Can’t wait to never hear another one of their fuckimg stupid Chinese-riddle-threats, fucking hate that shit. Always a ridiculous threat they have zero abillity or intention to see thru
They have already told us out next licenses will be core based instead of socket based. Going to extra fuck over those who chose the AMD for the cheaper per core licensing.
We have some air gapped environments. VMware have asked us to install vRealize to monitor the CPU usage. Then they want us to export a report from vRealize every month and upload it to VMware so they can bill us accordingly.
I’ve still never recovered from the time I asked someone for a screenshot of an error they were getting and they literally printed their screen, circled the error, scanned it with our copier, then copied and pasted that into a Word document and attached that document to a reply email.
If you’re having trouble with sub-100 you’re doing it wrong. I manage a 5,000+ user environment without a lot of overhead. Having AADC and being tied to on-premise AD greatly helps a lot of it. Also utilizing Intune.
Yeah it took a huge amount of effort so far, but I’m about 80% through. It helps that I have been using Linux and Foss in general in work and play (but rarely desktop) since the 90’s. I realize I won’t get to 100%, for example email is way too much hassle to self host for me personally. Protonmail has been a solid middle ground for me coming from Gmail. Some accounts I simply can’t change the email so those are going to stay forwarded for now.
The biggest outlay so far was switching from Evernote to Joplin, as I had over 12 years of history (270 notebooks, 12,000 notes). It took me something like 4 full days of effort but feels glorious now that it’s done.
GIMP is painfully behind the times that I only use it out of sympathy for FOSS. I even prefer Photopea despite half the working area wasted on ads and browser UI.
Because ten years ago GIMP was a good alternative to whatever version of Photoshop was out at the time. So those people ditched PS and used GIMP. But now Adobe has pumped tons of features into PS that the GIMP crowd doesn’t even know about, so they still think the two are still comparable.
I still use GIMP exclusively but I’d be lying if I said watching others use Photoshop didn’t make me jealous.
About 10 years ago I had just started at a company that had previously made Flash widgets (weather/sports/stocks) to put on your site. They had pivoted to JavaScript tools about three years before I joined the company, and had discontinued their Flash support a year earlier.
The very first conference call I had with a potential customer was actually someone who claimed to be losing billions of dollars because our Flash widgets didn't work anymore. They were livid that we'd stopped supporting them, and threatened to sue us if we didn't turn it back on.
The poor sales rep and I didn't know what to say, because she had started about a week before me and didn't even know we made them. I'm guessing they didn't sue because we never heard about it again.
If you have access to the analytics, you should have received several emails over the last year. Everyone of my coworkers with access and myself all got the emails.
Right. Instead of setting up their own secure date and time server or ensuring devices can establish a secure channel to a time server regardless of the circumstances, they decided to use SSL certificates to securely get the date and time? Which is an issue because the unix time stamp can have anything in it. Not only that, but it’s enabled by default, meaning that most server hosts won’t think to disable it until it starts causing problems. Right. And no one thought that this would be an issue?
I’m not a professional, but if I were to take a guess as to why the bug is becoming more common, it’d be that it’s probably self-perpetuating. One server gets the wrong unix time and flips out. Then, while IT is trying to fix the server, another server just kinda yoinks the SSL certificate from the bugged server to check the unix time. That server now has the wrong time too. However, this server doesn’t have anything time-sensitive on it (or at least nothing urgently affected by the time bug), and the error corrects itself by the time anyone notices. In the meantime, another server has borrowed that server’s SSL certificate, again, to check the time, and gets the wrong time as a result. Throw in the fact that there may be some people who, either out of maliciousness or for some niche application, have their systems intentionally misreporting the unix time, and voila!
My favorite bit of the article is this (also not a professional)
“The engineer then tapped a third party specializing in Microsoft cloud security to act as an intermediary. The intermediary relayed a response from Microsoft recommending STS be turned off when the server receives reliable timekeeping through the Network Time Protocol.”
Microsoft is bad enough that they know it’s an issue and basically said “we aren’t going to fix it, and we won’t tell you directly or make the issue known to avoid problems, but just turn it off”
Honestly should be their official motto. They did the same thing with a vulnerability installaware addressed for them last year.
If windows doesn’t work the way it should, just turn it off (forever, and install Linux).
I agree with you, I see this happening across multiple sectors of tech. I think its a combination of factors including the cheapness of memory, languages becoming more and more robust at handling themselves, compilers doing a lot of the “optimization” for software devs, and possibly many more. Either way, unless these “light transistors” and all that new tech really take off and see some improvement in their fragility these companies are going to have to git gud so to speak and actually make efficient programs again as our current tech begins to reach a limit. At one point we won’t be able to squeeze more nm into cpus and we’ll have to think about what our programs use again. Anyway thats my 2 cents, I’m a complete noob compared to you career wise but I’ve been in love with computers my whole life.
If you're buying dozens of Office keys, then a site license for Windows and Office makes a lot more sense.
And those licenses are managed between you and MS. Then it's a simple count of Office installations and you know how many licenses you should be using. You typically do an annual license "true up" with MS.
Or Office 365. Yeah, I know people hate SaaS, but businesses love it. Licensing is flexible and scales up and down as you need it. And you get major updates as long as you have a license, unlike when you buy 2021 Pro Plus or whatever, where you'll always be on 2021.
That's what we're using now and where quite some problems come from. I don't have anything against it, it's awesome suite for personal use, but running it in company we constantly run into problems with compatibility. Every partner we're dealing with is using MS Office and when they're exchanging spreadsheets or documents with us it's often pain in the a*s to make it work. And MS is not helping in this...
If you clearly define your needs, it won't be hard to figure out which version you'll want. Then you don't really have to manage those office installations as long as you have enough licenses in the pool.
That's just the tip of the iceberg, you'll likely want to have something to centrally manage these computers, so something like Intune + EntraID to deploy softwares, manage the user account, etc will be an added cost.
I don’t see that any info on the CVE or the patch has been published, so unless they’re a distro maintainer leaking info, they’re talking out their ass.
I skimmed through that yesterday and didn’t see any mentioning of a buffer overflow. I’ll have to check that again later when I can sit down to look at my laptop.
After that TRMM Agent crypto miner injection shit from the original founder of TRMM who was ‘just testing’ the integration of a Monero crypto miner in a supposedly ‘personal’ version of code base that ended up stored on files dot tacticalrmm dot io site, I’ll never, ever, ever go near it. The excuses and bullshit that was spun out of it felt like poorly conceived PR fluff to obfuscate some obviously black hat inspired ideas. Integrating it into the Agent in the first place makes no sense, the RMM agent is what you’d use to script and deploy a miner to the end machines, it makes ZERO rational sense that it would be embedded in the RMM itself.
Read all of the comments and especially keep an eye out for the commenter that shared screenshots of discord messages where /r/msp mods (unfortunately) gave this guy the script to write his statement from after he was fumbling responses:
TRMM was originally a personal project, at the beginning of which it makes some sense to intermingle things on the “official” site. I know I’ve done similar, but my projects never take off to the point that people are doing an audit. And I know I would absolutely make that exact exe for personal use.
Keep in mind, the only reason the version with a crypto miner was found was because someone went digging around. No one was ever linked to the installer, no one had ever downloaded it by mistake, no one had ever had it stealthily installed without consent.
I get that it’s a scary concept, like when brave was found to be injecting affiliate links into normal traffic. But in this case it wasn’t even something put in prod. It was found by accident, in a place that wasn’t doing any harm, and was never found in the wild.
Seems like a lot to get worked up over.
As for the discord chat, I’m not surprised. Having been in their discord for about as long as that “scandal” has been around: The reason his responses were fumbling? He’s just a hobbyist that’s managed to get one of his projects into a good enough place to make money off of. Are you expecting a PR team level of response?
The reason his responses were fumbling? He’s just a hobbyist that’s managed to get one of his projects into a good enough place to make money off of. Are you expecting a PR team level of response?
For $600/year. I kinda do. If you get to the point of selling something it is beyond a hobby and you should have some form of professional services to outsource this kind of work to.
I get where you’re coming from, but keep in mind that at the time this happened, there were 2 people working on the code, and likely only a handful paying.
Sysadmin
Top