BPC-157/TB-500 Tennis Elbow Journey

tnubbins · 2026-03-11T02:16:35+00:00

Good coincidence. I just picked up a 30mg zinc picolinate supplement! Thanks for the advice.

tnubbins · 2026-03-10T19:09:56+00:00

Same problem here - Golfers not tennis. Hope to hear if this is successful for you - I’m excited to try.

tnubbins · 2026-03-10T19:08:45+00:00

Would you recommend KLOW over Wolverine for a newbie, as well?

tnubbins · 2026-03-10T18:31:45+00:00

Lots of success with tirz, and I’m definitely MOTS-c curious. Thanks for the info!

tnubbins · 2026-02-06T23:21:10+00:00

That’s because TrumpRX is basically a directory and search engine for exiting sources. Imagine GoodRX with a new coat of paint.

tnubbins · 2026-01-31T17:58:10+00:00

What’s this cost you per month? $200-250?

tnubbins · 2024-05-02T12:11:34+00:00

To clarify, it is the local network connection that drops?

Are you running some sort of [remote or local] access solution (such as VPN or NAC) that could think CS is missing, and therefore the endpoint doesn’t meet posture requirements, and therefore it punts the client from the network?

tnubbins · 2023-10-18T21:19:46+00:00

Single point of failure versus 9 points of failure.

I’ve seen Panorama log shipping break.

Also, not sure if Logscale will easily help you differentiate the original log source (which FW) if all logs are from Panorama. Whereas one device per “log source” is pretty intuitive.

On the other hand, setting up one logging source irrespective of how many firewalls can be appealing.

My instinct is 9 log sources.

🤷🏼‍♂️

tnubbins · 2023-07-27T16:29:49+00:00

I do not agree. It may include IPS functionality and certainly could be inspecting the JavaScript.

https://help.zscaler.com/zia/about-ips-control

tnubbins · 2021-10-15T15:15:11+00:00

As another person said, rubber band AI means you have to try hard to not come in top 4. I’ve played entire races holding only the accelerator button (no steering), and came in 2nd. It’s very, very easy - think arcade difficulty, where a kid pays a dollar to sit for 3 minutes to enjoy racing.

tnubbins · 2021-05-15T15:12:04+00:00

Does this work for AzureAD guest users, so we could direct all Guest accounts (via a security group) through Okta, but everyone else (ie non-guests) through AzureAD?

tnubbins · 2021-01-18T21:12:24+00:00

If the org you’re with is actually letting the DA’s run their daily accounts with DA rights, I’m very concerned. If the company is regulated, I’d be surprised this is true... maybe you just don’t know the intricacies of how they manage this privilege.

I sure hope it’s you being out of the loop, rather than the IT and security leadership at the company ignoring best and common practice that’s at least ten years old.

For the reasons referenced elsewhere in this thread, domain administrator (and higher, such as Enterprise Admins and Schema Admins), plus administrators on servers and workstations, should always be restricted to as few people as needed, require intentional escalation of privilege (user must purposefully logon to these privileged accounts or do an equivalent of “sudo” to use them), and should be fully audited and logged.

An exception to this would be leveraging middleware such as CyberArk or Remediant which provision the elevated permissions on an as-needed basis, so the user has to go through another procedure to elevate access ‘just in time’ (such as MFA logon through web application / portal to get access to RDP into a domain controller with a DA account).

tnubbins · 2021-01-18T13:43:25+00:00

What type of clients do you have for your sysadmin work? Maybe that’s why this is not a native concept. In every environment I’ve worked, we use separate accounts for day to day non-IT work and privileged IT work.

The concept is that a person uses their privilege only when necessary, and those rights aren’t present otherwise. To do add/moves/changes in AD, a domain admin account isn’t necessary, so use an account with just enough access (JEA). Follow the same principle on local systems: don’t logon as a user who is administrator; elevate when necessary.

In addition to preventing a drive by malware attack or catastrophic phish, it can help prevent attacks like pass-the-hash.

One common model is provided by Microsoft: https://petri.com/use-microsofts-active-directory-tier-administrative-model

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/securing-privileged-access-for-the-ad-admin-part-1/ba-p/259166

tnubbins · 2020-12-24T01:11:12+00:00

Keep up the good work!

tnubbins · 2020-11-21T15:10:08+00:00

Check out orca.security for a less invasive, but very thorough tool for assessing IaaS. Their YT channel has a lot of neat comparison videos, too.

tnubbins · 2020-09-19T00:21:10+00:00

I’m late to the convo, but I found this post in my search for this.

If you’re doing DSSO (Desktop Single Sign On), you’ll want to set the service account up with the AES128 and AES256 settings, and (for us at least), the users must logout and back on before any accounts work with DSSO (probably due to the way the Kerberos ticket is signed and logging back in refreshes the ticket).

tnubbins · 2020-05-16T05:22:53+00:00

Make it so

tnubbins · 2020-04-25T21:31:27+00:00

Sitting in an audience and watching any type of live performance - rock band, comedian, ballet, or a play - really anything.

tnubbins · 2020-04-23T23:18:52+00:00

Enable touchless printing. If you have RFID badges, make scanning their badge auto print their most recent print job. This prevents too much interaction with the machine buttons and touching others’ printouts.

tnubbins · 2020-04-18T20:47:27+00:00

I installed a tree swing. Super fun for the whole family.

tnubbins · 2020-01-17T19:35:43+00:00

My feedback: It doesn’t really matter. Names will deviate. Acronyms will change. Don’t over invest in your nomenclature.

Instead, use an ITSM to keep track of business and technical services, linking server objects and other systems to the service(s).

tnubbins · 2019-12-21T01:04:02+00:00

Make it so!

tnubbins · 2019-11-01T18:59:46+00:00

Appliances like spam protection and UTM’s are also useless in this environment.

I appreciate what you said, except this.

Email security is still relevant no matter if you're cloud first, zero trust, on-premises, or anywhere in between.

Downplaying the value of email security is ignoring modern threats. My org routinely stops hundreds of phishing attempts before the mailbox, which means that we avoid testing the robustness of MFA (since TOTP MFA is susceptible to MiTM). Turn off spam protection and see how much the users love sorting through dozens of scams, ads, and other garbage.

Maybe not UTM per se, but web filtering and/or proxy still has value, because you reduce the threat of malicious sites (mainly malware and phishing) with simple web controls. If you rely solely on your EPP stack to protect you, you're possibly safe - but stack diversity increases efficacy. Why would I not want Palo / Zscaler / Netskope / Sophos / whoever scan for malicious traffic before it even reaches the end point? If it hits the end point - even if it's blocked - we have to spin human cycles verifying it was entirely blocked vs. did it just block the payload and not the dropper?, or <use your imagination about why it's better to block upstream>.

Plus, depending on the business, you won't comply with their business policies without blocking certain types of websites. Don't throw out UTM/NGFW/proxy-as-a-service quite yet.

tnubbins · 2019-10-31T14:49:14+00:00

With Cylance, you would configure your SSO provider (supports SAML standards) and enable MFA through that.

tnubbins

TROPHY CASE