|
Does anyone under 40 even know what a carbon copy is?
|
# ? Apr 30, 2024 14:08 |
|
|
# ? Jun 13, 2024 06:08 |
|
Yes. Ok, I'm 39
HalloKitty fucked around with this message at 18:49 on Apr 30, 2024 |
# ? Apr 30, 2024 14:09 |
|
Just like a 3d printed save icon.
|
# ? Apr 30, 2024 14:33 |
|
A ticket came in and Security want us to refresh every 2016 & 2019 server because Qualys says it's EOL/EOS. Thats nearly everything we have. What the gently caress can I do to bat this away? MS say themselves that the security updates will continue with extended support but that doesnt seem to be enough for these guys
|
# ? Apr 30, 2024 15:45 |
|
DrBrezo posted:A ticket came in As someone in security - push this back to them, in the first case its not your job to fulfill someone at management level needs to make that call, since that is a big spend for licensing. What they need to do is log it as a risk and assign risk ownership to whoever owns the servers, not your job to fix/fulfill. I'd toss this up the chain to your management.
|
# ? Apr 30, 2024 15:57 |
|
Thanks man, I just pretty much did the same just now in a call - Raised the licensing cost and scale of the project of renewal and pushed it up the chain. I've got (a few) more calls on this tomorrow so hopefully the lions share of these dev environments can be pushed back to the projects and teams owning them, I'm already working through our CBAs under my own steam. Thanks again
|
# ? Apr 30, 2024 16:36 |
|
The way I look at that sort of thing is that it's security's job to make sure they are raising security issues and it's the business's job to tell them it's not feasible when it's not feasible. In this case it sounds like maybe they don't have their ducks in a row, which will hurt them as the business pulls at those threads. I wouldn't look at it as adversarial, just people trying to do their jobs with different primary goals/objectives.
|
# ? Apr 30, 2024 16:45 |
|
Internet Explorer posted:The way I look at that sort of thing is that it's security's job to make sure they are raising security issues and it's the business's job to tell them it's not feasible when it's not feasible. In this case it sounds like maybe they don't have their ducks in a row, which will hurt them as the business pulls at those threads. I wouldn't look at it as adversarial, just people trying to do their jobs with different primary goals/objectives. Oh its not adversarial, of course, but Security also needs to understand the onus of ownership of risk, and its not opening some ticket for support, its meeting with the infrastructure team with a list of affected systems and determining the stomach the business has to resolving the risks and how those risks can either be mitigated or resolved, especially when you are talking something like essentially an OS refresh on multiple boxes. If they determine that tickets needs to be opened, its at that point, because otherwise you are just opening tickets that cannot be fulfilled or even acted upon by support. CommieGIR fucked around with this message at 17:11 on Apr 30, 2024 |
# ? Apr 30, 2024 17:08 |
|
For sure, agreed. "We need you to do hundreds of hours of work" requires a longer conversation and is not "submit a ticket" level of work, security or not. Something for all of us to keep in mind.
|
# ? Apr 30, 2024 17:14 |
|
DrBrezo posted:A ticket came in lol. Company I work for is just now upgrading the DCs from 2012 to 2019
|
# ? Apr 30, 2024 17:18 |
|
Prescription Combs posted:lol. Company I work for is just now upgrading the DCs from 2012 to 2019 Now let's see if they upgrade the forest too, seen so many companies put in new DCs and upgrade old ones but never raise the domain and forest levels to 2019 usually because of some legacy functionality. Did an engagement where we hit their AD after they patted themselves on the back about upgrading only to find out the Domain was still operating at a 2008 R2 level. That's usually the part that sucks anyways as that's when things will really start to break - AD 2022 can emulate all the way back to 2008 levels, and then you start to lose legacy features that unknown legacy apps depend on and find out after the upgrade is completed. CommieGIR fucked around with this message at 17:25 on Apr 30, 2024 |
# ? Apr 30, 2024 17:22 |
|
Prescription Combs posted:lol. Company I work for is just now upgrading the DCs from 2012 to 2019 lol so are mine, my insistence we get rid of all the 2012 DC's led to someone throwing this poo poo at me kinda like " hey , while you're at it " LOL no thanks
|
# ? Apr 30, 2024 17:36 |
|
DrBrezo posted:A ticket came in One of the (few) nice things about working at a big rear end organization, is poo poo like this is a non starter. If I fielded a request like this (which I wouldn't generally to begin with), I'd redirect them to project management, program management, and our product owner. Make them jump through all our intake requests, go through planning exercises, costs analysis, add it to the backlog, eventually plan it in 6 to 9 months and so many other layers of bureaucratic BS they tend to just give up. It's like when Mila Kunis' character in Jupiter Ascending tries to claim her title and is bounced around from dept to dept. It can work the other way around on us though. Disabling RC4 was a multi year project where we had to track down app owners and go through the process to force them to stop using it. We're trying to get TLS 1.0 and 1.1 (internally) disabled by this time next year.
|
# ? Apr 30, 2024 18:00 |
|
Anyone know how I can test whether our various Cisco routers and switches will reply to ICMP with timestamps? Our security group has flagged basically everything for this but they don't know poo poo so my main job is proving to them they don't know poo poo. I have access to nping and I did some googling and it seems like to test it you enter this command in nping: Nping --icmp-type 13 <IP address> A type 13 ICMP from what I understand is requesting a ICMP response with the devices timestamp. But when I run it nping tries to initiate a TCP handshake for some reason? Which fails. So I definitely don't think I'm testing this right.
|
# ? Apr 30, 2024 18:08 |
|
CommieGIR posted:Oh its not adversarial, of course, but Security also needs to understand the onus of ownership of risk, and its not opening some ticket for support, its meeting with the infrastructure team with a list of affected systems and determining the stomach the business has to resolving the risks and how those risks can either be mitigated or resolved, especially when you are talking something like essentially an OS refresh on multiple boxes. If they determine that tickets needs to be opened, its at that point, because otherwise you are just opening tickets that cannot be fulfilled or even acted upon by support.
|
# ? Apr 30, 2024 18:35 |
|
The other thing about a request to upgrade all Server 2016 / 2019 boxes to 2022 is that it massively depends on what the application supports. It might be possible to use this request to your advantage to get as much legacy crap replaced as possible, the likelihood of that working is very organisation specific.
|
# ? Apr 30, 2024 19:39 |
|
Extended support for server 2016 isnt until 2027? What is Qualys worried about? Mainstream support?
|
# ? Apr 30, 2024 19:45 |
|
Personal consumer question. My father needs to fax some documents to his insurer. I have been blessed with avoiding email to fax services in my professional career, but I’m curious if yall would recommend any particular software products here. Lowest cost is best obviously.
|
# ? Apr 30, 2024 20:13 |
|
Depending on org size, 2024 might be the right time to start the upgrade project (which would include identifying software that won't work on Server 2022 for whatever reason, budget planning, resource coordination, et cetera) for Server 2016's EOL in 2027. Our 2012 Decom Project should be done by the end of next year. Yes the Extended Support is very expensive. But we started the upgrade project late, so here we are. A flotilla of ww2-era cruise ships take time to change direction.
|
# ? Apr 30, 2024 20:23 |
|
The Iron Rose posted:Personal consumer question. My father needs to fax some documents to his insurer. I have been blessed with avoiding email to fax services in my professional career, but I’m curious if yall would recommend any particular software products here. Lowest cost is best obviously. If this is a one-off then can a copy shop handle it? Do the insurer really have nothing other than fax?
|
# ? Apr 30, 2024 20:46 |
|
Any Staples store could do it for a buck or two. Easiest option by far. Faxes are considered "secure" for some dumb reason for a lot of industries.
|
# ? Apr 30, 2024 22:02 |
|
Yea, unless it's a big bundle of papers or an on-going thing, just go to Staples/OfficeDepotMax/Kinkos/UPS Store or whatever and pay a few bucks for six minutes on their fax machine.
|
# ? Apr 30, 2024 22:06 |
|
Back when I worked in healthcare the worst part of my day was when I had to deal with loving faxes. It's not even slightly secure!
|
# ? Apr 30, 2024 22:26 |
|
I'm so glad freaking faxes and other telephony technology are finally loving gone. That stuff might have worked in the 1990s office but goddamn that stuff was unreliable and notoriously difficult to troubleshoot.
|
# ? Apr 30, 2024 22:35 |
|
Gucci Loafers posted:I'm so glad freaking faxes and other telephony technology are finally loving gone. That stuff might have worked in the 1990s office but goddamn that stuff was unreliable and notoriously difficult to troubleshoot. have you been to a doctor’s office recently
|
# ? Apr 30, 2024 22:50 |
|
Also copy shop was by far the most sensible answer, thank you all!
|
# ? Apr 30, 2024 22:50 |
|
Gotta replace this Thursday. Director ordered ~200 one-foot ethernet cables... but its like 2+ feet across. Im JUST new enough to the industry be more excited than annoyed.
|
# ? Apr 30, 2024 23:17 |
|
Dandywalken posted:Gotta replace this Thursday. Director ordered ~200 one-foot ethernet cables... but its like 2+ feet across. Goonspeed! And share the After photo!
|
# ? Apr 30, 2024 23:45 |
|
Gucci Loafers posted:I'm so glad freaking faxes and other telephony technology are finally loving gone. That stuff might have worked in the 1990s office but goddamn that stuff was unreliable and notoriously difficult to troubleshoot.
|
# ? Apr 30, 2024 23:45 |
|
CommieGIR posted:Now let's see if they upgrade the forest too, seen so many companies put in new DCs and upgrade old ones but never raise the domain and forest levels to 2019 usually because of some legacy functionality. I vaguely recall them mentioning they were upgrading AD from 2012 to 2016 level if that sounds right? I'm not an AD guy but 2016 stuck out.
|
# ? Apr 30, 2024 23:51 |
|
tokin opposition posted:Back when I worked in healthcare the worst part of my day was when I had to deal with loving faxes. It's not even slightly secure! You know, that field the sender can set to anything they want.
|
# ? Apr 30, 2024 23:53 |
|
Finally got an invite for an interview... It's for a bigger org, but the pay scale is less than what I get ranging to slightly more than what I get, minus the bonus I get for doing DEI work. Plus it's two days a week in office. Still gonna interview, but I'm not thrilled this is the one I got a bite on. It also took them a month to get back to me, which I know is normal but c'mon
|
# ? May 1, 2024 00:00 |
|
Prescription Combs posted:I vaguely recall them mentioning they were upgrading AD from 2012 to 2016 level if that sounds right? I'm not an AD guy but 2016 stuck out. One of the functional levels gets you the AD recycle bin which I have no idea why it wasn’t a thing up until that point.
|
# ? May 1, 2024 00:12 |
|
Thanks Ants posted:One of the functional levels gets you the AD recycle bin which I have no idea why it wasn’t a thing up until that point. We went from 2003 to 2016 in one project, staged I think 2003 -> 2008 and 2008 -> 2016. I once commiserating with a friend over his woes trying to set some policies that were introduced with Win10. Poor guy, the DCs had no idea what he was trying to do.
|
# ? May 1, 2024 00:20 |
|
I’ve been here long enough that I’ve taken this place from 2008r2 (w/2003dfl) to 2022 for their DCs. Thankfully it’s a small footprint; I can rip and replace them all in a week.
|
# ? May 1, 2024 01:30 |
|
Gucci Loafers posted:I'm so glad freaking faxes and other telephony technology are finally loving gone. Healthcare IT: lol, lmao
|
# ? May 1, 2024 03:14 |
|
A couple weeks ago I posted about me making a Hail Mary suggestion to HR at my side job that hey I'm qualified and interested in this IT job posting but the pay is ridiculously low. The manager is apparently going to talk to the person who has the authority to increase the pay rate. I thought this guy was leaving and turns out he's now the manager, and I'm not aware of the other IT person leaving. So my conclusion is that they're going to try to keep increasing the number of underpaid unqualified people until things work right rather than getting one qualified mid-level/senior person and one helpdesk person and paying them appropriately.
|
# ? May 1, 2024 03:53 |
|
GreenNight posted:Does anyone under 40 even know what a carbon copy is? just realized i can't answer these anymore
|
# ? May 1, 2024 06:32 |
|
Worked for a place back in the day that took delivery orders on sheets that had 3 sub-layers for physical carbon copies.
|
# ? May 1, 2024 14:46 |
|
|
# ? Jun 13, 2024 06:08 |
|
at my old msp job we had a number of car dealership clients that all used impact printers with carbon copy forms almost the way through 2018 when the msp went out of business
|
# ? May 1, 2024 14:52 |