People have different facets. The way I interact with my partner for ten years is different to my close friends I’ve had for 20, different to my co-workers, different to my family. But my family and friends and co-workers see how I act with my partner.

I mimic people to some extent treating them similarly how they treat me. There are limits though, I’m bounded on that scale by my personal values which mature as I do. So I’m still never going to act outside the bounds of my morality and values, but I’ll still treat my partner with unconditional love, and my friends with the best times and silly jokes.

These I don’t consider masks, but not everyone sees me the same. They’re just facets.

Tbh men like me are a step away from becoming cats and I would love to just be a cat. Every step we do that progresses men becoming cats is fine for me.

I prefer a really well told story over a pick your own adventure. Character flaws, growth, emotional connections and situational realities are all able to be masterfully written when in control. But if you can’t write well, just make an interesting playground and leave it up to the player and blame them for a boring game. :)

Stretched limousines exist by this very method. I’m Australian but the concept wasn’t started here. https://www.belle.net.au/building-a-stretch-limousine/

Edit:

We do know of limousines that have been shipped back to the USA for failing to meet Australian standards.

I’d say it’s easier in many American states.

When I read this first, someone commented that they’d never ever post this. It’s like you’re admitting you’re incompetent.

I’ve worked with Windows environments from 2003 until still today migrating to azure. The biggest skills gap with technicians and engineers administrating Windows is actually networking. This single point connects every single service server and user and yet dns, dhcp, routing and it’s protocols, link layer technologies like vlans interface configurations aggregation and more is so poorly understood that engineers and technicians often significantly mistake problems. Almost all issues happen around network layers 2-4 or layer 8 (the end user).

It doesn’t need to be first but no matter what os or component, networking is core and the single biggest return on investment for systems admin types.

Sure other basic skills are required but just being able to test TCP by telnet or understand each hop, and is the server listening? What process ID is listening? Did someone configure rdp off 3389 and that’s why it doesn’t work? Was the host file edited and that’s why it’s resolving some old ip for this hostname? Why is it going out the wan interface of the router when it should be going over an ipsec tunnel?

All this and more has nothing to do with Windows, and yet, anything that isn’t just user training or show and tell about how to do something, there’s a good chance it requires you to follow the networking layers to make sure behaviour is expected.

My glasses usually get worn

I usually wear my glasses before the next appointment too.

Perhaps an anime with an ex-cop, ex-yakuza, a corgi, a young hacker, a gambling thief fugitive, and possibly the best intro and music in anime?

I’m trying to figure out the gap in the market you’re trying to fill other than “for steam fan boys it would allow us fans of steam games that already exist in a native place, in a non native place!”

Correct me what is going into it that isn’t already somewhere, and who that appeals to?

Or is this just thought experiment?

What would you suggest they sell on their Android store that users would be so encouraged to install a new store and then what they want?

Steam already has a store on Android, you just can’t play games there because most games on steam either already exist on the native google play store, or aren’t compatible with mobile architectures like Arm64. Most mobiles unlike a arm laptop, have no x86/amd64 emulator which is what those games are compiled as by their developers.

So what’s left?

Enterprise applications are often developed by the most “quick, ship this feature” form of developers on the world. Unless the client is paying for the development a quick look at the sql table shows often unsalted passwords in a table.

I’ve seen this in construction, medical, recruitment and other industries.

Until cyber security requires code auditing for handling and maintaining PII as law, mostly its a “you’re fine until you get breached” approach. Even things like ACSC Australia cyber security centre, has limited guidelines. Practically worthless. At most they suggest having MFA for Web facing services. Most cyber security insurers have something but it’s also practically self reported. No proof. So if someone gets breached because someone left everyone’s passwords in a table, largely unguarded, the world becomes a worse place and the list of user names and passwords on haveibeenpwned grows.

Edit: if a client pays and therefore has control to determine things like code auditing and security auditing etc as well as saml etc etc, then it’s something else. But say in the construction industry I’ve seen the same garbage tier software used at 12 different companies, warts and all. The developer is semi local to Australia ignoring the offshore developers…

I think you probably don’t realise you hate standards and certifications. No IT person wants yet another system generating more calls and complexity. but here is iso, or a cyber insurance policy, or NIST, or acsc asking minimums with checklists and a cyber review answering them with controls.

Crazy that there’s so little understanding about why it’s there, that you just think it’s the “IT guy” wanting those.

Hmm, so, policy in our office is a clean desk. Before you jump to conclusions, it’s because our secured area and office occasionally has people come through that should absolutely not see what information we have on our desks. This requirement is a compliance issue for our continued contracts and certifications.

Our work from home policy hasn’t addressed this issue, but it sounds like it’s a clear gap. Your neighbour coming around for a cup of tea absolutely should not be able to see any work related information.

My assumption is that someone has considered this kind of aspect and had a check to confirm that they’ve done diligence by asking you to reveal your working space. A space the companies sensitive information would be visible. Actually you too should maybe not be looking at your wife’s screen nor materials on her work desk. Depending on the situation.

Either way, policy comes first so perhaps her employment agreement or employee handbook would reveal more.

I ended up reading it on bleeping computer since the linked site looks like an auto tldr bot saved 50% of the words. The important 50% was discarded.

https://www.bleepingcomputer.com/news/security/18-year-old-security-flaw-in-firefox-and-chrome-exploited-in-attacks/

I checked too, it’s not a valid public DNS record, so then the question is, does Oktas internal DNS resolve this. Even if it does, how does okta even sit in this? Are they the identity provider for Twitter? Surely even if it’s identity, it’s got nothing to do with content moderation? So many questions.

A software shouldn’t use passwords for tls, just like before you use submit your bank password your network connection to the site has been validated and encrypted by the public key your client is using to talk to the bank server, and the bank private key to decrypt it.

The rest of the hygiene is still up for grabs for sure, IT security is built on layers. Even if one is broken it shouldn’t lead to a failure overall. If it does, go add more layers.

To answer about something like a WiFi pineapple: those man in the middle attacks are thwarted by TLS. The moment an invalid certificate is offered, since the man in the middle should and can not know the private key (something that isn’t used as whimsically as a password, and is validated by a trusted root authority).

If an attacker has a private key, your systems already have failed. You should immediately revoke it. You publish your revokation. Invalidating it. But even that would be egregious. You’ve already let someone into the vault, they already have the crown jewels. The POS system doesn’t even need to be accessed.

So no matter what, the WiFi is irrelevant in a setup.

Being suspicious because of it though, I could understand. It’s not a smoking gun, but you’d maybe look deeper out if suspicion.

Note I’m not security operations, I’m solutions and systems administrations. A Sec Ops would probably agree more with you than I do.

I consider things from a Swiss cheese model, and rely on 4+ layers of protection against most understood threat vendors. A failure of any one is minor non-compliance in my mind, a deep priority 3. Into the queue, but there’s no rush. And given a public WiFi is basically the same as a compromised WiFi, or a 5g carrier network, a POS solution should be built with strengths to handle that by default. And then security layered on top (mfa, conditional access policies, PKI/TLS, Mdm, endpoint health policies, TPM and validation++++)

Seems like you should submit a change request with your fixes?

Transport layer security should mean this shouldn’t matter. A good POS shouldn’t rely on a secure network, the security should already be built in cyptographically at the network session layer. Anything else would still have the same risk vector, just a lower chance of happening.

In fact many POS systems happily just take a 4g/5g sim card because it doesn’t matter what network they’re on.

Eating the onion is sure popular today!

Day9. Though I just rewatched a funday Monday from episode 200 or 300 and it was just as amazing and fun as it was back over a decade ago.

I watched newer stuff he still seems to be a great guy.