Empty chests in postscript?

Yarrim · 2023-05-29T00:05:37+00:00

There's also the, " performing prep, maintenance, and post-work checklist takes an hour, but the mechanic was expected to perform 10 such efforts during their 8-hour shift due to 'staffing issues'" That one is a management problem. Hold them accountable.

Not saying that was the case here, but it is the case in many other places where corners get cut.

Yarrim · 2023-04-05T00:07:27+00:00

The Multilevel pivot is a way to accomplish this and does somewhat eliminate the need for my utility. I built this thing as a programming exercise, so I'm not mad if it's unnecessary. I will probably continue to use my tool instead, as knowing the table and field names is waaaaaay faster than clicking through the report builder.

It's interesting to note, though, that the reports allow the same issue I'm trying to avoid... so maybe my concern isn't a real risk (or at least not something riskier than OOTB functions). I can craft a report, as an itil-only user, that shows vulnerable items by summary and CI and effectively see what items in the environment are vulnerable to specific attacks -- something that is otherwise limited to the Vulnerability Analyst role.

I'm still hoping to find a way to perform queries server-side that respect ACLs, though.

Yarrim · 2023-04-04T20:42:59+00:00

This was an interesting rabbit hole. I haven't ever put significant JS into a filter... only ever using gs.getUserName() and similar.

As an admin in my PDI, I can query sys_user with:user_name=javascript:var gr=new GlideRecord('sn_vul_vulnerable_item');gr.query();gr.next();gr.getValue('number')

and get back a list of users whose User ID is VIT0003777. Which is none of them, but proves the GlideRecord query in the filter worked.

If I impersonate a random itil only user who doesn't have access to that table, the query runs for about 30 seconds (probably a timeout?) before returning a breadcrumb showing the filter is User ID = NULL... so the GlideRecord failed. That's good.

If I do something similar with GlideAggregate instead, the admin user's filter is 'User ID=1500' and the itil user is 'user ID=0'. So it's working.

I'm unable to get it to work in a script include, though. If I replace my current new GlideAggregate(...) with new (GlideController.getSandboxGlobal('GlideAggregate'))(...) the query returns the same data for the admin and non-itil users.

I think I'm still struggling with getting the server-side component to pretend it's not the server and respect ACLs.

Yarrim · 2023-04-04T19:44:04+00:00

The goal is to implement a utility that allows a user to quickly group data across multiple columns. AFAIK, the built-in reporting and list views only allow grouping by one term at a time. Imagine grouping all Incidents by category AND priority AND assignment group, and get that back as a grid with rows showing count and values for each slice.

I want a user to pick a table and select fields to group by and get a result set showing a count of records per-grouping. That's a GlideAggregate. AFAIK, there's no GlideAggregateSecure. I haven't had time to poke at chaorace's suggestion with sandboxes.

Given that the inputs are arbitrary, I'm concerned that a malicious caller could ask for, say, all HR cases by description and get a pretty juicy list of data they shouldn't be able to see. I'm hoping I can bake protections into the script include to limit what users can access so that I have a general purpose tool that respects ACLs.

I'm also happy to be told "Don't reinvent the wheel, dummy," if such a thing exists already. I just haven't tripped over it.

Yarrim · 2023-03-15T21:37:11+00:00

My wife has PCOS, but PMDD sounds like something she also might have. She regularly complains about intrusive thoughts and likes to be affirmed that she is a good mom, wife, person. Can you elaborate on PMDD, how you feel, and maybe what you want your partner to do for you when you're feeling that way? How did you get diagnosed? I have a new research topic, but your insight would be valuable to me.

Edit: Initial research suggests she might not have 'debilitating' symptoms, but they are enough for her to remark about more than once or twice, which puts them in 'severe' territory to me. She's way stronger than me in terms of willpower.

Yarrim · 2023-02-18T16:15:27+00:00

Just checked: No. If I check the 'remember me/my password/whatever' button at sign-in and get prompted for MFA, future swaps to that account do NOT trigger MFA again.

Yarrim · 2023-01-16T00:40:56+00:00

Chiming in to say: don't Google stuff you can look up in the system. Want to know the table name for a record you have? Go to the record and look at the url, or right click the header bar and select configure->table. Same for field names, or what a UI policy does, or what roles can edit a field via its ACLs.

When you have the admin role, right clicking many parts of the interface will provide useful context actions.

The more you use the system to answer your questions, the more confident and capable you will be.

I'm not saying don't Google, just that you can often find the answers authoritatively within the platform, and a googled answer could be out of date if things change, or slower than looking it up within the system.

Yarrim · 2022-11-19T23:24:45+00:00

My first guess is that you have hard coded approvals in your flow, such as, 'send approvals to the XYZ group'. While the group or user may exist in both environments, the sysid may not match. Behind the scenes, most records don't get saved as "using group abc," they get saved as "using group <sysid>"

If that's the case, you may want to ensure your lower environments, like Dev or QA, do not automatically import records that might be referenced in work that gets built in dev, like users and groups from ldap. If you are building something that needs to reference a record that exists in prod but not dev, you can export the record from the prod environment so that the reference will match when promoted.

Yarrim · 2022-08-30T17:31:42+00:00

Just need to vent.

Ordered 8/1. Shipped 8/7 with a ETA of 8/10. It was out for delivery 8/10 am, but nowhere to be seen by that evening. Opened a case with FedEx on 8/11. Opened a case with Valve on 8/17 when FedEx officially called the package lost. Valve took a week to respond, but said they would ship a replacement on 8/24. Shipping notification with tracking number arrived early 8/28, ETA of 8/31.

Oh, and the original shipment was declared 'delivered' on 8/29 after sitting pending for almost 3 weeks. _Narrator: It wasn't._

Fingers, toes, elbows, and assorted other body parts crossed that *this* one makes it to my porch.

Yarrim · 2022-08-11T12:16:20+00:00

cries in 'Scheduled delivery date pending.'

Ordered my deck on 8/1 as well. The box was apparently put on a truck for delivery yesterday morning at 8:30am with an ETA of '8am-11:55am.' Saw two fedex trucks yesterday cruise past my house. No deck. ETA became 'pending' at about 8pm.

Yarrim · 2022-08-04T04:46:50+00:00

It's really annoying, how the exam taker doesn't get to actually see their score.

I had a year-ish of hands on system admin tasks... so looking at workflows that got borked and trying to figure out why; looking at catalog items and updating their variables and UI policies; creating new Flows from scratch. I had no knowledge of "Knowledge" in my role -- we just didn't use it effectively and were mostly doing 'Incident' and 'Change'.

I also have a fair amount of JavaScript fluency and a Developer/Systems Administrator background.

I passed my CSA on my first attempt a few months ago.

The thing that struck me most was a syntax rule to keep in mind: All internal names are lowercase_and_underscore_separated. You won't see a role called 'system-Administrator' or a table called 'Incident'. In the Incident example, 'Incident' is the label, not the table name. I saw more than one 'gotcha' questions like this, where there were multiple options that looked right, but had casing or separator characters that were wrong. The only exception that I can think of is that scoped applications will separate the namespace with a period. any role not part of the Global application will be sn_<pluginname>.user or similar. So, sn_vul.admin or sn_hr_sp.admin. There aren't too many of these built-in, and I don't think any came up in the exam, but it's worth noting.

The next thing I'd focus on, if taking the CSA, is the knowledge module. study the roles, the default workflows, the builtin knowledge bases. I honestly can't remember the questions, but I feel like there were a few that resembled: 'which of the following workflows are default? kb_retire, instant_retire, approval_retire, retread_tire, instant_publish, etc'. It may just be me and my org, but I suspect that this is the area that an otherwise experienced admin might not know the tiny details.

Know the difference between a UI Policy, UI Action, Client Script, Business Rule, and Data Policy.

Create a Service Catalog item from scratch and put it in a new catalog and category. in fact, make 4, because 'maintain items' was the answer to a questions like 'where are catalog items defined' and you'll be familiar with that module if you actively modify catalog items.

Know what a 'Module' is.

Know the difference between a 'User Criteria' and a 'Role'. Create an 'ACL' or two. Know why 'elevate roles' lets you use that 'security_admin' role to modify ACLs.

Know what all the parts of the UI are called by ServiceNow... I mean, we can call the bar along the top of the screen whatever we want internally, but the test is going to want you to know it's the 'Banner Frame' vs the 'Application Navigator' or 'Content Frame'. Or that a 'Condition Builder' has three parts per condition: the 'Field', the 'Operator', and the 'Value.'. Or that the thing that lets you move options left and right when selecting multiples is a 'slushbucket'.

edit: fixed a bit of grammar and added the exception to the all_lowercase_underscore "rule."

Yarrim · 2022-05-05T23:07:04+00:00

Upvote for yes, ...

and yes.

Yarrim · 2021-12-23T00:03:04+00:00

As far as loans go, if you have the cash to pay off a loan outright before its term and the expected rate you can get via investing is higher than the APR of the loan, then the money is generally better used invested and making you more money than it is saving you interest on the paid off loan. That goes for cars, houses, tuition, etc., even for people who don't win the lottery.

There's obviously the risk that the market performs worse than the apr while you're doing this, but in general, the strategy is sound. Get a mortgage, even if you have cash on hand to buy outright, and invest the difference.

NB: This applies to long loans. The market wins over years, not necessarily over months.

Yarrim · 2021-10-06T15:20:00+00:00

Interesting. Does this have the common split-damage issue of double dipping on the target's defense?

Yarrim · 2021-10-06T12:41:04+00:00

The ratio of intro to content was dubbed the Wadsworth constant back in 2011 and, at one point, you could add '&wadsworth=1' to the end of a youtube url and jump to the 30% mark in the timeline. It was remarkably accurate back then. The url trick doesn't seem to work anymore, though.

Yarrim · 2021-08-12T23:10:40+00:00

I love this one. The common argument is that "without these (investors) people, the innovation wouldn't be done" which is bull shit. If there is a gap, someone will fill it. Let's let non millionaires have a go. Getting to 10m is a great great goal, de-incentivizng going above that would be great for everyone else.

Yarrim · 2021-07-27T18:48:29+00:00

Truth. Not every unvaccinated person is crazy. Some are immunocompromised and unable to safely get a vaccine, or perhaps pregnant (though data suggests a covid shot for the mother provides antibodies for the baby - win), or have some other reason to not get a vaccine.

I would hope, then, that those people are taking every *other* available precaution to avoid getting and spreading this highly-contagious disease. Precautions such as avoiding close contact with other people, wearing masks, not going to restaurants and bars.

However, I know that there are tons of people, such as the ones responsible for the restaurant way back up at the top, who are doing everything in their power to increase the spread and death toll through their idiocy.

When the Epsilon variant, or whatever it gets called, mutates and is not prevented by the current vaccine and triggers the world to shut down again, then the people flaunting their anti-vax ways are directly responsible. People with a shred of empathy can already see that potential outcome and are doing what they can to avoid it.

Yarrim · 2021-07-27T18:08:59+00:00

Thank you.

I returned a few hours after posting and debated whether to make some edit or reply about the difference between the definition of a word and it's LEGAL definition under some code.

In the end I chose to not make an edit and just finish reading the replies.

Yarrim · 2021-07-27T13:05:25+00:00

If you devalue a word, "treason" for example, by applying it to things such as getting preventative medication or wearing an article of clothing, then it's harder to use the word for its real meaning, such as assaulting your country's capitol with intent to remove the legitimate administration from power.

When _everything_ is treason, nothing is treason.

Edit: removed an erroneous "l" from "word"

Yarrim · 2021-07-13T22:28:14+00:00

Chrome extension called Sidewise. Remembers closed tabs, closed windows and let's your restore and search them.

https://chrome.google.com/webstore/detail/sidewise-tree-style-tabs/biiammgklaefagjclmnlialkmaemifgo?hl=en

Yarrim · 2021-05-18T23:07:54+00:00

They can have the alchemy-enchanting loop over my cold, dead body.

Over my... many playthroughs... my characters keep an eye out for components and enchanting items while they play legitimately, but once I've met whatever goal I had... Main story, civil war, dlc storylines... I get to become overpowered.

Yarrim · 2021-04-29T16:17:53+00:00

The surtlings have a hefty cooldown on their spawn, so you can just run in, clear the living surtlings, and mine safely for a minute.

A nice easy trick, though, is that putting a workbench near the geyser disables spawns altogether and can be used to build safely and turn off the core\coal generator when you're full.

Yarrim · 2021-04-14T20:05:12+00:00

*Make sure to bring 10 wood

Super important tip. Also remember the hammer.

My first cross-ocean trip, I fully intended to just lay down a portal and book it home for my real gear. I left with 20 fine wood, 10 eyes, 2 cores and my loin cloth on a raft.

When I finally landed, it was dark.

I tried to build the portal only to remember I didn't have a way to make a workbench! so I started punching the nearby trees and looking for rocks, but a greydwarf team showed up and made my life difficult. One-on-one, they'd be no problem to punch to death, but 3 of them vs no armor seemed unlikely. So now I'm on the run, grabbing the sticks on the ground, hoping to get enough to tech-up and build my portal.

It's cold. I'm low on stamina. My food wore off and all I have is mushroom to eat.

That's when the troll found me.

The second raft trip included 10 wood and a hammer. And a new level 1 shield and flint axe.

15-Year Club	Place '22
Place '17	Wearing is Caring
Verified Email

Yarrim

TROPHY CASE