--- Log opened Wed Mar 27 00:00:06 2024
03:06 -!- driz- [~driz@linuxserver.io/driz] has quit [Quit: Leaving.]
03:07 -!- driz [~driz@linuxserver.io/driz] has joined #se2600
05:07 <@Dagmar> Mirage: In the past, I've _lied_ to NetworkManger and told it that was a normal ethernet interface, and I've made NetworkManager ignore an interface (which is the right thing to do), but to be clear, NetworkManager does not "do" hostapd or anything like it
05:07 <@Dagmar> ifconfig isn't hard
05:48 <@Dolemite> mr0ning, be0tches and h0ez!
07:17 <@Mirage> Dagmar: Quite aware, which is why it's annoying the shit out of me that it's not working as intended.
07:44 < Evilpig> just realized one of my blankets is more than 20 years old now.  https://web.archive.org/web/20030205105012/http://www.thinkgeek.com/apparel/hoodies/574a/
07:44 < PigBot> ThinkGeek :: /dev/blanket (at web.archive.org) https://tinyurl.com/22o7cyga
08:31 <@Dagmar> "You haven't done the purpose statement yet?"
08:31 <@Dagmar> "You mean the training we were told was _optional_?"
08:32 <@Dagmar> Tee hee
09:26 < Evilpig> Dolemite: another day, more pushback from jim.  good lord that guy
09:27 < Evilpig> hey jim why are we doing this in the ldap config? "        by peername.regex=127\.0\.0\.1 auth"  was there something wrong with "by peername.ip=127.0.0.1 auth" ?
09:28 < Evilpig> "I'm fine with making changes, but they need to be tested. I had a hard time making this stuff work back in the day, but that was with a much older version of OpenLDAP and I also may not have known about all of the ACL options."
09:38 <@Dagmar> There's a way to test that tho', right?
09:38 <@Dagmar> It doesn't sound like he's that concerned about the change itself per se, but that everything goes through testing first
09:39 <@Dagmar> Fuuuuck.  My new hardware shipping has been handed off to USPS
09:43 < Evilpig> i'm working in our dev environment.  he just doesn't want to change anything.
09:45 <@Dagmar> Well, of course.  Especially if ya'll have idiots like Tajj clogging up the change management meetings
10:07 <@Dagmar> The improvement there is marginal, but it is technically more correct and should be the preferred option
10:07 <@Dagmar> ..but it's gotta go through CM
10:07 <@Dolemite> Dagmar: No, instead we have people here that skip the CAB meeting and just get bent out of shape because something happened that they didn't pay attention to
10:08 <@Dagmar> Well, as long as they're not gumming up the works
10:08 < Evilpig> it is marginal.  i'm just going over some things and evaluating alot of stuff and questioning if it is still relevant, etc
10:09 <@Dagmar> I get the impression from what the response was that jim agrees with your change and is probably still holding a grudge against the system for the ip method inexplicably not working before
10:09 < Evilpig> he's just change phobic.  any change.  
10:09 <@Dolemite> ++
10:10 <@Dagmar> Could be worse.  It could be an _unintended_ change
10:10 < Evilpig> you should see what he does to renew ssl certs.  it's bonkers
10:10 <@Dagmar> I'm looking at three firewalls right now that are mysteriously not having their backups made
10:10 < Evilpig> Dolemite has heard me complain about it several times
10:10 <@Dolemite> yup
10:10 <@Dagmar> All three were recently touched by a particular co-worker who may have forgotten my warning about how to make backups
10:11 <@Dagmar> I think he dumped the config to his workstation and then restored that to wipe out some experimental changes
10:11 <@Dagmar> The problem there is, if you do it with your personal credentials, the backup will _not contain the global admin account_
10:11 < Evilpig> anyone watch this yet?  https://www.themoviedb.org/movie/1125311
10:12 < PigBot> Imaginary (2024) — The Movie Database (TMDB) (at www.themoviedb.org) https://tinyurl.com/28vbcoa8
10:12 <@Dagmar> Which uh, means he's going to be the one to talk someone into hooking up a console cable to those.  lol
10:12 <@Dagmar> I've already learned my lesson about that
10:12 <@Dagmar> To get the admin account back you literally have to factory reset the fucker
10:12 < Evilpig> no shit?  that sucks
10:13 <@Dagmar> It's going to be hilarious if that's what he did
10:13 < Evilpig> if your personal account has admin rights can you recover that way?
10:13 <@Dagmar> Nope
10:13 <@Dagmar> user-created admin accounts can't touch the master 'admin' account
10:13 < Evilpig> that sounds like a design flaw for the backup/restore process
10:14 < Evilpig> could be seen as a security feature on how to remove a known hard coded admin account though, I guess
10:14 <@Dagmar> Since it could, in theory, be used by someone to crack the admin password, when your're using a non "admin" account, the config backup you get just doesn't have the admin account showing at all
10:14 <@Dagmar> LIke, they're enciphered with salted SHA256 but still
10:15 <@Dagmar> I'[m going to try attacking the problem through the Fortimanager
10:23 <@Dagmar> Yeah, I think he did it 
10:44 <@Dagmar> Hmm... looks like the promised 'super_admin_readonly' account profile is basically fuckin' useless
10:45 <@Dagmar> It's clearly a built in because the system carps at me when I tried to rename something to it, but it's not a super-admin level read-only view of things
10:45 <@Dagmar> ...and I don't know what the fuck rights they've given it but they don't even seem on par with a regular admin account
10:46 <@Dagmar> It doesn't seem to be able to view any accounts but itself, which is fewer than my user-admin account sees.  That's not useful at all
10:46 -!- opticron [~opticron@136.53.157.170] has quit [Read error: Connection reset by peer]
10:52 -!- opticron [~opticron@136.53.157.170] has joined #se2600
10:52 -!- mode/#se2600 [+o opticron] by ChanServ
11:03 <@Dolemite> Sweeeeet.   Assajj Ventress in this week's The Bad Batch
11:37 <@Dagmar> Yeah I think my co-worker did the unthinkable and the super_admin account no longer exists on these devices
11:37 <@Dagmar> THe FOrtimanager doesn't seem to be able to alter any of the accounts on the thing either
11:38 <@Dagmar> I feel kinda like a bastard for deciding I'm going to make him clean up his own mess, but I learned the hard way
11:38 <@Dagmar> He clearly has not
11:57 <@Dagmar> Damnit I found a way around the problem as long as they're still talking to the Fortimanage
11:57 <@Dagmar> r.
11:58 <@Dagmar> I found another cool case-sensitivity bug in Fortimanager, too
11:58 <@Dagmar> Apparently an account was created for one of them in the FTM named 'Admin' (I guess in an attempt to put things back).  Note the capital 'A'.
11:59 <@Dagmar> Thankfully i was logged into the device as 'admin' (lowercase!) after having restored it
11:59 <@Dagmar> ...I tried to delete the 'Admin' account from the FTM and when I pushed the config out, I got an error message about being unable to delete an account while the user was logged in.  o.O
12:40 <@Mirage> Blah.  Just got notification that I have to upgrade my laptop to Win11 by middle of next week.
12:41 <@Dolemite> Ugh.   Users.   "I just had to reimage my laptop and I've reinstalled git and git extensions, but I get this error message."    They message?   "The authenticity of host XXXXX can't be established.  Unknown fingerprint."
12:41 <@Dolemite> ID10T error.   Of course it isn't known, you reimaged your fucking laptop.
13:17 <@Dagmar> I think maybe at this point everyone should have a half hour of training to know how certs and fingerprints work
13:46 <@Dolemite> oh fucking hell, I remember this user
13:47 <@Dolemite> He and the other members of his team all network attach a cifs share and put their code up there...   then he RDP's into the desktop and runs the git commands there...   completely missing the entire point of using git
14:43 <@Dolemite> https://app.suno.ai/song/f24d54ac-5d48-456a-88fd-fca3e90ddf3f/
14:43 < PigBot> It's not DNS | Suno (at app.suno.ai) https://tinyurl.com/2bges4fg
15:35 -!- NotLarry [~NotLarry@066-190-177-036.res.spectrum.com] has quit [Ping timeout: 268 seconds]
15:56 < Evilpig> the weird shit that comes up in my feed.  I definitely clicked on it, so it has me pegged but this one is still out there.  https://www.youtube.com/watch?v=bt9aO0C8Sk4
15:56 < PigBot> RAMENSTEIN - KPOP Goes Metal (Mia Asano, Tina Guo, Kiki Wong, Grace Kelly) - YouTube (at www.youtube.com) https://tinyurl.com/2bv45xps
16:38 <@Dagmar> Of _course_ it's a country song about DNS problems
16:38 <@Dagmar> ...becuase rednecks dont' read RFCs
17:51 -!- eryc is now known as fuckhumanity
17:53 -!- fuckhumanity is now known as yomomismckensy
17:57 -!- yomomismckensy is now known as moscow_stp_eu_na
19:36 -!- ZachGibbens [uid527778@user/zachgibbens] has joined #se2600
19:41 -!- moscow_stp_eu_na is now known as epyc
21:43 -!- odioimber [~odioimber@user/odioimber] has quit [Remote host closed the connection]
22:26 -!- ZachGibbens [uid527778@user/zachgibbens] has quit [Quit: Connection closed for inactivity]
--- Log closed Thu Mar 28 00:00:07 2024