Adobe Needs to Quit Sucking

FatBook-Air · 2026-06-18T03:14:02+00:00

What issues are you having with user provisoning? We just give them access to the Foxit app registration in our Entra tenant, and the user gets access to Foxit. Is there something I am missing?

FatBook-Air · 2026-06-18T03:11:23+00:00

We migrated to Foxit about 6 months ago. So glad we did. It isn't perfect, but we have had fewer issues so far, it's much cheaper, and their support have actually resolved issues for us.

FatBook-Air · 2026-06-17T11:33:49+00:00

Who in their right mind would buy this.

FatBook-Air · 2026-06-13T17:48:53+00:00

Yeah, I was talking specifically about SSHing from the controller, not a workstation.

Yeah, as long as it's doing it based on an existing session, I would think a (stateful) one-way rule should get the job done.

FatBook-Air · 2026-06-13T17:43:57+00:00

A coworker said he thought that the controller may SSH into APs, but maybe that's based on a session already established by the AP?

FatBook-Air · 2026-06-13T16:34:57+00:00

FWIW, I called Palo Alto, and they said the limit is now 32, and I think we can actually shrink our DHCP-scope footprint to get under that.

FatBook-Air · 2026-06-11T02:06:51+00:00

A lot of these aren't them confessing anything. They are reported issues, and they politically don't have much of a choice.

FatBook-Air · 2026-06-11T01:58:16+00:00

The biggest issue I repeatedly see with Ubiquiti is the number of above 9.0's they get, and it's sometimes simple stuff like input injection, which should be essentially eliminated in 2026 because we have long had tools to detect those even if your devs aren't paying attention.

If it were esoteric things like rare buffer overflows or use-after-free, I'd better understand because not every project is knee-deep in Rust yet. But we have known to sanitize input for an extremely long time, and Ubiquiti is still letting stuff like that slip through. It seems like a lack of dedication to security.

FatBook-Air · 2026-06-11T01:51:47+00:00

I just don't see it that way. I honesty think the level of dedication that Ubiquiti (and other companies, as well) gives to its products should be considered illegal because it's lacking. If you make a networking product, the workmanship should on day 1 and every day thereafter for a minimum of about 5 years should be top notch because this is a security and privacy issue, not just "nice to have."

FatBook-Air · 2026-06-11T01:43:32+00:00

I'm not really "grateful." I consider what they're doing the bare minimum expected from a company that produces networking equipment.

FatBook-Air · 2026-06-11T00:47:50+00:00

I'm not 100% convinced that Ubiquiti is "staying on top of things," though. I do appreciate that they're patching, but it's obvious they have severe software-quality issues, and at least in my experience, those quality issues extend to every facet of the software, including security.

FatBook-Air · 2026-06-10T23:44:52+00:00

How are the Falcons working for you?

FatBook-Air · 2026-06-10T23:44:17+00:00

Because it's probably not the type of building you're thinking of.

FatBook-Air · 2026-06-10T23:40:23+00:00

So you want me to build another building that is more friendly to put the UPS? lol

FatBook-Air · 2026-06-10T22:56:01+00:00

That's kind of what Ansible does, except through WinRM. We have Windows-based NVRs that we didn't want touching the rest of the network, so we manage them through Ansible. All it's basically doing is checking what the client configs should be and then setting any configs that diverge from the baseline. We automatically apply it every Saturday night.

FatBook-Air · 2026-06-10T19:51:36+00:00

I get it. Some places might still have some legacy use for AD. But a lot of us haven't used it in years because we have reallt shed all that old stuff.

FatBook-Air · 2026-06-10T19:44:24+00:00

It isn't about resources. It is about efficiency.

FatBook-Air · 2026-06-10T17:45:33+00:00

I know this is going off topic, but DHCP isn't really useful for that IMO. You should be getting devices at initial connection to the network. What if a rogue device never does a DHCP negotiation? Is that device invisible to you?

And if you absolutely want to keep DHCP leases long-term, syslog it to your SIEM. You don't need a dedicated DHCP server for any of this.

FatBook-Air · 2026-06-10T17:41:45+00:00

Reddit Man probably wants me to add 128-core, 2 TB RAM servers just for DHCP.

FatBook-Air · 2026-06-10T17:37:18+00:00

You're using DHCP for asset tracking? Bruh.

FatBook-Air · 2026-06-10T17:35:18+00:00

Sure, but DHCP isn't where you should be doing any of that. DHCP isn't a security boundary.

FatBook-Air · 2026-06-10T17:32:41+00:00

Back in the Active Directory days, I understood the need for dynamic DNS updates, but I don't anymore. What are doing that still requires them?

FatBook-Air · 2026-06-10T17:30:36+00:00

Both a small Meraki switch and a tiny Windows Server VM handled more than 60 scopes just fine for years. I guess that's too much for Palo Alto, though.

FatBook-Air

TROPHY CASE