Yeah, I have a blog, if you want to really get angry with me... LOL.
My self-hosted WordPress Blog can be found here:
Yeah, no https. Life is hard. How shall we cope. There is no coping.
uspol / Individual 1 List of Atrocities
Here is a pretty solid list of political atrocities that Individual 1 has perpetrated on us all. In case you wanted a refresher on his awfulness.
Looks like all that work for PCI Compliance was reducible down to a gaggle of SRED card-swipe terminals. All the other requirements? Eh, not so much. Are we playing the most dangerous game with the credit card people? Hmmmmm... maybe.
But now, it's no longer my problem! I have a PCI Compliance strategy all fleshed out, so I can just LEAVE IT THERE, and if it should ever rear its ugly head again, I will have it. So it wasn't a total waste.
Management gamely goes on and on about how they are following CDC protocols. HAHAHAHAH Yes, and I will have my own subset of protocols. Like a closed door, send me a fucking email or text. Just because they demand I work from the office does not mean I will mix with filthy god damn humans! Oh we're going to socially distance allright. I'm going to carve out a little universe all to myself in my office. Use Kleenex and Sanititzer to maintain a teeny island of health in that hot zone.
Plus the Stay At Home Order is valid now until May 28th, but work demands everyone return this Monday, May 18th. We've proven that working-from-home is valid, so now what we have is the payback for the zero-sum-game of exposure and massive inconvenience that the original Stay At Home order created with my workplace. Huzzah!
The head of our Accounting department claimed to have SRED terminals in her possession, and there is some chatter where processors could be fast-talked into accepting credit card processing from an SRED terminal. Is it the same as PCI DSS? Hell no, but if they accept it and life goes on, I'm very happy to look the other way.
I also have a fully functional and updated OpenVAS from Greenbone to do vulnerability scanning as their GCE VM option works quite well! Start it on VirtualBox on my Windows 10 hunkajunk and get going. Scan away! When we get underway. That is...
Am I upset that I threw two days worth of labor down the toilet? Yes, somewhat. But more to the point, the work is done, so if this ever rears its head again, instead of having to go back to the drawing board, I have everything I need.
Chromebooks for the terminals. An electrician for the ethernet runs (I buy my installs, gives me someone to blame), a Meraki Z1 gateway, and a dumpy unused cable modem that has been lit up but unused for years.
Looks like after I went through the PCI DSS Standard and created a gap analysis and shared that with everyone in management, it created a stir, then a pause, and then "Lets all get in touch with the credit card processor and see just how much compliance we need."
So the people who all fled at first and left me holding the bag were not quite happy with how pervasive the analysis was, and now they are taking it seriously.
Give and take with Yubico. I have a YubiKey 5 NFC and frankly, nothing to use it with. LOL. Tried to return it for my money back and that was laughed out of the park, which I expected. So now, I have a hardware 2FA that just sits there. Ah well, it was $50 that I suppose I will never notice being gone.
L2TP VPN is a hot pile of shit with Windows 7 and Windows 10. So, after endless struggles with ISP’s that don’t want to really unfilter port 500/udp, I installed OpenVPN, changed the default port and then added that port to my NAT traversal ruleset. What does it do? It fucking works out of the god damned box! That’s what it does! I haven’t heard from the user, that means she’s a happy camper!
Ave Maria! Someone pass the Tylenol!
Well, today has become a rip-roaring batch of LOL in action! Not only do we have a pandemic and everyone is working from home, but it appears that a coworker succumbed to a phishing attack, and then the breached account led to a successful social manipulation attack against Human Resources which sent a payroll check to a unverified bank routing and account number for that coworker.
So, that's going to be fun.
Nothing quite like pinhead users suddenly made to work from home. Complain about not being able to do something by simply sending a screen shot and no text. And then, because they cannot be trusted with technology only have a standard user account, so when you try to remotely help them you can't do jack diddly. And then they reboot, and the problem...
Went away all by itself.
Of course it did.
I asked if IT could work from home, because we touch so much stuff out there, we could be better off doing it from home. My request was rejected, so here we sit.
My boss ended with this line, which I think sums it all up in a neat little bow:
""Remember that you need to help them out as well and not just direct traffic."
Ah. I see. Is that what you think I do, then. Ah.
My request for the IT Department to work from home, because obviously we can do everything at home that we could do here, has been declined.
So now, we self-quarantine as best we can in the office. Maintain protocols, do our best.
And also, to never forget this choice that has been made about business vs. the health of his employees.
44 years old, Cancer with Gemini Rising, INFJ.
Embrace The Golden Rule, Life is Comedy.
Visit my Blog for more! http://windchilde.com/bluedepth
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!