@dashrender said in What Are You Doing Right Now:

Last week was fantastic!

Drove to Greeley, CO - ok that was boring.

Drove to Moab - visited Arches National Park - drove a 4x4 trail - my friend nearly freaked out.. It was awesome!

Drove to Zion National park - walked The Narrows! - man, can't wait to go back.

Drove to Las Vegas - at at Gordan Ramsey's Steak - had the tasting menu - the Beef Wellington was meh at best, the rest was fantastic!!!

Drove to Hoover Dam took some dam pictures

Drove to Grand Canyon Skywalk - paid for the skywalk - was a let down!!! visit other viewing point in that area - SO MUCH BETTER than the over priced, no pictures allowed skywalk...

Drove to AZ south rim Grand Canyon - hiked the 3 mile trail, very scenic!
Visited Bedrock - Fred Flinstone's home town and watched a raptor show - and got to hold the raptor (on a a glove of course).

Drove to Four Corners - it was exactly what I expected - a plaque marking where the four states meet, took a picture and continued on...
Drove back to Greeley, CO -

and lastly,

Drove home.

58 hours in the car, 3200 miles, 5 states, 3 National Parks, a million pictures - great time!

Man, that sounds like an AWESOME trip!

@hobbit666 said in Miscellaneous Tech News:

I know you "Anti" Windows people won't care about this
But something new about the Windows 11 OOBE
Based on your feedback, we have added the ability to name your PC during the setup experience too

Kinda ridiculous it took this long. I always liked that you could do it when installing a Linux OS.

@eddiejennings said in What Are You Doing Right Now:

Looking up past ML posts for config examples

of LVM?

@jaredbusch said in Miscellaneous Tech News:

@obsolesce said in Miscellaneous Tech News:

Who woulda thought that misconfiguring services could open up vulnerabilities?

WTF are you trying to say here?

Yes the cloud provider left a gaping hole. There was nothing misconfigured by users.

I took it as a misconfiguration on the customers part. But reading it again now, not sure if a misconfiguration on MS's part or the customer. But yes, that is in addition to a vulnerability with the service itself. That part I wasn't debating.

@dustinb3403 said in Miscellaneous Tech News:

Worst cloud vulnerability you can imagine” discovered in Microsoft Azure

Who woulda thought that misconfiguring services could open up vulnerabilities?

Update on Windows 11 minimum system requirements and the PC Health Check app

First, an update on Windows 11 minimum system requirements based, in part, on feedback from the Windows Insider community. Second, information on the updated PC Health Check app that is now available to Windows Insiders.

@gjacobse said in AD/AAD: Display Name for Professionals:

Might be more of a survey then anything.

But would it be proper to add the DR. to the display name in AD / AAD for a user?

Or just give them a pile of Post-its and a marker. They can write "Dr." on them and put'em in front of their name wherever they see it.

Youtube Video

@travisdh1 said in VPN vs SDP?:

@gjacobse said in VPN vs SDP?:

Because - a LinkedIN advert is where you want to learn from - but taking a referenced technology FROM there and doing your search and learn.

This advert implied that SDP is the next thing to replace a VPN - Oh-kay what is it. What is an SDP and why would I want to investigate it.

---

SDP: Software Defined Perimiter
Software Defined Perimeter (SDP), also called a "Black Cloud", is an approach to computer security which evolved from the work done at the Defense Information Systems Agency (DISA) under the Global Information Grid (GIG) Black Core Network initiative around 2007.[1] Software-defined perimeter (SDP) framework was developed by the Cloud Security Alliance (CSA) to control access to resources based on identity. Connectivity in a Software Defined Perimeter is based on a need-to-know model, in which device posture and identity are verified before access to application infrastructure is granted.[2] Application infrastructure is effectively “black” (a DoD term meaning the infrastructure cannot be detected), without visible DNS information or IP addresses.[dubious – discuss] The inventors of these systems claim that a Software Defined Perimeter mitigates the most common network-based attacks, including: server scanning, denial of service, SQL injection, operating system and application vulnerability exploits, man-in-the-middle, pass-the-hash, pass-the-ticket, and other attacks by unauthorized users.[3]

Time to get some popcorn and read a little..

So they came up with a new term for what @scottalanmiller has been talking about for YEARS?

I don't remember him talking about it in 2007/2008 when it became prominent as I understand.

@vignesh said in Reactjs connection with backend.:

hi im created a llogin form in rectjs.how i store data in backend using nodejs and mysql?
please give some valid url to refer.

Here is a good place to start.

@dustinb3403 said in Why do we have a downvote limit?:

@irj because you're a little ****

How so? He wasn't the one saying the dumbest shit we've ever seen...

@gjacobse said in What Are You Doing Right Now:

Oh the joy of re-installing software... by copying over the directory. Mainly because the Installer / Updater is janky a F. But,.. 'Just copy to desktop, then copy to c:\program files \ program.

Like dude... Ever heard of RoboCopy?? Jeez.. Oh - and if you would allow certain scripts to run then I could run the damn script on my desktop and it would dump it to the specified computer. (But is that the RIGHT way?)

Ugh -

There are many things about this guy that go by that make him a different person. At the end of the day, he's just a very successful guy in his own right. It's just part and parcel of how he's able to build his career. People always think that was a joke. Everybody thinks that's just a story. Maybe that's just what he's doing. But he's a great guy. I never want a lot of people to get to know him. In my whole life I have a few regrets to be honest. What I would say is that my life changed really quickly. But, you know, I didn't take this for granted. I never took this for granted. Jermaine greer: I love hearing about you and talking about your new autobiography. I'll see you when you're back. Eddie lachance: this one was written as a follow-up to the book, but I felt like the first draft of it was much better than what it made out to be. I remember saying to my wife, 'we are about to do it together, so let's do all this together.' And then I started crying and saying, "I am going to die for all of this." And then I realized that this is something I would love to do, that I think would be great.

@scottalanmiller said in DNS Filtering Service:

DNS Filtering

Did not know CloudFlare offers a DNS Filtering-only product. Do you have a link? It looks to me like you only get that as part of the CloudFlare Gateway.

Or are you referring to their DNS Server offering such as 1.1.1.1 which automatically blocks malicious sites?

@jaredbusch said in Miscellaneous Tech News:

Other than Mr. Microsoft ( @Obsolesce )

I acknowledged the flaw in their process.

@scottalanmiller said in Miscellaneous Tech News:

@obsolesce said in Miscellaneous Tech News:

The problem is that the installer (made by razer)

Made by, but not provided by. It's being provided by Microsoft, and trusted to run by Microsoft. Who made it originally isn't really relevant in a "who is at fault" question. Sure, right this moment, Razor can patch a hole. But a hole that also exists for other major vendors, like Asus.

That it is already multiple vendors in exactly the same way drives home how much this is a flaw in the OS, not in the drivers. The drivers are not what is giving admin rights to non-admin users.

I agree with you here. It's nice and all that you don't have to dick around with things when you plug them into your computer and that they "just work". But on the other hand, MS should have caught that flaw. I agree it's their fault in the end because of that.

But I disagree with others that the issue itself is caused by Windows. It's an issue in the Razer installer, but MS is responsible for the problem in the end.

@dustinb3403 said in Miscellaneous Tech News:

This 100% sounds more like an issue for Windows rather than the hardware manufacturers.

Also, Razer reached out to confirm the bug and will fix it. Not a Windows issue.

For example, you can install a web browser such as Google Chrome without admin privs. But it doesn't open up a folder select window as System either.

Not a total comparison because it's not installing drivers, but still makes my point.

@scottalanmiller said in Miscellaneous Tech News:

@dustinb3403 said in Miscellaneous Tech News:

This 100% sounds more like an issue for Windows rather than the hardware manufacturers.

Agreed, it means that Microsoft is automating the installation of unapproved, untested, unsecure software as part of the OS process. Sure, a third party has the flaw, but where is the code review before Microsoft makes it install as part of the OS' pre-approved software list?

Ultimately, yes, MS is definitely the one at fault here.

It's up to the installer to dictate how things are done. It would be a horrible idea to be able to install device drivers without local admin privilege's. The software installer needs to run as System.

The problem is that the installer (made by razer) opens up a folder select window as System. That doesn't need to happen, however, it does need to happen if you want to be able to SEE or choose a folder to install to that isn't accessible to standard user.

@scottalanmiller said in Miscellaneous Tech News:

@obsolesce said in Miscellaneous Tech News:

@scottalanmiller said in Miscellaneous Tech News:

So you are saying that all companies should keep their computers locked and only allow IT staff to use the computers and the entire idea of non-admin users should be abandoned?

Nope, I'm saying that policies should be in place to lock screens and users should be trained to lock their computers when walking away so nobody other than the device's assigned user can wreak havoc on the device.

That's a start. But assumes that all users can be trusted, which if we trusted them, they'd all have local admin rights.

Local admin rights isn't just about trusting the user. Simply not giving a user local admin rights doesn't magically keep the user from screwing up the computer for themself or the company.

@scottalanmiller said in Miscellaneous Tech News:

So you are saying that all companies should keep their computers locked and only allow IT staff to use the computers and the entire idea of non-admin users should be abandoned?

Nope, I'm saying that policies should be in place to lock screens and users should be trained to lock their computers when walking away so nobody other than the device's assigned user can wreak havoc on the device.