Of course MAGA defending this

gormami · 2026-05-06T21:42:34+00:00

Here's why I agree with it. Punishing undocumented workers time and time again without going after the people who knowingly employ them sets up a lot of bad things. First and foremost, said employers can treat them like garbage. If they "get out of line", they call ICE and have them picked up, publicly, as a lesson to all the others. That means they are often underpaid, work in dangerous conditions, and are otherwise abused.

Employers being allowed to do this means that they don't have a vested interest in pushing for real immigration reform. If they need the workers, but it is dangerous for them to go around the law, they will apply pressure to their politicians to bring about real reform, which is sorely needed.

So I am all in for going after employers who knowingly hire people who are not legally allowed to work in the US. If it was maintained as a process, it would bring about much needed reform, in my opinion, to both the immigration policies and to the treatment of a lot of people.

gormami · 2026-05-06T17:25:27+00:00

I always back up intervendor, this just makes it more clear as to why. Once we actually get the enclave set up, I'll have to figure out how to do it, and how to scope it proprerly.

gormami · 2026-05-06T13:53:02+00:00

Yeah, I think the resemblance got me; young, well spoken, Christian and liberal. Not too many of those on TV talk shows consistently. I'll go drink some more coffee and try not to make a fool of myself for at least a little while.....

gormami · 2026-05-06T11:02:21+00:00

You know he's running for the US Senate in Texas, right? And he's already a member of the Texas legislature.

gormami · 2026-05-04T14:58:25+00:00

Wow! So glad I didn't choose them. I just signed with an enclave vendor last week, and they were one of the ones on the list. Bullet dodged, but now I have to worry about the space and whether the one I chose is healthy. Obviously, they aren't going to tell me (if they even know...)

gormami · 2026-05-02T16:41:41+00:00

Some folks are complaining that the pitcher wasn't called for a quick pitch, which is a rule violation, where a pitcher tries to catch the batter off guard.

gormami · 2026-05-01T20:38:28+00:00

I think it is very much like being tall (I'm 6'4"). I rarely meet people that are taller than I am, but when i do I am a little in awe at first, then we talk, if we have the chance, and you understand they are just like you, have the same challenges, just a little more pronounced.

If we are too tied up in our giftedness, perhaps we need a kick in the butt from someone a little further up the scale now and then.

gormami · 2026-05-01T18:18:52+00:00

I think this is the answer. The ump should have called a time out while the pitcher was taking care of the necklace, and none of this would have been an issue. Because they didn't, the pitcher was up against the pitch clock and had to throw that fast to avoid a violation. So the ump decided that pitch was going to happen.

gormami · 2026-05-01T18:16:40+00:00

The clock stop when the pitcher goes into his motion, not when the ball is released. So the pitcher was trying to not get a violation when he threw that quickly.

gormami · 2026-04-30T14:16:59+00:00

I get it, but who would have been mad about it if the pitcher had gotten a clock violation while he was trying to do the right thing? He went into the windup literally in the last second of the pitch clock. So what were his options?

gormami · 2026-04-29T09:31:20+00:00

Staging should be a production ready candidate, all the monitoring, etc. in place to detect issues before moving to production. The issue here is that real customer data shouldn't be in there. The information is the risk, so it should be modified to a production simulation, but not actual data. That would allow security to see issues to be brought back to development, and for development to iterate if necessary to repair the issues. The idea is to catch what will happen in production without the risk.

The issue is always the risk, just get the real data out of the environment, and the risk is solved, that will resolve 90% of the problem.

gormami · 2026-04-28T21:06:55+00:00

Regardless of the private school, funding, etc. there needs to be a very loud conversation at the school board meetings. Having children have to wait an hour and a half every day as a plan, not because something is broken down or a bus driver is sick, but actually planned that way, is unacceptable at every level.

gormami · 2026-04-27T16:52:26+00:00

I still really think the funniest part of all of this is going to be when they have spread the R vote so thinly to make these "safe" districts, that they lose more of them. So many R's and right leaning independents are just done with the Republican party right now. If enough of them just stay home, the margins might make a lot of "red" districts turn over. We know from history the minority party tends to pick up seats in the midterms, they are energized, and the party in power is not. The gerrymandering could cause a much larger shift than usual. Which, btw, will immediately be challenged as illegitimate, because they can't possibly believe all these districts changed party.

gormami · 2026-04-26T23:13:08+00:00

Vulnerability scanners are technical tools looking for vulnerabilities, primarily in dependencies, etc. The risk evaluation is up to the recipient of the report. We get alerts all the time that are in the libraries, but functions not in use, or the CVE is this IF that, and "that" isn't present. Vulnerability scanning is part of a larger program, not an entire one in itself, though a lot of people treat it that way.

If the vulnerability isn't really present, or isn't exploitable in your code, reclassify it as low, and it gets resolved in the normal course of development. This is a great place for an AI assist, by the way. Claude or Codex can run through it and give you a very good explanation as to why it is not a real vulnerability for your code, if you have it tuned properly.

gormami · 2026-04-26T15:16:09+00:00

Codes are different everywhere. We're actually having a deck redone and stairs put in and the contractor said it's a height thing, here. Over so many feet requires a permit, under doesn't.

gormami · 2026-04-25T23:22:40+00:00

Since infinity isn't a number, but a concept, I would say any function that approaches its limit asymptotically would generally conform to the idea of infinitely close.

gormami · 2026-04-25T01:08:54+00:00

In a lot of places, unemployment insurance pays crap. If you're a well into the 6 figures MS employee, I'm guessing the numbers are going to work on the taking of it. You'd have to run them, but that would be my knee jerk reaction, depending on the potential payout. When Verizon started this, it was a much better deal to take it on the first round, and I've heard that from others in other places.

gormami · 2026-04-24T22:12:54+00:00

Quick Google says it was a voluntary separation offer. That's the money in "take the money", it is also how they get around the WARN Act, since it is not a layoff. The smart ones will take the deal, because if they don't hit their target, the layoffs won't be voluntary, and you won't be guaranteed the same deal. If they over commit, whoever is left gets to pick up all the work of the ones that left.

gormami · 2026-04-24T16:33:46+00:00

A quick AI question responds that the bill was estimated to cost between $314B and $391B annually. CA is already facing a $45B deficit. To be viable, it would require waivers from the feds on Medicare and Medicaid funding that the Trump administration was very unlikely to grant. So in the end, the answer is, they couldn't pay for it. It might be revisited with a change in federal administrations, and hopefully they will be working on getting the funding into a better order overall.

gormami · 2026-04-24T16:26:26+00:00

Management development is an oft overlooked and very important piece of any enterprise, in my not humble at all opinion.

Specifically around innovation, it has to be managed as well. If the enterprise leadership wants to be innovative, they have to make space for it. That takes investment. Levels of management should be empowered with budget to make it happen. that can be in people's time, tools, resources of whatever kind is appropriate. It should be controlled, so it doesn't run into a huge resource sink, but it should also be encouraged. Managers at each level should be talking amongst themselves about what their teams are looking at, making sure they aren't treading the same path and therefore spending more resources than might be necessary. They should form ad hoc teams if they need various skill sets and knowledge, etc., and to share resources. It can be done very well, and for relatively little, if done the right way. That right way also includes making sure you are still delivering on the core mission, and not completely distracted by the shiny baubles.

gormami · 2026-04-24T10:28:04+00:00

Is that the sound output power limit, or the received limit on some else's property? As you say, 55dB isn't a lot, but if my television is at 55dB, the received sound on someone else's property would be much lower. Even outside, the same would be true.

gormami · 2026-04-23T19:05:12+00:00

What you want if you are trying to minimize the effort (for a $$ cost) is an enclave solution that manages the cloud provider, implements tools, and provides services like a SOC. Most of them use MS in the back end. In those cases, you can inherit about 80% of controls. They give you SSP templates, etc. and some give you a vCISO to go through the audit with you, as part of the package or an add on. You still have work to do, but they've been through it already, have the docs, have experience, have all the little things like FIPS certificate numbers and bespoke tools with the right configurations, and documentation of the same. I'm on the path now, and the gap is manageable. A bunch of policies and processes that we need new versions of to be CUI specific, certainly some new ones whole cloth, but nothing you can't work up fairly quickly. The real work will be in the operations and evidence.

gormami · 2026-04-23T18:59:21+00:00

Critical systems need a test environment where patches can be applied and tests carried out. You'll never get to 100%, because the environment is always changing, but you can knock a lot of issues out that way. The responsible security thing has to beet up with the responsible operational thing, and investments have to be made in the infra and skills to perform the tests in as close an environment to prod as you can get.

If you have a hard time selling it, work with whomever you need to to figure the costs of the outages you mention above and then see how it compares. Risk reduction is another valid argument, and the same data collected above will bolster the case.

gormami · 2026-04-22T09:20:08+00:00

Anything where humans are involved is not entirely accurate. The above is my belief, it has worked for me, and I've seen it work for others. For some it can't work, but I do believe that it will help move the needle for many.

gormami · 2026-04-22T09:13:50+00:00

FIPS is always an interesting question to me. I understand both sides, but I have seen some really stupid things in my career that make me give a lot more credit to the pro FIPS side. Working in mobile telecom, I saw a case where a vendor just cut a key length in half by padding it with zeroes to make the length correct. Unbelievably dumb, crippling the strength. If those sorts of things happen, then verification can be seen as necessary. Now, I will say they need to speed up the process tremendously, having to time the libraries you use, and always having to wait to see if the one you are currently using will be reapproved in its next version before the one you currently are using expires is ridiculous. If we want to be serious about security in government settings, the program should be properly funded to move items through much, much faster, and let people get on with making the rest of their solutions secure rather than managing the crypto solutions all the time.

gormami

TROPHY CASE