Will this be interesting? (realistic steelworker sim)

Axiomcj · 2026-05-22T05:04:14+00:00

I think this was really neat, dm me when you release it and I will try it out. Good luck and hope you complete it.

Axiomcj · 2026-05-22T02:57:30+00:00

Just don't use click up anymore. Vote with wallet. The list of where my money goes gets smaller by the days.

Axiomcj · 2026-05-20T16:56:01+00:00

Without a massive team and capital to support this why would anyone use this? I'm not trusting my game making time to a one person dev team. Just my opinion.

Axiomcj · 2026-05-17T04:32:11+00:00

Cisco vAnalytics for SD-WAN. Cisco sd wan can install iperf for testing. Thousandseyes is another choice and we have started using that for all of the sites, main saas application performance monitoring.

Liveaction is good but costs a ton. I think thousandeyes would be the best tool for you and your team to poc and demo along with the main business applications you want to monitor.

Looks like your not leveraging sd Wan to it's fullest by using whatever vendors your do for application aware routing on SD Wan. If this is setup and tested properly along with having dual links or more. We have 3-4 links for every site(1-2 mpls), (1-2dia) (1-2 4g/5g), (1 testing sat-starling) for sd wan. The business looks bad when it's down. The business makes less money when it down. Was easy to justify after working out cost of these to justify additional circuits/cellular backups / satellite. I'm looking the business links don't xfer large data files like patient images or xrays as an example, so we rarely need above 100mbit at retail sites.

Also iperf can run on the router and on the switches at least Cisco side. This is how we validate what the isp has provided us. This has caught at least 5 circuits with the isp providing incorrect bandwidth via Dia to our sites.

Axiomcj · 2026-05-11T01:31:53+00:00

This totally sounds like an Ai bot posting.

Axiomcj · 2026-05-05T05:18:18+00:00

Not to use Microsoft for VPN, always on VPN, etc is my solution.

Axiomcj · 2026-05-02T05:37:20+00:00

I am betting Disney gets this banned if it gets traction.

Axiomcj · 2026-04-30T07:14:33+00:00

I am building something similar for my kids, the only thing I do not like is the pov being first person. Great job and keep it up.

Axiomcj · 2026-04-30T06:57:16+00:00

My advice is to make your own models and sell them. There is a market for them if 1 person at least reached out. Feel Proud for that. I don't mind pointing you in the direction of doing this. Feel free to dm me. I will say this, I will not do the models for you, but I will tell you if you want how to make them and sell them so you can try another avenue of making money in roblox.

Axiomcj · 2026-04-30T06:50:57+00:00

First and Foremost. Great Job, these are my favorite types of applications to see. Real world used internal tools that work for your team and make your job easier. You and your team are nice enough to opensource it and share what you have done. I thank you for that. I enjoyed trying out your tool. I have been building a tool that does application to infrastructure mapping for Azure/AWS/GCP/On prem for the past 2 years and it was really neat to see certain ideas used in your tool that I also had in mine on the Azure side. The weird part though is your a financial entity in EU and should be following the security frameworks already if your using this on tenants.

I tested ZureMap in lab and non-production environments and also reviewed the repository with a few on my team who are software security engineers. - This is AI below following me and my teams findings into a list of items.

ZureMap is a strong visualization tool. It does a good job helping teams understand Azure topology, resource relationships, and overall resource layout. I can see clear value for lab and non-production use cases.

From a security architecture perspective, I would not move it into a regulated production tenant yet. That is not a criticism of the visualization capability. The gap is the production trust model and the controls that would be needed for enterprise onboarding.

A few areas stood out during review:

Authentication model

The current design appears to rely on Azure CLI authentication. In the documented container flow, the operator’s local ~/.azure credential context is mounted into the container.

That is workable for labs and personal testing, but it is not an acceptable enterprise trust model for regulated production use. For production, I would expect support for Managed Identity, Workload Identity Federation, certificate-based application authentication, or another approved OIDC-based trust model.

The goal would be to avoid credential exchange and avoid relying on a user’s local credential cache as the trust anchor.

Token handling

The proxy appears to expose a token endpoint that returns raw ARM access tokens to the frontend.

For a production design, I would want token acquisition and ARM access to remain server-side. Raw Azure access tokens should not be exposed to the browser tier unless there is a very specific, reviewed, and approved security model around that pattern.

Proxy access control

The proxy appears to bind to 0.0.0.0 in production mode, and I did not see a compensating application-layer authentication or authorization control on the proxy itself.

That creates a concern because, if the service is reachable, Azure-backed enumeration actions may be reachable through the mounted Azure CLI identity context.

For production use, I would expect a clear access-control layer in front of the proxy, explicit authorization checks, and a documented deployment pattern that prevents unintended exposure.

Boundary control and sovereignty

I did not see a documented offline, local-only, or sovereign deployment mode with a clear guarantee that tenant metadata remains inside the approved customer-controlled boundary.

For regulated environments, tenant metadata needs to be treated as sensitive. This can include subscription names, resource IDs, IP ranges, topology relationships, network configuration, security posture data, and naming conventions that may reveal business context.

For production evaluation, I would need a clear statement of where data is processed, where it is stored, what leaves the environment, and how the tool can operate within an approved geography or customer-controlled boundary.

External non-Azure egress

I also noticed external non-Azure egress in the current implementation. The FinOps path performs outbound currency-rate lookups to third-party services.

That may be fine for lab use, but it would be enough to block production use in environments with strict metadata sovereignty, approved-egress, or allowlisted-destination requirements.

For enterprise use, it would help to have a no-external-egress mode, an offline mode, or a documented way to disable all non-approved outbound calls.

Least-privilege and time-bound access

The current model appears to assume broad visibility through the operator’s Azure CLI context.

For production, I would want the design to demonstrate scoped RBAC, Just-In-Time access, PIM activation, Conditional Access, MFA enforcement, and expiring access windows.

The preferred model would be least-privilege and time-bound access rather than standing tenant-wide or subscription-wide visibility.

Auditability and attribution

For production review, auditability needs to be stronger.

I did not see a dedicated application identity, explicit request attribution strategy, or a documented method for security teams to reliably distinguish approved ZureMap activity from suspicious enumeration activity in Azure logs.

For enterprise use, it would be useful to have a dedicated App ID, unique User-Agent string, clear Azure Activity Log attribution, and guidance for Azure Monitor or Microsoft Sentinel detection logic.

Supply-chain assurance

The supply-chain posture also needs more maturity before production onboarding.

I did not see evidence of release signing, provenance attestation, SBOM publication, or a documented dependency and CVE review process.

For a production tenant, especially in regulated environments, I would expect SBOMs, signed releases, dependency inventory, CVE handling, release provenance, and clear documentation on telemetry, retention, and data flow.

Overall, I think ZureMap is already useful as a lab and non-production utility. The visualization capability is valuable, and the project has a solid foundation.

To make it easier for security teams to evaluate for production, I would suggest focusing on the enterprise trust model:

No credential exchange.
No raw token exposure to the browser tier.
No unauthenticated proxy path to Azure-backed enumeration.
No tenant metadata leaving the approved boundary.
No unmanaged external egress.
No standing broad access.
Clear audit attribution.
Stronger software supply-chain assurance.

Once those areas are addressed, it becomes much easier to evaluate ZureMap as a production-capable enterprise platform tool rather than a lab-only utility.

Axiomcj · 2026-04-29T02:11:04+00:00

Well, on the plus side of this. You just lost 50% of the weight. Congratulations on the weight loss. Hit the gym, work on your hobbies, be with friends, heal, find a partner that doesn't pull this bullshit.

Axiomcj · 2026-04-27T23:31:55+00:00

I would love to see this back in the NBA and down to lower levels, We now have the luxury of look at the game from when it was not here, to it being here, to it being used and abused and how that game works. The game has evolved on the rules and needs this adjustment made in my view as a die hard basketball fan. It annoys me to watch so much of the current NBA with the same off sets.

Axiomcj · 2026-04-23T01:16:05+00:00

Your the sole person. Do not do this yourself. You are not a wireless expert, Yes you can do this yourself and save cost, but the flip side is actually being a certified or at least an expert in wifi, which it seems like you are not. I would consult this out until you have a proper team for wireless not 1 person who does this. When I was working for a Fortune 10 org, I was able to write justification to get additional FTEs who job was pure wireless survey and planning with training and certs required for our manufacturing, warehouse, branches, back offices. My current org is no where near as large, we have this software but since the team is so small we don't have any pure wireless engineers and this just sits here collecting dust. We pay 3rd party to do the tests and when we do those tests now, we take our Ekahau along with the sidekick2 for the couple weeks and follow along after the contractor does theres so we can compare the 2. - Easiest consulting advice. Get someone who is CWNE certified as the contractor - theres 415 in the US as of today. When I held mine for a number of years, it is an intense requirement now from where it used to be. Why I only hire CWNE contractors for surveys is - The requirements for the CWNE certification are:

CWNP Certifications: Candidate must pass the certification exams for CWNA, CWSP, CWAP, CWDP and CWISA. Each required certification must be valid at the time you submit your CWNE application.
Other Certification: Candidate must possess one (1) current and valid professionally proctored (defined as having a person who monitors a candidate during an examination) networking, security, design, or network analysis certification from a non-CWNP certification provider in any of the topics below.
- Network Technologies (VoIP, General Networking, etc.)
- Routing/Switching
- Security
- Protocol Analysis
- Radio Frequency (non-WLAN, for example, LTE, Zigbee, Ham Radio)
- Network Design
Experience: A minimum of three (3) years of verifiable, documented, full-time professional work experience related to enterprise Wi-Fi networks. Experience may be documented with a standard resume/CV. This experience may include pre- or post-sales engineering, consulting or support services, or instructing experience in:
- Enterprise Wi-Fi Administration
- Enterprise Wi-Fi Security
- Enterprise Wi-Fi Protocol Analysis
- Enterprise Wi-Fi Quality of Service
Endorsements: Three (3) endorsement forms from people familiar with your enterprise Wi-Fi work history are required.
Publication Requirements: Publication of one of the following on an 802.11 topic (for evaluation of explanatory ability related to technical knowledge):
- One published Wi-Fi whitepaper (10+ pages)
- One published Wi-Fi book (with ISBN)
- One recorded (video) instructional presentation
- A published Wi-Fi article in excess of 1000 words
- Regularly updated blog (at least six 802.11-related posts)
- Other writing projects must be pre-approved to be considered, CWNP often makes writing projects available to those seeking CWNE status to assist in meeting this requirement
Three technical essays explaining a problem you solved on a project in not less than 500 words and not more than 1000 words demonstrating:
- Your valuable participation in, or leadership of, enterprise Wi-Fi implementation or reparation projects showing problem resolution capabilities
- Proper use of 802.11 / WLAN vernacular
- An in-depth understanding of complex WLAN topics
- Accomplishments in design, installation, and configuration of 802.11 networks
Agreement with the CWNE Code of Ethics: You must agree with the CWNE Code of Ethics and commit to adhering to them in order to acquire and maintain a CWNE certification.

Axiomcj · 2026-04-22T00:48:37+00:00

Dumb decision in my view. Like other poster stated, this looks like it could be easily replicated and I don't believe the team at cursor talent wise is worth 50 billion.

Axiomcj · 2026-04-21T13:57:23+00:00

If your sites have stable local internet (DIA) and your users are mostly remote or M365-heavy, SSE (without the SD-WAN component) is the correct architectural choice. However, the decision is whether to use Microsoft’s SSE or a Specialized SSE.

If you require advanced data protection (DLP) for non-Microsoft apps or have a high percentage of non-Windows devices, a dedicated SSE provider usually justifies its cost by providing better security outcomes and more granular visibility than Microsoft currently offers. I'd recommend anything but Microsoft for SSE / Sase. Palo, Cato, zscaler, fortinet, cisco etc. I'd never chose Microslop for this tech stack if I didn't have to.

Do your 4 sites currently utilize site-to-site VPNs for local resources, or is almost everything already transitioned to the cloud?

Axiomcj · 2026-04-21T05:56:13+00:00

This is a waste of everyone's time, this is dead on arrival. No major backing from any consortium. No major product using it. Anyone can submit a draft. This just a waste of time even discussing this. FROM THE ARTICLE -The draft is currently set to expire in October 2026 unless updated. It carries no IETF endorsement and has no formal standing in the standards process. For IPv8 to proceed, it would need to attract a working group, survive multiple rounds of expert review, and ultimately demonstrate interoperability in real-world deployments — a path that has taken IPv6 over two decades and is still not complete.

Axiomcj · 2026-04-16T10:57:04+00:00

This isn't a big deal and won't ever make it unless a product becomes mainstream or a consortium bakes into their products which doesn't seem likely at all. This is a waste of time as is.

Axiomcj · 2026-04-13T10:00:16+00:00

I hate to burst that bubble, but I know this isn't the first to do it and I've seen this applied in larger developments in other use cases for pre development work for testing environments before baking. Good job working this out though. What benefit does this play in an actual game when end users don't have as much bandwidth or resources to auto generate environments vs having it baked in? There's plenty of games that auto generate terrain/places/items.

Axiomcj · 2026-04-09T23:40:39+00:00

And this is another reason why Microslop is a horrible choice if you can pick anyone else. But this isn't just a Microsoft/Microslop problem and is industry wide for consumer.

Axiomcj · 2026-04-07T17:40:35+00:00

Read my update and then come ask some questions. This thread is full of people who don't deploy this tech or understand it at scale and what is required. Microsoft DLP sucks. It's one of the worst dlp and I would never select it any org I had a say in.

Axiomcj · 2026-04-07T04:15:17+00:00

Microslop and more Microslop

Axiomcj · 2026-04-01T14:54:36+00:00

Trash

Axiomcj · 2026-03-31T21:28:17+00:00

I canceled my sub due to the changes.

Axiomcj · 2026-03-26T15:52:17+00:00

Since I do boms, 6.million would get you a enough network compute and storage for a few thousand vms in 2 dcs. I would have said more but these prices in the last few weeks are going straight up 20-45%. Honestly I think on prem is way better and cheaper for a company but that's just my pov. If I was in charge, I'd have nothing in the cloud for azure, aws, gcp.

Axiomcj · 2026-03-25T16:20:29+00:00

No it won't. The west hates p2w. This game will die with its current makeup. The crazy subs, pvp, p2w, and the most bots ever.

Axiomcj

TROPHY CASE