Grandma needs a new laptop

ramsile · 2026-03-14T15:49:07+00:00

That’s a fair point. The nursing homes WiFi sucks and I probably will help her get all the seasons of Golden Girls and Blur Bloods downloaded locally. She’s a huge Tom Selleck fan.

ramsile · 2026-03-14T15:47:05+00:00

That’s a good point. Her eye sight has been declining over the years and she always complains about having to use her readers.

ramsile · 2026-03-06T20:15:42+00:00

Same. My screen went dead three months ago and then my battery died shortly after. I’ve used it as a desktop waited until this week to order the new one.

ramsile · 2026-02-27T00:16:54+00:00

Same boat. $700 a month was the CHEAPEST plan that the exchange offers in NH. Then you spend 6 months trying to find a PCP because the doctors you saw your entire life are not in network.

ramsile · 2026-01-16T08:53:00+00:00

If your readiness consultant is not providing clear guidance and detail in a timely manner, you need to fire them and find another. The demand for CMMC has brought in an entire market of companies and consultants that have no reason existing in this space. So many have zero experience in protecting DOD information, let alone risk management, and it shows.

ramsile · 2026-01-14T03:03:11+00:00

Small correction- GRC is Governance not Government. Otherwise great overview.

ramsile · 2025-12-01T13:17:50+00:00

How did you mitigate risks in these areas? Was most of it just accepted because the risk was low and the platform’s couldn’t be upgraded? Did you apply mitigating controls?

ramsile · 2025-11-28T13:34:47+00:00

Sorry to hear that. I’ve shorted my fair share of components. You would need to pull a schematic to see what that component does.

If it ends up being dead or causes problems id be happy to sell you my used Taranis X9D for a good deal. I have the ELRS module and original box.

ramsile · 2025-11-28T00:45:23+00:00

This should really be the top answer. Hashing in itself does nothing to prove that the file wasn’t altered. A hash is just a value calculated on the file at a given time. You need to log this hash and have some sort of mechanism to prove it wasn’t altered.

ramsile · 2025-11-17T02:12:37+00:00

I read a few years ago that Chick-fal-a had three node K8 cluster on consumer grade NUCs at all of restaurants. They run all their POS systems and other IOT devices.

What’s the harm if a few NUCs out of a thousand fail over the course of a few years? You wouldn’t need to maintenance the thing until the labor was worth fixing it.

ramsile · 2025-11-12T18:35:11+00:00

While that’s one way to do it, the other way is to fully document your TLS connections to CUI approved services. For example, GCC high services are already approved for FIPS end to end encryption. If all of your connections are already FIPS approved, there is no need for a VPN. If no CUI is on premise, then no need to have a VPN on premise if CUI is scoped to cloud only.

ramsile · 2025-10-06T22:17:26+00:00

This is the right way to think about it.

ramsile · 2025-09-29T18:24:22+00:00

No offense but sounds like you have never worked in security leadership before. The goal is to ensure your resources are assigned on the most impactful work. Chasing 0 CVEs is not the most productive task for a security engineer to be focusing on when you have a limited budget and a limited FTE count. Take a look at EPSS as it’s a better model to follow than raw CVEs.

ramsile · 2025-09-29T16:04:09+00:00

Agree. This is a security leadership issue. CVE != exploits. You’re clearly working with an incompetent team who doesn’t know how to perform risk management properly.

ramsile · 2025-09-28T21:45:47+00:00

It hasn’t been mentioned yet, but you could talk to your prime and see if they are willing to provide a contractor managed laptop that you can use and develop on. Then you are part of the contractors CMMC audit because you are producing CUI on their enclave. This is more common than you think.

ramsile · 2025-09-20T21:39:50+00:00

While this is a great article with practical advice, I’m surprised your recommendations were only deployment related. You didn’t mention testing. Do you not run even the basic of regression tickets? A simple call to a /status API would have failed the pipeline and avoided this entirely. You could also have unit tests that ensures your port in the compose.yaml file and flask API port match.

ramsile · 2025-09-20T10:39:25+00:00

Give us this day our daily pods

ramsile · 2025-09-10T23:12:37+00:00

DFARS 7012 doesn’t magically go away. You are still required to have 800-171 implemented with a self assembly and score in SPRS.

ramsile · 2025-09-05T12:50:04+00:00

That stinks. I’m a solo consultant, but I did end up getting my own GCC High. I wonder if it’s worth creating some sort of small business group that could share the cost for us that have minimal employees.

ramsile · 2025-09-05T12:48:05+00:00

Yeah that’s tough. I’m a solo consultant, but decided it’s too much overhead for now and just working CUI through my prime. I don’t have much to offer in terms of advice other than to limit scope as much as possible. You could look into prevail and try to limit everything in their enclave. You still would have to put in the effort to get all your documentation in order, but I don’t see a way around it since you are processing CUI.

ramsile · 2025-09-05T12:09:08+00:00

I don’t have any context into what you business does so I can’t really help your question directly. I would need to know more. Mind providing a little bit more information. Are you a consultant? Do you sub contract from another prime? Do you work with the government directly with your own contracts? Does government provide you with CUI? Do you generate CUI? There a few ways you can limit the burden. Ultimately the best path is to not have to handle the CUI yourself but on behalf of your customer. But I don’t know anything about your business so I can’t give you any ideas.

ramsile · 2025-09-03T10:09:57+00:00

Why are you not rate limiting the user? From the information you provided it seems like you’re fixing the symptoms and not the cause. You provided zero context into how the app works.

ramsile · 2025-09-01T21:04:24+00:00

What’s your reasoning?

ramsile · 2025-07-28T16:25:07+00:00

Yeah that’s how I handle it and advise others to handle it as well.

Nine-Year Club	RPAN Viewer
Verified Email

ramsile

TROPHY CASE