And despite security recommendations, too many IT depts still force password resets every 90 days…

It could be for contractual or for insurance reasons. We have some contracts with government agencies that require it, and our cyberinsurance also does. Even though NIST has been recommending for years to do long passphrase + MFA and no reset unless you suspect compromise.

So yeah, the reason behind this might not be just plain incompetence.

This is why I got all of our devs to start building with the target of a Docker container in mind.

And for the ones who still won’t or can’t wrap their brains around Docker, I run their shit through a Github Actions workflow that spits out their ugly baby as a Docker container. In the end, I don’t give a shit what it is, your Rube-Goldberg piece of shit is getting stuffed into a Docker container.

“It works on my machine!” Yeah, well, your machine is now everyone’s machine thanks to the magic of containers. Now fix your broken shit so PagerDuty doesn’t call me at 3am again. Fuck.

Never going to happen, same for Excel.

Whatever future iteration of ChatGPT that eventually enslaves the human race will be using Outlook and Excel to keep track of the genocide.

I’ve been doing -fr like forever. Don’t know why

BURN THE HERETIC

Well you see, finding a way to reliably deliver ads via the API would have taken far too much developer brainpower for a company that can’t make a functional video player or a mobile app

It honestly wouldn’t be that hard at all. You deliver ads via the API alongside actual posts, as if they are an actual post, and forbid altering them in the developer ToS. If you want to be anal about enforcement, run popular 3rd-party apps in an emulator to verify that the JSON returned by the site is unaltered when it’s rendered in the app. You could put this together in a weekend.

Which really just speaks to quality of talent at reddit, or the management at reddit suppressing that talent. Or both.

His mind’s gonna be blown when he finds out about Mode averages.

Man, this comment made me feel a little embarrassed at myself. I saw the shortcuts and thought about how I have a tradition of going to the top of the file when I’m done editing and about to save/quit. I always hit the shortcut for it and think “gg boys! Good game” and then quit out of vim.

Stop judging me.

Quick editing for me is in vim. Anything else is in Visual Studio Code. Which I have set up with vim keybindings.

Yep. I’m not making a proclamation, just stating an opinion. I don’t have a problem with what they’re doing, and if other people do, that’s fine. Some people like their cucumbers pickled, let them have their pickle.

I actually wouldn’t be surprised to see it go open source in the future, Microsoft has been doing that a lot recently, like VScode and the whole of .NET and friends like PowerShell. Pretty much the only things worthwhile from Microsoft are already open source, except Copilot.

Copilot was trained on copylefted code while itself being closed. What was brought to attention by @[email protected] isn’t efficacy, but Microsoft’s lack of ethics and social responsibility when it comes to their bottom line.

I honestly don’t have a problem with that. Everything that it was trained on is publicly-available/open-source code, and I’m not aware of any license that requires you to distribute your modifications if you don’t make modified binaries publicly available, not even GPL. And even then, you’re only required to make available the code that was modified, not related code. And I don’t even think that situation would apply in this case, since nothing was modified, it was just ingested as training data. Copilot read a book, it didn’t steal a book from the library and sell it with its name pasted over the original author’s.

This isn’t really any different of a situation than a closed-source Android app using openssl or libcurl or whatever. Just because those open-source libraries were employed in the making of the app doesn’t mean that the developer must release the source for that app, and it doesn’t make them a bad person for trying to make money from selling that app. Even Stallman is on board with selling software.

And even if you take all that off the table, you’re free to do the exact same thing and make a competitor. Microsoft didn’t make their own language model, they’re using a commercially-available model developed by OpenAI. There’s literally nothing stopping anyone else from doing this as well and making a competing service called “Programming Pal” and making their code open-source. In fact, it’s already been done with FauxPilot and CodeGeex and the like.

So yeah, I really don’t have a problem with it. This ended up a lot longer than I had originally thought it would, sorry for the novel.

Because we have some contracts that stipulate any data related to the project, including secrets/credentials, must remain on-site, and in some cases, on an air-gapped network. Doesn’t make sense to spin up something else to manage those secrets when Bitwarden can do it all and satisfy the requirements of those contracts.

Just added it to the massive Google graveyard next to Stadia, wave, hangouts, plus, music, etc etc

I am shocked and appalled that Google Reader didn’t get called out in this list and is relegated to the “etc” category.

It deserves more than “etc.”

Github Copilot is worth the money. I’ve had it finish out functions for me after just a few lines. There’s usually an error or two, but the consistency with which it can predict what I’m doing or trying to do is pretty impressive.

I pay for it just because it’s cheap and to support them

I did this too when it first came out, and then the product became robust enough that I recommended we implement it at work because secrets management was non-existent. We have a bunch of licenses on the Enterprise plan now and it just keeps getting better each update.

My only complaint is that migrating the data to a new server is a pain in the ass and never works correctly, even when following the migration instructions to the letter. Always have to open a ticket with them for that. Not enough of a pain to move to another product, though.

I also still pay for my personal plan. It really is a fantastic product.

👍

Fantastic list, thanks.

Is this really that useful though?

It’s very useful if you don’t use a password manager and/or reuse passwords.

The most useful part about it to me is the API. You can tie it in to Active Directory to blacklist all hashes that appear in any breach, plus expire/force a password change if any user on your domain uses a password that has been in a breach. It completely eliminates that vector from threat actors immediately.

So yeah, I would call this intensely useful.

If it’s that old, I’m betting it doesn’t use HTTPS for its connections. You could do a network packet capture on the XP machine (or if you can find one, hook it up to a network hub with another computer attached and capture there) while performing the “clear error” action and find out how it works/what you need to send to it to clear the error. You could also set up a SPAN port on a switch and mirror the traffic on the port going to the printer to capture the traffic, if you have a switch capable of doing that. If not, you can get one off Amazon for about $100.

It’d be pretty simple to put together a script that sends the “clear error” action to the printer after seeing how it’s done in the packet capture. I’ve done this numerous times, the latest of which was for a network-connected temperature sensor that I wanted to tie into but didn’t (publicly) expose an API of any kind.

Some places are insanely polluted to the point where you wonder how a whole company could be so braindead and essentially poison themselves.

“That’s the future guy’s problem, my problem is making money.”

No need to wonder. That’s how.

Places like that never learn their lesson until The Event™ happens. At my last place, The Event™ was a derecho that knocked out power for a few days, and then when it came back on, the SAN was all kinds of fucked. On top of that, we didn’t have backups for everything because they didn’t want to pay for more storage. They were losing like $100K+ every hour they were down.

The speed at which they approved all-new hardware inside a colocation facility after The Event™ was absolutely hilarious, I’d never seen anything approved that quickly.

Trust me, they’re going to keep putting it off until you have your own version of The Event™, and they’ll deny that they ever disregarded the risk of it happening in the first place, even though you have years’ worth of emails saying “If we don’t do X, Y will occur.” And when when Y occurs, they’ll scream “Oh my God, Y has occurred, no one could have ever foreseen this!”

It’ll happen. Wait and watch.