|
In a lot of cases, being able to use an authenticator for work also means enrolling your device in mdm.
|
# ? Nov 9, 2023 17:48 |
|
|
# ? May 31, 2024 12:02 |
That’s where I draw the line myself. If they want to exert any kind of control over my device, they must pay for it. I do not put work email or Teams on my phone because I have to grant them that control.
|
|
# ? Nov 9, 2023 17:53 |
|
Worth remembering if you're doing Yubikeys that your costs are to provide everybody with two keys so they can have one with them at all times, and another one safe at home. Giving people one doesn't make huge amounts of sense as it means helpdesk interaction if they lose a key and need to replace it. If you're doing a key at home and an app on their phone then you can get away with one key.
|
# ? Nov 9, 2023 17:53 |
|
I wish that MAM was more popular than MDM for BYOD organizations. Imo it segments data well enough without being too intrusive on somebody's personal phone.
|
# ? Nov 9, 2023 18:03 |
Apple doesn’t let my stupid company access anything on my phone that isn’t business related anyways so I don’t care. Not sure this is true for androids tho
|
|
# ? Nov 9, 2023 18:05 |
|
The Fool posted:In a lot of cases, being able to use an authenticator for work also means enrolling your device in mdm. we use rsa's securid and I'm actually kind of happy with it. The registration process sucks, I have to open a ticket with my org then call a number and give them some private info to confirm identity and they send me a registration link, but once it's done it's done and they have no control over my phone. It does promote not upgrading my phone ever because if I do I have to open another ticket, whatever secret the app generates can't be transferred.
|
# ? Nov 9, 2023 18:05 |
|
i am a moron posted:Apple doesn’t let my stupid company access anything on my phone that isn’t business related anyways so I don’t care. Not sure this is true for androids tho Android now has separation of profiles, so yes.
|
# ? Nov 9, 2023 18:06 |
|
i am a moron posted:Apple doesn’t let my stupid company access anything on my phone that isn’t business related anyways so I don’t care. Not sure this is true for androids tho How new is this? I haven’t done anything with MDM in literally 5 years, but even if I can’t access everything I could absolutely still wipe the entire device.
|
# ? Nov 9, 2023 18:36 |
Not that new. On iphones with exchange policies you can, but it’s a legacy thing. Also if they are company owned and enrolled via apples… I dunno business poo poo you get that kind of control. Not on people’s personal stuff anymore and it can’t access any data outside of the business apps Edit: this may have started being true 5 years ago idk I haven’t hosed with MDM in a long time Edit 2: if someone wiped my personal device I would find them and punch them in the loving throat which I’m guessing is why it stopped being a thing i am a moron fucked around with this message at 18:53 on Nov 9, 2023 |
|
# ? Nov 9, 2023 18:50 |
|
Segregating work apps was actually one of the things Android did better than iOS for a really long time, you could have your work apps and you'd get for example two Gmail icons, one badged as being the work profile, and one being your personal one. Now you can log in with a second managed Apple ID on an iPhone it's gotten a lot nicer.
|
# ? Nov 9, 2023 18:54 |
|
bull3964 posted:On the flip side, management requires that you have reliable transportation to get to a job (if in person) and electricity to run you laptop (if remote) and there are few that would argue that they are unreasonable requirements to function in a position.
|
# ? Nov 9, 2023 20:55 |
|
The Fool posted:Management is currently not able to install monitoring tools on my car or in my home. They aren't able to install monitoring tools on your personal device, even if you enroll into MDM. Multiple lawsuits have proven, over and over, that if your company gleans even a sliver of personal data (or destroys personal data) from your device, you can sue the EVERLOVING gently caress out of them. That said, work profiles exist. The Fool posted:In a lot of cases, being able to use an authenticator for work also means enrolling your device in mdm. This has not been my experience. We're as buttoned up as they come, but the MFA enrollment process for Microsoft is completely separate from enrollment in MDM. I could enroll a device in MDM and not enroll it in MFA, I can use a device for MFA that is not enrolled in MDM.
|
# ? Nov 9, 2023 21:20 |
|
eonwe posted:The most infuriating Microsoft thing for me is when they recently changed the default behavior of links opened in Outlook to ignore your default browser and instead open in Edge Mine just totally ignores the default browser even though it's set to edge and asks me every. single. loving. time.
|
# ? Nov 9, 2023 22:49 |
|
bull3964 posted:They aren't able to install monitoring tools on your personal device, even if you enroll into MDM.
|
# ? Nov 10, 2023 00:32 |
|
Had to sit my rear end through a meeting where people said 'uhh' every 3 seconds for 45. loving. minutes. This was several people speaking. Not a single person can speak properly here. What the hell.
|
# ? Nov 17, 2023 16:20 |
worst realization of my life was when i started counting all the "uh"s, "um"s and "er"s that people say during meetings. so hard to focus on what they're actually saying when you notice just how many there are.
|
|
# ? Nov 17, 2023 17:02 |
|
I actually cannot remember what the gently caress was said, even if there were supporting slides, because it just completely cut of my train of thought every single time. I might as well have napped and the same amount of information would've been retained.
|
# ? Nov 17, 2023 17:05 |
|
Defender ASR rule decided to block the Yealink USB wireless share key during a presentation. Happy friday.
|
# ? Nov 17, 2023 22:17 |
|
I have a friend IRL who has a half dozen or so filler phrases that he repeats almost in sequence and it's really obvious. Not really a problem in person, just weird. When there's a group bullshit session in Discord though... holy gently caress. He just absolutely does not grok that people cannot simply talk over him like we do when he spends a whole minute not saying anything and it results in everyone just sitting there waiting for him to get started on his point.
|
# ? Nov 18, 2023 00:38 |
|
Polio Vax Scene posted:worst realization of my life was when i started counting all the "uh"s, "um"s and "er"s that people say during meetings. so hard to focus on what they're actually saying when you notice just how many there are. I've been in a lot of sales calls recently with various vendors and some of the common sales tactics started jumping out at me. I've lost my focus counting how many times the sales person includes people's names in every sentence, how many times they put our company logo on their slide deck, etc.
|
# ? Nov 18, 2023 05:10 |
|
klosterdev posted:I'm still pissed that MS is forcing authenticator apps on all users on all tenants. It's causing me problems right now, I've got a user who's phone is so drat old it won't support the App Store authenticator app. Do you have a source on this? I've still got a whole bunch of users still on SMS who probably always will be. Not everyone in a company who needs access to email or other SSO company resources is a white collar person in an office. We've got laborers with flip phones who only sign in to enter their hours in our ERP and get emails from HR, and they're still an important use case.
|
# ? Nov 18, 2023 05:26 |
|
Silly Newbie posted:Do you have a source on this? I've still got a whole bunch of users still on SMS who probably always will be. The notification email body from entra was "On September 15, 2023, we’ll begin prompting your users who authenticate using SMS and voice methods to set up the Microsoft Authenticator app when they sign in to their work or school account. This change will take place on a rolling basis over six weeks as part of ongoing efforts to improve security. This change will affect Microsoft Entra ID (previously Azure Active Directory) tenants that have the registration campaign feature set to the Microsoft managed state. After we enable the feature, users will be prompted to install the Microsoft Authenticator app, a stronger form of multifactor authentication than SMS and voice methods." You can skirt this by disabling the registration campaign.
|
# ? Nov 18, 2023 07:14 |
|
I have been informed that we don't report potential availability issues to this client, or possibly all clients, because "they'll already know about it" and also it's not in-scope. I'm not sure what my boss thinks the purpose of consultancy review work is, given the client clearly doesn't trust their own ability to configure poo poo securely, or what the "A" in "CIA" stands for. This is on top of logging in this morning to see there was some issue with a scan automation thing on Saturday and everyone was pinged as if they were expected to be online and responsive all the time. And they were. Day 3 of this job was great
|
# ? Nov 20, 2023 19:42 |
|
Posted this in another thread, but I think it really belongs here: God help me, I just inherited a PDF that has 7,000 lines of Javascript.
|
# ? Nov 20, 2023 22:09 |
|
frogbs posted:Posted this in another thread, but I think it really belongs here: If it sucks, hit the bricks.
|
# ? Nov 20, 2023 23:25 |
|
frogbs posted:Posted this in another thread, but I think it really belongs here: I'm trying to figure out if you mean that someone exported the text of the code as PDF or they somehow embedded running JavaScript into the PDF itself and I'm debating which is worse.
|
# ? Nov 21, 2023 01:17 |
|
KillHour posted:I'm trying to figure out if you mean that someone exported the text of the code as PDF or they somehow embedded running JavaScript into the PDF itself and I'm debating which is worse. One would certainly make me angrier than the other.
|
# ? Nov 21, 2023 01:29 |
|
KillHour posted:I'm trying to figure out if you mean that someone exported the text of the code as PDF or they somehow embedded running JavaScript into the PDF itself and I'm debating which is worse. It’s the latter, PDFs built in a program called Livecycle can contain executable JavaScript. This one happens to have an insane amount of it!
|
# ? Nov 21, 2023 02:11 |
|
frogbs posted:It’s the latter, PDFs built in a program called Livecycle can contain executable JavaScript. This one happens to have an insane amount of it! Oh God who thought that was a good idea
|
# ? Nov 21, 2023 03:01 |
|
Oh gently caress that. I spent my first year in my first IT job rebuilding a hosed up and half broken reporting system. Then the new IT manager who had taken over a couple of months after I started out down on my review that "mllaneza has made no improvements to the reporting system he is responsible for." I threw a poo poo fit with HR over that. Dumbass offered to add a page (would have been page 6, it was some bullshit form) at the end of the review correcting his error on page 1. I called bullshit on that and made him change the loving thing to be accurate in the first place.
|
# ? Nov 21, 2023 04:37 |
|
KillHour posted:Oh God who thought that was a good idea This will surprise no one, but the format itself was Adobe's fault. The format is proprietary, so you can only view these PDFs in Acrobat. It's terrible. https://en.wikipedia.org/wiki/XML_Data_Package. Not sure who to blame for my specific PDF though!
|
# ? Nov 21, 2023 05:29 |
|
frogbs posted:This will surprise no one, but the format itself was Adobe's fault. The format is proprietary, so you can only view these PDFs in Acrobat. It's terrible. https://en.wikipedia.org/wiki/XML_Data_Package. Not sure who to blame for my specific PDF though! God.
|
# ? Nov 21, 2023 11:04 |
|
Doing bulk IP allocations on our private network (it's a /20), send the list to the end user. They kick it back to me saying there's an address that ends in 0 like I hosed something up. I respect that not everyone in IT is a networking expert, but if you got "engineer" in your signature y'all better know how subnets work.
|
# ? Nov 21, 2023 15:26 |
|
I've told people to do literal homework based on similar interactions. It goes over well with management
|
# ? Nov 21, 2023 15:45 |
|
Subnet as a /23 and then use the .0 address in the middle as the gateway to filter out the equipment that has broken networking implementations.
|
# ? Nov 21, 2023 19:34 |
|
xzzy posted:Doing bulk IP allocations on our private network (it's a /20), send the list to the end user. They kick it back to me saying there's an address that ends in 0 like I hosed something up. I still treasure my argument with an AT&T provisioning guy. We would get DIA T1's with a static range on a /27 from them, and split them into /28s for reasons. Anyway, I was turning up a new location, and the range they gave me looked wrong. I didn't think about it, started configuring gear and the equipment complained. Took a closer look, and oops, he was slightly off. Easy mistake to make when doing a bunch. I sent an email back to him asking if he could double check that, as I think it should be different. Response I got back was "I'm right, you are wrong." I sent back "The solarwinds calc says it should be this, and this website confirms" Response back "They are wrong, I've been doing this for years, don't correct me." Got my boss involved, he checked, and he responded to him. Response back "Again you are wrong. Don't ask me on this again." Fine, be an rear end in a top hat. Messaged our telco vendor, got him to talk to someone there, and he knew some VPs to badger. Next email comes in a few hours later, from someone that didn't have a <letter><bunchofnumbers>@att.com address. (ATT didn't think most of their employees were worth a real email, so most got something like a2382874@att.com. Senior people got real addresses.) This person said "Customer is correct, you are wrong. Apologize." The signature was someone far up the company that also had CCIE and such in the sig. Original person responded, we got it corrected and we got the site going. We did another 10 or so sites before he moved to another project.
|
# ? Nov 21, 2023 20:53 |
|
CitizenKain posted:
AT&T does that both because they employ a poo poo load of people directly and also because, like most telcos, direct employees only do a fraction of the work and there are a metric poo poo ton of short lived contractors who need company email addresses or identities for whatever reason.
|
# ? Nov 22, 2023 05:30 |
|
CitizenKain posted:I still treasure my argument with an AT&T provisioning guy. We would get DIA T1's with a static range on a /27 from them, and split them into /28s for reasons. Anyway, I was turning up a new location, and the range they gave me looked wrong. I didn't think about it, started configuring gear and the equipment complained. Took a closer look, and oops, he was slightly off. Easy mistake to make when doing a bunch. I sent an email back to him asking if he could double check that, as I think it should be different. This kind of thing is always amazing because pretty much everyone will make a mistake somewhere along the line, and if it's essentially a typo or number brainfart in subnet math, who cares? Unless you're calculating every 2nd subnet incorrectly, it's just a silly mistake and doesn't say anything about you or your abilities. But some people, like this guy you encountered, take "hey I think this might be incorrect" as such an insult that they're not willing to do a recheck and quickly resolve the situation (which would have never stuck in your head). So by doubling and tripling down, he ultimately made himself look ten times dumber when his higher up had to correct him, as well as becoming your poster child for idiots who won't listen.
|
# ? Nov 22, 2023 19:32 |
|
As a development of that, I've met people who take it very personally when a product they have bought turns out to be poo poo. Nobody was saying anything about you, why are you so eager to act like it's a reflection on you? Sometimes companies sell junk, you didn't make it.
|
# ? Nov 22, 2023 19:37 |
|
|
# ? May 31, 2024 12:02 |
|
Ok so I work with enterprise higher ed software, and I know almost nobody will know who this company is, but Ellucian's API documentation is the worst I have ever seen in my entire life. And it's gotten progressively worse too! It doesn't even have a coherent tree structure anymore, it just dumps you to a search results page with thousands of results, and the available filters don't even correlate to much of anything you'd want to search on. Even beyond the documentation being bad, if you can find a write up on an endpoint, the available actions are absolutely pitiful too.
|
# ? Nov 22, 2023 19:58 |