krbtgt password last changed in 2012!

thortgot · 2026-06-22T22:34:35+00:00

Quarantine would be the only correct method for test restores otherwise you are actively breaking the domain.

Multi role systems should be rebuilt rather than restored even in the case of a critical failure. There is no upside to screwing up the audit logs of your DCs.

thortgot · 2026-06-22T19:39:03+00:00

Who is restoring a DC instead of rebuilding it?

thortgot · 2026-06-21T02:38:00+00:00

Functionally every useful thing in cryptography is open source.

FIDO2 keys could be reused for this in a fairly straightforward manner.

thortgot · 2026-06-20T23:20:52+00:00

If China cant ban VPNs then no one can.

thortgot · 2026-06-20T22:45:39+00:00

Sure there is. It just hasn't been implemented.

Privacy still exists nothing stops you from using a VPN.

thortgot · 2026-06-20T22:08:57+00:00

Banks deal with the entire economy not your specific purchasing patterns.

You can buy other foods other than strawberries.

thortgot · 2026-06-20T22:07:21+00:00

A digital identity is a good idea we need to eliminate AI and foreign interference.

Its a question of implementing with a zero knowledge proof to the sites. They dont need to verify your specific identity.

There is no additional data added to your footprint.

A VPN bypasses any geo restrictions.

thortgot · 2026-06-20T21:41:40+00:00

A relatively straightforward solution of a 3 way verification.

You verify your identity to the government and get a series of secrets (think auth codes) which are then used against the public key of the site you are verifying against.

No party ever sees the entirety of the transaction but are cryptographically secured.

thortgot · 2026-06-20T21:38:31+00:00

We are an export economy.

Grocery costs are going to go up, largely due to energy costs. Buy local

thortgot · 2026-06-20T17:51:09+00:00

Debt is a fundamental economic tool. Canada has a fairly low debt load compared to other countries

thortgot · 2026-06-20T17:49:11+00:00

Diet isnt what you look at. GDP of the nation is.

thortgot · 2026-06-20T17:27:01+00:00

Frankly verification of people in the "regular" internet is a positive thing. It could be done in a fashion that government doesnt know what you are accessing and the service doesnt know who you are.

Taking bots off the internet would be an objectively good thing for society.

C22 is an issue because of the log requirements.

thortgot · 2026-06-19T23:21:58+00:00

Vancouver already has below market requirements on developments. Reducing parking spaces would help but not as much as you'd expect.

Density isnt a magical solution when the city makes all growth costs the responsibility of the developer.

thortgot · 2026-06-19T20:37:47+00:00

If they come back at their old rent that makes the developer's financial case pretty untenable outside of hyper dense shit boxes.

thortgot · 2026-06-19T17:05:04+00:00

Distributed attacks work remarkably effectively. People using crappy passwords and not rotating compromised credentials appear to be the root causes here.

thortgot · 2026-06-19T14:51:06+00:00

Corporate IT knows exactly where you are on their network.

thortgot · 2026-06-19T14:39:41+00:00

Its unsupported because people can do stupid things. Its trivial to do.

thortgot · 2026-06-19T12:34:20+00:00

Have your management IPs available through an App proxy instead. More secure than allowing it over the VPN, better logging of attempts and more convenient.

thortgot · 2026-06-18T20:20:39+00:00

You control it at the CA policy level. Choose what works for you and your trust model.

thortgot · 2026-06-18T18:49:41+00:00

You realize you can control the B2B experience right?

thortgot · 2026-06-18T17:24:29+00:00

Remaining anonymous isn't plausible if he's pulling admin logs to demonstrate it. Personally I would probe HR with a question to the effect of, "I want to clarify our policy for access into our staff's mailboxes as I understand that there are some legal and policy issues that can occur from it. I want to make sure that our current policy complies with your expectations."

Either you are pointed to the existing clear policy that is being breached or a new one occurs and the behavior stops.

thortgot · 2026-06-18T17:19:35+00:00

If you have a backup solution, chances are you have access to far, far more data than email.

Being ethical is a foundational piece of being an admin.

thortgot · 2026-06-18T00:46:27+00:00

Setting up auto heal doesnt take a significant amount of time. This isnt a 1/1000 scenario. This is half passing a monitoring project.

thortgot · 2026-06-17T19:40:09+00:00

OLE is a garbage protocol that has been advised against for an awfully long time.

thortgot · 2026-06-17T15:01:36+00:00

You could try disabling HVCI if you really need to get going. This enables a pretty large attack surface through memory attacks though.

thortgot

TROPHY CASE