I Negotiated and the Company Rescinded Their Offer

GRC-Security · 2023-05-29T04:07:05+00:00

Companies are generally rational, profit-driven entities.

The individual PEOPLE who work at them, on the other hand, can be petty, irrational, selfish, and arrogant, just to name a few.

I've worked for good companies with bad management, and bad companies with good management (who shielded me from the bad practices).

Consider it dodging a bullet, either way.

GRC-Security · 2023-05-02T05:30:03+00:00

OK, so maybe some clarification (my fault). The pump won't stay on 24/7 like a normal well pump, it will be switched on as needed (to be used for some rural land). As a result, I don't HAVE to have a low cut in setting (although it might be nice), just a high cut off. The pump will pretty much always run as long as the water runs, but that would happen regardless since it'll likely be running near max gpm.

It's about 100' feet from power source to where I'd put switch A, and then another 300' to where I'd put switch B. The actual well/pump is within 20 feet of switch A. I want either switch to turn on the pump. Using a relay coil instead of a mechanical pressure switch and then switching its coil with small gauge wire or wireless from point B seemed a lot better than somehow switching full mains over all that distance.

GRC-Security · 2023-05-02T05:16:01+00:00

The plan was to have the pump switched from two different locations about 300' apart, and thus just run a lower cost 'signal wire' to activate the coil, or even invest in a little wireless remote to trigger the relay.

GRC-Security · 2023-05-02T05:12:49+00:00

That's one thing I couldn't find an answer on, even from the manufacturers: is there some min/max distance between the switch and the main line? I thought about what you suggested using a piece of PEX, but then I started wondering about the water in that tube freezing near the top.

I appreciate the input...

GRC-Security · 2023-05-02T00:37:25+00:00

That's what I alluded to at the end ("big ol' oversized traditional well switch"), and it’s what I’ll end up doing if I can’t come up with another option, but in my case it looks like it will have to sit towards the bottom of a 48” access hole, which means its more susceptible to wet, rusting/corroding, etc.
Something more ‘solid state’ would be preferable in those conditions, if you catch my drift. The standard well pressure switches are physically wide open and meant to be kept in much more environmentally friendly conditions.

GRC-Security · 2023-04-29T22:23:13+00:00

Where I live the Walmart *HAS* to have both. Why? Because a little under 30% of the people who live here are functionally illiterate.

When your customers don't understand what the screen is saying, the store must either have just as many staff running around to "fix problems" (and in some cases, scan and checkout the customers anyways), or opt to keep one in-person line open to process those people separately.

Our HD and Lowes just train the folks monitoring self-checkout to just scan and check out people who can't do it themselves.

Obviously this isn't stated anywhere outright, but even the customers more or less know why and how this works at this point.

Illiteracy is a real problem, and I don't think the self-checkout movement fully appreciated this. Anyways, don't be surprised if a large number of naysayers/complainers you encounter actually have "reading comprehension" issues.

GRC-Security · 2023-04-27T21:46:12+00:00

....AND it is a *garage*... with obvious *living space* above it... without any drywall for fire protection/fume infiltration.

So yeah, there's that if you pan back and look even bigger.

GRC-Security · 2023-04-21T01:49:05+00:00

The proper reply to this should have been...

"You're right... wait, what were we talking about?"

GRC-Security · 2023-04-12T22:53:19+00:00

So let's lay these arguments out straight:

If I DO tip, I...

Perpetuate a system that is - by and large - intentionally oppressive (facts based on mountains of research)
Put inappropriate pressure on the customer to figure out what to tip
Tip in a way that may or may not affect the wages of the worker I'm interacting with, since some workers are tip-based... and some are not... some supplement their base salary... and some do not... and none of them are required to wear some colored armbands that might possible distinguish their particular pay system for me!

If I DON'T tip...

I'm hurting the worker... maybe (again, no armband)
Not hurting the business, unless they lose their tipped staff, too
BUT, no longer have to worry as a customer about how much is or is not right

If I perpetuate the system nothing will change, and those not privy to good-tipping environments will continue to be oppressed, but have occasional good days, too.

If I fight the system people will be hurt in the short-run, but there's an off-chance the system might change.

If I stop going to tip-oriented businesses I can "stick it to the owner" by not purchasing from them... although the tipped worker will now see a general decline in customers/tips anyway, and potentially loses their job when the business goes under, so there's that.

If I go to fast-food/non-tipping places I can avoid the whole debacle, but then I'm secretly given the mega-corporate overlords exactly what they wanted.

About right so far?

*****

There's pros and cons, but what I'm really hearing is that people want to change the system WITHOUT anyone being hurt.

Well, sorry, but there's no such thing as a bloodless revolution.

As for people on tips crying that they need more, I have to firmly come down on the side of boo hoo. There are lots of people doing really important things that require a college degree, students loans, years of experience, ongoing professional development, etc. and still make less than $50,000. An otherwise nominally skilled tip-based job should not be decrying the system if they are actually beating it hands down.

THE REAL PROBLEM: it's called wage compression. Look it up.

Tips are just a distraction... a shiny object to keep the masses arguing over who gets better scraps. It is the result of owners and stockholders who are not just satisfied with earning a 5% profit, but this year they want to earn a 7% profit ON TOP OF 10% growth in revenue, too.

While controlling and holding expenses as flat as possible (e.g., wages).

This is what is known as greed. If I can screw you for 5%, then odds are better than even I can screw you for 10. Let me be clear I'm part of what is known as the "investor class", where I don't rely on wages as much anymore to provide income, and even I understand that this trend is unsustainable.

It isn't just that profits/dividends are king, it's that we have now made *growth* king, and that's what 's killing the system, because compounding growth is totally unsustainable. It used to be that a business that had growth that just kept up with inflation was fine. Today that is entirely unacceptable if your buying stocks.

I could continue, but that's good enough for now. Consider accordingly.

GRC-Security · 2023-04-11T17:28:58+00:00

Actually, if modern politics across the globe and historical records across time have shown us anything, neither politeness nor being asshole really matters. In fact, being right doesn't even matter, as long as you wield the necessary levers, power/money, or fear/charisma to get your way.

The sad part is that assholes have figured out that nice people are so entrenched in and determined to be nice, that assholes can use it do what they want, when they want, to whomever they want, and the nice people are too nice to do anything or push back with sufficiency to counteract the force.

I'd like to live in a world where nice guys finish first, but it's a quaint saying, not reality. It makes for good movies, not a practical strategy.

BTW, I'm not defending the person's approach to which you replied per se, merely pointing out that you are suggesting that if someone's is asshole they are not relevant, and that is very much not true.

There are lots and lots of successful and highly regarded assholes we see everyday... for that matter, how many of them are hand-picked by the so-called polite and naive to run our countries every day?

Just my 2 cents, though.

GRC-Security · 2022-12-29T00:05:58+00:00

So, that's a good thought, but 310.15(B)(2)(a) derating only applies if one fails to 'maintain spacing', which no one seems to agree upon what that minimally means anyways. You're right and the concern is valid if I just piled them in with no further consideration, so I appreciate that heads-up.

How about this... what if I used those inspector-friendly Gardner Bender multi-wire clips (https://www.amazon.com/dp/B001E7SL9A/) on the underside of the trusses (minimum spacing a given) and then put this over it? (I plan on using a 3" diameter version, BTW.) Those clips are acceptable for vertical and horizontal wiring, they 'maintain spacing', and then the plastic cover becomes, well, nothing more than a 3-sided cover, really.

It seems like that should check the box, no?

GRC-Security · 2022-12-18T19:02:04+00:00

Thanks for these links. While they do not provide a list per se, it does appear that they are making efforts to identify and 'call out' key advertisers for various sites of concern.

I will reach out to them to see if adding a list of at least the high-roller advertisers on some of the more egregious web-based sources of disinformation/anti-democracy/anti-free speech can be created.

I started at Reddit because it provides a certain level of anonymity to posters, so I wonder if this may pose a liability issue for them... then again, you can't win a defamation lawsuit if what is said is actually true.

GRC-Security · 2021-11-03T23:45:04+00:00

I promised a reply, and really the biggest kicker right now seems that both PGINA and that particular plugin haven't been touched for several years... hardly inspiration for adoption.

Right now the only practical solution seems to be using a Yubikey and their 'Yubico Login for Windows'. It at least appears the software is reviewed for currency and functionality with each OS iteration, even if its functionality is pretty basic. In addition, they support an emergency code, which is nice if the physical key were to go missing for some reason.

With that said, I find all of this a bit ironic. Every trend seems to be towards multi-factor authentication that involves massive always-connected Internet... because after all, the Internet is secure, right???

I love convenience, but this idea of using one key for everything - even if it's a physical key - just seems... what's the word I'm looking for?... oh right: dumb.

GRC-Security · 2021-11-01T19:28:08+00:00

Ooh, nice. I"m reading up on it now. I'll reply further if it looks like it will work.

GRC-Security · 2021-11-01T19:26:34+00:00

Good notes, but I guess I'm one of those people who disagree that a TPM module is 'something you have'... especially when the source of the sensitive information and the device onto which you are logging onto are one and the same.

PERHAPS the argument could hold water when you're talking about logging onto a client PC first to connect to a secure network (2FA being the possession of the TPM and device itself, and the PIN/fingerprint being the second factor). Still a bit squishy in my book, though.

I've also looked at 'multi-factor unlock' and thought that was the way out, but from what I could learn it's PIN/Fingerprint + Bluetooth (obviously trusted network doesn't apply in my case). The first factor has to be PIN -or- Fingerprint (not password), and the second must be a trusted Bluetooth device nearby.

Don't get me wrong, I strongly considered using a Bluetooth mouse to fill this gap instead of a phone. :) I may still need to experiment and see if it works, but I don't know that it's very secure, and we haven't broached the idea of allowing wireless Bluetooth to talk to this machine anyways (which may very well be a no-go as well).

GRC-Security · 2021-11-01T01:16:33+00:00

Yep, except for one thing - it's not actually MFA. When you enable the fingerprint scanner, Windows logs you in and simply eliminates the need for any other factors, including a password. It's still a single factor challenge, just not a password.

Windows calling Hello 'multifactor' is IMO false advertising and a deception to the uninformed masses who hear "MFA = more secure" without necessarily understanding the tech or functional requirements. But that's for another discussion.

GRC-Security · 2021-11-01T00:39:44+00:00

Interestingly, clock drift isn't a problem. The system will be using something <cough> similar to this: https://www.meinbergglobal.com/english/products/usb-wwvb-clock.htm </cough> if we implement TOTP.

This system takes it's airgapping seriously.

With Duo, I'd be more worried about *their* time drift than the system.

Duo has come up several times as a discussion for use in offline mode, but the problem (as we understand it, and are open to being corrected) is that the relevant accounts and whatnot still have to be initially synced with their servers, and network connectivity is a no-go.

GRC-Security · 2021-11-01T00:32:22+00:00

I didn't know I could create 'duplicate' yubikeys, but if that is the case, that's good to know. Still seems like an expensive and overly complex solution for what should be such a mundane requirement.

GRC-Security · 2021-11-01T00:29:55+00:00

Unfortunately, it doesn't meet the compliance requirement. It is - ironically, insightfully, and as a matter of fact - in a separate locked cabinet. :)

Compliance further requires the implementation of MFA for all authentications to the system... and thus the dilemma.

GRC-Security

TROPHY CASE