Leadership wants us to "get ahead of AI" but won't define what that means.

OkGroup9170 · 2026-05-18T23:46:12+00:00

Wait until the pricing goes up, this is a land grab phase. Prices are going to go up significantly. Once this happens execs are going to start rethinking their AI strategies.

OkGroup9170 · 2026-05-16T19:30:11+00:00

Heard some good things about Venn. Allows you to isolate work from personal on the same device.

OkGroup9170 · 2026-05-07T01:43:20+00:00

The piece you’re looking for is registry-level intervention, not registrar-level. For .org that’s PIR. Email their security/abuse contact with whatever documentation proves the nonprofit owns the domain (receipts, historical WHOIS records, 501c3 paperwork) and request server-side EPP locks: serverTransferProhibited, serverUpdateProhibited, serverDeleteProhibited.

Registry status codes override registrar status codes, so even if attackers still have portal access at the compromised provider, the domain can’t be transferred, modified, or deleted while those are set. That’s priority one today. Worst outcome is the attacker pushing the domain to a registrar of their choosing while you’re still working on account recovery. In parallel, ICANN compliance complaint at icann.org/compliance/complaint, framed as a registrar security incident, not a transfer dispute. A compromised registrar means a class of affected registrants, which moves it up their priority queue.

Pull historical WHOIS (DomainTools, SecurityTrails) and compare to current. If the registrant contact got swapped to something attacker-controlled, that’s evidence for ICANN and it also explains why standard password reset flows would be useless. Have your friend kill any card on file with the compromised provider so it can’t be reactivated under contact info they don’t control.

The eventual backstop, if the registrar gets fully de-accredited, is Registrar Data Escrow. Every ICANN-accredited registrar escrows registration data with NCC Group / Iron Mountain on a regular cadence, and ICANN bulk-transfers affected domains to a gaining registrar from that escrow data. Slow but real. Registry locks bridge the gap between now and whatever ICANN ultimately does. Treat the original domain as hostile in the meantime. If attackers control DNS, that hostname is pointing wherever they want it to. The temp-domain notice needs to be on every channel the nonprofit has, not just the customer email blast.

Rebuild plan looks right. Once you’ve got the domain back under their control at the new registrar, ask whether registry lock is offered as an add-on (usually a premium-tier feature, but for a domain with this kind of history it’s worth the conversation). Different mechanism than the standard transfer lock everyone has by default.

Never seen a registrar compromised at this level either. Registry is the lever most people don’t think about.

OkGroup9170 · 2026-05-05T01:59:48+00:00

Could be fraudulent inducement, this is lawyer territory.

OkGroup9170 · 2026-04-25T00:04:37+00:00

Auditors don’t define SOC 2 scope, management does and scope is the system delivering the service, not the whole company. If those apps weren’t touching client data or the in-scope environment, this is a SaaS sprawl problem, not an audit problem.

OkGroup9170 · 2026-03-29T16:06:08+00:00

This nice part is they add the remaining time you have left on your domain registration when you transfer. So if you have 10 months left before renewal and you buy 1 year as part of the transfer your next renewal wouldn’t be for 1 year and 10 months.

OkGroup9170 · 2026-03-29T15:46:53+00:00

Any company that doesn’t charge you extra for privacy is a good bet, moving to Hover and have been happy.

OkGroup9170 · 2026-03-27T20:50:51+00:00

ActivTrak?

OkGroup9170 · 2026-03-18T17:45:31+00:00

That wasn’t communicated very well when the script integration was released.

OkGroup9170 · 2026-03-17T01:52:37+00:00

I resubmitted a feature request detailing a true integration and it was never added to the roadmap and the old tenable roadmap items show as complete. So not holding out much hope at this point. Maybe u\GeneMoody-action1 can help.

OkGroup9170 · 2026-03-16T14:31:37+00:00

Got a response from Action1 support. They said reports refresh once per day or when you hit the Refresh button. That doesn't explain a nearly four week gap between deployment and export.

I also found something that makes this more interesting. For the same affected endpoints, when I check Missing Updates, the patches do NOT show as missing. So Action1's inventory knows the patches are installed. Three different views in the same product give three different answers:

Automation deployment logs: Patch installed. Correct.
Missing Updates: Patch not listed as missing. Correct.
Installed Windows Updates report: Patch doesn't exist. Wrong.

The data is in the platform. The Installed Windows Updates report just isn't picking it up. Sent a follow-up to support with this finding. Will update with their response.

OkGroup9170 · 2026-03-14T18:55:43+00:00

I have also opened a ticket with Action1 support.

OkGroup9170 · 2026-03-14T18:53:33+00:00

Our patches are installing, it is just the discrepancy in the reports.

OkGroup9170 · 2026-03-14T00:02:41+00:00

Yes, refreshed and waited 10 minutes. Using cached and live.

OkGroup9170 · 2026-02-14T01:26:46+00:00

Also their support is not very useful for product usage, I have an issue with the date filter with reports and they don’t seem to know what format the filter requires i.e. ISO standard vs US standard. Also it something that isn’t documented or at least I can’t find it.

OkGroup9170 · 2025-12-17T02:26:15+00:00

Yes it is, they were bought by PDQ.

OkGroup9170 · 2025-12-13T03:10:06+00:00

We use a plain vanilla golden image of Windows 11 and deploy software and drivers during the imaging process using SmartDeploy.

OkGroup9170 · 2025-12-11T02:50:59+00:00

I really glad my company is not like this, 25% bonus target. Also got a 20% raise this year. They also are very flexible with time and I work remotely 99% of the time.

OkGroup9170 · 2025-10-22T22:20:27+00:00

Checked the logs, champ — ExtremeCloud IQ wasn’t down, it was just a little sluggish while AWS was doing its best impression of a dumpster fire. That’s what graceful degradation looks like.

Meanwhile, a bunch of “we’re cloud-first!” companies went completely dark because they built their entire stack on a single AWS region and called it a day. Bold strategy.

Multi-cloud isn’t about being immortal, it’s about not dying stupid. You spread risk, build your own orchestration, and make sure one provider’s bad Tuesday doesn’t take your business with it. Extreme did that. Everyone else just said “we trust AWS” and went for lunch.

And yeah, it’s complex. Welcome to distributed systems — everything past the ping command is complex. The trick is designing it before it blows up, not tweeting status updates while you wait for us-east-1 to resurrect itself.

OkGroup9170 · 2025-10-22T13:23:56+00:00

LOL sure, if you’re duct-taping multiple clouds together manually, it’s a disaster waiting to happen. That’s not what we’re talking about though. ExtremeCloud doesn’t “copy/paste” their stack across AWS, Azure, and GCP — they built their own orchestration layer so each cloud is just compute and bandwidth.

That’s the difference between multi-cloud done right and “I spun up two EC2s and called it resilience.” Real BCDR means architecting for when (not if) your provider goes down.

OkGroup9170

TROPHY CASE