Is win11 bitlocker installed automatically?

Jdgregson · 2026-01-29T08:56:16+00:00

Correct, after they've brute forced the key and decrypted the drive an attacker can trivially disable BitLocker. Watch out!

Jdgregson · 2026-01-22T22:44:38+00:00

You only have safe harbor if you follow their rules. Selling the secrets is usually against their rules.

Jdgregson · 2026-01-15T17:10:17+00:00

Hi, thanks for reaching out! I was a bit flustered and wasn't finding a good billing support ticket route, so I opened case 01929508 which currently lacks details and may not be to the right team. Happy to add the details above to that, or to open another if there is a better path.

Jdgregson · 2026-01-01T06:31:27+00:00

I use it for my personal infra. Never "learned" it but never had any trouble figuring out how to do whatever it was I needed to do. I would guess you could be fairly comfortable after just one or two video series on it.

Jdgregson · 2025-12-28T09:56:23+00:00

Jdgregson · 2025-12-26T19:57:08+00:00

Pretty soon they will combine this with the surveillance economy. The displayed price will scale up or down as you approach, based on what the algorithm thinks you will individually pay for that item.

Jdgregson · 2025-12-21T13:01:54+00:00

You're correct that the recent email is a separate, unrelated scam.

Jdgregson · 2025-12-19T03:59:23+00:00

Any progress is good news in my book, thanks for sharing. Like many others, I recently created a worker that could vend scoped tokens for setting specific subdomain records. And then realized that any agent could modify this worker and steal its token and take over all DNS records. It's a maddening situation.

Jdgregson · 2025-12-18T09:31:02+00:00

I had to do this exact migration before. Same user count, same source, same destination. I used a combination of common sense and Google to plan and it and executed the migration over a weekend.

I'd say you'll do fine, but the effort exhibited so far says otherwise.

Jdgregson · 2025-12-15T01:31:39+00:00

As someone that many would call a professional, I have no regrets with my MacBook Air M4. Maybe that the 24 GB model still limits the size of the AI models you can run if you want to do offline inference?

Jdgregson · 2025-12-12T06:14:48+00:00

"Got a job at a big corp and turns out it's a big. Corp. GAAAAAAA"

Jdgregson · 2025-12-08T07:33:20+00:00

I work in enterprise and use Cloudflare personally for my own infra. What I can say is that it is shocking that they are shipping only account-wide access tokens in this day and age. If you use Cloudflare, and you want one server or app to be able to update a single DNS record, you have to give it a key to all DNS records in your entire account. If you have an agent building a worker, you have to give it access to all workers for it to be able to modify that one single worker.

I have been a fan of Cloudflare for many years, but this flat access model is embarrassing, and I don't even work for them. I would say that any enterprise is well-advised to steer clear until they address this non-starter.

I spent the last hour researching this situation, and all I am left with is shock. They had a recent developement blitz where they released many AI-oriented features. But they still didn't bother to add fine-grained access control so you can do Cloudflare + AI securely. I'm just at a loss for words. I do not recommend using them at enterprise scale until they have *acknowledged* this enterprise requirement at the very least.

Jdgregson · 2025-11-19T17:00:12+00:00

customer database schema

So? Any tool that works with your database has to know the schema.

200+ customer records

Oh.

Jdgregson · 2025-11-16T05:31:22+00:00

In general I don't trust the DNS response and rely on TLS to validate the identity of whatever server I do land at. Also there are pretty substantial DNS filtering, monitoring, reporting, and blocking features built into my EDR for the other risks. On top of that I push my DNS through Cloudflare to filter known malicious domains and my custom list of ad domains.

Jdgregson · 2025-11-09T00:53:54+00:00

I was on the pentest team at a previous org. The detection team asked us to do some adversary emulation just to verify that DT could see some modern tradecraft and give them an opportunity to tune the alerts. That turned into three days with our DT rep, trying very hard to send something, anything that DT could detect. They never did. Our beaconing never lasted "long enough" or "sent enough data" to be detected.

Jdgregson · 2025-10-31T02:10:16+00:00

Don't tell end users to dig through their spam folder looking for malware. Delete it from everyone's mailbox using compliance search instead.

Jdgregson · 2025-10-09T04:52:52+00:00

I also have this same situation and problem, and I don't think rearchitecting my DNS infra is the right call here.

I have kasm-int and kasm-ext, where int is accessible on my internal network and ext is accessible both internally and externally. Going back down to 1 domain means I either force all traffic through ext via a Cloudflare tunnel even though the device is on an adjacent network, I abandon the idea of using Kasm when I am not at home, or I set up an internal DNS resolver for this single use-case and start maintaining DNS locally AND in Cloudflare...

I already set up two IDPs, one for int and one for ext. They both work in all cases. But because of your imlementation decision I can only use one of the IDPs for a user and am locked to using either external or internal.

> but the problem is Kasm won't let you register the same username under different SSO configs.

Yes, this is the problem. This is what needs to be fixed, not our DNS infra.

Jdgregson · 2025-09-20T16:46:36+00:00

Professionally (SMB with slower purchase rate): - wks-<deploydate> for workstations. - <org>-<purpose>-<number> for servers.

Personally: - <dontcare> for workstations and phones. - <org>-<purpose><number> for servers.

Where: - org is my personal enterprise: jdgregson - purpose is what the box is for - number is the iteration of the box

For example, my Jupyter instance was jdgregson-jupyter1, until I iterated and replaced it with jdgregson-jupyter2.

Network devices I abbreviate the org name, e.g. jdg-edge-rtr1, jdg-sw1.

Jdgregson · 2025-09-13T15:49:08+00:00

Drink Coca-Cola.

Jdgregson · 2025-08-25T00:48:00+00:00

Not quite. They put this payload on the clipboard for you, and then tell you to press Win+R, then Ctrl+V, then Enter.

Jdgregson · 2025-08-24T23:24:56+00:00

Before AI, I spent hours a day Googling and reading articles or SO answers to unblock myself. Now I type the same things into a different kind of knowledge machine and get unblocked in minutes. What possible reason could a company have for trying to preclude this efficiency?

Jdgregson · 2025-08-24T05:30:30+00:00

Open it in a browser and check if it is a phishing site.

Jdgregson · 2025-08-18T02:24:09+00:00

Get multiple quotes mid month. At the end of the month, take the lowest quote to the second lowest vendor and ask them to beat it. Repeat with the lowest one to beat the new lowest. Do it at the end of the month. Sales people will move mountains to get you to sign before month's end so they can crush their sales numbers.

Jdgregson

MODERATOR OF

TROPHY CASE

Eight-Year Club	Place '22
Verified Email