jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
Last day, had an exit interview.
Apparently, according to the HR lady and the company CEO who was in the building, they're going to be doing some "Drastic Restructuring" to the developer side of the business because 2 other people put in their 2 weeks this week, including a developer who is the lead on several projects and a QA person. They lost their lead application support guy while I was in Minnesota, just told them at 4:45 he's fucking gone and never came back.
It sucks because I actually really do like my direct supervisor and my department manager, but the other side was so shitty, the salespeople were fucking incompetent, and the workload ridiculous that I just couldn't take it anymore.
I got told they'd always have a spot open if I changed my mind. I said they'd have to do that "Drastic Restructuring" before I'd even consider it. There was nodding and then CEO guy says "If you ever need a reference, just let me know."
I didn't want to say it to his face that he's probably the worst reference I could have, but I instead appreciated the sentiment.
So I'm done, new job starting Monday, and for the first time in a long time I have an immense feeling of relief and I don't feel stressed the fuck out.
+23
Options
Inquisitor772 x Penny Arcade Fight Club ChampionA fixed point in space and timeRegistered Userregular
I'm totally with aioua on this one. Company secrets being discussed on a hosted, third-party chat service is an enormous liability.
It's fine for some environments but not others. If your company has accepted that risk, then fine, it's all good. But if IT security doesn't know about it, then I'm guessing neither has your risk or legal departments (if you have those departments) and nobody's actually done an assessment.
Right, the point here being that you should be having a conversation, and if a conversation is not being had in a timely manner, then the process needs to change so that the right people are notified and that conversation is had sooner rather than later.
But if your first instinct is to literally just cut people off without any warning, and then deal with the fallout afterwards, that's not a good approach. We had literally heard nothing about Slack security concerns prior to this, and it's been installed on machines for years (the same machines that flag any unapproved software immediately - like I said, you can't fart sideways without someone noticing).
Nobody even got an email. People literally had to escalate this up the chain until C-suite executives had to ask each other what the hell was going on before we knew that access was intentionally cut off in the first place.
The sad part is that in my company I don't think anyone particularly cares all that much about having to use Slack per se, either. Microsoft Teams works just as well, as do a half-dozen other tools. Hell, we already have Skype, emails, JIRA, Confluence, and Sharepoint sites. Slack is being used more as a matter of habit than anything else, but it's not required at all.
Yeah plenty of companies that have trade secrets use slack too.
So like, in theory the concern about IP and security is sound because of potential unknowns... but in practice after a quick observation of what's going on there probably isn't too much actual real concern to be had.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
Put the finishing touches on my upgrade of our main conference room today, in time for tomorrow's weekly all staff meeting (which includes remote participants)!
Four wireless mics tied via mixer into a micro PC hidden behind the TV, with a wireless mouse and keyboard. Skype/videoconference ready, and also ready for integration of a VoIP phone for pure audio conferencing. 70" TV and it looks too small to me, lol.
Did everything from scratch myself, minus the behind the wall work to put in conduit for the cables. Now we're finally caught up to late 2000s technology, kek.
As of Friday, the only thing on the wall was the TV and the rack stuff didn't exist. People are generally in for a surprise=) My boss is stoked.
To this day, I do not understand why the telnet client is disabled by default in Windows.
It's a client.
It doesn't require you to open anything.
Users don't know how to use it.
It's literally just a troubleshooting tool that consumes maybe 1 KB of drive space, at this point.
But now not only do you have to jump into appwiz.cpl to install it, you have to fucking reboot in order to use it. And no, this isn't one of those where it says you have to reboot but you don't really. No, you have to.
I don't think you do...
I install and remove from powershell in production all the time, but that's on servers, and I don't know if it works on Workstations because it often (but not always) requires the server module to be loaded.
They did this weird thing where all the people in the company got together and talked about things that were happening.
they're torturing you on your first day?
After being in a company that departments never told other departments anything, this is quite a nice change of pace.
Like, there would be a situation where doing a software update the current and long-term way would cause massive damage to the system.. And they wouldn't tell anyone shit.
+1
Options
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
To everyone who told me not to negotiate with my old employer: Thank you
I'm being a tool, but I really hate meetings. Aside from having a call for multiple parties to simultaneously work through a problem, I've never left a meeting without feeling like a few short e-mails couldn't have just saved everyone an hour.
At my last job the desktop team did dailies but... they were useful and short.
What'd you work on yesterday, what're you doing today, you need help from anybody. Like 15 mins and you're out.
Helped keep information following. You do solve a hard problem? Bring it up at the meeting so the next guy doesn't have to troubleshoot. If there's a recurring problem everybody finds out and compares notes. If you're stuck on something it's the place to speak up without getting judged.
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
+2
Options
Inquisitor772 x Penny Arcade Fight Club ChampionA fixed point in space and timeRegistered Userregular
Status meetings that go longer than 15 minutes aren't status meetings. It either means there are too many people in the meeting or there are non-status topics being discussed that should be scheduled separately.
At my last job the desktop team did dailies but... they were useful and short.
What'd you work on yesterday, what're you doing today, you need help from anybody. Like 15 mins and you're out.
I also started a new job recently and the differences couldn’t be more stark. My previous job was all about the weekly status meeting, whereas I’m now in the world of daily stand ups and weekly retros.
I think I’m actually spending less time in meetings now than I was then, just because weekly meetings tend to drag on and lose focus, whereas daily stand ups are designed to be short and immediately relevant.
More importantly, daily stand ups at least have a clearly defined agenda and a natural end. I could see them being done wrong, and sometimes they can feel superfluous, but I’ll take five 10-minute stand ups over a single hour-long meeting.
Last job had weekly meetings that would start 15 minutes before the regular work time. They would usually last an hour, sometimes hour and 15. Then they sales people got involved in the meetings and they would last an hour and a half or longer.
Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
0
Options
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
I'm totally with aioua on this one. Company secrets being discussed on a hosted, third-party chat service is an enormous liability.
It's fine for some environments but not others. If your company has accepted that risk, then fine, it's all good. But if IT security doesn't know about it, then I'm guessing neither has your risk or legal departments (if you have those departments) and nobody's actually done an assessment.
Right, the point here being that you should be having a conversation, and if a conversation is not being had in a timely manner, then the process needs to change so that the right people are notified and that conversation is had sooner rather than later.
But if your first instinct is to literally just cut people off without any warning, and then deal with the fallout afterwards, that's not a good approach. We had literally heard nothing about Slack security concerns prior to this, and it's been installed on machines for years (the same machines that flag any unapproved software immediately - like I said, you can't fart sideways without someone noticing).
Nobody even got an email. People literally had to escalate this up the chain until C-suite executives had to ask each other what the hell was going on before we knew that access was intentionally cut off in the first place.
The sad part is that in my company I don't think anyone particularly cares all that much about having to use Slack per se, either. Microsoft Teams works just as well, as do a half-dozen other tools. Hell, we already have Skype, emails, JIRA, Confluence, and Sharepoint sites. Slack is being used more as a matter of habit than anything else, but it's not required at all.
I know thread has moved on.
And also I agree that cutting off access is kinda...not the best way to handle things.
But why is the idea of a conversation not a two way street?
Why didn't Security get at least some invite to the table to discuss the implementation of Slack?
I'm totally with aioua on this one. Company secrets being discussed on a hosted, third-party chat service is an enormous liability.
It's fine for some environments but not others. If your company has accepted that risk, then fine, it's all good. But if IT security doesn't know about it, then I'm guessing neither has your risk or legal departments (if you have those departments) and nobody's actually done an assessment.
Right, the point here being that you should be having a conversation, and if a conversation is not being had in a timely manner, then the process needs to change so that the right people are notified and that conversation is had sooner rather than later.
But if your first instinct is to literally just cut people off without any warning, and then deal with the fallout afterwards, that's not a good approach. We had literally heard nothing about Slack security concerns prior to this, and it's been installed on machines for years (the same machines that flag any unapproved software immediately - like I said, you can't fart sideways without someone noticing).
Nobody even got an email. People literally had to escalate this up the chain until C-suite executives had to ask each other what the hell was going on before we knew that access was intentionally cut off in the first place.
The sad part is that in my company I don't think anyone particularly cares all that much about having to use Slack per se, either. Microsoft Teams works just as well, as do a half-dozen other tools. Hell, we already have Skype, emails, JIRA, Confluence, and Sharepoint sites. Slack is being used more as a matter of habit than anything else, but it's not required at all.
I know thread has moved on.
And also I agree that cutting off access is kinda...not the best way to handle things.
But why is the idea of a conversation not a two way street?
Why didn't Security get at least some invite to the table to discuss the implementation of Slack?
Why is your assumption that they weren't?
They were. Like I said, Slack has been on machines for literally years.
Slack was originally a "pilot program" that one dev team tried out precisely so that other departments could evaluate and weigh in on its usage. It grew from there once other teams started picking it up as well.
We generally don't run a free-for-all dev shop where people get to do whatever they want just because they are super-special code monkeys (for a variety of reasons I won't get into). This isn't a place where you can just start installing random shit and not expect to have to get clearance of some kind. And like I said before, even if you tried to do something like that, someone would notice and follow up because literally every single program you run on your machine is flagged.
This thing with Slack is actually a very rare occurrence. In general everyone is an adult and talks to each other and expects to work things out in a reasonable manner. So it was a surprise to everyone involved that someone decided to make such a unilateral decision rather than follow the established protocol and culture when it comes to these things.
I'm totally with aioua on this one. Company secrets being discussed on a hosted, third-party chat service is an enormous liability.
It's fine for some environments but not others. If your company has accepted that risk, then fine, it's all good. But if IT security doesn't know about it, then I'm guessing neither has your risk or legal departments (if you have those departments) and nobody's actually done an assessment.
Right, the point here being that you should be having a conversation, and if a conversation is not being had in a timely manner, then the process needs to change so that the right people are notified and that conversation is had sooner rather than later.
But if your first instinct is to literally just cut people off without any warning, and then deal with the fallout afterwards, that's not a good approach. We had literally heard nothing about Slack security concerns prior to this, and it's been installed on machines for years (the same machines that flag any unapproved software immediately - like I said, you can't fart sideways without someone noticing).
Nobody even got an email. People literally had to escalate this up the chain until C-suite executives had to ask each other what the hell was going on before we knew that access was intentionally cut off in the first place.
The sad part is that in my company I don't think anyone particularly cares all that much about having to use Slack per se, either. Microsoft Teams works just as well, as do a half-dozen other tools. Hell, we already have Skype, emails, JIRA, Confluence, and Sharepoint sites. Slack is being used more as a matter of habit than anything else, but it's not required at all.
I know thread has moved on.
And also I agree that cutting off access is kinda...not the best way to handle things.
But why is the idea of a conversation not a two way street?
Why didn't Security get at least some invite to the table to discuss the implementation of Slack?
Why is your assumption that they weren't?
They were. Like I said, Slack has been on machines for literally years.
Slack was originally a "pilot program" that one dev team tried out precisely so that other departments could evaluate and weigh in on its usage. It grew from there once other teams started picking it up as well.
We generally don't run a free-for-all dev shop where people get to do whatever they want just because they are super-special code monkeys (for a variety of reasons I won't get into). This isn't a place where you can just start installing random shit and not expect to have to get clearance of some kind. And like I said before, even if you tried to do something like that, someone would notice and follow up because literally every single program you run on your machine is flagged.
This thing with Slack is actually a very rare occurrence. In general everyone is an adult and talks to each other and expects to work things out in a reasonable manner. So it was a surprise to everyone involved that someone decided to make such a unilateral decision rather than follow the established protocol and culture when it comes to these things.
Because reading the thread and getting caught up it seemed like everyone was jumping on Security being ultra shitty (which...you know I'm not overly disagreeing that the cut off was bad). Also I either missed or didn't go back far enough to catch where you detailed out security was brought in during the proposal/deployment phase.
My company's networking admins just cut off access to Slack on orders from IT security.
Except IT security didn't consult anyone before making the decision.
And we have literally hundreds of in-house developers who use Slack on a day-to-day basis to coordinate their work.
I was more addressing how everyone was jumping on Security's dick being just the worst for not discussing with anyone before shutting off a service, and the inverse of deploying a thing without discussing with security is "lol just how things are".
Hello all, I have a question about SSH I can't seem to crack. For one of the questions on my homework we were asked to find out one of the sshd keys on our server and with nothing to guide us (we were told not to buy a book and that "Google is your friend") I was told ? You can find out by ssh into <our remotehost>, then looking in the know_hosts file on the client machine you ssh-ed from. (If that is a problem, then ssh into <Our Host>, and while logged into <host> ssh to localhost.)
But I can't seem to figure out how to actually read the damn known_hosts file. Like I have no idea what the command is and google isn't helping me much.
Hello all, I have a question about SSH I can't seem to crack. For one of the questions on my homework we were asked to find out one of the sshd keys on our server and with nothing to guide us (we were told not to buy a book and that "Google is your friend") I was told ? You can find out by ssh into <our remotehost>, then looking in the know_hosts file on the client machine you ssh-ed from. (If that is a problem, then ssh into <Our Host>, and while logged into <host> ssh to localhost.)
But I can't seem to figure out how to actually read the damn known_hosts file. Like I have no idea what the command is and google isn't helping me much.
It's basically just a text file. What have you used previously to open (or even edit) text files?
Posts
Apparently, according to the HR lady and the company CEO who was in the building, they're going to be doing some "Drastic Restructuring" to the developer side of the business because 2 other people put in their 2 weeks this week, including a developer who is the lead on several projects and a QA person. They lost their lead application support guy while I was in Minnesota, just told them at 4:45 he's fucking gone and never came back.
It sucks because I actually really do like my direct supervisor and my department manager, but the other side was so shitty, the salespeople were fucking incompetent, and the workload ridiculous that I just couldn't take it anymore.
I got told they'd always have a spot open if I changed my mind. I said they'd have to do that "Drastic Restructuring" before I'd even consider it. There was nodding and then CEO guy says "If you ever need a reference, just let me know."
I didn't want to say it to his face that he's probably the worst reference I could have, but I instead appreciated the sentiment.
So I'm done, new job starting Monday, and for the first time in a long time I have an immense feeling of relief and I don't feel stressed the fuck out.
Right, the point here being that you should be having a conversation, and if a conversation is not being had in a timely manner, then the process needs to change so that the right people are notified and that conversation is had sooner rather than later.
But if your first instinct is to literally just cut people off without any warning, and then deal with the fallout afterwards, that's not a good approach. We had literally heard nothing about Slack security concerns prior to this, and it's been installed on machines for years (the same machines that flag any unapproved software immediately - like I said, you can't fart sideways without someone noticing).
Nobody even got an email. People literally had to escalate this up the chain until C-suite executives had to ask each other what the hell was going on before we knew that access was intentionally cut off in the first place.
The sad part is that in my company I don't think anyone particularly cares all that much about having to use Slack per se, either. Microsoft Teams works just as well, as do a half-dozen other tools. Hell, we already have Skype, emails, JIRA, Confluence, and Sharepoint sites. Slack is being used more as a matter of habit than anything else, but it's not required at all.
So like, in theory the concern about IP and security is sound because of potential unknowns... but in practice after a quick observation of what's going on there probably isn't too much actual real concern to be had.
Like, can somebody (with the right privileges) log into Slack and download a complete chatlog of everything everybody's said for the last 24 hours?
the "no true scotch man" fallacy.
with the professional paid ones, you can get an actual download and full history
with the free one you can log in and get the previous 10k messages I think
Nice!
the "no true scotch man" fallacy.
You get private channel history, but not direct messages, when you export. You can get access to direct messages with an audit request.
that's even better than I had thought then
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
Remote code execution through malformed xml on a bunch of Cisco security appliances.
ASA 5500 Series Adaptive Security Appliances
ASA 5500-X Series Next-Generation Firewalls
ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
ASA 1000V Cloud Firewall
Adaptive Security Virtual Appliance (ASAv)
Firepower 2100 Series Security Appliance
Firepower 4110 Security Appliance
Firepower 4120 Security Appliance
Firepower 4140 Security Appliance
Firepower 4150 Security Appliance
Firepower 9300 ASA Security Module
Firepower Threat Defense Software (FTD)
FTD Virtual
Four wireless mics tied via mixer into a micro PC hidden behind the TV, with a wireless mouse and keyboard. Skype/videoconference ready, and also ready for integration of a VoIP phone for pure audio conferencing. 70" TV and it looks too small to me, lol.
Did everything from scratch myself, minus the behind the wall work to put in conduit for the cables. Now we're finally caught up to late 2000s technology, kek.
As of Friday, the only thing on the wall was the TV and the rack stuff didn't exist. People are generally in for a surprise=) My boss is stoked.
Inquisitor77: Rius, you are Sisyphus and melee Wizard is your boulder
Tube: This must be what it felt like to be an Iraqi when Saddam was killed
Bookish Stickers - Mrs. Rius' Etsy shop with bumper stickers and vinyl decals.
I don't want to get stuck with another membrane keyboard.
This thing looks a lot like the typical Dell keyboard but without, you know, the dellness.
I don't think you do...
I install and remove from powershell in production all the time, but that's on servers, and I don't know if it works on Workstations because it often (but not always) requires the server module to be loaded.
But
dism /online /ENable-Feature /FeatureName:TelnetClient
Works on Windows 10 and doesn't require a reboot. Pretty sure it works in 8 too. Not sure if 7 uses dism or pkgmgr /iu "TelnetClient"
I don't like not doing things in powershell tho
They did this weird thing where all the people in the company got together and talked about things that were happening.
they're torturing you on your first day?
After being in a company that departments never told other departments anything, this is quite a nice change of pace.
Like, there would be a situation where doing a software update the current and long-term way would cause massive damage to the system.. And they wouldn't tell anyone shit.
@Entaru @bowen
I quit a job where we had the same meeting, only daily. At 8:30am. It was a waste of time.
Drake yes: weekly
Drake no: daily
the "no true scotch man" fallacy.
Meetings before 10:30 am
Daily meetings
I'm being a tool, but I really hate meetings. Aside from having a call for multiple parties to simultaneously work through a problem, I've never left a meeting without feeling like a few short e-mails couldn't have just saved everyone an hour.
And then the CEO takes everyone downstairs and buys them a beer at the restaurant.
They're also looking at me to help with the SDLC stuff, which I actually have a lot of education and training in, which is p sweet.
What'd you work on yesterday, what're you doing today, you need help from anybody. Like 15 mins and you're out.
Helped keep information following. You do solve a hard problem? Bring it up at the meeting so the next guy doesn't have to troubleshoot. If there's a recurring problem everybody finds out and compares notes. If you're stuck on something it's the place to speak up without getting judged.
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
You ever have heart-to-hearts with coworkers or bosses and become more of an open book than you'd like to be?
No?
Well bully for you because I'm a goddamn pushover softie dumbshit.
I think I’m actually spending less time in meetings now than I was then, just because weekly meetings tend to drag on and lose focus, whereas daily stand ups are designed to be short and immediately relevant.
More importantly, daily stand ups at least have a clearly defined agenda and a natural end. I could see them being done wrong, and sometimes they can feel superfluous, but I’ll take five 10-minute stand ups over a single hour-long meeting.
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Sorry man :bro:
This is why we're all supposed to read the install guide.
I know thread has moved on.
And also I agree that cutting off access is kinda...not the best way to handle things.
But why is the idea of a conversation not a two way street?
Why didn't Security get at least some invite to the table to discuss the implementation of Slack?
It's probably either because there's no existing lines of communication, or because the Developers knew the answer would be no.
Steam: CavilatRest
This is a clickable link to my Steam Profile.
Why is your assumption that they weren't?
They were. Like I said, Slack has been on machines for literally years.
Slack was originally a "pilot program" that one dev team tried out precisely so that other departments could evaluate and weigh in on its usage. It grew from there once other teams started picking it up as well.
We generally don't run a free-for-all dev shop where people get to do whatever they want just because they are super-special code monkeys (for a variety of reasons I won't get into). This isn't a place where you can just start installing random shit and not expect to have to get clearance of some kind. And like I said before, even if you tried to do something like that, someone would notice and follow up because literally every single program you run on your machine is flagged.
This thing with Slack is actually a very rare occurrence. In general everyone is an adult and talks to each other and expects to work things out in a reasonable manner. So it was a surprise to everyone involved that someone decided to make such a unilateral decision rather than follow the established protocol and culture when it comes to these things.
Because reading the thread and getting caught up it seemed like everyone was jumping on Security being ultra shitty (which...you know I'm not overly disagreeing that the cut off was bad). Also I either missed or didn't go back far enough to catch where you detailed out security was brought in during the proposal/deployment phase.
Post that started the whole thing:
I was more addressing how everyone was jumping on Security's dick being just the worst for not discussing with anyone before shutting off a service, and the inverse of deploying a thing without discussing with security is "lol just how things are".
But I can't seem to figure out how to actually read the damn known_hosts file. Like I have no idea what the command is and google isn't helping me much.
It's basically just a text file. What have you used previously to open (or even edit) text files?