▪█─────█▪

  • 0 Posts
  • 17 Comments
Joined 1 year ago
Cake day: June 19th, 2023
  • tool@r.rosettast0ned.comtoMemes@lemmy.mlIncorrect password
    5·
    1 year ago

    And despite security recommendations, too many IT depts still force password resets every 90 days…

    It could be for contractual or for insurance reasons. We have some contracts with government agencies that require it, and our cyberinsurance also does. Even though NIST has been recommending for years to do long passphrase + MFA and no reset unless you suspect compromise.

    So yeah, the reason behind this might not be just plain incompetence.

  • tool@r.rosettast0ned.comtoProgrammer Humor@programming.dev*Permanently Deleted*
    6·
    1 year ago

    I don’t even ask for that anymore because it rarely leads to good ends. What I do now is send an email summarizing the dumb bullshit that they want me to do, describe the detrimental effects that it will have in excruciating detail, ask if there are any corrections and if my understanding is correct, and say that if I don’t get a reply from them by X time, I’ll do $DumbBullshitThing at Y time/date. It gets CC’ed at least one level higher than them in the food chain and also to my personal email address for CYA.

    It puts the onus on them, creates a paper trail, and also places the blame on them when shit blows up because they asked me to do $DumbBullshitThing when the consequences were clearly laid out.

  • tool@r.rosettast0ned.comtoAsklemmy@lemmy.mlWhat app is so useful, you can’t believe it’s free?English
    2·
    1 year ago

    Yep. I’m not making a proclamation, just stating an opinion. I don’t have a problem with what they’re doing, and if other people do, that’s fine. Some people like their cucumbers pickled, let them have their pickle.

    I actually wouldn’t be surprised to see it go open source in the future, Microsoft has been doing that a lot recently, like VScode and the whole of .NET and friends like PowerShell. Pretty much the only things worthwhile from Microsoft are already open source, except Copilot.

  • tool@r.rosettast0ned.comtoAsklemmy@lemmy.mlWhat app is so useful, you can’t believe it’s free?English
    11·
    1 year ago

    Copilot was trained on copylefted code while itself being closed. What was brought to attention by @ralC@lemmy.fmhy.ml isn’t efficacy, but Microsoft’s lack of ethics and social responsibility when it comes to their bottom line.

    I honestly don’t have a problem with that. Everything that it was trained on is publicly-available/open-source code, and I’m not aware of any license that requires you to distribute your modifications if you don’t make modified binaries publicly available, not even GPL. And even then, you’re only required to make available the code that was modified, not related code. And I don’t even think that situation would apply in this case, since nothing was modified, it was just ingested as training data. Copilot read a book, it didn’t steal a book from the library and sell it with its name pasted over the original author’s.

    This isn’t really any different of a situation than a closed-source Android app using openssl or libcurl or whatever. Just because those open-source libraries were employed in the making of the app doesn’t mean that the developer must release the source for that app, and it doesn’t make them a bad person for trying to make money from selling that app. Even Stallman is on board with selling software.

    And even if you take all that off the table, you’re free to do the exact same thing and make a competitor. Microsoft didn’t make their own language model, they’re using a commercially-available model developed by OpenAI. There’s literally nothing stopping anyone else from doing this as well and making a competing service called “Programming Pal” and making their code open-source. In fact, it’s already been done with FauxPilot and CodeGeex and the like.

    So yeah, I really don’t have a problem with it. This ended up a lot longer than I had originally thought it would, sorry for the novel.

  • tool@r.rosettast0ned.comtoAsklemmy@lemmy.mlWhat app is so useful, you can’t believe it’s free?
    8·
    1 year ago

    I pay for it just because it’s cheap and to support them

    I did this too when it first came out, and then the product became robust enough that I recommended we implement it at work because secrets management was non-existent. We have a bunch of licenses on the Enterprise plan now and it just keeps getting better each update.

    My only complaint is that migrating the data to a new server is a pain in the ass and never works correctly, even when following the migration instructions to the letter. Always have to open a ticket with them for that. Not enough of a pain to move to another product, though.

    I also still pay for my personal plan. It really is a fantastic product.

  • tool@r.rosettast0ned.comtoProgrammer Humor@programming.devOnly 14.99$
    6·
    1 year ago

    That’s exactly why we need to give them the boot.

    Hard disagree. If you’re running something business-critical, the support that you get with a RHEL license {or any other vendor, for that matter) is worth its weight in gold.

    If you can’t fix something, you don’t want to be looking for solutions by sifting through forum posts directed at home users when the business is losing thousands of dollars per hour. That’s what the license is for, and that’s what you pay for.

  • tool@r.rosettast0ned.comtoAsklemmy@lemmy.mlWhat is a website everyone should know about?English
    15·
    1 year ago

    Is this really that useful though?

    It’s very useful if you don’t use a password manager and/or reuse passwords.

    The most useful part about it to me is the API. You can tie it in to Active Directory to blacklist all hashes that appear in any breach, plus expire/force a password change if any user on your domain uses a password that has been in a breach. It completely eliminates that vector from threat actors immediately.

    So yeah, I would call this intensely useful.