|
Boba Pearl posted:mod: snip Oh yeah you hosed up that part. One more: I was working at a bank and when the old lovely as400 system stops working right, we delete a temporary file. This happens constantly so I wrote a script (without telling anyone or having it properly tested). My script didn't just delete the temporary file, it deleted the entire config folder. Also there was one config folder for the entire company so I brought down the bank's entire uh... banking platform thing? I don't know what you'd call it but nobody could do any work in the entire company. The people who manage the system wanted to get C suite involved because they needed to break glass to restore from backup but I owned up right away and my boss's boss went in there and twisted their arm to fix it immediately. Luckily it was late afternoon on a Friday and the system was usually lovely anyways so not many people noticed. Use proper change management for your automation, people. In retrospect, the part that was their fault is they probably should have done more knowledge transfer on the way the system works instead of just "delete this file when it breaks" Somebody fucked around with this message at 23:34 on Oct 22, 2022 |
# ? Sep 30, 2022 15:17 |
|
|
# ? Jun 13, 2024 04:30 |
|
one time while removing a module from the backplane of a massive UPS like this: I didn't properly power it down, so when I pulled out the module I touched the 220 line feed from the street against the frame of the unit. The resulting spark shot the module out into my chest slamming me into the wall, it melted a chunk of the frame, welded the connector to the post, and took out power to the entire floor of the building. This happened minutes after the markets closed, so the trading floor didn't even really mind.
|
# ? Sep 30, 2022 15:33 |
|
I ran a software update on an access control system in the middle of the day which then pushed a firmware update to all the door controllers, causing them to fail locked for the duration of the update. The door controllers communicated with each other via a daisy-chained RS485 serial link, and there were about 40 of them.
|
# ? Sep 30, 2022 15:38 |
|
The worst fuckup I did recently was when I was in the AV portal blocking some spyware and I told it to block the parent process. That parent process was explorer.exe. So once the policy got pushed down to everyone, Windows stopped working for everyone. Even my PC.
|
# ? Sep 30, 2022 16:50 |
|
GreenNight posted:The worst fuckup I did recently was when I was in the AV portal blocking some spyware and I told it to block the parent process. That parent process was explorer.exe. So once the policy got pushed down to everyone, Windows stopped working for everyone. Even my PC. That's just good UI design, so sparse as to be useless. You just got a preview of Windows 13
|
# ? Sep 30, 2022 16:53 |
|
AV should have a level of sense checking to prevent you blocking things like explorer.exe
|
# ? Sep 30, 2022 17:12 |
|
Thanks Ants posted:AV should have a level of sense checking to prevent you blocking things like explorer.exe You'd think. But they expect folks to be smart too apparently. At the time it was Cisco AMP which is now Cisco Secure Endpoint.
|
# ? Sep 30, 2022 17:20 |
|
Thanks Ants posted:AV should have a level of sense checking to prevent you blocking things like explorer.exe You'd think. But somehow someone committed the code for a new feature in our software in such a way that it lets any user bypass account restrictions and edit certain types of data they don't have permission to change. Because it doesn't actually check the permissions, it just assumes because you have access to the feature you're allowed to use it anywhere. This made it all the way to production on our largest customer, where users promptly started using it and made a mess of things. Unless someone specifically outlines the 'sense check' in the design document, it won't get built.
|
# ? Sep 30, 2022 17:30 |
|
My mentor during my internship wanted to go home after lunch on Friday but had to reboot the exchange server after business hours (decades ago, so no remoting in). We came back from lunch as he suddenly yelled “OH NO!! There’s a major issue with our exchange server”. Walked into the server room, came out 30s laters and said: “fixed the issue with a reboot, going home now”. The hard reboot broke one of the disks, one coworker spent the afternoon fixing it while the rest of us had to man the phone telling people the email server was indeed down.
|
# ? Sep 30, 2022 17:34 |
|
What a legend.
|
# ? Sep 30, 2022 17:40 |
|
In hopes to give context to some of you that are on the fence about being ethical with our employment, here is what I am dealing with right now. One of my orgs, the HR C level is totally unreachable during the hours of 9-6. She often sends a flury of emails and teams messages before 9 and then again after 6. Their calendar is blocked off with meetings one after another, with double bookings and even triple bookings. Its basically booked to the gills for the next 90 days. Almost all of these meetings only have her as the participant. I know this as they are all set to private but I finally decided to loving snoop. I snooped, because she has had this terrible habit of calling me during dinner because time zones are hard and she wont' respond any other times. This has become a pattern and I have decided its a security event. Obviously she is either doing nothing or she has multiple jobs. The other c-suite might know or they might not. but I am 100% confident that this person has no issue laying anyone off or firing someone for finding people double employed as she has talked about it openly as something she despises. You do you and don't feel bad about it.
|
# ? Sep 30, 2022 17:51 |
|
Are you doing anything or just holding it for some mutually assured destruction? If you've given yourself read access on her calendar then do you have to account for that somewhere?
|
# ? Sep 30, 2022 17:58 |
|
Thanks Ants posted:Are you doing anything or just holding it for some mutually assured destruction? If you've given yourself read access on her calendar then do you have to account for that somewhere? Guessing he is the one who sees access logs, and isn't going to report himself, but the bit about it being a security issue is also CYA.
|
# ? Sep 30, 2022 18:03 |
|
My new job that is exactly 1 month old is already experiencing a shake up with my boss (CTO) being let go. So uhhh that’s cool. I continue to be a harbinger of doom.
|
# ? Sep 30, 2022 18:31 |
|
Thanks Ants posted:Are you doing anything or just holding it for some mutually assured destruction? If you've given yourself read access on her calendar then do you have to account for that somewhere? Well the point of doing two jobs is that you can be at least pretend to do one of them in some meaningful way. If you cant attend any meetings, make any calls, or respond to email.... then you basically deserve to be outed.
|
# ? Sep 30, 2022 20:20 |
|
Are you able to see the meetings have only 1 attendee because you are looking through a security lens of some sort?
|
# ? Sep 30, 2022 21:02 |
|
Sickening posted:Well the point of doing two jobs is that you can be at least pretend to do one of them in some meaningful way. If you cant attend any meetings, make any calls, or respond to email.... then you basically deserve to be outed. No sure, I'm more asking whether anything gets flagged at your org when you grant yourself permission to read an HR employees calendar, or are you the person that would get the alert?
|
# ? Sep 30, 2022 21:31 |
|
Inner Light posted:Are you able to see the meetings have only 1 attendee because you are looking through a security lens of some sort? Probably using the o365 legal hold features to dump her calendar. That's how I would do it.
|
# ? Sep 30, 2022 21:42 |
|
I can read my companys calendar because the gmail default admin gets calendar read permits apparently
|
# ? Sep 30, 2022 21:54 |
|
You use an admin account day-to-day?
|
# ? Sep 30, 2022 21:59 |
|
Thanks Ants posted:You use an admin account day-to-day? lol I have a master key login to any client server with maximum permissions in the UI, and while more difficult I can absolutely get in and give myself root access to the back end to gently caress with base levels of code. This gives me absolutely stupid levels of access to PII and other things that'd probably make the Actual IT Department at my company and our clients' stroke out. My job title is documentation. Security is theater, and everyone at this company is reading off a different sheet of music.
|
# ? Sep 30, 2022 22:16 |
|
App13 posted:Windows PCs in a domain environment. Unfortunately the backup server is not on the domain so it’s kind of a nightmare. The only guy who can put the server on the domain is stretched so thin I can see daylight through him Robocopy will do this as well. I’ve created a script that produces all of the diffs by using the dry run command.
|
# ? Sep 30, 2022 23:01 |
|
NO PURCHASE NECESSARY TO ENTER OR WIN. VOID WHERE PROHIBITED. CONTEST IS OPEN TO RESIDENTS OF THE 50 UNITED STATES, THE DISTRICT OF COLUMBIA AND WORLDWIDE, EXCEPT FOR QUEBEC, CRIMEA, CUBA, IRAN, SYRIA, NORTH KOREA, and SUDAN. https://capturetheflag.withgoogle.com/rules1 Quebec are terrorists?
|
# ? Oct 1, 2022 02:23 |
|
jaegerx posted:NO PURCHASE NECESSARY TO ENTER OR WIN. VOID WHERE PROHIBITED. CONTEST IS Google probably didn't want to set up a second completely identical mock datacenter in French
|
# ? Oct 1, 2022 02:33 |
|
Thanks Ants posted:You use an admin account day-to-day? Security is for thee not for me peasent
|
# ? Oct 1, 2022 02:44 |
|
I think the biggest gently caress up I did was accidentally deploy a bunch of test transactions into the live database, which lead to about $200k worth of expedites/missed freight charges. Thankfully my boss at the time was understanding enough that I was at least trying to use the test system, but accidentally ran the script in the live system. We updated our testing process after that and basically walled off the test system into it's own domain so it couldn't happen again. I was like 24 and barely knew what I was doing, so something like that was bound to happen eventually.
|
# ? Oct 1, 2022 02:56 |
|
Vargatron posted:I think the biggest gently caress up I did was accidentally deploy a bunch of test transactions into the live database, which lead to about $200k worth of expedites/missed freight charges. Thankfully my boss at the time was understanding enough that I was at least trying to use the test system, but accidentally ran the script in the live system. We updated our testing process after that and basically walled off the test system into it's own domain so it couldn't happen again. You know... this reminds me. Since we're looking at backup systems, nearly all of them offer the ability to restore over your existing servers, but also to another location like a test environment. Segregating the two environments is easy enough, but restoring to the wrong location is as easy as tapping your scroll wheel just before you click "ok." in nearly all of them. I think at least one of our candidates gives a separate popup warning notifying you that you're about to overwrite something but I'm terrified that someone is going to gently caress up a test restoration one day.
|
# ? Oct 1, 2022 03:29 |
|
jaegerx posted:NO PURCHASE NECESSARY TO ENTER OR WIN. VOID WHERE PROHIBITED. CONTEST IS https://www.liveabout.com/why-are-so-many-competitions-void-in-quebec-896835 quote:The reason why so many sweepstakes are void in Quebec is that the sponsors must follow a stringent set of laws set out by Quebec's Regie des alcools, des courses et des jeux (RACJ), which governs alcohol, lotteries, contests, gambling, and more. Lots of places simply don't bother even running their stuff in Quebec because the law is a big PITA apparently
|
# ? Oct 1, 2022 04:54 |
|
A whole state of frenchaboos lol gently caress em
|
# ? Oct 1, 2022 04:57 |
|
I assumed quebec was part of the axis of evil.
|
# ? Oct 1, 2022 04:57 |
|
they are, no company anywhere wants to spend the money to be compliant with their archaic laws
|
# ? Oct 1, 2022 05:12 |
|
tokin opposition posted:A whole state of frenchaboos lol gently caress em Ouiaboos was right there!
|
# ? Oct 1, 2022 05:12 |
|
Ouiaboos is difficult to spell, but on the other hand it is reminiscent of ouroboros which may or may not be meaningful palindrome fucked around with this message at 05:57 on Oct 1, 2022 |
# ? Oct 1, 2022 05:51 |
|
johnny park posted:https://www.liveabout.com/why-are-so-many-competitions-void-in-quebec-896835 I used to live in Canada and can swear vilely in Quebec French.
|
# ? Oct 1, 2022 06:26 |
|
https://youtu.be/jyO1ILQAGsU
|
# ? Oct 1, 2022 06:41 |
|
Montreal was nice to visit. I liked it more than Paris.
|
# ? Oct 1, 2022 06:59 |
|
navyjack posted:I used to live in Canada and can swear vilely in Quebec French. Tabarnak Caliss!
|
# ? Oct 1, 2022 09:10 |
|
navyjack posted:I used to live in Canada and can swear vilely in Quebec French. https://www.youtube.com/watch?v=DvR6-SQzqO8
|
# ? Oct 1, 2022 09:16 |
Thanks Ants posted:AV should have a level of sense checking to prevent you blocking things like explorer.exe But if you really think about it blocking explorer.exe is a highly effective way to secure windows. Malware and viruses will be stopped dead.
|
|
# ? Oct 1, 2022 14:40 |
|
|
# ? Jun 13, 2024 04:30 |
|
CLAM DOWN posted:they are, no company anywhere wants to spend the money to be compliant with their archaic laws Great place to visit, but yeah.
|
# ? Oct 1, 2022 16:14 |