xubu

joined 1 year ago
[โ€“] [email protected] 7 points 7 months ago (3 children)

Really cool photo! Well done ๐Ÿ™‚

Just curious, why is the light for the partial eclipse that specific color vs the full eclipse? Stylistic?

[โ€“] [email protected] 2 points 7 months ago

For real. Literally yesterday, reboot my computer and Nvidia drivers that had worked fine the day before no longer functioned resulting in my screen resolution being reduced and unchangeable.

Had to run a few commands to fix it but they are not obvious to me as a new-ish Linux user. Something about dkms being a dependency but not configured?

To recover, I had to:

sudo apt purge nvidia-*

sudo apt autoremove

sudo apt update && sudo apt upgrade

sudo rm -rf /var/lib/dkms/nvidia/

sudo apt install nvidia-dkms-550

(Reinstall Nvidia 550 drivers)

Why did I have to do all this? I ask that rhetorically, but Id like to know so I can understand what went wrong. Linux is non-trivial and people who deny that are not seeing things clearly. Then again, triviality of use isn't particularly the most salient to me. Rather, it's a mixture of is there enough compatibility to what I use my desktop for, is it reasonably easy to use for most tasks, and does it give me the freedom I want for the device.

[โ€“] [email protected] 13 points 11 months ago

Probably a 200 GB download too.

[โ€“] [email protected] 1 points 1 year ago (1 children)

You are implying that any data gathered will be delivered to the government upon request (unsure if you are implying with or without a warrant). If you can show me from this article, or even this case, regarding this privacy case that that happened, then yes I agree with you and the fourth amendment applies.

But this issue is between private entities which generally precludes amendments from being applicable. Specifically, the plaintiffs alleged that the infotainment systems collected and stored personal data without consent and violated Washington's Privacy Act.

[โ€“] [email protected] -4 points 1 year ago (13 children)

The "unlawful search and seizure" amendment? Why would that apply here?

[โ€“] [email protected] 4 points 1 year ago (1 children)

What is agreeable for social safety net(s) from the perspective of conservatives?

Single payer healthcare? Universal Basic Income? More expansive food subsidies? More expansive housing subsidies?

What is not considered "government hand out" that we can all agree on?

[โ€“] [email protected] 13 points 1 year ago (1 children)

Next up, mute detection...

[โ€“] [email protected] 24 points 1 year ago (4 children)

I'm in IT security and I'm fighting this battle. I want to lessen the burden of passwords and arbitrary rotation is terrible.

I've ran into a number of issues at my company that would give me the approval to reduce the frequency of expired passwords

  • the company gets asked this question by other customers "do you have a password policy for your staff?" (that somehow includes an expiration frequency).

  • on-prem AD password complexity has some nice parts built in vs some terrible parts with no granularity. It's a single check box in gpo that does way too much stuff. I'm also not going to write a custom password policy because I don't have the skill set to do it correctly when we're talking about AD, that's nightmare inducing. (Looking at specops to help and already using Azure AD password protection in passive mode)

  • I think management is worried that a phishing event happens on a person with a static password and then unfairly conflating that to my argument of "can we just do two things: increase password length by 2 and decrease expiration frequency by 30 days"

At the end of the day, some of us in IT security want to do the right things based in common sense but we get stymied by management decisions and precedence. Hell, I've brought NIST 800-63B documentation with me to check every reason why they wouldn't budge. It's just ingrained in them - meanwhile you look at the number of tickets for password help and password sharing violations that get reported ... /Sigh

[โ€“] [email protected] 2 points 1 year ago (2 children)

RDC could be a good option to uninstall for businesses where the machine acts as a terminal and you don't want those devices launching RDC to begin with Not sure why it hasn't been allowed already.

[โ€“] [email protected] 3 points 1 year ago* (last edited 1 year ago)

replaced Google's Network Time Protocol servers with NTP Pool Project

In the the context of degoogling and privacy, NTP would seem way down on the list of concerns.

What's the importance of calling out NTP? Is it just to emphasize the point?

[โ€“] [email protected] 15 points 1 year ago (6 children)

Paginated login

Microsoft enabled it in ADFS on WS 2019. I know there are plenty other places it's used, but It's the example I'm most familiar with.

There can be a security element to it depending on how the server handles paginated auth as it separates the password field away from the user ID. You can also interject the second factor first before the password to protect brute forcing.

But the larger reason I've read is that it's easier for end users to use. Here's MS talking about it with ADFS.

"Instead of a long form to fill out, a new flow takes you through the sign-in experience step-by-step. Our research shows that with this approach, our customers have more successful sign-ins."

https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/ad-fs-paginated-sign-in

Whether this is true or not is debatable. I'd love to see passwords die out. I doubt I'll see that in my lifetime though.

[โ€“] [email protected] 1 points 1 year ago (1 children)

Currently in hybrid situation. 65k+ users, two main forests.

A lot of things. -What is your auth strategy? How do you want users to log in? You said you want to use local dc auth but you have three different ways of doing it: password hash sync, pass thru auth, or federation (typically adfs). (Don't do federation though, I really don't recommend it).

-make sure your users user principal names match their email addresses. In most cases when MS asks a user for email for their username, they are asking for their upn. It'll be easier on everyone when their upn and email match.

-what is your two factor strategy? If you don't have one, maybe look at Microsoft's offering. This may sway your auth strategy slightly.

-look at Azure Cloud Sync first before Azure AD Connect. They both perform the same function -synchronizing on prem objects in AD to AAD. Cloud sync is where MS wants to go but it's not feature parity with AAD Connect. Likely would guess you'd end up with AADConnect

-We are currently doing Exchange migrations to Azure now. And it's going I guess. It's not easy, particularly with the sync side of things. I don't have a lot to say here except I know it's a massive process for us. I only see parts of it. GPOs, conditional access, adjusting in our MDM solutions to work with migrated mailboxes, etc.

-Use dynamic licensing groups where you can. Makes app on boarding easier.

I could go on for days. Looking back I really wish I had banged the drum to do password hash sync. Federation domains into Azure feels pretty bad in a lot of ways and only helpful in a small subset of others. I expect you'd do seamless sso too, to make using m365 apps easy.

view more: next โ€บ