I set up Netbox recently at work to try and improve the abysmal documentation situation. I use an Ansible playbook to provision and set up the server, then copy a docker compose file and start the containers. So far I’m loving Netbox, I just wish my predecessors had documented things from the start.

Da Archive maybe? Most of my stuff has come from there.

I recently set up and started using MediaTracker for this purpose. It’s kind of barebones, but functional. Seems like its biggest difference with movary is that it also covers TV, ebooks, audiobooks, and games.

I have a little section for movies and books on my website and i’ve been working on a script to automatically pull those lists and reviews from MediaTrackers api each time I build my site.

Stay suspicious. As a security guy, i’d way rather respond to 1,000 false positive reports than have an employee that doesn’t think about it and just clicks.

It is a great step but it’s rare to have enough buy in from upper managent to enforce any real consequences for repeat offenders. I’ve seen good initial results from this kind of phishing testing, but the repeat offenders never seem to change their habits and your click rate quickly plateaus.

A little late, but here is what I usually do when a ticket like that comes in:

1. Check monitoring. It’s quick and easy to check so I’ll look before even asking any clarifying questions. If there is a real network problem at a site, 95% of the time its going to show up on our monitoring dashboard. Everything from ISP outages to device failures show up here.
2. Ask for more details about what they are trying to do. What is the goal? What are you doing? What is happening? What should be happening? When was the last time it worked?
3. Based on those details, I can usually put together a good guess as to what might be going on, so i’ll test that theory out and see if i’m right.

Thanks! This is actually exactly what I have been basing my efforts on so far, it’s just sobering to look at how far away we are from completing implementation group 1.

I just started my first official cybersecurity position at a medium size company in an industry that is currently being heavily targeted with ransomware.

I’m starting pretty much from scratch as they have not had a dedicated security role in over a year and my predecessor didn’t make much progress. So far i’ve been focused on inventory lists, policies, and procedures for hardware, software, and data. I think we’re doing okay with minimizing stuff thats internet facing and patching is in a good place (well, at least with the devices and os’s that are still supported).

Any suggestions on where to go from there or what to prioritize?

I’m studying for CCSP right now. It’s fairly general and tries to be vendor neutral but Architecture is one of the knowledge domains on the exam. Might be worth it if you meet the work requirements or experience waiver requirements.

A lot of people also seem to conflate it with the CISSP when it comes up in conversation I’ve noticed.

Curation is my answer. Return to the old ways of curating your own lists of resources and sharing them with other people. Web rings, blog rolls, link sharing, RSS

I swear by ddrescue. It’s a situation I strive to never be but i’ve been there before. I used it once to rescue an employees masters capstone project from their dead work laptop.

As someone in the thick of it, it has been a nervewracking quarter for mortgage company IT and Infosec teams. There have been several very high profile breaches the last few months.

.1Q because Q has a tag on it

The shuttle SRB’s were really only reusable in the same sense that the engine from a wrecked car can be removed, stripped to a bare block, bored out, rebuilt, and placed into a new car is reusable. Hard to say exactly how long it took to turn around SRB segments, but just the rail transport between Utah and Florida was 12 days each way. SpaceX has turned around Falcon 9 boosters in under a month.

And even with all of that, the most reused reusable segments barely flew a dozen times. There is one Falcon 9 first stage that has now flown 18 times.

You’re not wrong about parts having been reused in the past but the scale of what has been done before really doesn’t compare to what SpaceX does now.

Do note though that for privacy purposes, a .us domain is not the best idea. You must be a U.S. citizen or business and registrars may try to verify your identity.

Winget is the best thing added to the windows ecosystem in a long time. I just wish it worked out of the box on Server :(

This is an interesting observation, not really something I have considered. The key difference here is that you are the one in control of those customizations. Whether the customizations are useful or harmful is entirely up to the user, Kagi just gives you the option.

For me at least, the majority of my searches I just want the correct answer to a question or a link to a specific resource I’m looking for. I don’t really use it as a content discovery engine. Being able to prioritize sites that I have found through experience to have reliable results and exclude sites that are uninformative or irritating is valuable.

It’ll stay low impact until suddenly one day having a reliable post-quantum encryption scheme becomes rather important…

Some people do it as a political statement. Blocking Israel is a real example I’ve seen.

Kagi! Worth every penny of the subscription. The emphasis on privacy is a big deal for me but the killer feature is the ability to customize results. I have sites I personally like/trust towards the top and have an ever growing blacklist of sites that don’t get shown at all. No more pinterest, spruce, or other seo spam sites!