RandomHajileNot actually a SnatcherThe New KremlinRegistered Userregular
He got a bike route delivering NEWSPAPERS! Dude needs to start a consulting business and charge businesses, even if he wants to keep working on the tools for free.
AthenorBattle Hardened OptimistThe Skies of HiigaraRegistered Userregular
A friend of mine also posted this on Facebook. Take with a grain of salt, because none of us know this person:
He might also benefit from remote work placement.
I'm guessing, but I think the main benefits of remaining in a position you find familiar are safety, support, and time management. Particularly if you grew up with a history of receiving bullying, you don't want to put yourself out there where it might happen again versus a place you know you are accepted.
Remote work can help you engage with doing things from a safe environment while limiting/controlling social situations that could feel unsafe.
If you grow up in an environment where no one has done that before, it's hard to navigate though. That's why a paper route in your twenties makes more experiential sense than independent contracting.
I wanted to give a shoutout to a guy who lives in the same town as me that I've never met (to my knowledge) and has done far more for the world than I ever have.
You know what’s amazing about that story? His employer won’t pay him enough to cover his bills.
Yet the article quotes a security researcher who is worried about law enforcement taking advantage of him.
...
You know what? You're absolutely right, I hadn't even considered that angle! The article was just heaping praise on the guy, who seems to be one of the company's best workers, and yet he's basically working poor. And I should've noticed, because I worked in a very similar position for a local MSP, being paid 1/3 what I am now.
Huh. and here I was, bringing this up to all sorts of friends and connected folks in town, including spreading the story at work, and feeling like I should try to help him out.. when the real answer would be for his employer to pay more based off the publicity this article generates for them.
Or he should get a job with a security company where they just give him a VPN connection into a sandbox VM cluster and let him analyze malware all day for $200k/yr
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
The more I read about this guy, the more I'm certain I've actually talked to him before.
The username is super familiar to me, and I swear I was on bleeping's forum last time I was dealing with ransomware. They had a utility on there for me to download and run against a file before and after encryption to determine the key, and then decrypt everything with said key.
Pretty sure he also just took donations, which if I remember right my company was not interested in jumping through the hoops to do.
I wanted to give a shoutout to a guy who lives in the same town as me that I've never met (to my knowledge) and has done far more for the world than I ever have.
You know what’s amazing about that story? His employer won’t pay him enough to cover his bills.
Yet the article quotes a security researcher who is worried about law enforcement taking advantage of him.
...
You know what? You're absolutely right, I hadn't even considered that angle! The article was just heaping praise on the guy, who seems to be one of the company's best workers, and yet he's basically working poor. And I should've noticed, because I worked in a very similar position for a local MSP, being paid 1/3 what I am now.
Huh. and here I was, bringing this up to all sorts of friends and connected folks in town, including spreading the story at work, and feeling like I should try to help him out.. when the real answer would be for his employer to pay more based off the publicity this article generates for them.
Really his employer should pay more because he should be earning a livable wage. He should be earning MORE than a livable wage, if his public security experience is anything to go by.
It sounds like he works for some shitty two-bit small-town MSP
I speculate it's probably poorly managed and has cash flow problems
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
the "no true scotch man" fallacy.
+1
Options
Inquisitor772 x Penny Arcade Fight Club ChampionA fixed point in space and timeRegistered Userregular
He has to have been contacted by any number of security companies and governmental agencies by now... I would not be surprised if he just can't bring himself to move out of his comfort zone. Which if true basically means that his employer is taking advantage of a his issues.
He has to have been contacted by any number of security companies and governmental agencies by now... I would not be surprised if he just can't bring himself to move out of his comfort zone. Which if true basically means that his employer is taking advantage of a his issues.
I am aware of multiple efforts to offer help if desired. As I don't know him, I am not directly reaching out. But he does seem cool.
I mean, the article makes it clear he is there because he likes it and it’s a good fit.
As someone who worked 2 jobs for awhile I also know it isn’t worth the stress.
I guess that situations like that get to me.
The article makes clear that he has imposter syndrome and doesn't know his own worth
You don't need to work 2 jobs when you just work 1 job that pays you well
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
the "no true scotch man" fallacy.
+5
Options
Inquisitor772 x Penny Arcade Fight Club ChampionA fixed point in space and timeRegistered Userregular
edited October 2019
Yeah all I'm saying is that he very clearly has issues. Whether it's imposter syndrome or something more severe or simply an incredibly rigid set of principles, I couldn't say. But most people do not stay working at a poverty-wage job when they can very clearly make six figures doing something they already do for fun, on their own time, after having received multiple offers to do so.
At the very least he could just, you know, go write code for someone. Instead of work at a tiny computer repair shop that services people who don't know how to save contacts to their phones.
Like, read this excerpt and tell me that the owner of "Nerds on Call" isn't running a small-time Walmart employment operation:
In 2017, the FBI awarded Gillespie a Community Leadership Award for his “public service, devotion and assistance to victims of ransomware in the United States and Internationally.” Gillespie prominently displays the award in his home. In April 2018, he and his wife flew to Washington for the award ceremony, accompanied by his boss at Nerds on Call. The joke around the office was that the boss “went with him to try to nerf anybody trying to recruit him,” said Gillespie’s former co-worker, Jacobs. “He would be very difficult to replace.”
Inquisitor77 on
+2
Options
AthenorBattle Hardened OptimistThe Skies of HiigaraRegistered Userregular
I should note that I have no clue about the people over at Nerds on Call. They have survived around here for longer than most shops.
So we're rolling out 2FA through an authenticator app that supports both code and push.
about a week ago we set it up for our CEO.
Our CEO today comes and tells us that she can't sign in, the 2FA isn't working.
Our CEO though that they didn't need the 2FA app on their phone anymore, and deleted it.
I think every sysadmin that supports 2fa runs into this.
My favorite is that we have 2fa set up to allow doctors to e-prescribe controlled substances. Unlike our normal 2fa that we use for remote login etc., this 2fa is not managed by IT because setting it up requires a bunch of extra vetting. We have doctors that will do exactly what your CEO did and then get angry that they can't prescribe narcotics and then get even angrier when we tell them they need to grab 2 forms of ID and meet with management.
I'm liking the software we have that uses Google Authenticator, it's so much easier than managing 3-5 different programs or having to get email or text codes.
Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
That_GuyI don't wanna be that guyRegistered Userregular
They've been trying to roll out Duo 2FA at my office. Every few weeks I get an email about signing up and downloading the app but I just ignore it. I figure, if I ignore it for long enough it'll either go away or I will.
They've been trying to roll out Duo 2FA at my office. Every few weeks I get an email about signing up and downloading the app but I just ignore it. I figure, if I ignore it for long enough it'll either go away or I will.
We use duo as well. I actually like it quite a bit, except for how it handles offline situations, that's not as elegant.
lwt1973King of ThievesSyndicationRegistered Userregular
Manager: This issue is happening for several people in my department.
Me: Who is having the issue?
Manager: This person.
Me: Who else?
Manager: I don't know but it happened three hours ago for several other people.
Me: So you don't know who else?
Manager: Just look through the logs and you'll see it.
<I look through the logs and can't find anyone else having the issue.>
"He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
Time for that auto-delete policy.
You get 30 days in deleted items and then *poof*
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
10Gb is honestly not the worst that I've seen. Most of our customers are financial or government institutions so we have autoarchiving policies. Just needed to work on a script this week to prevent it from autoarchiving the calendar and tasks folders, because it turns out that people want to look up old meetings from time to time.
Time for that auto-delete policy.
You get 30 days in deleted items and then *poof*
Yeah, we're trying to get organizational buy in for that
You can imagine how well that's working
Almost a verbatim quote: "I would be very unhappy with a retention policy because I often need something that I deleted and then I have to go into my deleted folder to retrieve it."
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
Also I had multiple people say that if we do set a retention policy, it should be set to one year
This shit is honestly easy, though.
Price out the cost of addressable storage from the average cloud host (it's about $30 a TB per month). Assess the average monthly rate of mailbox growth in your org. Tell the CEO, "For every month past 3 months that you want to retain, it costs you $X."
Also I had multiple people say that if we do set a retention policy, it should be set to one year
This shit is honestly easy, though.
Price out the cost of addressable storage from the average cloud host (it's about $30 a TB per month). Assess the average monthly rate of mailbox growth in your org. Tell the CEO, "For every month past 3 months that you want to retain, it costs you $X."
The average mailbox in our organization grows at 1GB per year. High-traffic mailboxes (executives and IT are at the top) are roughly double that.
23% of our mailbox footprint is Deleted Items.
(2 GB mailbox growth per year / 12 months per year) * ($30 per TB / 1024 GB per TB) * 0.23 Deleted Items per mailbox =
(drumroll)
$0.001 per month per mailbox for Deleted Items storage.
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
All our email is azure hosted now, and we remove all the storage limits. I think it's technically 99 gigs or something crazy but I don't think there are any inboxes in danger of going over that limit right now.
We retain everything internally anyway, so it doesn't really matter how much we let people store. Storage is cheap, yo.
All our email is azure hosted now, and we remove all the storage limits. I think it's technically 99 gigs or something crazy but I don't think there are any inboxes in danger of going over that limit right now.
We retain everything internally anyway, so it doesn't really matter how much we let people store. Storage is cheap, yo.
We don't have quotas on our on-prem Exchange. We don't really have a storage issue.
What we do have is a lot of IT techs and several managers / executives who believe that we SHOULD have quotas, for various reasons. I'm tired of arguing with them about it.
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
I don't think I have deleted emails in 10 years, and I have the largest email inbox of my entire staff, get the largest flow of emails, and most of the staff share email accounts (reception/lab/etc). I am using about 2.5gb
How are people using more than 10gb? Are y'all sending ISOs via email?
bowen on
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
I don't think I have deleted emails in 10 years, and I have the largest email inbox of my entire staff, get the largest flow of emails, and most of the staff share email accounts (reception/lab/etc). I am using about 2.5gb
How are people using more than 10gb? Are y'all sending ISOs via email?
Posts
This is a clickable link to my Steam Profile.
Or he should get a job with a security company where they just give him a VPN connection into a sandbox VM cluster and let him analyze malware all day for $200k/yr
the "no true scotch man" fallacy.
I really feel for the guy, I know what it's like to not know your own worth.
the "no true scotch man" fallacy.
The username is super familiar to me, and I swear I was on bleeping's forum last time I was dealing with ransomware. They had a utility on there for me to download and run against a file before and after encryption to determine the key, and then decrypt everything with said key.
Pretty sure he also just took donations, which if I remember right my company was not interested in jumping through the hoops to do.
Really his employer should pay more because he should be earning a livable wage. He should be earning MORE than a livable wage, if his public security experience is anything to go by.
I speculate it's probably poorly managed and has cash flow problems
the "no true scotch man" fallacy.
He works for a PC repair shop.
How true.
That goes for anyone reading this thread and lurking. Seriously know your worth more than the world is giving you. Almost universally.
XBL:Phenyhelm - 3DS:Phenyhelm
I am aware of multiple efforts to offer help if desired. As I don't know him, I am not directly reaching out. But he does seem cool.
As someone who worked 2 jobs for awhile I also know it isn’t worth the stress.
I guess that situations like that get to me.
Yeah I looked it up after my post
It's a tiny PC repair shop in a small town strip mall next to a Great Clips
the "no true scotch man" fallacy.
The article makes clear that he has imposter syndrome and doesn't know his own worth
You don't need to work 2 jobs when you just work 1 job that pays you well
the "no true scotch man" fallacy.
At the very least he could just, you know, go write code for someone. Instead of work at a tiny computer repair shop that services people who don't know how to save contacts to their phones.
Like, read this excerpt and tell me that the owner of "Nerds on Call" isn't running a small-time Walmart employment operation:
about a week ago we set it up for our CEO.
Our CEO today comes and tells us that she can't sign in, the 2FA isn't working.
Our CEO thought that they didn't need the 2FA app on their phone anymore, and deleted it.
I think every sysadmin that supports 2fa runs into this.
My favorite is that we have 2fa set up to allow doctors to e-prescribe controlled substances. Unlike our normal 2fa that we use for remote login etc., this 2fa is not managed by IT because setting it up requires a bunch of extra vetting. We have doctors that will do exactly what your CEO did and then get angry that they can't prescribe narcotics and then get even angrier when we tell them they need to grab 2 forms of ID and meet with management.
We use duo as well. I actually like it quite a bit, except for how it handles offline situations, that's not as elegant.
Me: Who is having the issue?
Manager: This person.
Me: Who else?
Manager: I don't know but it happened three hours ago for several other people.
Me: So you don't know who else?
Manager: Just look through the logs and you'll see it.
<I look through the logs and can't find anyone else having the issue.>
It occurred to me this week to sum up the size of Deleted Items folder in each mailbox and compare it to our overall mailbox size.
(Not soft-deletes or recoverable items, but the contents of users' respective Deleted Items folders.)
1) Guess how much of our Exchange mailbox footprint is taken up by Deleted Items
2) Guess how big our largest Deleted Items is
the "no true scotch man" fallacy.
Oh, you mean my long term file storage?
23% of our total mailbox footprint is taken up by Deleted Items folders.
Our largest Deleted Items folder is 10GB.
the "no true scotch man" fallacy.
You get 30 days in deleted items and then *poof*
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
We have an autodelete policy.
Yeah, we're trying to get organizational buy in for that
You can imagine how well that's working
Almost a verbatim quote: "I would be very unhappy with a retention policy because I often need something that I deleted and then I have to go into my deleted folder to retrieve it."
the "no true scotch man" fallacy.
the "no true scotch man" fallacy.
This shit is honestly easy, though.
Price out the cost of addressable storage from the average cloud host (it's about $30 a TB per month). Assess the average monthly rate of mailbox growth in your org. Tell the CEO, "For every month past 3 months that you want to retain, it costs you $X."
The average mailbox in our organization grows at 1GB per year. High-traffic mailboxes (executives and IT are at the top) are roughly double that.
23% of our mailbox footprint is Deleted Items.
(2 GB mailbox growth per year / 12 months per year) * ($30 per TB / 1024 GB per TB) * 0.23 Deleted Items per mailbox =
(drumroll)
$0.001 per month per mailbox for Deleted Items storage.
the "no true scotch man" fallacy.
We retain everything internally anyway, so it doesn't really matter how much we let people store. Storage is cheap, yo.
XBL:Phenyhelm - 3DS:Phenyhelm
We don't have quotas on our on-prem Exchange. We don't really have a storage issue.
What we do have is a lot of IT techs and several managers / executives who believe that we SHOULD have quotas, for various reasons. I'm tired of arguing with them about it.
the "no true scotch man" fallacy.
How are people using more than 10gb? Are y'all sending ISOs via email?
Images.
In every fucking mail.