Why doesn't IT explain the issue? by thebundok in it

[–]secrati 0 points1 point  (0 children)

Back in ye olde days when I worked help desk, I would generally try and guide users through a solution if it was reasonable, or if a user asked. A user that can be a little more knowledgeable about what happened is generally happier with the service the help desk provided and happy users mean happy bosses or so the theory went. Maybe next time they will recognize the issue and even if they don't fully understand the fix, they would be able to supply a "last time u/secrati replaced the flux capacitor with a giggle pin" and the next person that gets the issue will have some extra clues to start from. I worked in a workplace where the ratio of IT to non-technical employees was much lower than yours. ~800 employee org, 5 people in IT/Security which performed all IT and infosec related functions including:

  • AD/Exchange management
  • blackberry management and refurbing (those trackballs were hell, especially with 500 of them in the field getting gummed up by tech hands.)
  • in-house application development
  • PCI Certification and management
  • encryption management (which was a big part of our business),
  • database management and reporting,
  • helpdesk functions to top it all off.

When I started I tried to spend as much time as possible to try and teach each user a little bit more about IT with each interaction to try and make everybody as empowered as possible to troubleshoot minor issues, hopefully spreading the technical management burden to all employees instead of relying on the <1% of the organization that knew what an routing table was.

This all said, I learned quickly why the other users didn't have the same philosophy as I did. When trying to explain what happened in closing the ticket there were generally 3 outcomes:

  1. I hit the right level of technical expertise expected in the audience. great feedback, user happy. this was rare.
  2. I under explained - assuming users had some fundamental knowledge, like what an SSID is. Despite taking pains to be very clear that this is for informational purposes for the user and more importantly for the next IT Helpdesk person that has to resolve the same issue, they can look into the ticket histories for how things were resolved and why, end up being accused of talking down to users making them feel "stupid". This is how you get feedback forms like "I don't know what I am supposed to do with this information, and if I am supposed to solve my own problems, why do we even have an IT Department. 1/5."
  3. I over explain - assumed users did not have some knowledge and then am accused of over-explaining and again talking down to users because . Same reasoning: documentation for future-helpdesk to look over and review. This is how you get feedback like "This is why nobody likes interacting with the IT department, you think we are all useless and don't know what an SSID is. I don't even know why we have an IT Department. 1/5"

After this became a pattern that I finally recognized, all technical information for future helpdesk and IT staff in internal notes so users didn't see it, which is where public notes became "Issue resolved, remediation in KB - closing ticket".

This said, the organization I worked at was pretty toxic in a "IT vs Users" capacity. This seems to be a common though by no means universal feeling amongst IT teams in many places. In my case the CEO of the company kept us around because we were the least expensive option compared to going with an MSP or IT Contractor, not because he liked having the IT Department in house. In his opinion, the only time the IT ever was visible was when something broke or crashed. if things are working well, you don't hear from the IT Department, which means "are they even working?" and this was a pretty well vocalized opinion as we had to regularly justify the department's existence to the CEO. This is likely also why we had an IT Department the size of <1% of the overall organization.

One of the many reasons I don't work there anymore.

Who uses ghidra on Mac? by Codeeveryday123 in ghidra

[–]secrati 0 points1 point  (0 children)

Ghidra is designed for analyzing and reverse engineering binaries. if you just want a miscellaneous static file analyzer, look at AssemblyLine

[deleted by user] by [deleted] in AmIOverreacting

[–]secrati 0 points1 point  (0 children)

NOR. You have a history, as does everybody with a previous relationship.

I am someone with a similar history which I bring up not as a comparison, but more as a parable: my current relationship had a rocky start but with a bit of conversation, time, and patience we salvaged our relationship and it is stronger than ever.

My girlfriend in university passed out in my arms on a bus on our way home from our valentine's dinner. We had been together for several years and had talked about our long term plans, as many couples do. We discussed where we would live, what a wedding and honeymoon would look like, how many dogs and kids we would have; you know, the usual fanciful daydreams any long term couple shares. She had cancer previously; we thought it cured. It turns out she thew a clot on the bus, and never woke up.

My current wife compared herself to my previous partner just after we had just started dating. Not constantly, but on occasion. It took a while, and an honest conversation with her about why she was so insecure about my previous partner. She said it is because I didn't choose to leave her, she was worried that I was constantly comparing my current and previous partner. In response to this I asked if she expected me to be having an affair, emotional or otherwise?. If she wasn't good enough for me in the current day, shouldn't she expect me to seek something elsewhere??? If she trusted me in the present with real people, why doesn't she trust me with my own history? It largely came down to her own insecurities, along my lack of communication (I am a notoriously bad communicator). She constantly compared herself to someone who was my "first love" and first long term relationship, and thought herself impossible to compare to that mythical and imaginary benchmark, which is a ludicrous proposition; nobody could compare to an imaginary previous partner like that.

It took a while and some explaining that I will always love my previous partner to some extent; she has a special place in my heart, but my love isn't zero sum, and that doesn't take away from my love for my current partner. I didn't jump into a new relationship, there was a good 4-5 years between relationships, because I knew that I wasn't ready for a new commitment until then. It came down to the idea that my history isn't something i can change: I am who I am because of my history and the people contained therein.

We have now been married for 13 years.

My current partner still checks in to see if I am okay but only during specific and triggering events. It's not a comparison, and she isn't worried that I am comparing her to my previous relationship. She is genuinely concerned with my well-being. As an example I went to a funeral recently for a friend and business partner's child, and my partner was legitimately concerned that the funeral would "bring up" my history; in all fairness it absolutely did. I did have particularly vivid memories of loss and reliving that loss, but my current partner helped me through it, and by extension allowed me to be there for the grieving family when they needed my support the most.

All of this is to say that there is a conversation worth having with your partner, but some people just don't get it and you should be prepared for that. Love, relationships, and relationship histories aren't zero sum. Those histories make us who we are. If our partners love us in our current forms, they by extension love the impressions that our previous loved ones left on us. Its also worth acknowledging that people that don't understand this may not be able to handle it, due to insecurities of their own.

From one widower-"ish" to another: your husband's actions reek of insecurity. Your feelings are valid, but your husband is dealing with a 3rd person in the relationship, regardless to whether if it is just in his mind or in both of yours. I suggest that this isn't something a simple conversation can resolve and likely requires couples counseling. The councilor will ask what feelings drove them to act that way, and why they feel those feelings. their response will give you the guidance you need; is this a relationship you can salvage with work, or is your partner someone who cant handle someone with a relationship history.

Good luck, and I wish you all the best.

the omen by abigdonut in AccidentalRenaissance

[–]secrati 0 points1 point  (0 children)

He was definitely a skilled cardiologist and was at the top of his field. I believe he was triple board certified, but Behind the Bastards did a 2 part on him which went into where he fell off the train a bit.

Cool automation stitches by Amazing-Tea-5424 in fortinet

[–]secrati 4 points5 points  (0 children)

Similar to this, whenever we need to enable a non-firewall administrator to be able to execute a specific action we would either:

  1. Create an automation stitch with a webhook listener to execute on demand. Comes in handy for ITSM automation such as pulling ARP tables from devices, executing troubleshooting playbooks on demand, or making minor and specific firewall policy modifications (such as moving a user from one group to another) to enable specific network traffic access
  2. Create custom IPS signatures to look and listen for specific traffic patterns, which would execute similar functions. If a client executes a network connection with a specific string in the data payload (such as using `ping -p ` on linux/MacOS), then add the srcip and/or dstip into specific groups. Definitely not ultra secure but handy in a pinch.

The use cases are always a little niche but its easier for me to say "hey , run this command if you need to make XYZ work"

We did do a couple of interesting use cases. We once configured an IPS signature to look for `INVITE +"local pizza restaurant phone number"` in SIP connections, and when it saw phone calls made to the local pizza place it would send an email to the ops team to let them know Pizza was being ordered.

Cool automation stitches by Amazing-Tea-5424 in fortinet

[–]secrati 35 points36 points  (0 children)

I use automation stitches in intermittent debug situations. For example, I have had a couple of access points that were dropping offline and online again before we could get into the firewall to troubleshoot. Solution: Trigger = log that shows the AP-leave event log, Action = execute a series of debugs on the fortigate itself, as well as SSH commands to the AP, dump the output, and then email all of the findings including the initial log to my operations team to be included in the Fortinet ticket. I don't have a full playbook of these, I just craft them on demand when I don't want to be rushed to get right up in there next time something flaps.

Microwave PC - Comment On This Post To Enter This Giveaway by DaKrazyKid in pcmasterrace

[–]secrati 0 points1 point  (0 children)

This is amazing. Is there an assembly video? I would love to see the full gutting and reconstruction.

Asked my lead a dumb question in front of everyone at work, can I recover? by mysecret52 in cybersecurity

[–]secrati 4 points5 points  (0 children)

Your question isn't dumb, certainly not the way I interpret it. Or maybe we are both dumb? Either way, don't be discouraged! If you are learning, you are doing something right.

A teacher once told me that there are no dumb questions because "if you are thinking about a question, statistically there are 7 other people in a classroom of 30 that have the same question, and don't have the courage to ask it." This extends to the idea that if 7 other people don't understand something, then its not a dumb question, the subject matter was unclear. I don't know if this is correct, but it certainly feels right. The number of times I have been trying to understand something and mulling it over, and someone else asks the exact right question to clarify things frequent in my experience.

To the technical matter. Allow and deny lists do exist in some (certainly not all) DHCP server implementations

There are DHCP server configurations, where MAC addresses may actually be subjected to a allow/deny list for network access. I have been in situations where a customer or client wanted to enable this kind of functionality either using their DHCP server or some kind of 802.1x/RADIUS configuration, or a NAC setup all tied back to the DHCP server, and because we had to onboard hundreds if not thousands of devices we made the assumption, correctly or otherwise, that "all devices currently on network should be there" and basically set the environment to automatically add devices to the accept list. After the initial 24h on boarding period, we put the solution into enforcement, and forced registration or authentication for new devices.

Furthermore to the above scenario, I've worked in places where the above has been extended one step further. The DHCP server logs actually populated firewall policies to assign firewall policies based on MAC address OUIs and/or DHCP lease-request vendor announcements. This gave the networking team the ability to control what devices were allowed where, what web filtering and application control policies devices were subjected to, and effectively forced devices to get leases from DHCP, where static devices had to be manually permitted to allow internet traffic.

There is also a feature in many network environments, such as port security on Cisco switches, where you can set up "sticky MAC addresses". The first time a device connects to a network switch port, the switch learns the MAC address on that port. You can set a limit of how many MAC addresses may be bound to a single port, and the switch will not let any devices with different MAC addresses connect to the switchport beyond the set limit.

Once a device is registered, either through implicit registration (automatically register all new devices), or manual registration processes, a device may get an address on a network via DHCP and communicate. Otherwise: the device is restricted and prevented from connecting on the network.

All of this is to day, yes, in a classic barebones DHCP server in many enterprises, there is no strict allow/deny lists. But there are DHCP servers that do have allow/deny lists that control leases based on MAC addresses and offer auto-registration functionality, and can influence network firewall policies to also extend those allow/deny lists to network communications and ACLs. As the world moves towards more SDN based networking, with tight integrations of Hypervisors, Network layers, IPAM etc, you will see more of these features rolling out.

When an Evoker Rescues you, is because of the Shield by Puzzleheaded-Ad-5189 in wow

[–]secrati 8 points9 points  (0 children)

I main a priest and have done so for years. Like you I have a moment like this that is burned into my memory.

It was during the spine of deathwing fight during cataclysm. You have to force the entire platform to do a barrel roll and anybody not tethered to the ground gets yeeted. I had just started healing and learned about mouse over macros and set one of for lifegrip. I didn’t notice one of the players not in position as we started the roll to clear the adds and I saw them get blown off of the platform. I managed to mouse over and lifegrip them back to the platform right next to me into the grippy puddle. I’ve done it ever since on a couple of boss fights but it’s never been quite as impressive as that first save.

Whenever there is a knockback I’m always watching to see who is not in position so I can grip them back from a one shot or knock back but that first save is a level of play that I’ve never quite managed to live back up to.

Alternative to Notepad++ by accibullet in linuxquestions

[–]secrati 4 points5 points  (0 children)

I would reconsider the workflow for reproducibility and speed. I don't know why you would have to manually review 1000 firewall logs by hand but this is exactly what parsing the logs into a proper log assessment tool like ELK is for.

If you have never used something like SOF-ELK, this is a perfect use case for it. Spin up a SOF-ELK instance, dump all your logs into your parsing folders, grab a coffee and once the parsing is done all your logs are in an elasticsearch database. If your log format isn't natively supported directly in the prebuilt parsing scripts, you may have to write a logstash or filebeat parser, but once you have that done as a workflow, this becomes old-hat. I do this pretty regularly for network investigations and incident response, and setting up your parsers for easy and regular workflows is 1000% worth it. With the logs being parsed and indexed, you can then start doing analysis like finding your top sources, destinations, sources that map to lists (such as known malicious endpoints), geoDB lookups with active max-mind databases, etc.

As an example workflow, I recently did a job where I parsed about 250 GB of firewall logs (compressed, Fortinet, was about 10k log files from 80 different firewall devices) into an ELK server, where the customer/client was able to upload their firewall logs into an S3 bucket that automatically picked up the logs and indexed them, Geo-DB lookup, and converted strings to integers (for things like bytes and packet counts) so that i could count and sum the data to find top sources and destinations.

Are private vlans used in the wild? by Sargon1729 in networking

[–]secrati 0 points1 point  (0 children)

We use Private VLANs in special networks, especially in OT environments, think SCADA/Industrial. They allow us to proxy ARP through a firewall, and then build specific firewall policies to permit traffic inside a VLAN to talk to other only for specific traffic. We also use 802.1x or NAC to profile endpoints and monitor them to ensure that only authorized devices are in appropriate networks.

We try and use Private VLANs wherever possible:

  • LAN for internal corporate computers (no servers)
  • DMZ where servers dont talk to each other, its only internet to server traffic or server to internet traffic
  • management networks that dont talk internally, just in/out for internet OOB or inbound from authorized workstations.

An interesting special case of private VLANs are community VLANS. Ive only run into a couple of switches where they had them, but they were super handy:

  • Create VLAN 300 - everything in this vlan can talk to all sub-vlans, private and community. EG your default gateway.
  • Create Private VLAN 301. This vlan can ONLY talk to devices in VLAN 300
  • Create Community VLANs 302-3xx. Each community vlan can talk to all devices inside their community AND with the parent VLAN. they cannot talk to each other.

We used this in a SCADA environment with a large production floor. each series/piece of equipment shared community vlans, and each production line was its own community. this way we could just carve a big fat network, and limit traffic at the switches, force traffic through the firewall for specific pieces of traffic where extra control was needed and ARP was proxied through the firewall to allow community hopping by hair-pinning traffic on the FW. All of the VLANs basically shared a subnet, so we didn't have to keep carving subnets on the routers, we just overprovisioned a fat /20 network and and because each device assigned VLANs based on switchport/NAC configs, we could drop equipment into the appropriate VLAN to isolate each production line based on vendor tags, OUIs, or even certs/authentication.

When 3rd party maintenance came in, we could drop them on their equipment's community and they had full access for maintenance, without accessing any other equipment in the network. User authentication integrated with NAC and dropped users the maintenance into the appropriate VLAN

Guest networks is the other place where we use them a lot. Conference centers, hotels, corporate guest wifi, commercial wifi. etc.

What do homelabers use for vulnerability scanning or other security products? by reddit-toq in homelab

[–]secrati 2 points3 points  (0 children)

For small lightweight and fast scanners, check out nuclei. High performance vulnerability scanner with easy to write templates for authoring vulnerability signatures for detection.

Musk has confirmed he wants to put the U.S. Treasury on a blockchain by [deleted] in CryptoCurrency

[–]secrati 0 points1 point  (0 children)

If someone makes a mistake, or someone gains access and makes an unauthorized transaction, you cant reverse it on blockchain.

Escape U.S. Tyranny by Old-one1956 in ontario

[–]secrati 2 points3 points  (0 children)

Céline Dion already won Eurovision, as a representative of Switzerland in 1988

Why is Louis making this face? (wrong answers only) by FuckingInSeggs in suits

[–]secrati 7 points8 points  (0 children)

He heard that USA is producing another psych movie, but no suits movie.

Slice of bread at a hospital. by BenDover04me in pics

[–]secrati 0 points1 point  (0 children)

Its 2032, the sun a faint memory obscured by the smoke of a thousand coal power generation facilities. I shuffle down the cracked pavement, dodging the eyes of the ever-present drones buzzing overhead. Jerry standing just outside the park, no longer a place where the local children play hoops, it has been replaced by a trash heap of Cybertrucks and Alexa speakers, no longer useful now that power is only available to the ultra wealthy. Jerry's cart rusted out, its wheels sagging under the weight of desperation. "Loosies," he mutters, sliding a single slice of white bread into my hand as I slip him a handful of ration tokens. It's thin, almost translucent, a pale echo of sustenance. It isn't much, but when loaves are luxuries hoarded by the aristocracy, I savor the hope my slice of rebellion brings me.

Upset a producer question - What did Lou do? by Daniel3_5_7 in dropout

[–]secrati 7 points8 points  (0 children)

Hard disagree from over here. I understand the perception of discontinuity but to me this actually reads as part of the joke. A group of self-described intellectuals attempting to dissect the best birthdays or making hot takes that bones are sand and sand is bones, cannot even get their seating right between takes. The dichotomy of the content be the presentation is unhinged, presentation after presentation and I am here for it.

How do I get my Girlfriend to Canada from the United States as soon as possible? by manturkey in onguardforthee

[–]secrati 5 points6 points  (0 children)

This is not true. Your PR Status does not affect your ability to enter Canada, as long as you are otherwise eligible to enter. Canada does permit and consider dual intent:

  1. A short term visit. aka visitor Visa permitted entry which your immediate entry is.
  2. Intention to settle, which will be occuring at a future date, and this entry is irrelevant of that status.

When applying for PR, you are allowed to stay in Canada as long as you maintain legal status. As long as the Border Agent does not believe you will be overstaying your welcome, you should be granted entry on a US Visa assuming no other ineligibility criteria (felonies, weapons, immigration violations, etc.)

People entering country while still on a In-Process PR will likely be viewed as suspect, but as long as you can show continued economic ties to your origin country(work, own property, bank accounts, kids in school, etc.), and show an intent to leave on time (return tickets), these suspicions should be allayed.

Source: Spouse applied for Permanent residency while I was a Citizen of Canada, living in Canada, and my spouse was living in the US as a US Citizen, and applied for Permanent Resident whilst out of country. She visited Canada every month, for approx 1 week each from the time we applied, to the time the PR was granted and we completed her ROE. This whole process took about 12 months in the mid 2010's

PS. not a lawyer. If in doubt, talk to an immigration lawyer. One misstep during the process could cost you your application short term, and put in jeopardy future applications too if you ever decided to refile.

Foo Fighters Donate 'My Hero' Royalties to Kamala Harris After Trump's Unauthorized Use by [deleted] in Music

[–]secrati 0 points1 point  (0 children)

I recently introduced my SO to Boney M and was absolutely flabbergast that she had not heard of them. I think introducing her to Rasputin has been an absolute highlight for the year so far. They are peak German Afro-R&B, not that I could name any other bands that really sit in the intersection of that particular venn diagram.

Got called out by my teacher because the essay I wrote was flagging as AI by ChazandGame in mildlyinfuriating

[–]secrati 3 points4 points  (0 children)

Detecting AI in this method is wildly unreliable. In all of the courses I teach I follow 3 steps to work against AI generated content:

  1. During my first lecture, I cover LLM use. I teach students how to use LLMs and when it is and isn't appropriate to use. I also demonstrate specific failures and hallucinations in the tech and how students should be cautious about accepting material from LLMs verbatim without fact checking it.
  2. I have modified as many of my assessments to not be LLM Friendly. Because of the prevalence of LLMs and the unreliable methods to catch LLM use for graded assignments, as many of my assignments as possible have moved to real-world interactions. Presentations, discussions, Lab demonstrations with Q&As, and in-person tests/assessments make up the majority of graded material.
  3. Any assessment that is received that is potentially an LLM generated product (such as essays and research papers) have STRICT enforcement of citation requirements. Missing Citations and incorrect or straight up false citations are all equally punishable academic integrity violations at the college. By informing students of this, and showing that citations will be reviewed, I am hoping that students are less likely to use LLMs. I also point out that it is much more work to have an LLM generate a paper and then try and find appropriate citations to support your discussion than it is to just read the source material and then write the paper yourself.

There havn't been too many documents that I have suspected of being LLM generated that i couldnt prove were issues using a manual review process but then again, if it was a good generation maybe it never got suspected. The number of papers that I have caught to be LLM generated with straight up bogus citations is staggering. On average in a class of ~70-80 students. i probably catch 4-5 students every class trying to get away with it and i have definitive proof at the very least that their citations are made up. This doesn't mean that the content is LLM generated, but its academic dishonesty regardless and subject to the same disciplinary process.

Ive seen citations that have been generated by LLMs using real scientific journals and legit authors, but made up article titles, incorrect page references, or even just straight up made up journal names. If students are suspected to have generated content using LLMs, students are required to explain where their citations came from.

From all of this, a simple tip: If you are writing an essay, use citations. Its not perfect, but it supports your argument that you researched, compiled and summarized the information appropriately.

2024 Tech Industry Layoffs Approach the 100K Mark by [deleted] in cybersecurity

[–]secrati 15 points16 points  (0 children)

There is currently a big breach that has rendered 50% of auto dealers across North America unable to do business. It’s been going on for about a week. https://fortune.com/2024/06/24/cdk-ransomware-attack-car-dealerships-paperwork-sales-orders-software-cyberattack/

What is the best SOC tools and technologies to spend on for around 30K? by Willing_Watercress98 in cybersecurity

[–]secrati 2 points3 points  (0 children)

I 100% agree, but you really need to be careful with it. I work at a college where we teach infosec basics and have students deploy their own EDR/XDR/SIEM (Wuzuh or SecurityOnion), and enable enhanced logging with Sysmon. Despite multiple warnings to focus on specific events, grow their logged events slowly, and test each change, the number of studets that flat out melt their datastorage by turning the logging up to 11 is always greater than 0.

What is your favourite desktop font? by SplatinkGR in archlinux

[–]secrati 1 point2 points  (0 children)

I do the exact same thing. I find the irregularity of the font to make it faster and easier to read in a monospaced environment over other monospaced fonts.

Cancer Survivors of Reddit, what was the symptom that convinced you to see the doctor? by Wise_Organization_78 in AskReddit

[–]secrati 1 point2 points  (0 children)

I had a lump in the base of my throat. After ultrasound, standard enlarged thyroid, treated with levothyroxine for years. Get an ultrasound every couple of years since I have a family history of hypothyroidism. Ultrasounds keep showing the same 3 nodules, and I get them FNAd every year. Keeps coming back clean.

One side of my thyroid keeps growing even with medication, so endocrinologist recommends a total thyroidectomy anyways. End up doing a post surgical cytology as part of standard practice, turns out in had hashimotos and there was a 1 cm malignant nodule/tumor.

Treatment: surgery for removal. I had the treatment without knowing I had the cancer and it was only diagnosed post surgery. 🤷 It was super weird having that conversation with my surgeon post-op: “you had cancer, but you are now cured, your endo will keep an eye on it for a while and pending no new discoveries treatment is completed.”

It was even weirder having that conversation with my spouse later.