|
Sickening posted:I guess bare chested is maybe an over exaggeration. But some chest hair is visible and some are loud and proud with it for laughs it seems. I think your approach is fine and good and correct. Just perhaps allow for us fragile womenfolk and our frail constitutions!
|
#
?
Dec 17, 2021 19:57
|
|
Cat Army 
|
|
| # ? May 24, 2024 03:16 |
|
|
One of the new VP's was giving people poo poo for not having Christmas decorations in the backgrounds of their Webex. I really wanted to unmute and be like "bitch I'm Jewish", but alas.
|
|
#
?
Dec 17, 2021 19:59
|
|
|
The Iron Rose posted:I think your approach is fine and good and correct. Just perhaps allow for us fragile womenfolk and our frail constitutions! Well, I don't think its so straightforward as that. I also don't want to assume someone is fragile because they are a certain gender. I also don't want to police necklines for any gender. Obviously telling people to not wear robes is fine , even if the entire topic is kind of pointless.
|
|
#
?
Dec 17, 2021 20:00
|
|
|
Sickening posted:Well, I don't think its so straightforward as that. I also don't want to assume someone is fragile because they are a certain gender. I also don't want to police necklines for any gender. I’m being more than a little facetious, in case that wasn’t clear. Bathrobe = fine if not the most professional thing bare chest = maybe put on a shirt Errant chest hair = impossibly arousing, take it away before I cheat on my husband and dishonour my father
|
|
#
?
Dec 17, 2021 20:02
|
|
|
How dare you discriminate against my absurdly hairy chest what if I want to wear a v neck!?
|
|
#
?
Dec 17, 2021 20:07
|
|
|
What's wrong with my V neck? https://www.aliexpress.com/item/32954173804.html
|
|
#
?
Dec 17, 2021 20:09
|
|
|
No chest hair, 1/10. Edit: real talk though I dress like Marc Rebillet while I work. It's up to you if you want me to turn my camera on or not. KillHour fucked around with this message at 20:11 on Dec 17, 2021 |
|
#
?
Dec 17, 2021 20:09
|
|
|
|
|
#
?
Dec 17, 2021 20:12
|
|
|
this should solve the problem https://www.amazon.com/Joyci-Fashion-Turtleneck-Collar-Winter/dp/B01MEFXXKY/ref=sr_1_11?keywords=turtleneck+dickies&qid=1639769863&sr=8-11
|
|
#
?
Dec 17, 2021 20:39
|
|
|
Bonzo posted:this should solve the problem Sickening you should buy this and wear it, and only it, to your next standup. Ideally in person so you can make direct eye contact with the robe-wearers, and dominate them with your sartorial prowess.
|
|
#
?
Dec 17, 2021 21:42
|
|
|
Bonzo posted:I'm actually getting used to working with and getting to know co-workers without even seeing their face. I've been working on one project with a Dev for 8 months and I've only seen his avatar. I feel like those of us who grew up with IRC has a leg up in the current WFH meta 
|
|
#
?
Dec 17, 2021 21:51
|
|
|
Sickening hopping on the call like
|
|
#
?
Dec 17, 2021 21:53
|
|
|
Who's going to be the first to show up to an all hands in the Borat mankini?
|
|
#
?
Dec 17, 2021 22:09
|
|
|
Wibla posted:I feel like those of us who grew up with IRC has a leg up in the current WFH meta Pretty much! Plus I can get ANYTHING delivered to my door now so this was the Internet that was promised to us in 1996.
|
|
#
?
Dec 17, 2021 22:11
|
|
|
Had our department party yesterday, a good chunk of people couldn’t attend because of a confirmed exposure. So they basically told us with 2 hours to go, “we gotta hit the $1400 minimum for the space rental, we are not condoning any behavior but uh, break out the bulleit already”
|
|
#
?
Dec 17, 2021 23:19
|
|
|
Bonzo posted:Pretty much! Plus I can get ANYTHING delivered to my door now so this was the Internet that was promised to us in 1996. gently caress yes. I got a 3070TI delivered a few hours ago 
|
|
#
?
Dec 17, 2021 23:49
|
|
|
I realized during my second morning meeting that one of my shirt buttons was undone and so I was giving off strong Tom Selleck vibes all through my first meeting.
|
|
#
?
Dec 18, 2021 00:38
|
|
|
|
|
#
?
Dec 18, 2021 00:43
|
|
|
Doesn’t astral know about blue/green deployments Maybe the forums have log4j.
|
|
#
?
Dec 18, 2021 01:43
|
|
|
If any of you hack the forums do not look at my dms to clam down.
|
|
#
?
Dec 18, 2021 02:00
|
|
|
Yes, everyone will be thrilled to see your hundreds of DM's with no response.
|
|
#
?
Dec 18, 2021 02:12
|
|
|
Log4j is a real bitch. That is all.
|
|
#
?
Dec 18, 2021 02:17
|
|
|
GreenNight posted:Yes, everyone will be thrilled to see your hundreds of DM's with no response. He's like a needy horny little puppy
|
|
#
?
Dec 18, 2021 03:47
|
|
|
Hahahaha. Oh man. Infra has kept telling us that they fixed all the Log4J vulns, despite not even having a complete list of all servers or the services on them. Qualys finally updated to be able to check for Log4J. loving 300 vulnerable Log4J versions found. The fact that Infra doesn't even know everything that we have drives me nuts. I've been asking them to figure out how to get a proper list of everything for a couple years, and only NOW are they going "you know, we should have all of this in a list somewhere..." YES YOU loving SHOULD. I want to know what we are running so I can have a script check each service for known CVEs so we can patch out all the existing crap that you guys have ignored!
|
|
#
?
Dec 18, 2021 09:07
|
|
|
It seems like you also had a need to know for all the things you described. Why don't you have the tools in place to know these things? Why is infra solely responsible?
|
|
#
?
Dec 18, 2021 09:20
|
|
|
Yeah, this is way more complex than "find the running service." What's your job if not to help Infra find the exploits? Certainly doesn't sound like patching them.
|
|
#
?
Dec 18, 2021 13:38
|
|
|
In our company, we (infra) are not responsible for what services are running on each machine. We will work with security to implement measures to run a whitelist, and install any agents they want to use for inventory management, and patch applications not owned by developers, but not dictate what can and can not be installed. We still had to take some time figuring out where all our log4shell stuff was hiding despite us having a better than normal way of managing instances. Some stuff like container registries and cloud native services isn't something you can just inventory without cloud vendor assistance Sepist fucked around with this message at 13:56 on Dec 18, 2021 |
|
#
?
Dec 18, 2021 13:54
|
|
|
We had a server for an hvac company get actively breached according to datto but despite this, the call from on high was to put our AV on it and hope it does its job until monday 
|
|
#
?
Dec 18, 2021 15:35
|
|
|
https://log4jmemes.com/
|
|
#
?
Dec 18, 2021 17:10
|
|
|
This one is getting bookmarked
|
|
#
?
Dec 18, 2021 18:07
|
|
|
chin up everything sucks posted:...despite not even having a complete list of all servers or the services on them. That org has bigger problems than log4j
|
|
#
?
Dec 18, 2021 19:10
|
|
|
My home PC has the vuln due to APC software. Boo.
|
|
#
?
Dec 18, 2021 19:19
|
|
|
Sickening posted:It seems like you also had a need to know for all the things you described. Why don't you have the tools in place to know these things? Why is infra solely responsible? InfoSec was only set up last year when we went public, and we have been scrambling just to get the company to pass all the audits and certifications that the company has been asked to have. This time last year, the InfoSec department was two people - we have just hired an additional 6 people in the past six month, but getting the tools and getting them integrated is taking us time. The reason that Infra is solely responsible is that they have held sole access to the server infrastructure until just recently, and we are still finding stuff that they "forgot" to give us access to.
|
|
#
?
Dec 18, 2021 21:01
|
|
|
So I found out a sale isn't coming, rather a full operations wind down. Who's been a part of one and did you negotiate anything to stay on?
|
|
#
?
Dec 18, 2021 21:06
|
|
|
Lol. No. Infosec can install their tools, we’ll open up the ports/service account access them as appropriate, but they aren’t getting domain admin/global admin/whatever. I have been tasked to clean out the elevated access groups prior to our soc2 type 2 renewal and I am pushing hard for infosec to lose their elevated access so only infra people have keys to the kingdom. There is no goddamn reason for them to have the access that they do when their job is to set policy, monitor systems for vulnerabilities, advise, and inform on best practices. They have enough tools to tell them what’s up; they don’t need domain admin to do any more investigation that shouldn’t already involve infra in the first place.
|
|
#
?
Dec 18, 2021 21:09
|
|
|
hot take it shouldn’t matter who has admin or not because nobody except your CI/CD platform should have write access to a drat thing break glass accounts, sure. But if you’re in infra eng and are making changes by hand it’s a sign you gotta automate more
|
|
#
?
Dec 18, 2021 21:39
|
|
|
The Iron Rose posted:hot take it shouldn’t matter who has admin or not because nobody except your CI/CD platform should have write access to a drat thing I agree with this. I'm not asking for admin into these accounts, read-only is fine. We just need some way to know what the hell we are trying to protect.
|
|
#
?
Dec 18, 2021 21:42
|
|
|
I would like to cordially invite you to conservative industries/companies who are deathly afraid of any kind of automation and see how far your CI/CD pipeline reaches. Narrator: The pipeline and the engineer who proposed it died of alcohol poisoning in a nearby bar
|
|
#
?
Dec 18, 2021 21:52
|
|
|
incoherent posted:So I found out a sale isn't coming, rather a full operations wind down. Who's been a part of one and did you negotiate anything to stay on? Not quite a full wind down, but here's my story: PE-owned company made a few acquisitions, and my company was one. A few years later they had a consulting group tell them a bunch of competing platforms was bad from a business efficiency standpoint, so our campus was shut down and division consolidated. They offered $5k to stick around something like 18 months and $10k to relocate. I felt that if they had already budgeted $10k for key people, I had a pretty good chance at $10k just for sticking around. Here's how it played out: "Hello my new VP, my campus is getting closed down and you need me to put in an awful lot of work over the next few months to move our hosting environment. Can you provide some incentive to not take a new job in the middle of this move?" VP: "Sure, I'll see what I can do." A few months pass and the move has started. VP: "Hey, it was tough but I got your retention bonus bumped up so you get it earlier." "I thought we could discuss. Can we continue negotiating?" VP: "This was never a negotiation." I expected at least a conversation, and all I got was a "we made a token effort that didn't cost us anything extra." No actual negotiation took place. I would have given them an extra year, but instead, I left within 30 days of the retention clause being satisfied. What I learned: It doesn't matter if you are hot poo poo or the company's single point of failure--you will not be dealt with on equal terms if they don't have to. You are not a partner, you are a worker bee. Come with specific demands so your desired outcome is unambiguous. If you think you won't have enough leverage, recruit coworkers to join forces. Deal with accountable people if possible. My VP was the next state over, and he didn't have to talk with me if he didn't feel like it. That would be much harder to pull off if he saw my smiling face every day.
|
|
#
?
Dec 18, 2021 22:46
|
|
|
|
| # ? May 24, 2024 03:16 |
|
|
18 Character Limit posted:That org has bigger problems than log4j Welcome to the company where I work, where we have found servers that were listed as decommissioned years ago that were still racking up AWS bills because we're so loving siloed that people left the company while waiting for someone else to do another part of the decommission and nobody ever finished the part of the guy who left.
|
|
#
?
Dec 19, 2021 00:34
|
|
