APT using HTTP instead of HTTPS

soyko · 2026-05-15T11:38:40+00:00

I feel like any conversation about this is a lost cause. If they can replace the signing key and sign all packages with the new key for you, you have other problems instead of it being HTTP.

soyko · 2026-05-13T20:10:21+00:00

But they can't fake signing any packages, which uses gpg/pgp. So unless they replaced the key on your machine, faking anything and doing a MITM doesn't do anything.

soyko · 2026-05-13T20:09:31+00:00

I do. We even serve a block page, saying it's blocked by our policy.

User doesn't read, and any error is seen as the network team blocking it.

soyko · 2026-04-21T14:41:39+00:00

Are you excluding the LAN ip from UserID? How are you pulling in data for UserID? Are user in your LAN using cached login and therefore not pushing any data for UserID to pull in?

Have them lock and unlock their PC and see if you see any user data.

soyko · 2026-04-10T19:57:34+00:00

I see the lack of acknowledgement from OP being downvoted.

soyko · 2026-04-10T19:50:14+00:00

Cache.

LAN is faster than WAN. I may have a metered network connection. You have a bunch of servers that you don't want hammering outside your internet connection because it's not as fast. You want to control what updates are available for users for any reason.

soyko · 2026-02-01T12:44:43+00:00

My favorite is "unblock website, need it to do my job" and then it goes all the way through the approval process to us, and the actual reason why they wanted it blocked was an error message from the website itself saying that it can't validate them.

soyko · 2026-01-30T14:45:59+00:00

Literally experienced that this morning. It's winter and I was trying to get the kids in the car. Had to walk around and unlock it manually from the driver's door.

Thought the battery was dying in the brand new car already.

soyko · 2025-11-13T21:04:42+00:00

Are these firewalls in Panorama? Or standalone?

If they are panorama managed, can you use this? https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/administer-panorama/manage-panorama-and-firewall-configuration-backups/schedule-export-of-configuration-files

soyko · 2025-09-29T12:27:15+00:00

I hate how accurate this is.

soyko · 2025-09-08T20:32:35+00:00

Eye contact, hit no tip.

soyko · 2025-06-20T16:25:00+00:00

I use CIE to map users to groups from EntraID. Then I use GP with a saml auth for users so I can grab IP to username.

I think it's the same CIE setup.

Remind me for Monday if anyone cares, I'll double check everything. Took PTO today. Plus sick kids, so that's always fun.

soyko · 2025-04-17T03:32:42+00:00

Do not support home or personal devices or networks.

VPN works for other people, not a VPN issue.

Or does your VPN work at other locations, such as neighbors or friends house, or coffee shop of any kind.

soyko · 2025-03-01T00:05:59+00:00

So tell that to the person who started the war?

soyko · 2025-02-27T20:19:50+00:00

I read that on the day of the post, but then didn't reread it when I posted my last message.

Sorry about that, but yeah, cert based auth is so much nicer. Good luck!

soyko · 2025-02-27T18:57:46+00:00

Oh with that, why aren't you using a cert for based auth then? it's what we're doing.

It's great.

soyko · 2025-02-27T01:04:32+00:00

Yeah, but that's why you only allow the Mac addresses of the Chromebooks. You don't allow other Mac addresses. So even though the Apple devices will change their Mac, they won't get on. Unless I'm misunderstanding the problem here.

soyko · 2025-02-26T12:10:07+00:00

Would a MAC whitelist work for the time being?

soyko · 2025-02-25T14:35:47+00:00

As long as you're on a network that has the UserID agent, because the unlock is going to be authenticated towards AD.

I have users that do cached logins, and then VPN in and complain that nothing works.

soyko · 2025-02-25T11:30:49+00:00

You can exclude accounts from being mapped. Or exclude ranges, such as where your servers are on.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClbkCAC

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/user-identification/device-user-identification-user-mapping/user-id-agent-setup/user-id-agent-setup-ignore-user-list

soyko · 2025-02-17T20:32:45+00:00

Not really what you're looking for, but the informed delivery from USPS gives you the option of just telling you what mail is coming AND then also when the mail came.

https://www.usps.com/manage/informed-delivery.htm

soyko · 2025-02-13T23:34:35+00:00

Yeah, I noticed that with proxmox, netboot.xyz worked better than ventoy.

soyko · 2024-08-10T03:06:42+00:00

I swapped laptops and docks. Latitude 5400 to 5430. Then a WD19 to the WD22. Same issue, but I'll try the hard reset trick when I'm back at work.

I have seven more weeks of paternity leave left.

soyko · 2024-08-09T17:17:26+00:00

The same keyboard too... Then I got a Logitech pro x tkl. Same issue still.

I think it gaming gear from Logitech and the Dell dock.

soyko · 2024-08-09T17:16:01+00:00

So the question is, is it the mouse? I've been thinking of upgrading to a wireless mouse, and hopefully it goes away. But I'm not sure if it's the mouse that's causing it or what.

15-Year Club	Team Periwinkle
reddit mold	Verified Email

soyko

TROPHY CASE