@dbeato said in What to use for new Windows network domain:
@JaredBusch I have been using ad.domain.com since it is up to code based on Microsoft's recommendation.
That was what I used last time I did a greenfield Windows AD deployment. But that was like 6 years ago.
New site going in clean. All old stuff getting pitched.
It will be a local Windows DC.
What are people using today for the domain?
Is ad.domain.com still in fashion?
Something different?
@Pete-S said in Anyone using yubikey, smart card or other hardware device for MFA?:
The yubikey MFA can't be phished.
And this is no different than my use of Authy and MS Authenticator not able to be phished.
Sure a MitM can get it. There are known exploits for O365 accounts that do this.
But it is as secure as a hardware key for day to use usage. Sure, if someone else knows the seed (alomst always shown when signing up) you used for the TOTP, they can also get a valid code, so I would never say it is as totally secure as a Yubikey.
@Pete-S said in Anyone using yubikey, smart card or other hardware device for MFA?:
I did some research now and one obvious difference is that yubikey can't be phished.
I am sure they can. All the attacker needs is to be MitM to get the approved session information. It is not like your Yubikey is communication non stop with the website you used it to authenticate.
@JasGot said in Slack? What is it?:
@JaredBusch said in Slack? What is it?:
I do not use postcards, but making a direct to slack SMS connection is flaky at best.
This is exactly what I am planning to do. They make it so easy.
Except that it does not consistently work.
I do not use postcards, but making a direct to slack SMS connection is flaky at best.
@Obsolesce said in What Are You Doing Right Now:
2023.01.02 remains my preference.
+100
Always YYYYMMDD and use a separator of your choice.
MDY (US) and DMY (lots of other parts of the world) are both fucking stupid
@Pete-S said in Manage domains and DNS for customers?:
Is there a good way to manage domain renewals and DNS settings on behalf of a customer?
Basically handle everything and then invoice the customer. But the customer should still legally own the domain(s).
Anyone granted access to log in to the registrar can become the sole owner by transferring the registration to someplace that no one else has access to.
Without any legal contracts stating clearly how it all works, the legal owner is whoever is paying for it. That would be you, not them, in the scenario listed.
IANAL, but barring things like previously trademarked names, a company would likely not win (assuming cost of litigation is not an issue) in court if you said they did not own the right to their domain registration.
@Obsolesce said in What Are You Doing Right Now:
Nothing really new in that. The talk about getting into a vault for $100 is because bad password choices of the vault owners. Not because they are breaking the encryption.
@Obsolesce Some nice shots. Scratches my photography itch again, as well as my love of space.. Must resist..
@Dashrender said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
Time to change all of my passwords and get rid of LastPass
Time to replace Lastpass was years ago when they started tracking everyone.
Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.
Read the article.
I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"
Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.
@Obsolesce is right - read it.
but since most won't - the hackers got into a backup of LP, they had access to all encrypted vaults. This means they can run hashes against the dbs offline, no MFA required.
Now sure, if you had a good LP password in the first place, this is much less of an issue, but not a zero issue situation.
Try understanding the facts of the technology.
Assuming you are not some idiot with a weak and/or reused master password, your vault is basic bulletproof. You have years to reset anything in the vault that you want reset.
Even the article linked by @Obsolesce does not say you need to change all your passwords, assuming you have your vault setup securely to LP recommended defaults.
This breach is no different than any other. Changing from LastPass because of it is a stupid over reaction.
Changing from LastPass because they are part of LogMeIn? I'm 100% behind that. But I'm lazy.
@Pete-S said in GitLab Now Integrates VS Code Into the Browser:
@scottalanmiller said in GitLab Now Integrates VS Code Into the Browser:
This is a really cool update to GitLab. Microsoft's VS Code is now the web IDE used online in GitLab. So you can use VS Code without needing to install it. This is the coolest!!
That's interesting.
Editing on the webserver breaks the idea of how git is suppose to work though. Basically makes it a central version control and repository, instead of a distributed one.
Good to know that it exists though!
I occasionally need to make a simple edit and it is easy to do in the web interface it the editor is not crap. But, I agree that I would not want to do that often.
@scottalanmiller said in What Are You Doing Right Now:
@Valentina is currently driving across Nebraska to enjoy said blizzard.
What, does she want to visit @Dashrender?
@scottalanmiller said in Non-IT News Thread:
I've always taken a lot of flack for being "anal" about keeping toilet lids closed. New study shows what people should have known all along because it is obvious...
https://www.cnn.com/videos/health/2022/12/19/flush-toilet-no-lid-lbb-cprog-orig.cnn
On a bathroom related note. Sit down to pee. It will not kill you.
-- Jared (learned when I was 20 and had to clean my own toilet)
@JasGot I assume that is for some form of included M365 account.
I never order from Dell, but through a VAR, so I don't see that.
@scottalanmiller said in What Are You Doing Right Now:
@RojoLoco said in What Are You Doing Right Now:
@siringo said in What Are You Doing Right Now:
@travisdh1 that's a good idea.
I know it's a shipt topic, but ....
I can remember the trouble my mum had when dad passed away & there's been a few folks who are friends of friends who have died suddenly, just makes you think....
My Mom often tells me about where she has passwords/account numbers/etc written down and locked in a safe. Morbid but necessary shit. I had to think about it myself when I spent 3 weeks in hospital. Nobody would be able to get into anything of mine, personal or work.
I had this thought this week and was already preparing that document to hand over to our Managing Director should she ever need to seize control of my accounts to take over.
A friend of mine has emergency access to my LastPass. Aside form all the passwords, there is a note about the MFA on my phone and how to access my phone.
Additionally, I store all of the MFA backup codes for a site in the note section of a site in LastPass.
@scottalanmiller said in December 2022 Maintenance:
Yes, I've been saying this about certain core functionality for a long time. I try to avoid anything in plugins because there's so much fragility there. They are a constant source of problems on products like this.
I upgraded my platform this morning to v2.6.1 and I have no issue with the embed plugin working. It does give a warning on load.
@jt1001001 said in What Are You Doing Right Now:
Hey is @Phil-CommQuotes still around? I got permission to explore some bandwidth upgrades
PM sent to you.
@Pete-S said in "Snapshots" on win10 laptops?:
Or do I need to use 3rd party solutions for backup and imaging?
- Veeam Backup & Replication CE?
- Cloudzilla Live?
Veeam Endpoint Protection is free if you go 3rd party.
@scottalanmiller said in SAMIT: Stop Using Secure Email:
@JaredBusch said in SAMIT: Stop Using Secure Email:
Also, accepting insecure email is different than allowing your organization to send insecure email.
Very true. Accepting things insecurely is better than sending them.
I accept email in any way that it is sent. But all sent email is required to be TLS or it will not send. I have a couple of people that the boss cannot email because of it, as well as one prior customer that is still running an ancient ass GroupWise 6 email server. They email asking for one off support for their routers sometimes.