As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

[Sysadmin] Solarwinds compromised.

17980828485

Posts

  • IncenjucarIncenjucar Not a Fictional Character Seattle, WARegistered User regular
    edited January 26
    Clearly a door should open just because you know it needs a key.

    Incenjucar on
    BlackDragon480
  • DarkewolfeDarkewolfe Registered User regular
    What do you think of Forcepoint? There's a bunch of options in that space and I never got a very high impression of them.

    What is this I don't even.
  • FeldornFeldorn Mediocre Registered User regular
    Forcepoint has some implementation issues, but it did the job.

    Our problem with it was that it would fail closed in the appliance in the DMZ went down for any reason.

    I didn't work with it on the implementation or support side, though I know it wasn't painless. The actual function of providing web security worked well for us. Once we had it up and running we stopped getting hit by ransomware 3 times per week.

    Genshin Impact: 600428730
    steam_sig.png
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    I like Forcepoint just fine. It's a complex beast that ingests data from multiple sources and spits it out to multiple consumers. It's one of the highest-footprint systems we have. But despite its complexity, I never find it unwieldy.

    One of the very nice features it has it that you can feed it data from SQL databases and have it trigger on real data, not just on patterns. So instead of saying "send me an alert if somebody sends something that matches this regex pattern for a home address," you can have it send an alert it if matches (or even fuzzy-matches) a real address pulled from your CRM. Not all DLP solutions can do that, and of those that do, there are often limitations in the fine print.

    Honestly, the technicals aren't the problem, it's the business side. Tuning & tweaking DLP takes a lot of work and requires a lot of conversations with the non-IT business departments, acting on DLP alerts requires buy-in from HR & management.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
    DarkewolfeDizzy D
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    Feldorn wrote: »
    Forcepoint has some implementation issues, but it did the job.

    Forcepoint has a tight partnership with an IT services firm called ESPO and we used them for implementation. I liked ESPO a lot. EPSO managed to avoid all of my (numerous and capricious) pet peeves about IT professional services. They have techs who really know what they're talking about, are good at answering questions with a response appropriate to the skill level (whether it was me asking or a non-IT person asking), their project management practices never felt like bureaucracy for its own sake, they did a bang-up job with documentation, etc.

    I would not have attempted to implement this without a partner. It's just too big. Maybe after I'd done it a half-dozen times, sure.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
    Darkewolfe
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
  • CarpyCarpy Registered User regular
    https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

    If any of y'all have Linux boxes make sure to check for an updated sudo version.

  • FeldornFeldorn Mediocre Registered User regular
    We went through a number of techs at one point to find someone who actually knew how the system worked. I don’t know who our partner was though.

    Genshin Impact: 600428730
    steam_sig.png
  • bowenbowen How you doin'? Registered User regular
    @Feral those are some piss poor programmers y'all got over there

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
    iTunesIsEvil
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    bowen wrote: »
    Feral those are some piss poor programmers y'all got over there

    @bowen The application engineer in that story isn't a programmer. She wants to be and she's taken some classes, but she isn't one yet.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
  • bowenbowen How you doin'? Registered User regular
    "application engineer"

    what in the shit kind of title is that even

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
    SiliconStew
  • MugsleyMugsley Registered User regular
    As a mechanical engineer, I still take issue with the compsci people taking our title. Doubly so that when someone says 'engineer' now in normal discussion, people automatically think that person is a software dev/programmer/person.

  • SiliconStewSiliconStew Registered User regular
    bowen wrote: »
    "application engineer"

    what in the shit kind of title is that even

    Given the person apparently has no relevant skills for creating applications, I assume it's one of those entirely made up things for a completely unrelated job, like "sanitation engineer" for janitorial staff.

    Just remember that half the people you meet are below average intelligence.
  • bowenbowen How you doin'? Registered User regular
    Mugsley wrote: »
    As a mechanical engineer, I still take issue with the compsci people taking our title. Doubly so that when someone says 'engineer' now in normal discussion, people automatically think that person is a software dev/programmer/person.

    I mean some of the stuff we work on needs the same care and thought that mechanical and electrical engineers need to deal with. There just isn't really a licensing body to gatekeep the term.

    But if you fuck up something trivial on an airplane that kills people you'll still probably lose your job, unless your managers are the ones who turned off what you did and sold it as a DLC for it. Not like that would ever happen, right?

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    Job titles: how do they work? ¯\_(ツ)_/¯

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
    ThawmusBlackDragon480lwt1973
  • AiouaAioua Ora Occidens Ora OptimaRegistered User regular
    an application engineer is what application analysts/admins get promoted to

    :rotate:

    life's a game that you're bound to lose / like using a hammer to pound in screws
    fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
    that's right we're on a fucked up cruise / God is dead but at least we have booze
    bad things happen, no one knows why / the sun burns out and everyone dies
    FeralBlackDragon480
  • LD50LD50 Registered User regular
    The word engineer should be banned for use by any profession other than people who work on engines.

    bowenThawmusFeldornjungleroomx
  • Inquisitor77Inquisitor77 2 x Penny Arcade Fight Club Champion A fixed point in space and timeRegistered User regular
    LD50 wrote: »
    The word engineer should be banned for use by any profession other than people who work on engines.

    What's my job? I add value. I'm a value-adder.

    bowenThawmus
  • bowenbowen How you doin'? Registered User regular
    Aioua wrote: »
    an application engineer is what application analysts/admins get promoted to

    :rotate:

    I don't even know what it means!

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • AiouaAioua Ora Occidens Ora OptimaRegistered User regular
    bowen wrote: »
    Aioua wrote: »
    an application engineer is what application analysts/admins get promoted to

    :rotate:

    I don't even know what it means!

    it's one better!

    life's a game that you're bound to lose / like using a hammer to pound in screws
    fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
    that's right we're on a fucked up cruise / God is dead but at least we have booze
    bad things happen, no one knows why / the sun burns out and everyone dies
  • ThawmusThawmus Registered User regular
    I'm an Internet engineer! I use a browser to traverse the Internet! All aboard the Firefox Express! Toot Toot!

    steam_sig.png
    FeralLD50BahamutZERO
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    edited January 29
    Aioua wrote: »
    an application engineer is what application analysts/admins get promoted to

    :rotate:

    Pretty much. It goes like this:

    Do you have experience using Application? Can you help end-users use the Application? Then you're an Application Analyst!

    Have you been an Analyst for two years? Now you're demanding a raise? Okay, we'll give you a 10% raise and change your title to Application Engineer!

    See, watch:
    Thawmus wrote: »
    I'm an Internet engineer! I use a browser to traverse the Internet! All aboard the Firefox Express! Toot Toot!

    Can you show people how to clear their cache and cookies in Firefox? Great! We need somebody to do that. Now you're an Application Analyst (Firefox)!

    In two years, you'll be an Application Engineer (Firefox)!

    Feral on
    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
    ThawmusBlackDragon480
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    I talk shit about these folks but they are, sincerely, hard-working and smart. We just hire people and promote people into positions where they are unsuited. We tell ourselves, "Oh, we'll train them later," and then we never do. Then they end up extremely busy, but mostly because of inefficiencies and technical debt either they generated, or other people (who are also promoted into positions in which they're unsuited) generated.

    If I'm Dr. Cox in this scenario, then imagine that 10% of the "doctors" at this (unregulated) hospital have MDs. Because MDs are expensive. The other 90% of people with "physician" or "doctor" title are actually nurses. Then the people with "nurse" titles don't actually have nursing degrees, they were just front desk workers or janitors who expressed an interest in medicine so we threw them in to nursing jobs with no training. Almost everybody is working a job 1-2 levels above their training & experience.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
    Feldorn
  • halkunhalkun Registered User regular
    edited February 12
    So I work at a company that provides a software service to franchisees. This is a core business solution that does scheduling, payroll, billing, product management, just... the works to run your company.

    Recently I got a new task to do the software deployments which requires me to grab the new binaries from devops and put them in the proper places for deployment.
    I log in to azure with my new credentials and look for the project that holds our product....

    It's empty, except for a "My First Project" placeholder...

    I went to a dev and said I didn't have access because [software name] didn't show up when I logged in.

    Turns out... nope, the application is under "My First Project".. It's been like that for so long everyone's terrified to change the project name least it horrifically breaks something. It looks so incredibly unprofessional it amuses me every time I see it.

    halkun on
    dA03mgx.png
    ThawmusIncenjucarAiouaSiliconStewCarpyzagdrobBlackDragon480FeldornRadiationFeralDizzenschussTaminJaysonFour
  • BlackDragon480BlackDragon480 Bluster Kerfuffle Master of Windy ImportRegistered User regular
    I've ran into that sort of thing back when AJAX was first rolling for data driven web apps (bout 13 years ago). A large chunk of crap for backend DB read/writes and custom parsing was all lodged in custom libraries but in a generic folder and they never wanted to update the pathing because they had no idea how many calls and references would have to be changed.

    For shits and giggles I offered to investigate exactly how many by getting them to let me take their non proprietary stuff home to experiment. After about a week I'd tracked down nearly 80 unique functions and references to that freaking folder in the javascripting (god, I don't miss JS) doing the asynchronous calls and crafted my own updated version using far more logical and documented pathing and what they'd need to do to do it on their live site.

    Gotta decent chunk of billable hours out of it at a 1.2X rate and a hell of a nice reference from them.

    First they came for the Muslims and we said...NOT TODAY MOTHERFUCKERS!
  • lwt1973lwt1973 King of Thieves SyndicationRegistered User regular
    Oh look. It was a DNS issue.

    "He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
    BlackDragon480zerzhulFeral
  • AiouaAioua Ora Occidens Ora OptimaRegistered User regular
    lwt1973 wrote: »
    Oh look. It was a DNS issue.

    I still need to do the haiku cross stitch I've been meaning to do for years
    It's not DNS
    There's no way it's DNS
    It was DNS

    life's a game that you're bound to lose / like using a hammer to pound in screws
    fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
    that's right we're on a fucked up cruise / God is dead but at least we have booze
    bad things happen, no one knows why / the sun burns out and everyone dies
    BlackDragon480zerzhullwt1973FeralAntoshkaBigityDizzenJaysonFour
  • lwt1973lwt1973 King of Thieves SyndicationRegistered User regular
    edited February 18
    Aioua wrote: »
    lwt1973 wrote: »
    Oh look. It was a DNS issue.

    I still need to do the haiku cross stitch I've been meaning to do for years
    It's not DNS
    There's no way it's DNS
    It was DNS

    My day:

    Fixed the DNS
    The problem still there
    It was DNS

    lwt1973 on
    "He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
    ThawmusDrovekFeralLaOsBlackDragon480JaysonFour
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    crosspost from D&D

    bxtx4dzi1jkj.jpg

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
    ThawmusDarkewolfelwt1973FeldornDizzy DThat_GuyLaOsBlackDragon480electricitylikesme
  • That_GuyThat_Guy I don't wanna be that guy Registered User regular
    During COVID I was promoted to laptop fairy. More specifically I'm doing general quotes, general general ordering and install of new computers. With COVID and all the demand for Laptops, I've had my hands full. I'm going full Opera with it. You get a Latitude 3410. You get a 3410. And YOU get a 3410. I'm having to search far and wide for stock too. Lead times from Dell are on the order of months now. Occasionally our vendors like Ingram or TechData have stock but I gotta get lucky.

    steam_sig.png
  • MyiagrosMyiagros Registered User regular
    We've been doing well with HP stock up until now, we're now on backorder for USB-C docking stations for at least a month, monitors are just as bad, maybe even worse.

    I've also finally had a chance to catch my breath and look at more than help desk calls. It's a good Friday for setting up a terminal server.

    iRevert wrote: »
    Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
    Steam: MyiagrosX27
  • BigityBigity Lubbock, TXRegistered User regular
    edited February 26
    Ok folks, need some advice - rather suggestions.

    I have an older lady user that has trouble with a regular mouse because her hands shake. I don't have a lot of experience with folks with that issue and how it relates to computer usage for work, would some kind of trackball be easier for her to use ya think? I figured I would ask before just bringing it up.

    This looks promising as well: https://www.steadymouse.com/

    Bigity on
    76561198017303226.png
  • That_GuyThat_Guy I don't wanna be that guy Registered User regular
    I mean, if her hand is too shaky to operate a mouse with the tracking speed turned way down, she might also struggle with a trackball mouse. Something like this may be easier to operate but I would be leery of recommending products intended for disabled children to a client.

    https://www.amazon.com/BIGtrack-2-0-Trackball-Buttons-12000006/dp/B0006ZM7VY

    steam_sig.png
  • BigityBigity Lubbock, TXRegistered User regular
    Yea that's why I'm wary. I don't know what/if she has any condition, and it's none of my business. I just notice she has a hell of a time getting the mouse around and clicking the right things when I'm troubleshooting stuff with her.

    76561198017303226.png
  • AiouaAioua Ora Occidens Ora OptimaRegistered User regular
    I would casually drop the idea I think, like the next time you're around for some other issue.

    all "oh, and, let me know if any of your equipment isn't working out for you, we can get different styles of mice/keyboards, etc"

    so not "hey I think you need a new mouse" but "did you know, you could get a new mouse if you wanted?"

    life's a game that you're bound to lose / like using a hammer to pound in screws
    fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
    that's right we're on a fucked up cruise / God is dead but at least we have booze
    bad things happen, no one knows why / the sun burns out and everyone dies
    BigityRadiation
  • SiliconStewSiliconStew Registered User regular
    Might also look at something like the AirO2Bic mouse https://www.allthingsergo.com/airo2bic-mouse-formerly-quill-mouse/ as it controls with the forearm/shoulder muscles and not the wrist.

    Just remember that half the people you meet are below average intelligence.
    Thawmus
  • MugsleyMugsley Registered User regular
    Have you tried showing her how to turn down sensitivity?

  • ThawmusThawmus Registered User regular
    I have shaky hands, maybe not as bad as hers. Vertical mice help me a lot, for much the same reason that I endorse SiliconStew's suggestion above with the AirO2Bic.

    steam_sig.png
    RadiationMyiagros
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    We subscribed to a cloud service. let's call it 'cloudshit.com'

    Cloudshit wants to send emails to our customers when they log in. Fine. No problem. We just add mail.cloudshit.com and the relevant IPs & domainkeys and such to our SPF & DKIM records. No big deal.

    But in the same instruction guide, Cloudshit also says that we need to forward our root domain to them with a CNAME. They want us to change contoso.com to point to cloudshit.com.

    um how about no

    and also what the fuck

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
    ThawmusFeldornDizzy DShadowfireDrovekiTunesIsEvilDarkewolfe
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    after I complained to cloudshit, they came back and told me that there was a "typo" in their instructions and that i needed to create a CNAME for a host like csmail17.contoso.com, not a CNAME at the root

    bf7584cd086aaabbb32114e2ed6e05e5.gif

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
    ThawmusShadowfireIncenjucarBlackDragon480
Sign In or Register to comment.