by going on a content filtering blocking spree. Slack and everything else shadow IT I could find. As if millions of voices cried out in terror, and suddenly silenced. I think I missed the post where you got the CISO job???? skipdogg posted:Azure AD is getting closer. They just figured out Kerberos for Azure AD and it looks pretty cool. Microsoft is one step closer to curing...17 stab wounds to the back. incoherent fucked around with this message at 18:55 on Dec 8, 2021 |
|
#
?
Dec 8, 2021 18:52
|
|
|
I think they mean the job with the crazy CISO Well, past tense now, but whatever.
|
|
#
?
Dec 8, 2021 18:53
|
|
|
incoherent posted:I think I missed the post where you got the CISO job???? Past tense, yeah
|
|
#
?
Dec 8, 2021 18:55
|
|
|
The Fool posted:Aleks had problems too, which messed up my wife’s math final. of course I was able to successfully complete my programming final at 8:00AM before all this AWS mess started haha
|
|
#
?
Dec 8, 2021 19:02
|
|
|
Sickening posted:We have a 3rd party service that suggests available domain names that could be used as spoofing against us or out customers, and then buys them for us. We own about 200+ domain names that fit this category. Same, there's a few players in this space and it's worth it. Especially if you can enforce that "all domain purchases go through $vendor" so you don't have marketing people purchasing domains on random Godaddy accounts.
|
|
#
?
Dec 8, 2021 19:08
|
|
|
I would just buy [company]sucks.com and make it primary domain.
|
|
#
?
Dec 8, 2021 19:30
|
|
|
I have an issue where one department is running AV scans on an SMB server where documents are hosted. There's a 3rd party app that scans all sub folders for document metadata and users report slowness opening. Disabling AV makes the issue go away. . One department head wants to disable the AV scans and depend on the users local AV client to catch any malicious activity. I say they need to live with the performance hit, they say user's PC protection should be enough. I would love to hear the group's thoughts on this.
|
|
#
?
Dec 8, 2021 19:34
|
|
|
[company]atemyballs.com
|
|
#
?
Dec 8, 2021 19:55
|
|
|
Isn't the SMB share on a server that's running anti-virus already?. Any moden AV will scan the file in real time on open and should block the connection if it detects anything bad before it's even open.
|
|
#
?
Dec 8, 2021 19:57
|
|
|
Bonzo posted:I have an issue where one department is running AV scans on an SMB server where documents are hosted. There's a 3rd party app that scans all sub folders for document metadata and users report slowness opening. Disabling AV makes the issue go away. . One department head wants to disable the AV scans and depend on the users local AV client to catch any malicious activity. Can you stagger the scans or is it viable to create exceptions
|
|
#
?
Dec 8, 2021 19:58
|
|
|
|
| # ? May 28, 2024 09:23 |
|
|
I read it that way at first, but it sounds like there's AV scanning a file server and it's causing issues with another application. I didn't think it could be a problem in 2021, is the server massively under resourced or something? What are the disk queues getting to when the problems are being reported?
|
|
#
?
Dec 8, 2021 20:00
|
|