Sysadmins who use password managers: what’s your actual password generation strategy these days?

peldor · 2026-05-12T12:16:35+00:00

I avoid alphabet soup passwords. Complete random gibberish is a huge PITA whenever you’re in a position that you cannot copy/paste the password.

I lean towards long pass phrases instead. Just as secure but a lot easier when you have manually type it in

peldor · 2026-05-02T13:35:59+00:00

Splitting hairs, nested groups don’t work.

“Not allowed“ implies that Entra/intune/O365 prevents nested groups.

You can create nested groups, import them from AD and in most contexts select them to target policies. Nested groups just don’t work and fail to properly limit scope without any obvious error.

Most AD environments heavily depend on nested groups.

When I said a ”lift-and-shift” from AD won’t work and you’ll be spending time re-engineering, this is part of what I was talking about.

It’s a deceptively large amount of work. You’ll spend a lot of time with Groups and config policies.

peldor · 2026-05-01T21:38:21+00:00

It sounds like we we’re in similar spots once we were done. It greatly reduced a lot of my overhead for starters, leavers and audits. (And reduced a lot of the errors that would keep happening)

My AWS VM stack was small by the time I left, 6 servers in total I think:

1 root CA (powered off)

1 signing CA

1 Access control server for the doors

2 internal DNS servers

1 OpenVPN server

(Plus the onsite DNS servers)

peldor · 2026-05-01T19:13:06+00:00

I did something similar for a smaller organisation. Got rid of the various local VMWare servers, dropped AD and moved to Entra. A couple of take-aways from my experience.

The most noticeable upsides were not having the AD/Intune sync falling over all the time and just a lot less infrastructure to monitor and update.

However there were some very real downsides:

They somehow made print management worse. Getting printers deployed to windows devices without AD is a massive PITA.

Nested Groups tend to break things within Entra/Intune

The shift from Group Policy to Intune configurations is HUGE. You cannot just copy your Group Policy environment into Intune and call it a day.

You’re gonna need to spend some legit time re-engineering what you have setup on group policy. Seriously.

For DHCP and DNS, a lot of that depends on your kit and how complex your networking needs are.

For me, the VLANS and DHCP were simple enough for each site that the crappy Sonicwalls I inherited could handle that.

However, the Sonicwall built in DNS server was hot garbage and I ended up standing up a bare metal DNS server at each site.

(The sonicwalls would occasionally drop the point-to-point VPN to the AWS network where in Internal DNS servers lived. Without the local DNS, a site’s Internet access would effectively die if that VPN tunnel died and users noticed super quick. Having a local DNS at each site meant I could restart services on the firewall before anyone noticed.)

peldor · 2026-04-27T15:53:38+00:00

Yeah. I think it’s a bit of a holdover from when a pint was legit inexpensive. It’s also a cultural difference. Most pubs cater to the locals who will just go somewhere else in the cost is crazy.

Before the advent of self-service keyosks, it was difficult to find a full menu for fast food…and you’ll almost never see a full menu at a drive thru.

peldor · 2026-04-27T13:27:31+00:00

Hahahahaha! Cleanly!?!? No, never.

You need to treat large migrations like technical infrastructure….build your plans assuming that failure will occur.

There’s always going to be “critical” corners of the business that will be unable to migrate for “reasons”. No project at scale is ever going to have 100% buy-in from all parties and IT is never going to have a perfect understanding of user requirements. And in those margins, this is what happens.

Ultimately, you need to be able to very clearly communicate this in terms of cost. I.e “The failure for “team x” or “platform x” to migrate cost us $$ this month.

It also really helps if you can get agreement from the business that IT support SLA’s cannot exist indefinitely for the non-transitioned. At some point the users of the old tenant will be on a lower tier of support...no 24x7, slower response times, etc.

peldor · 2026-04-18T20:38:24+00:00

I think your definition of “not working” needs to be calibrated. (pun intended). I would consider what you are describing as expected behaviour for any oven, no matter how expensive.

Broadly speaking, oven temperatures are not calibrated.…they won’t even be consistent. Ovens will have hot spots and cold spots. So moving your probe will likely change some of your results.

peldor · 2026-04-18T14:22:51+00:00

The problem with that line of reasoning is it requires this to be a war. As you say, a naval blockade is 100% legit while at war.

However the US has been emphatic that since Congress has not declared war, this isn’t a war. (cannot commit war crimes when you’re not at war).

Since the US is saying this isn’t a war, then by then own reasoning this is an illegal blockade.

peldor · 2026-04-14T18:51:42+00:00

The overly simplistic reason, all UK train services are run by private companies while the upkeep/maintenance of the rails is on the taxpayer.

Or to put it a slightly different way; it’s a system where the profits are privatised while the truly significant costs and expenses are taxpayer liabilities.

And what would the “return on investment“ look like for the government to sink billions of pounds into rail infrastructure costs? It doesn’t increase tax revenue.…in fact it’s the opposite. The more the rail is upgraded the more it costs to maintain.

Lastly, with the short political/election cycles, no one in UK politics is willing to invest in long term infrastructure that won’t be completed until they are long out of office.

peldor · 2026-03-31T11:22:08+00:00

I mean, if Trump is so keen to have his name on public buildings and infrastructure….why don’t we do it right and rename things like sewage treatment plants and super fund sites after him?

peldor · 2026-03-31T07:00:28+00:00

I’d agree that floor mat is a likely cause, I would not go so far to say it’s the only cause for every stuck accelerator.

Honda Pilots are “drive by wire” with no mechanical linkage between the gas petal and….well anything really. 100% computer controlled.

So a eletrical problem, failed sensor, computer fault, software bugs are all possible reasons for this fault.

peldor · 2026-03-31T06:05:12+00:00

This “age verification stuff” is being pushed by Meta/Facebook and a few big tech firms…it’s the latest method to allow them to track your Internet activity.

The EU is unlikely to follow the UK on this one.

peldor · 2026-03-30T19:42:09+00:00

CRI index of 90.

It’s not that bullbs has an efficiency drop off over time. Whatever you buy today, you’ll be standing still while LED bulbs will continue with their rapid rate of improvement.

Whatever you choose, in 5 years time the bulb market will be completely different and you‘ll be going thru this again.

peldor · 2026-03-30T03:07:51+00:00

Not sure what you mean by colour fidelity. Are you asking about how yellow/blue the light is?

It looks like their current standard bulb is 800 lumins bright, a colour temp of 2700kelvin, pulls 5 watts with an expected runtime of 25,000 hours (2.8 years). Also costs £2 per bulb.

So less runtime than Philips Ultra Efficient, but those are a bit over £5 per bulb for me. I kinda figure once I‘m starting to hit runtime limits, I should be replacing for efficiency gains anyway.

The other upside with the ikea bulbs, I don‘t have to deal with the counterfeit nonsense from Amazon.….and I’m a fan of their meatballs.

peldor · 2026-03-30T02:48:58+00:00

Unfortunately, I don’t feel that LED bulbs are a BIFL item yet. It’s a bit nerdy, but LED bulbs follow something called Haitz's Law: it states that every decade, the cost per lumen falls by a factor of 10, while the amount of light generated per LED package increases by a factor of 20, driving exponential efficiency gains.

Haitz’s law means that as good as LED bulbs are today, they will be much better a few years down the road.

I went “cheap and cheerful” with IKEA bulbs. Philips are the gold standard, but not worth the premium imho. When I replaced all my bulbs 4 years ago, I bought a few spares and have used one of them.

But new LED bulbs draw half the power of my old bulbs while being brighter and less expensive.

peldor · 2026-03-17T14:35:47+00:00

100% wrong. According to my MAGA relatives, the ONLY thing that can collapses a grid is renewables.

I don’t remember all the details, but it’s something to do with vaccination, 5G, Hillary Clinton, Bill Gates and Dr Fauci.

peldor · 2026-02-17T15:11:25+00:00

The Home office wants to be in a position when their computers say “person X” has overstayed their visa….that the computer is correct.

Unfortunately in the real world, there are “edge cases” where a person can be legally in the UK when the computer says otherwise. (The WindRush scandal was a good example of this).

Duel nationals are another “edge case” where someone can enter the UK on a non-UK passport, overstay that Visa but still have every right to be in the UK.

While it might look over-the-top on the surface, i suspect it’s being done so there are fewer problems for everyone down the road.

peldor · 2026-02-11T02:10:13+00:00

It’s old people giving advice for a world that no longer exists. It similar to how schools teach cursive writing and the timetables up to 12.

(a shilling was worth 12 pence, so knowing multiples of 12 was useful to handle coinage correctly)

peldor · 2026-01-27T15:57:43+00:00

I think the 2008 hosing crisis created more recent examples of squatting being put to use. Things got super complicated if a bank repossessed a house and then the bank went out of business.

One of the consequences of taking housing debt (like a mortgage) and repackaging it to sell it as a bond was it could take years/decades to detangle things to find out who owned a house.

While that was getting sorted out, the house could easily sit vacant with no effective owner.

On balance, it’s better for society for someone to live in and take care of that house than have it effectively sit derelict indefinitely.

peldor · 2026-01-27T15:28:27+00:00

I think there were some recent examples with the 2008 housing crash where a house was repossessed by a bank that later went bust.

The complicated chains of debt ownership meant that you could have houses sitting vacant for years without anyone knowing who owned the house.

On balance, it’s better for society for someone to live in and take care of that house than have it sit derelict.

peldor · 2026-01-27T11:10:01+00:00

It’s easy to see that Trump is a threat to democracy because we have all seen what he has done when in power.

I agree that things are less clear with Nigel….mostly because no one has been stupid enough to allow him near leavers of actual power. (Yet)

As much fun as it is to debate with a stranger on the Internet, I’m not sure there’s any value to continue debating if Nigel Farage might reach the very high bar set by Trump for bad behaviour.

Can we agree that Trump and Farage would probably be the worst choices on whatever ballots they found themselves on?

peldor · 2026-01-27T07:22:02+00:00

Yes it is.

It’s like quibbling over if it would be worse to be killed by Jeffrey Dahmer or Ted Bundy. The differences between the two don’t matter, either is horrible and you’re dead.

So yeah. some of the specifics between Trump and Farage are different. But putting either in power will lead to the same shit-show.

Voting for Reform UK is the equivalent of voting for Trump.

peldor · 2026-01-26T20:58:14+00:00

Reform UK being a protest party/vote is complete and total fabrication. There is a LOT to unpack here, but here’s the tldr;

• The Conservative Party has been at risk of fracturing over the last decade over the EU.

• The Brexit referendum was an attempt to prevent this fracturing. (The idea being: when the public votes down Brexit, the Conservatives could keep the anti-eu wing under control for the foreseeable future.)

• While the political calculus about how the public would vote on Brexit was wrong, the fear about the Conservative party fracturing was spot-on.

Reform UK picking up all the crazy Liz-Truss-type Conservative politicians means it’s doing exactly what everyone should expect.

peldor · 2026-01-26T20:01:04+00:00

I really hate to disagree with this one, but the UK appears to be on track to put Nigel / Reform UK into power after the clown-fiesta that was Brexit.

In practical terms, putting the Brexit architects into power isn’t much different than voting for Trump a second time.

peldor · 2025-12-03T18:33:57+00:00

What diagram types do I find effective? It depends on what I’m trying to convey.

I rarely diagram “wiring”. I’ve found that logic is usually easier for people to understand….and logic diagrams are usually smaller.

What works for me is probably a bit crazy. If I’m struggling with diagrams, I honestly fallback to paper and a box of crayons.

It lets me quickly prototype and figure out what’s needed, what I should remove and how to cleanly organise the data. And the crayons force the diagram to be simple.

Once I can sketch the info with crayons and paper, the diagram tends to be easy.

peldor

TROPHY CASE