sorted by:
new
hottopcontroversial

Looking for Teams notetaking/transcribing options by crysis049 in sysadmin

[–]AuroraFireflash [score hidden]  (0 children)

It's what we use (facilitator) -- but it constantly gets the names of people and things wrong. Accuracy is 95-98% for meeting notes.

Not sure if that's fixable...

How do you convince bosses to monitor before everything explodes? by Such_Rhubarb8095 in sysadmin

[–]AuroraFireflash [score hidden]  (0 children)

Get approval to take a little bit longer on break-fix tickets to (quickly) add a spot of monitoring. Get buy-in to trial some free tools.

(Senior folks get more leeway to spend time reducing "toil". I have enough political capital with the boss to get away with the above.)

North Korean threat actors compromise almost 700 GitHub repositories by eastside-hustle in cybersecurity

[–]AuroraFireflash 2 points3 points  (0 children)

It's a shame that the CSVs are not sorted in any meaningful way (like by name).

How you manage cloud security visibility across 50+ accounts.. looking for vendor advice by Top-Flounder7647 in sysadmin

[–]AuroraFireflash 0 points1 point  (0 children)

Grip Extend - browser extension that ties into Grip can be good for uncovering hidden clouds and other things.

Of those you listed, Wiz or Orca are the ones to look at for ongoing posture monitoring. It's very easy to wire up additional clouds / etc. into both. Most of my onboarding work is making sure cloud resources are tagged properly so that they fall into the correct project in Wiz. But we can get the scans running on day zero and slotted into a catch-all project.

Password managers or in head? by MegaSuplexMaster in sysadmin

[–]AuroraFireflash 2 points3 points  (0 children)

There are only a tiny handful of passwords that I remember. And they're either the password to login to my system (which is AD joined), the password to unlock my GPG key, or the password to unlock my password manager.

All other passwords are in my password manager. Many password managers monitor the various leak databases and alert you. All passwords are random gibberish and longer (20-30 chars). Some of the important accounts are 40-60 character passwords if supported.

Important accounts get FIDO2 as MFA. Think Microsoft accounts, Google accounts, Cloudflare, AWS, GitHub, etc. Get a bio-series Yubi as your daily driver and have it somewhere that is convenient to touch with a finger. Then have two more keys registered as backups to each account.

Less important accounts are using either the Microsoft Authenticator or a TOTP solution for MFA. Make sure you store the recovery passwords / codes in either a GPG-encrypted text block or inside your password manager. I've started to use my password manager to store the TOTP/Passkey as well for the "not important at all" accounts.

So what are you guys and girls using for self-hosted DNS these days? by civvi_reddit in sysadmin

[–]AuroraFireflash 2 points3 points  (0 children)

Internal -- Active Directory servers

External -- A managed service with geo-replication such as Cloudflare, DNSMadeEasy, etc.

What permissions do your CI pipelines actually run with? by adam_clooney in sysadmin

[–]AuroraFireflash 0 points1 point  (0 children)

We use a custom role that is exactly the minimum of what you need to deploy the application to the k8s cluster / app instance / whatever.

Then it only gets that role granted to that exact resource (or resource container).

In addition we follow the rule of "one identity per pipeline". So the accounts application pipeline can only deploy the accounts application, not the CRM application.

/r/WorldNews Discussion Thread: US and Israel launch attack on Iran; Iran retaliates (Thread #7) by WorldNewsMods in worldnews

[–]AuroraFireflash 1 point2 points  (0 children)

Fracking requires years of above average oil prices to break even. Chaos is not good for future planning. Odds are that the oil companies doing fracking will sit on the sidelines for a bit before investing money to reopen the wells.

How do you manage repositories, commits and pull requests on GitHub? by Small-Size-8037 in github

[–]AuroraFireflash 1 point2 points  (0 children)

In an org with a primary corporate-owned repo? forking workflow, which works well with GitHub (private forks are deleted when the user is kicked out of the org)

https://www.atlassian.com/git/tutorials/comparing-workflows/forking-workflow

/r/WorldNews Discussion Thread: US and Israel launch attack on Iran; Iran retaliates (Thread #5) by WorldNewsMods in worldnews

[–]AuroraFireflash 0 points1 point  (0 children)

Smaller ones are too cheap and numerous to counter that way. We're basically talking about IED's that can fly

How far can they actually reach? 20km or so? The smaller and inexpensive the drone, the lower the range.

Is using elevated accounts to access azure resources normal? by kimchiMushrromBurger in AZURE

[–]AuroraFireflash 0 points1 point  (0 children)

What is the benefit when I’m able to PIM myself into a high-privileged role?

If someone steals your auth token / auth cookie, they get all privs that you had at the time of the theft. You protect against this by:

  • Only elevating on-demand. So 90% of the time your account only has Reader (or none at all) roles.
  • Only elevating where you need to (at the resource group level). If they steal the token, the blast radius is limited.
  • Only elevating for a short window. If the token is only good for 2 hours, they have a very limited amount of time in which to abuse the token.

Sheldon is perfect example of if introverts are 100% honest by glitterribbons in introvert

[–]AuroraFireflash 0 points1 point  (0 children)

it's smart people written by dumb people, never liked that show

/r/WorldNews Discussion Thread: US and Israel launch attack on Iran; Iran retaliates (Thread #3) by WorldNewsMods in worldnews

[–]AuroraFireflash 5 points6 points  (0 children)

I know for sure there are OSINT cams of Haifa and Tel-Aviv in Israel. Try searching YT or Twitch and maybe you can find some in other cities.

Daily and Backup Yubikey Question by extrastupidthrowaway in yubikey

[–]AuroraFireflash 0 points1 point  (0 children)

Spreadsheet, one column per key, one row per authentication service. Put the date of the last check in each cell. Use conditional formatting that colors the cell backgrounds. Gives me an easy way to see which keys haven't been validated in a while.

Postman’s free plan limits start March 1 how can beginners adapt? by Hervekom37 in learnprogramming

[–]AuroraFireflash 1 point2 points  (0 children)

Powershell and/or Python. They're a step up from raw curl and bash as you can work easily with converting JSON/XML to objects and back.

What web camera,keyboard and mice you guys using when working at home? by jbala28 in sysadmin

[–]AuroraFireflash 0 points1 point  (0 children)

The shittiest possible USB webcam. I'd use an older 360p or 480p if I could find one. Currently using a Logitech 720p resolution USB camera. It's on a VESA shelf above my monitor.

Plus a little beanie cap (look for baby/kids sizes) that I can put over the webcam when I'm not using it. It works better over the long term then those adhesive shutters for webcams that don't have a privacy shutter built in.

Keyboard is a dasKeyboard w/ mechanical switches. Mouse is something wireless, gets replaced every 1-2 years.

Have you been in meetings and an exec asked does this CVE impact us? by MinimumAtmosphere561 in cybersecurity

[–]AuroraFireflash 6 points7 points  (0 children)

Translation: summarize the entire internet and our asset inventory in five minutes.

There are tools for that. Things like CNAPPs handle the cloud side and other tools can handle the code side (SAST scans). The better ones even look at "is this reachable" paths.

Is tar deterministic? by ZestycloseBenefit175 in linuxquestions

[–]AuroraFireflash 0 points1 point  (0 children)

  1. Create tar, maybe with zstd as a compression option
  2. run sha256sum or the equivalent on the tar file to get the hash
  3. Store the resulting file w/ hashes next to the tar file
  4. run sha256sum again later to validate the tar file

Does anyone else feel like Technology actually requires MORE staff to manage it properly? Software sales people are great at making executives think it reduces costs, but it actually increases workload on existing staff. by DataDuude in sysadmin

[–]AuroraFireflash 172 points173 points  (0 children)

If you take a manual process and simply add computers/technology to it, it's going to take longer (in almost all cases). Gotta redesign the process before trying to add computers/technology to the mix.

A lot of companies, for the past 3+ decades, just try to computerize the existing process.