• 0 Posts
  • 73 Comments
Joined 1 year ago
cake
Cake day: July 6th, 2023

help-circle








  • Mostly customer provided certs, high end clients make all kinds of stupid requests like the aforementioned man-in-the-middle chain sniffers, clients that refuse DNS validation, clients that require alternate domains to be updated regularly. Management is fine for mywebsite.com, but how are you solving an EV on the spoofed root prod domain, with an sso cert chain for lower environments on internal traffic that is originally provided by a client? And do you want the cs reps emailing each other your root cert and (mistakingly) the key? I’ve been given since SCARY keys by clueless support engineers. I don’t want to do this every 3 months.


  • As someone who creates custom domain name applications, FUCK THEM WITH A PINEAPPLE SPIKY SIDE FIRST. This problem is on par with timezones for needless complexity and communication disasters. Companys and advertisers are now adding man in the middle certs for additional data collection/visibility. If the ciphers not cracked, changing the certs exposes significantly more failure, than letting one get a little stale.
    Sysadmin used slam! It’s super effective!




  • thirteene@lemmy.worldtoTechnology@lemmy.world*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    55
    arrow-down
    8
    ·
    1 month ago

    Hailey “Hawk Tuah” Welch is an influencer that gained a lot of popularity from her nickname (the sound of spitting, with HEAVY implications of performing fellacio). She used her platform to voice a very reasonable and intelligent opinion, which surprised a lot of people because her nickname is essentially blowjob queen.

    One of her opinions is that it’s important to spread cyber security and used her fame to try to educate the public (potentially a fake story from the image? Idk this drama). And some xit-head claiming to be a cyber security expert ate the onion and offered some shitty advice. Proton fact checked them, because there are a ton of fake news stories about her right now.


  • Preach! I got onboarded to a team with 31 other SRES and 2 weeks in I realized that I was doing all their jobs in Linux solo. The things got helped my team before I got there: octopus deploy’s “run script on host” it’s not too different from invoke command -computername “”, but Active directory :vomit: and security locked down most of the useful tools, so they used octo runbooks instead (also vomit but you do get tools back in the remote UI) but it’s setup with tentacles w/ identifiable ssh keys so it skips ad. It also lets you set env variable libraries.

    Move configs to dev repos and make them set/read their own yaml/json, for some reason windows shops didn’t get that memo. Royal TSX is a decent rdp client that you can script host lists and store prod/dev credentials, ours is basically just knife node list | sort windirstat is a GUI replacement for du - *. The light at the end of the tunnel is when you drop the codebase in a windows container and just remove all of the iis mess/instability for container management.

    Right now we are trying to figure out bootstrapping. In order to provision a new host we need to reboot the box 2x for ad and one for the app stack. We think we can remove the hostname assignment, but AD shakes fist… it’s kinda pointless targeting an automated step, when it needs manual intervention later anyways.







  • You can prevent downtime by mirroring your container repository and keeping a cold stack in a different cloud service. We wrote an loe, decided the extra maintenance wasn’t worth the effort to plan for provider failures. But then providers only sign contracts if you are in their cloud and you end up doing it anyways.

    Unfortunately most victims aren’t using best practices let alone industry standards. The author definitely learned the wrong lesson though.