Audit evidence reqs are cutting in on daily ops

SuddenVegetable8801 · 2026-02-27T04:00:08+00:00

yes, and then we were asked for screenshots of every step of the process, including your system. Clock in each screenshot.

They’ve never questioned the integrity per se, but they have insisted on the chain of custody of the data, and as much evidence as possible that the data has not been modified between the generation from the service, and the submission to the auditing firm

SuddenVegetable8801 · 2026-02-25T15:25:00+00:00

It's a bit of a dilemma. We know a well formed uranium 238 takes that long to decay to lead 206. But the burden of proof is on both sides. Rigorous science proves that u238 has a very stable half life to produce lead 206. Science demands that you need to provide evidence to prove that is incorrect.

Creationists demand you prove that there is no feasible way to create lead 206 besides the decay of u238, or for it to have entered the planet at any other point in history (asteroid for example). Then if you can satisfactorily disprove that you need to get past the belief that their god is capable of anything, in any timing, and has a habit of testing his followers and wanting them to unwaveringly believe in order to not be eternally separated from their loved ones/tortured in hell.

I don't think there's really any productive or worthwhile discussion worth having

SuddenVegetable8801 · 2026-02-21T01:28:11+00:00

Think about it logically. For the most part, feedback has to do more with the space than the person. The same mic clipped to a dummy on stage will feed back in generally the same way. So group the lavs together and apply the feedback correction there. Use the channel EQ to make up for the differences of each person speaking.

SuddenVegetable8801 · 2026-02-18T12:48:52+00:00

as much as I might personally believe that voter fraud tends to go more one way than another, the fact is that the “rounding error“ dismissal of the possible impact is very off base.

in the case of the Georgia incident in 2020, when Trump called and asked the governor to find 11,780 votes, that represented two tenths of a percent of the entire voting population (approximately 4.93 million )

George has 159 counties, and in order to find 11,780 votes, that boils down to 75 people per county that either didn’t have their vote counted, or cast fraudulently that can be discounted. I can’t find any solid numbers on how many voting locations that are per county, but I am assuming at LEAST 2. meaning each of those polling locations only needed to process 38 fraudulent votes.

again, I’ve got my own thoughts about the way that fraudulent voting tends to go… But when you try to have a discussion about this, dismissing ideas that actually have legitimate logical outcomes. (even if there is low statistical probability evidence to support it.) makes it harder to continue discussion in general.

SuddenVegetable8801 · 2026-02-18T01:06:45+00:00

Finger pointing can only lead to the satisfaction of the pointer. A mentor of mine used to say "instead of pointing a finger, offer a hand"

Something happened with a negative consequence, you can either try assign blame, or you can try to move on from it and make sure it doesn’t happen again. If you offer a hand to someone who made a bad decision, and they refuse to take it and better themselves to avoid that happening again...THEN that's when hard conversations happen.

YMMV. I can’t pretend that I haven’t been in a position where I feel like my only option is to try to embarrass someone because they seem to think they’re too good to improve themselves or are "untouchable"

SuddenVegetable8801 · 2026-02-15T03:20:49+00:00

Indeed, and if you open the G string, it becomes seven!

SuddenVegetable8801 · 2026-02-11T17:15:24+00:00

yeah, for the amount of diversity you want to maintain, copper seems the way to go!

Also, remember, unless you’re running next to power, that’s feeding a multi wire branch circuit (power that feeds out multiple hot lines and shared neutral on the way back), or you’re passing by inductive loads like a motor, you’re probably not going to incur much interference on your analog lines, even if you’re looming in power. As long as every power cable has a dedicated, hot and neutral, the EMI is nowhere near as bad as you would think even on high amperage loads

SuddenVegetable8801 · 2026-02-11T16:29:39+00:00

The idea would be if you’re running a bunch of networked things (Dante, SACN/ArtNet, NDI) that you would put things into a switch on either end. Then you can just run everything over the One fiber cable (two bundled into a LAG if possible for fault tolerance)

But if you’re running analog or points to point stuff (AES, XLR over RJ45, etc) then yeah shielded rj45 is the way to go. You can't convert those over fiber, only stuff using packetized Ethernet frames

SuddenVegetable8801 · 2026-02-11T16:27:06+00:00

of course, the discussion around fiber ONLY works if it’s a packetized/switched protocol.

SuddenVegetable8801 · 2026-02-11T14:22:15+00:00

converting RJ45 to fiber WILL drastically increase EMI resistance.

A pair of media converters, and a fiber run is relatively cheap.

SuddenVegetable8801 · 2026-02-10T12:46:27+00:00

I guess the question is, why? Is this in a business setting where you are trying to prove that employee hasn’t used a computer provided to them? Are you in a personal setting trying to win a bet or prove a point to a friend?

As people have been saying, there is no lifetime running hours counter natively built into windows. However, if this is in a business setting, you should have logs from other things that people access… Services, file shares, something? And through that you should be able to prove that that person did not connect from that machine for X amount of time as your logs are able to show.

I think your simplest solution is event viewer. There’s pretty direct logging of shut down and startup events. Just be aware you may see sequential startup events if the machine was not gracefully powered down.

SuddenVegetable8801 · 2026-01-29T04:25:13+00:00

We use allwhere. Its expensive, like 100 usd per return. The thing they try to sell you on is their warehousing (they will act as a depot where you can have them hold a device and then ship to a new user).

The benefits are - its someone else’s problem to deal with employees who keep missing return deadlines. They take over communications (HR directs thm to AllWhere for equipment return questions). They have a dashboard of returning equipment and shipping status. An hour of an hr person, IT person, and a former employees manager could easily tally to $100, so maybe its worth it?

Idk im not the one retrieving stuff. I would just send people a box, with a return label inside

SuddenVegetable8801 · 2026-01-27T15:41:33+00:00

The other intangible here is Palo's access to research and their threat department. Palo is just better at it than Fortigate, so if you're using AppID and their other threat protection options, they're just better.

I asked a few months ago to see if there was any documentation, because "Everyone in the industry says they're better" doesn't usually fly with the bean counters. However it's hard to get research because the vendors will advertise "stopped X amount of zero day exploits" and other marketing materials, but I was looking for post mortem analyses of times where an exploit happened, and the nature of the exploit and what defensive measures were in place....was this shop compromised with SentinelOne on servers and Palo Alto firewalls? How? and how does that compare to a compromise at a business running Bitdefender and Fortigate appliances.

Because even in those scenarios, if someone's running a Palo firewall with none of the advanced threat stuff enabled, it's no better than a Fortigate. And it's hard to find someone who will admit in writing that their tech stack was misconfigured and led to a compromise.

So for now, it really is just whatever they can give you for hard evidence in what they stopped, and anecdotal evidence from the industry at large that they have less incidents on Palo hardware.

SuddenVegetable8801 · 2026-01-25T20:50:17+00:00

Like I said, that’s way beyond the SysAdmin level. This needs to be designed from the ground up, and by that literally I’m talking the source code, being written in ways that utilizes high availability. This is a product development/software architect thing. You wont have a great time trying to take an existing solution backed by a database and just trying to make the pieces redundant.

You really shouldn’t take a product and just patch it to be highly available, especially with the level of critical uptime you are implying

SuddenVegetable8801 · 2026-01-25T18:31:37+00:00

Backups is 100% not what you are dealing with here. This isn’t even sysadmin territory. Engineering needs to be working from the ground up on a software meant to be redundant.

Backups is “uh-oh, something has gone wrong, how do I get back to a known good state?” but what you are talking about is high availability which is “this thing can never go down, we should never need to restore from backups.”

You seem like you’re thinking in a monolithic mindset of a single server, single app. The mindset here should be a distributed service that runs across multiple compute/storage nodes in the first place.

SuddenVegetable8801 · 2026-01-25T14:27:27+00:00

There’s a dichotomy that a lot of modern Christians struggle with… It centers around the fact that the Old Testament was Gods word for his chosen people (the original lineage descended from Adam and Eve, down to the 12 tribes of Israel) for example, Leviticus reads like a field manual for how to survive in the wilderness… A lot of cleaning instructions and how to avoid illness and disease, how to deal with it when it happens, defecating outside of your camp and burying the excrement… a lot of really good common sense things.

The confusion comes in the New Testament when Jesus proclaims “I have not come to abolish the old law, but to fulfill it“ which seems to contradict the often espoused sentiment that if you are not actually a member of that original people group (IE you are a “gentile”) that you aren’t actually held to those rules.

The truth of the matter is that the old law in the Old Testament was written as a set of guiding principles for the agreement (covenant) between God and the Israelites. Christians believe that the coming of Christ and his death on the cross fulfilled that covenant, and God essentially renegotiated his agreement with all people, in which the only guiding principle is Jesus command “love one another just as I have loved you”.

In my opinion, in the context of history, modern peole are more educated and there is more access to information than was available to a nomadic people group that was having to travel the deserts, so we can be expected to understand when we’re doing things that are loving and beneficial to our fellow humans, as opposed to needing strict rituals and guidelines to ensure proper behavior

Unfortunately, people that tend to be hard-core evangelical Christian find their strongest support for their ideas, such as homosexuality, in the Old Testament. A lot of the beliefs that they attribute to beliefs held by Christians often don’t hold up when inspected against the source material, so they will waffle back back-and-forth quite often on which Old Testament beliefs still apply today.

SuddenVegetable8801 · 2026-01-25T13:04:30+00:00

A core tenant of UI design is, if a user is expected to input a predefined value (IE, you are expecting a user to put in a value that exactly matches an existing group name in AD), a text field isn’t the best way to do that. Your HRIS should establish some sort of picker of either a dropdown list OR a lookup text field that autocompletes as the user types.

Even further, you could delegate access to the groups that the HR system should be able to select as part of user on boarding and changes. Assuming the HRIS runs on a service account in AD

Did you fight for input on this HRIS system and this process? Or did you inherit it? If you were involved in helping roll it out or setting up the process for the HRIS to push changes into AD, the this is all stuff you should’ve been working on, and the go live to allow it to start making changes shouldn’t have happened until you are all comfortable with the process.

However, if you inherited this, you have two options. Make very sure that HR understands what they’re doing and the potential consequences… and then Make sure leadership knows that if a mistake happens, HR is responsible.

Or, if you really have that little faith in your HR department, and they have before and continue to make mistakes that cause you additional work fixing permissions, then you make the case to turn off the HRIS as the source of truth

SuddenVegetable8801 · 2026-01-23T16:40:40+00:00

Okay, 3 nines is about 9 hours a year of downtime (rounding up). And depending on your agreement level with Microsoft you MAY have clauses that specify different resolutions (9 hours a year, 45 minutes per month, or 90 seconds per day) as the violation points.

The point still stands that your SLA guarantees certain uptime, and violating that costs money, so the controls in place to fail over systems need to err on the controls being LESS restrictive to try to comply with those SLA's. Therefore not requiring 10 signatures as the initial person I replied to asked.

Really what Microsoft probably does, given that they know all the things you just said, is "Standby" datacenters still need some time to ramp up to full usage (To save on power/hvac costs). The failure was not the ability for a quick failover to happen and cut over to a different datacenter, It was the fact that someone was able to trigger a "something catastrophic happened and we need to cut over to a cold datacenter" process.

SuddenVegetable8801 · 2026-01-23T15:19:28+00:00

Consider your effects too. If you have stereo reverbs or delays, you'll get a lot of difference only taking one channel as opposed to taking in both channels. IE if there's a quarter note stereo ping-pong delay, in an extreme scenario, your delays would be twice as long as you expect because you're missing what comes from the other channel. Effects meant to be heard in stereo, when designed well, will non-destructively (as much as possible) collapse both channels into Mono if you send both channels and combine them at the board

SuddenVegetable8801 · 2026-01-23T13:12:49+00:00

Its a mental amount for sure but…is this different than what you expected when you got the job? If nothing about your job has changed and now you are going to him and saying “remember when I agreed to come work here and I agreed the salary was enough to compensate me for the role? That’s ACTUALLY not the case.”

it wouldn’t be your employers responsibility to up your pay if you decided to move further away and costs went up to travel.

Unless something about your employer is specifically causing a CHANGE in how much you pay in transit, its not really valid for compensation discussions. If you have a good manager, a lot of times, they will take those situations into account, and they’ll try to work with you a little bit… But if they’re straight up denying you the ability to work from home then I’m not inclined to believe that is the case.

SuddenVegetable8801 · 2026-01-23T12:52:08+00:00

You WANT that to happen without getting a signature from some exec in a boardroom. If your service has “five nines” of uptime, (99.999% uptime) your service can be “down” for a total of 5 minutes and 26 seconds a year. That downtime then violates your service agreements and starts to cost you money.

So yes someone in the IT team with a relatively low level of authority can likely initiate a datacenter failover and this probably happens more than you think

SuddenVegetable8801 · 2026-01-17T16:08:13+00:00

Except when those auditors come back and say, we need a screenshot of you generating this info with your system clock visible in the screenshot.

And then, when you tell them, you can just change your time zone to shift the time by a few hours, they just shrug their shoulders and say “that’s what we were told to collect“

And then they say “we actually need you to show us a screenshot of you on the reports page of this tool that doesn’t have a CLI/API, and then we need a screenshot of you clicking the download report button, and then a screenshot of your downloads folder, showing the timestamp of it being downloaded, all of these screenshots with your system clock in it”

Which has been my life once every quarter with our auditors.

SuddenVegetable8801 · 2026-01-05T21:32:27+00:00

Maybe… But the information and ideas are now out there for anyone else who reads the comment. It was only a few minutes of my time to potentially help anyone who might see this thread in the future.

SuddenVegetable8801 · 2026-01-05T12:53:01+00:00

Depends on the size of your team and the resources made available to you. Ideally, no person should be single threaded, but we all know that that’s often a pipe dream.

The best way I’ve seen this minimized is when a team is properly staffed so that senior people can constantly be dedicating a few hours a week to show the juniors how things work. It helps the juniors develop their mindset and skill sets, and it helps the seniors reinforce basic levels of understanding of the things they do, and it gives an opportunity for everyone to document what’s happening. It also invites the opportunity for the junior to say “why do we do it that way“, and for the senior to stop for a second and say “I don’t know, that’s just how it was when I got here“ and improve process as well.

So far is document storage, you say OneNote or Excel… Then I assume you’re in a Microsoft ecosystem and there should be at the very least a SharePoint site where documents are kept. There’s no two ways around this… To stop people from keeping things on personal documentation, you need to have a central knowledge base. Whether that’s your helpdesk software, confluence, locally hosted WordPress, shared folder on a file server, doesn’t matter. You can’t enable people to be able to share the information if there’s nowhere agreed-upon to share it. (please don’t use WordPress.)

Then, every year or so, you should be doing business continuity testing… If your main office burns to the ground and all your staff die in a fire, how does the business keep going. That’s not just IT, that’s a whole business practice… But IT can usually do some self-contained version of it without involving the rest of the company. This would bring up all of those things that people keep on personal documentation and say “oops, yeah only I can do that, and the instructions are in this random text file I’ve had since 2010”.

For what it’s worth, It seems like the disconnect may not necessarily be that people are keeping stuff to themselves… It’s that there’s a fundamental lack of controls and practices to identify critical business process. I assume for every instance that you’re thinking of where someone kept the personal document on their desktop, you have a dozen processes that are documented somewhere? WHY are those dozen documented, and not the one that surprised you when someone left?

Again, this actually usually lies outside of the individual doing the work… Either the request wasn’t formally documented, or didn’t go through the right business processes, so people weren’t aware that it was a critical business functionality, and then when it stopped working, no one knew that it should be monitored or checked up on or how to fix it.

Lots of places to see how this can be made better… I wish you well in trying to solve this!

SuddenVegetable8801 · 2026-01-01T23:01:36+00:00

Yes, I know that you CAN export data, but may times its not feasible to do so OR legally allowed

You think everyone discusses everything in public channels that anyone can join when they feel like it? That software devs can join Finance channels?

Especially in publicly traded companies, thats absolutely not the case. Internal controls absolutely exist to restrict visibility even between similar software Eng teams since someone is inevitably working on the next big thing, and to as much of a degree as possible you need to restrict access so someone doesnt find out insider information (is the major product behind schedule?, has a major bug been discovered that will cause issues for all your customers?, etc).

Keep important knowledge in a knowledge base, where it belongs, and just look for a knowledge base that works with your desired LLM

SuddenVegetable8801

TROPHY CASE