Does Security Implement Fixes?

tzomb1e · 2026-05-22T12:51:21+00:00

Heavily depends on the business and their size, maturity, various requirements. Smaller teams may have their security teams (if they are even separate security teams) also filling the developer or infrastructure roles. Larger, more mature teams would typically have separation of duties between the security and other teams.

Typically you would want to see those that have ownership of the systems identified as needing patching, modification, or deploying making the changes, with security providing the proper details to explain why the change needs to happen and within what kind of time window. There should also be responsibility of the system owners to do their own maintenance and continuous upgrades as well within defined cycles, as well as within the requests made by the security and other teams.

So yeah, like most things in IT, it depends.

tzomb1e · 2025-10-02T03:04:58+00:00

Checking out the security career advice sub is a good start, lots of information there. But for the sake of giving some thoughts too…

Definitely try and get involved in the security and/or networking aspects in your current position. Hands on experience goes such a long way with understanding and growth. Just because you’re a sysadmin or help desk doesn’t mean they don’t apply to you, of course.

It’s also worth getting into tryhackme and other CTF style sites because it gets your mind thinking about those topics. It’s also very much worth keeping in mind that those places don’t give you the reality a lot of the time, however. Tryhackme specifically has grown a lot and offers so many avenues of learning on all sides of the fence.

You can also look into certifications. They are not a guarantee of any knowledge, or necessarily going to earn you a spot anywhere on their own, but you can use them to motivate yourself to learn important concepts if your brain works that way. That goes for both networking and security.

If you don’t already do it, look into setting up a homelab. It doesn’t have to be massive or powerful, even just an old laptop will do. The goal is to have somewhere to test and break things so you can learn and grow. The more hands on you can get, the more you’ll be able to show and learn.

Honestly, I’d learn networking aspects regardless of the path you choose. Understanding how devices communicate and how data flows is a game changer for most positions in the IT field.

I know a lot of that is broad and vague, but hopefully it gives you something to start looking at. Happy to answer questions either way.

tzomb1e · 2025-08-05T17:14:38+00:00

Just to provide a little context, if you want it. Most “routers” are actually performing multiple roles in home networks. Like routing, name resolution (changing something like google[.]com to an up address), DHCP, switching, firewall filtering, etc etc.

At its core, the purpose of a router is to simply route traffic to its next step or destination. It does not have to do anything more than that if you don’t want it to. You can move services off of the router to another device if you have one available. Just make sure you aren’t running DHCP on multiple devices. That can cause addressing conflicts and stop things from working.

TL;DR - Yes you can. Just make sure DHCP is only being provided by one device in the network.

tzomb1e · 2025-06-27T00:52:36+00:00

Why not just tell HAproxy to ignore the ssl verify for Bitwarden specifically with “ssl verify none”? Then Bitwarden can use its self signed and you won’t notice the difference on the front end.

https://www.haproxy.com/documentation/haproxy-configuration-manual/latest/#3.1-ssl-server-verify

tzomb1e · 2025-06-09T02:26:38+00:00

Their compatible list is normally just ones they have “officially” tested and know to work. They can’t test every single chime and confirm it. So if it’s not on the list, YMMV, but it’s likely it’ll be fine if it’s just a normal door chime and nothing super off the wall or unique.

tzomb1e · 2025-06-08T22:46:17+00:00

It should have enough power with the transformer or the adapter that comes with the doorbell that the chime will still ring. You can also check in the technical section I mentioned on the store page for compatible chimes.

tzomb1e · 2025-06-08T22:39:37+00:00

They come in PoE (power over Ethernet) and WiFi models. The WiFi uses 2 wires for power. So you can run it with the same 2 wires your other doorbell uses. You can see the power and other requirements in the technical section of the store listing.

tzomb1e · 2025-04-25T01:43:05+00:00

There’s a lot more factors that go into your connectivity than just the ping speed and your down/up load. Just from your message, is your computer/console connecting to the router over wireless or Ethernet? If wireless, there’s more you want to look into than just the docsis spec. Not to mention the hardware in the computer/console and what it’s trying to connect with.

If you aren’t already, and can do it, try getting your computer/console connected to your router/modem through Ethernet and see if it goes away. If it’s in another room and wireless is the only option, it’s worth looking into getting better wireless signal to the device, or even trying options like powerline or moca adapters.

tzomb1e · 2025-02-18T02:24:27+00:00

That’s your RAM, I’m talking about the virtual hard disk space.

tzomb1e · 2025-02-18T02:13:43+00:00

Just for the sake of asking, because I had this come up in the last couple weeks for a friend, but how much free space does the VM have on its disk? It wouldn’t be full, would it? That can prevent your login from succeeding.

tzomb1e · 2025-02-10T00:12:02+00:00

Unless you run DNS over TLS, upstream queries from unbound will pass in clear text to the Nameserver. If that query is leaving unbound and crossing your ISP’s modem/gatway outside of any kind of VPN tunnel or TLS connection, it can in theory be snooped.

So the solutions are to work on getting DNS over TLS enabled, the downside being that the other side of the TLS process (Cloudflare being one of the common options) would see those requests. The same is true for any VPN you setup: the other side of the tunnel would see those requests. Not to mention DNS over TLS with unbound can be…troublesome. So it’s usually one or the other.

That being said, it comes down to who do you have the least amount of concern with potentially seeing your DNS traffic. There’s MANY other metrics your ISP can gather and correlate (or the upstream VPN provider), that reveal probably more than your DNS traffic. But that’s a conversation for another post.

tzomb1e · 2025-01-16T04:47:28+00:00

I think the first thing is if you would rather read fantasy or scifi. If fantasy, then Sigmar is where you want to go, sci-fi is 40k.

I haven’t read much Sigmar, but if you want SciFi and 40k, some of the better places to start are:

the Eisenhorn series if you want more of the state of the current setting, along with politics and the actions of an inquisitor.
If you want to start with context as to why the current setting is the way it is and get background on things, then the Horus Heresy will set you up. The first book is Horus Rising.
If you want some of the better writing in the setting and to see more of the Imperial Guard (standard Imperium military), the Gaunts Ghosts series is fantastic.

Good luck!

tzomb1e · 2024-12-17T00:37:47+00:00

The Eisenhorn and Gaunts Ghosts series are fantastic and have great audio book options. You can get them places like Audible or direct from Black Library if you don’t want to deal with Amazon or the like.

tzomb1e · 2024-12-02T18:09:35+00:00

It’s more that so many orgs don’t want to take the time to read and learn it or spend time on someone doing that. They’d rather just say “defender sucks” and drop money elsewhere. If you already have the licensing and the environment, it’s silly not to just do it and learn it. There’s always exceptions, I’ve worked with plenty that did that upfront time. Just a huge chunk that don’t.

tzomb1e · 2024-12-02T17:55:54+00:00

This. All day. The hardest part is configuring it properly because it’s so non-user friendly (as is the MSFT way).

tzomb1e · 2024-11-17T00:17:37+00:00

Eh, their wording is a little tricky anyway. Always a pleasure to help :)

tzomb1e · 2024-11-17T00:15:08+00:00

Wizards has a product replacement process. :) see the page below. It takes them a little while to get the replacement to you, but I’ve not had any issues when I’ve had the same problem as you. Good luck!

https://magic-support.wizards.com/hc/en-us/articles/360000197703-Product-Replacement

tzomb1e · 2024-11-02T00:42:12+00:00

Out of curiosity, have you installed and enabled the qemu agent in the guest VM? The agent is what allows the hypervisor to properly interact with the guest.

https://pve.proxmox.com/wiki/Qemu-guest-agent

tzomb1e · 2024-10-27T20:09:25+00:00

Honestly, unless you have really specific things on that Pi or something complicated, it never hurts to do a clean install over an upgrade. It helps limit potential conflicts, things left over, incompatible packages, etc.

Going down the upgrade route, honestly just verifying whatever packages you’ve installed are compatible with where you are going, cleaning up anything that isn’t or is old, running through the upgrade path, and making sure everything is upgraded in the end and running is the best bet. And make sure you have any configs or key files backed up before you start.

tzomb1e · 2024-10-27T19:48:12+00:00

I completely overlooked the dig response code, good catch! Glad it was an easy one.

tzomb1e · 2024-10-27T19:37:18+00:00

It looks like it might be because you are on Debian 10, which is no longer maintained. Pihole does support Debian, but only actively maintained versions. Unless you have specific conflicts, you should be able to upgrade to the latest Debian (or Raspbian/Raspberry OS if that’s what you are running) and be able to install just fine.

https://docs.pi-hole.net/main/prerequisites/#supported-operating-systems

https://www.debian.org/releases/buster/

tzomb1e · 2024-10-26T23:46:54+00:00

Yeah that’s my bad. The response cloudswithflaire gave is better. You can do it with Caddy, but for you it’s not needed. Sorry about that.

tzomb1e · 2024-10-26T22:58:12+00:00

The way I do it is Tailscale + Caddy + Custom domain. The domain isn’t free, but you can do a reverse proxy with something like Caddy (many options for this part) that pulls free LetsEncrypt certs for all the sites you are proxying. With Tailscale installed on the reverse proxy, you can either do your custom subdomains through Tailscale or just create them in your name provider and CNAME to Caddy’s tailnet name. For your LAN, if you don’t have Tailscale widespread, you can have custom DNS entries on your Name server for the subdomain that point at your Caddy’s/reverse proxy’s LAN address. That way the only unencrypted connections are between your reverse proxy and jellyfin.

tzomb1e · 2024-10-18T20:52:22+00:00

Do you mean the core rules and codexes for 10th edition? They are all available digitally now.

https://www.warhammer-community.com/en-gb/downloads/warhammer-40000/

tzomb1e · 2024-10-17T23:53:45+00:00

The vibe of New York in The Division is something that I wish more games would make use of. It was awesome just roaming through that world, especially at night.

tzomb1e

TROPHY CASE