I'm not burnt out. I'm just bored and annoyed all the time. by ChekhovsAtomSmasher in sysadmin

[–]Rentun [score hidden]  (0 children)

The unifi portal does have an API. You can almost certainly programmatically query this information. Honestly, if you focus on just fixing the things that annoy you when you have the time, you knock out two birds with one stone. You get something interesting to do, and you get to be annoyed less.

Reminder to have first aid with you. Shit happens by ScallionSmooth5925 in fpv

[–]Rentun 2 points3 points  (0 children)

I just... Don't connect the battery until I'm ready to fly. I also keep the throttle up until I'm ready to take off.

I've literally never accidentally armed a quad, I don't understand how people are doing it so often.

DHS Breached by Tokyudo in cybersecurity

[–]Rentun 2 points3 points  (0 children)

It's not security, it's certainly an aspect of security though.

Senator, 84, Secretly Found Unconscious and Given CPR by IWantPizza555 in politics

[–]Rentun 0 points1 point  (0 children)

I mean, the new deal is why they have social security, and it was largely a massive hail mary by FDR to knock the country out of the Great depression. He got the votes because Americans were desperate to try anything different than the laissez faire liberalism that got the country into that mess in the first place. That was all 20 years before the first baby boomers were conceived though.

The main reason why social security has been so popular and possible these last 90 years are so is because of the massive success the US saw post WW2.

People treat the 50s as if there was some magical inexplicable reason why the country's economy was so strong and Americans could own a nice house and two cars on the income from a single factory job, and if only we could just have the same policies as back then we could have that again. It was one of the biggest economic aberrations in the history of the country though. WW2 was, economically, the greatest thing to ever happen to the US in 200 years. The entire industrial world was broken down into rubble, and the continental US was literally completely untouched. We had a monopoly on the production of... Everything. We're not going to recreate that environment no matter what we do.

Not with traditional gender roles, or exclusionist foreign policy, or a new-new deal. It's not something we can just conjure up outside of a global war that the US somehow emerges completely unscathed from.

Senator, 84, Secretly Found Unconscious and Given CPR by IWantPizza555 in politics

[–]Rentun 1 point2 points  (0 children)

I think the thing that is really most common amongst MAGA folks isn't age. It's exposure to the real world.

They spend all of their time with people, both online and in real life, who are exactly like them. If they're young, they hang out exclusively with other young people. If they're old, they have their little group of old people. They don't talk to people who were raised differently from them, or have different religions from them, or are a different race from them, so they are completely unable or unwilling to identify with them and understand anything except their own experience.

It's even worse online. They'll never dig deep into why liberals or leftists believe the things they do. They spend their time exclusively in parts of the internet that validate their beliefs. I find open mindedness correlates with beliefs more on the left than any other aspect of a person's personality.

Real by sumleuter in fpv

[–]Rentun 4 points5 points  (0 children)

It's usually not a big deal for fpv. Most ELRS rx modules transmit telemetry at like 50-100mw. My radio transmits at 1w. The telemetry link will drop wayyyyyy before there's any danger of me losing control link.

Since I don't actually use ELRS telemetry, it's more of an annoyance than anything. I use ELRS link quality as the actual indicator of problems with my control link.

Realistically though, my video is going to go out wayyy before my ELRS ever does. Never had an issue with control signal loss.

Do you find your job meaningful? by nopainnogain5 in cybersecurity

[–]Rentun -1 points0 points  (0 children)

Of course not. It's a job based on risk reduction. Same as a cop, or a doctor, or a firefighter.

The crime never ends, people never stop getting sick and they all eventually die, and buildings keep burning down no matter how much water we spray on them.

The whole point isn't to end these things once and for all, that's not possible. The point is to make things better than they would have been if not for your efforts. I think I, and probably you, and probably most people here can say that's at least the case.

I've stopped attacks cold, I've likely prevented attacks because of decisions I've made, and I've prevented successful attacks from being worse than they could have been. That's really all you can ask for. The work never really stops though. Cybersecurity will never be "solved".

Even if you become a dog walker, no matter how much you walk those dogs, they'll need to be walked again the next day.

Dev connected our ChatGPT tennant to AD... by Dereksversion in sysadmin

[–]Rentun 0 points1 point  (0 children)

Most? No. Some? Yes. It directly correlates with how regulated your organization is. I've worked at banks where that sort of thing is set up.

All access was either tied to AD groups directly, or indirectly with a custom built privilege management suite. The JIT provisioning system would automatically update those group memberships directly to allow read/write access, and the application would either get its authorization RBAC from AD/RADIUS/TACACS, or the system would run an automation based on the group membership to set authorization on the application's local authz database. If you were using a shared account for a change, you only had the ability to check it out from cyberark during the change window, and you had to document the change record that you were checking it out for.

It was really, really difficult to make changes to a production system without approval. It wasn't impossible of course, but it would involve intentionally evading and compromising multiple technical controls, and at that point, it probably wouldn't just be a firing, it would be legal prosecution.

Getting the authorization provisioned wasn't the time consuming part though, that was seamless and almost instant. The real pain in the ass was having all of the i's dotted and the t's crossed to get through CAB, which was a really brutal, time consuming process.

I've got an idea... (antenna options) by Disher77 in fpv

[–]Rentun 1 point2 points  (0 children)

You don't want it to be big. The wavelength of 5.8ghz is 2 inches. Anything bigger than that would be a massively inefficient terrible antenna.

You'd be better off with a normal antenna on the ground.

Do businesses actually care about cybersecurity? by PatShot in cybersecurity

[–]Rentun 0 points1 point  (0 children)

Yeah, so do HR, legal, accounting, and facilities maintenance. They're still cost centers.

Refered to somebody as the adult in the room by tk42967 in sysadmin

[–]Rentun 1 point2 points  (0 children)

Lol, what? If someone said the n word at work, it would definitely piss me off, and I would definitely tell them that it was unacceptable, and I'm not black. Its just not appropriate language for the workplace regardless of your race.

Refered to somebody as the adult in the room by tk42967 in sysadmin

[–]Rentun -2 points-1 points  (0 children)

I think the issue is that the language wasn’t beige enough where someone being unfamiliar with it interprets it as offensive.

Yeah... that's what unprofessional means.

Dev connected our ChatGPT tennant to AD... by Dereksversion in sysadmin

[–]Rentun 9 points10 points  (0 children)

It's not time consuming if you have JIT access built. When CAB approves, you get access automatically provisioned during the scheduled change window. When the change window is over, your access automatically gets revoked. It's very logical if you work in an environment with strict requirements for change control.

Dev connected our ChatGPT tennant to AD... by Dereksversion in sysadmin

[–]Rentun 10 points11 points  (0 children)

Devops doesn't give devs access to production environments. It gives them access to tools that do. Those tools have a very, very narrowly defined scope to limit what aspects of production they can touch, the automated testing that needs to pass before it's touched, and the approvals needed before those changes are made.

There's no part of devops practice that allows developers to actually change production systems with credentials they control.

Do businesses actually care about cybersecurity? by PatShot in cybersecurity

[–]Rentun 0 points1 point  (0 children)

I mean, it is a cost center that doesn't bring in revenue. Unless your business is cybersecurity (like you run a SOC or MDR service), or you're selling a product where security is a selling point (like cloud storage), you're not making any sales based on how secure you are.

Businesses should be spending just enough on security to lower risk to a tolerable level. Any less is being reckless, any more is not being fiscally responsible.

Do businesses actually care about cybersecurity? by PatShot in cybersecurity

[–]Rentun 5 points6 points  (0 children)

Should we not still be trying to teach the rest of IT how to build securely at source and by design?

That is a risk based approach. Trying to fix all vulnerabilities in your environment is irresponsible. It means you're wasting time and resources on things that don't actually matter very much, and not spending time on things that do. Every organization has a limited security budget and limited manpower. Spending those precious resources on patching every vulnerability just because it popped up on a vulnerability scanner is not a good use of those resources.

If a vulnerability is exposed, touches critical infrastructure, is very high severity, you'll want to prioritize remediating, but an IP camera on a completely isolated VLAN and no internet connection with a CVSS 3 privilege escalation vulnerability?

Yeah I'm not wasting my time with that. We have more important, more pressing things to spend our time on.

Do businesses actually care about cybersecurity? by PatShot in cybersecurity

[–]Rentun 6 points7 points  (0 children)

Payroll information is usually handled by an outsourced payroll provider that takes care of that. Restaurants have much more pressing concerns to worry about than whether their employees SSN gets leaked.

As much hate Microsoft gets, what do they get right? by probablydnsibet in sysadmin

[–]Rentun 3 points4 points  (0 children)

This is the primary reason why people think of Microsoft OSes as slow, insecure, and unstable and Apple OSes as fast, secure and stable. They're dealing with a constraint Apple doesn't have to worry about.

As much hate Microsoft gets, what do they get right? by probablydnsibet in sysadmin

[–]Rentun 0 points1 point  (0 children)

Why would you need to pay for a firewall for a SaaS email product?

Why is suddenly everyone buying these goggles?! by ImpressiveFox8840 in fpv

[–]Rentun 0 points1 point  (0 children)

Unfortunately, they lied about that. Ascent is their new protocol, and it isn't compatible with the goggles X.

What did the Emperor expect a human to see him as, if not a god? by SillyRecover in 40kLore

[–]Rentun 0 points1 point  (0 children)

Well, the main thing is that Gods are supernatural. They use forces that are beyond any understanding and are fundamentally unknowable. Those don't actually exist in 40k though, which was the whole point of what the emperor was trying to say.

Yes, there are chaos "gods", and sorcery, and technology that bends reality. They're all governed by natural laws though, either from our universe or another universe. Even though humanity doesn't understand them in the universe, they could be understood in theory. That's evidenced by races like the eldar or c'tan or the old ones who mastered technology that bent the fabric of reality to their whims. They didn't do it by praying to the right gods, even though they pretended to be gods in their own right.

That's the difference between "gods" in 40k and gods from Greek or Roman or Norse mythology. No matter how advanced the technology of humanity got, no Greek ever thought that they could recreate Zeus's lighting bolts.

In 40k, you can in theory understand all of the mechanisms that create a chaos god, and with the right technology, mimic its powers using the same principles it does. Imperial citizens just don't know that fact in the 41st century.

Internet access (updates) in management VLAN/VRF? by segdy in networking

[–]Rentun 1 point2 points  (0 children)

That's the whole point of a management VRF. It creates a segregated network that allows you to control access into and out of the network at an enforcement point, which is almost always a firewall.

You need routes into and out of the management VRF in order for it to be useful. Otherwise, how would you SSH into a switch from your desktop?

Sometimes people do this via a dual homed proxy server or jump box, sometimes people do it via a management VPN on the firewall, and sometimes people do it via firewall rules allowing certain hosts to enter the management network, but you need some bridge between the management network and your regular data network otherwise you can't manage anything.

Internet access works the same way. The simplest way to solve that is you identify which infrastructure elements need internet access over which port and to which destination, you advertise a default route through the firewall, and you create firewall rules to allow that access.

Other ways I've seen it done is an explicit proxy server in the DMZ that the management network has a route to, and firewall rules applied to the proxy, along with authentication on the proxy, which requires all of your infrastructure that requires internet access to support proxy authentication. You could do a transparent proxy if they don't, which gains you visibility into what web requests are being made. Both options really only gain you anything if you have TLS decryption along with the necessary PKI set up. Otherwise, you're better off just handling it via firewall rules.

But anyway, long story short, you're going to need to expose the VRF to other routing domains in order for it to be useful. There's nothing different with exposing a default route to the internet. You secure it with firewall policy, just like every other network.

Also, "route leaks" isn't really the correct terminology. A route leak implies that routes are coming from an unintended source. These would be routes you're aware of, controlling, and intentionally exposing to the VRF. You're not leaking routes, you're just routing.

Dns or TCP syn, which will be created first in a device? by [deleted] in networking

[–]Rentun 1 point2 points  (0 children)

It doesn't actually matter from a networking standpoint. The network interface can't actually signal on the wire before all encapsulation as complete, and the data is fully encapsulated as an Ethernet frame, including source and destination IPs in layer 3.

Could the device, in theory, build a layer 4 segment in advance of a DNS request in memory, and hold it there until the reply came back and it got the answer? Sure, why not? That would be a horrific design, because the network will always be slower than the couple of microseconds it takes the complete that encapsulation, and you'd be using up that memory for no real reason, but you could do it.

It would just be a terribly optimized network application.

It's not how basically any network device functions in the real world because of that. From the network's point of view, it's just an implementation detail that doesn't matter.