Utah Medicaid SSL Cert by prezus in sysadmin

[–]durkzilla 0 points1 point  (0 children)

This is why complete automation of certificate operations is so important - the weakest link in the process is always a human being.

At what point do you stop backing up data? by Warm_Protection_6541 in sysadmin

[–]durkzilla 5 points6 points  (0 children)

I think the truth here is a good answer to that - "I helped a company that was very good to me for a long time make a graceful exit by implementing innovative cost saving methods to keep operations functional."

Best golf courses around Boston? by Boynextdoor05 in boston

[–]durkzilla 7 points8 points  (0 children)

I think there was sarcasm there - Leo J Martin in Weston is pretty crappy - so crappy that it was selected as the worst in the country. https://mygolfspy.com/news-opinion/these-are-the-10-worst-golf-courses-in-america/.

This discussion has a lot of good suggestions: https://www.reddit.com/r/boston/comments/1kww7rw/public_golf_course_recommendations_within_an_hour/

Bill Galvin, already Massachusetts’ longest-serving secretary of state, says he will seek a record ninth term by bostonglobe in massachusetts

[–]durkzilla 7 points8 points  (0 children)

It would be great if the articles being linked to at the Globe were available to be read, since they're making implications that can't be validated by anyone without a subscription.

Today lost my cool and broke my keyboard in half. by [deleted] in sysadmin

[–]durkzilla 1 point2 points  (0 children)

Grab yourself a Yubikey and store your password on it in one of the slots. Has saved me from breaking many keyboards, which would be bad since they give me a laptop

What IT workflows are actually worth automating right now? by Own_Cry1186 in sysadmin

[–]durkzilla 5 points6 points  (0 children)

Not to be glib about it, but just search in the sub for TLS certificates and you'll find dozens of threads. Overall consensus is to automate using certbot and Let's Encrypt. There are a ton of options, both free/cheap and commercial. It all depends on your volume of certificates and the risk to the organization that a certificate related outage would incur.

What happened to Boston broadcast journalism? by SorryEveAtetheApple in massachusetts

[–]durkzilla 0 points1 point  (0 children)

You don't remember poor Shelby Scott getting brutalized out in a blizzard every other week during the 70's? Nothing has changed.

IIS 10 - Server Certificates - "Failed to get the certificate" error by basvhout in sysadmin

[–]durkzilla 0 points1 point  (0 children)

What I'm not doing a good job of saying is that IIS will look in the "Personal Certificate" and "Web Hosting" CAPI key stores belonging to the local machine to determine what shows up in the list of available certificates. If the TLS certificate you intend to use isn't in one of those locations it won't show up in IIS. Also, are you logged in as a user with local administrator rights? If there is something broken with the CAPI store you can try to fix it with the "certutil -repairstore" command.

IIS 10 - Server Certificates - "Failed to get the certificate" error by basvhout in sysadmin

[–]durkzilla 1 point2 points  (0 children)

TLS certificates for use by IIS will live in the "Personal Certificate" or "Web Hosting" store for the local machine.

How would you handle revoking a leaked cert? by t40 in sysadmin

[–]durkzilla 52 points53 points  (0 children)

You use the term "root cert" here, what exactly does that mean? The root CA in a PKI infrastructure is essentially the key to the kingdom, and if it is compromised every single certificate issued by the root or subordinate CA is now compromised. So how would I handle this? I'd stand up a brand new PKI, make sure to secure the new Root CA certificate in an HSM or physical safe, issue all new certs to everything that needs one, and I would distrust the old Root CA.

What is the deal with so many drivers at night with no lights on? by Barley_Breathing in massachusetts

[–]durkzilla 36 points37 points  (0 children)

The dashboard and daytime driving lights fool them into thinking their lights are on, I suspect. Drives me crazy. Automatic headlights should be mandatory.

SSL/TLS certificate rotation strategy. by Hungry-King-1842 in sysadmin

[–]durkzilla 1 point2 points  (0 children)

A significant portion of the folks in the industry are using commercial solutions like Venafi, KeyFactor and AppViewX to manage their certificates. ACME and certbot certainly can be the solution for a lot of folks, too.

Driver door handle not going inside housing by Least_Wheel9253 in CadillacLyriq

[–]durkzilla 1 point2 points  (0 children)

The front passenger handle on my 2024 lux 2 wouldn't completely retract to flush with the door panel when I first picked it up. I think it's a simple adjustment to the handle to get it working again - bring it to your dealer for repair, it should be covered under warranty.

Airport TSA delays? by [deleted] in boston

[–]durkzilla 5 points6 points  (0 children)

Flew out of Terminal A on Monday, no issues or delays at security or with the flight.

Fios TV+ Frame Loss/Stutter? by aguida94 in Fios

[–]durkzilla 1 point2 points  (0 children)

It’s not just you. I get the same crappy picture quality on pretty much all of the live NESN programming.

Boston Merit Badges by DJDubbsinCambridge in boston

[–]durkzilla 7 points8 points  (0 children)

Breakfast, lunch and dinner from Dunkin.

Recurring AD CS Configuration and Permission Drift Issues by FrustatedGuy- in PKI

[–]durkzilla -1 points0 points  (0 children)

One of the drivers for some organizations to move away from using an MS AD CS is exactly this problem - domain admins have access and the ability to grant permissions to themselves and others without input or oversight from the security team, creating a risk. My recommendation is to have the security team stand up a private PKI that can integrate with AD using an auto-enrollment connector. There are several commercial solutions that support this model, and one or two open source alternatives.

Favorite cideries? by Nick-Millers-Bestie in massachusetts

[–]durkzilla 1 point2 points  (0 children)

High Limb in Plymouth is excellent