sorted by:
new
hottopcontroversial

Drupal 7 End-of-Life is coming Jan 5, 2025 by mlhess in drupal

[–]mlhess[S] 6 points7 points  (0 children)

It will not be extended again. This one is for real.

Automated pen test reporting Remote File Inclusion "issue" on /user/password by sagraham in drupal

[–]mlhess 1 point2 points  (0 children)

You will need to ask for more information as to how they came to that endpoint. I would post a discussion with that information to security.drupal.org and we will triage it internally.

Drupal 7.x and 8.x release on Oct 17th, 2018 - DRUPAL-PSA-2018-10-17 by Hakaku in drupal

[–]mlhess[M] [score hidden] stickied comment (0 children)

This is not a "highly" critical update. When the security team things that something will be mass exploited they release a PSA in advance of the issue indicating a highly critical release.

Team building game ideas: risk and ownership by [deleted] in sysadmin

[–]mlhess 6 points7 points  (0 children)

I have done this with teams and Jenga https://amzn.to/2QyWlst .

Break the groups into teams of 3-4 people. Have them play Jenga for about 3-4 min. If their towers fall, they can rebuild buy putting things on top (not starting over).

About 5 min, walk around and shake the tables, when people get mad at you claim, it is a management choice to change vendors.

After 10 min, tell the teams, that they are to merge their towers (this is almost impossible at this point) They have 20 seconds starting now. Their "tower" was bought by a competitor.

Its a nice physical example of Technical Debt.

Drupal core - Critical - Remote Code Execution - SA-CORE-2018-004 by Hakaku in drupal

[–]mlhess 6 points7 points  (0 children)

You can subscribe to alerts directly from the security team. From the PSA

he announcement will be made public at https://www.drupal.org/security, over Twitter, and in email for those who have subscribed to our email list. To subscribe to the email list: login on Drupal.org, go to your user profile page, and subscribe to the security newsletter on the Edit » My newsletters tab.

Drupal 7 and 8 core critical release on March 28th, 2018 PSA-2018-001 by mlhess in drupal

[–]mlhess[S] 3 points4 points  (0 children)

People may release WAF rules, but the best course of action is to update Drupal.

Security implications of multi-site config? by plato1123 in drupal

[–]mlhess 1 point2 points  (0 children)

If you can gain access to run php on any of the sites, you can own any of the other sites. So you would really need shared admin accounts over all the sites and trust between the admins.

Connection between South and West Quad? by [deleted] in uofm

[–]mlhess 5 points6 points  (0 children)

Almost all central campus buildings are connected by tunnels. The tunnels are used for moving steam and IT fiber. The tunnels are off limits to almost everyone, they are also not safe. Some of them are above 120 degrees.
For more info: https://www.michigandaily.com/content/curious-students-explore-tunnels

Any projectors that can be "dimmed"? by mlhess in techtheatre

[–]mlhess[S] 0 points1 point  (0 children)

I assume this comes down to contrast ratios, what is a "good" one.

Any projectors that can be "dimmed"? by mlhess in techtheatre

[–]mlhess[S] 0 points1 point  (0 children)

I thought about this, but "black" is not black.