spin81

Well to be quite honest I didn't really understand either of your replies. Especially not the second one. In the first one you said MSPs cost more in VA because people can afford more expensive ones, but you're phrasing that as if that wasn't literally obviously my point. So I don't see why you're phrasing that in that sarcastic way (which sarcasm is what made me not respond because that was uncalled for), and also the rest of that reply undercuts that: > So this is a good rough baseline to understand the costs of one extra body versus the value you'll get from a team of resources and services, Yes it is **where you are**. Not in India or Poland. > You did imply your concern was with people being aware of the salary potentially to hire someone decent to do that job I did not and I have no idea what makes you say that. My point, and my entire point, was that salaries vary across the world so $1 != $1. And after you adjust for GDP, still $1 != $1. What I'm talking about is that I see people on Reddit ask about what kind of salary would be okay for this IT job or that IT job and a bunch of USA centric people go SIX FIGURES OR GTFO and that really makes no sense at all where I am. Or in many if not most places in the world, actually. But you know if you want to keep thinking I'm implying stuff, you do you. But I kindly ask you to please cut it the fuck out with the condescension.

> Unless you just don't like people see what wages they might be able to get then go pound sand. I don't think I said or implied that, so right back at you there pal.

> Fulltime IT person who can do it properly out here easily runs 4-5G per month I appreciate your points but don't know how helpful it is to talk about specific salary amounts online because it varies so much. It varies within the United States - someone in VA earns 30% more on average than in WV, for example. Here in Europe wages tend to be lower, for various reasons but among them is that the economy works differently here. For instance, in my country, on average people pay 157 euros a month for health care (which I think would typically include dental), where I am told in the United States it's significantly more. And within Europe it varies from country to country, too. I would not be surprised if in my country it varied from province to province.

I work in a kind of enterprisey environment and would second Defender. I am not well versed in the differences between various AV software but can attest that it works very well for us where I work.

> Why do some people refuse to read the logs? I don't get it. Some people don't know how to do a thing and don't think to just try it or learn how. I genuinely think it's that simple.

So is it politics or not

I like this!

> [CTO's] response: "We don't need antivirus because we use MacBooks." That attitude is going to get you guys ransomwared.

Also the person submitting the ticket might have been numb and weird/in shock, too.

> When we asked for documentation, architecture diagrams, security review, dependency list, backup plan, or who would support it long term, there was basically nothing. > > The mindset shift is what caught me off guard. Is it your experience that people have the mindset to have documentation, architecture diagrams, security reviews, dependency lists and backup plans ready when they ask for a server to put an application on?

I know you're joking but it's better than publishing them on a public fucking GitHub repo

Well it's not secure anymore

I am in Europe too, and a while ago there were some SQL Server patches that were giving the Windows boys a headache

This, if literally true, is absolutely horrifying.

Keeping it vague to anonymize things a bit. Where I work we have a three-digit number of VMs and we're migrating towards Proxmox. The boys plan to have the cluster production ready soon, and we will use special software to migrate off of VMWare so we aim to finish migrating all of them by the end of the year. I expect the biggest time sink (over the whole migration) to be coordinating with the VM's owners so they can test their applications. We don't expect many issues but it's conceivable that there could be some, as the nodes will have different CPUs from our VMWare nodes.

Oh shit. I knew the NSA had put a backdoor in something and I didn't read it properly so thought it was DES. Thank you for calling me out!

Oof. Glad I'm not in your shoes

I don't know about IPSec or IKE, but it's known that the NSA designed a backdoor in DES by coming up with a specific constant in the implementation, so now if you have a constant in your algorithm that looks funny, you have to explain why you chose it or it won't be just the constant that looks funny to the cryptographic community. https://en.wikipedia.org/wiki/Nothing-up-my-sleeve_number#Counterexamples

It's good that they're getting discovered, but not great that they leak before the patch comes out.

To a point, but sure. Someone else here used the word "boundaries". If you're spending a couple hours a week on this, that's work. If you don't mind taking a sec to answer a question now and then, what's the problem? To be clear, if you do want to charge, there's nothing wrong with that. But there's no harm in helping someone out within reason. It's not how I roll, I think if someone is on holiday or gone from the company they are off limits, but I don't see a problem with it.

Linux person here with a genuine question. Are laptops not supposed to be domain joined?

Your company executives is an idiot.

> Not everyone can reach their phone or wake up in time to answer it. I used to call people for a living as a tier 2 support person and anyone who's ever been in a similar situation can tell you that this is 100% accurate. What I would do is first wait a minute or so and try again, because usually these customers would be waiting for me to call them. 4 out of 5 times I'd catch them on the second try.

> I'm going to say the unspoken bit out loud, the quality of the Windows platform has been in steady decline since developers have been using AI and outsourcing as a crutch for programming talent. I don't know that this is unspoken tbh

You said "any shared hosting is basically fucked". So I replied: not a proper one.

This has been known for several days now, so I think any shared hosting provider worth giving money to, mitigated it days ago. Because what you're choosing not to mention is that the mitigation was _also_ released together with the vulnerability, it's not that hard and you don't even need to reboot the machine for it.

...unless you put a text file in a specific directory, which on Ubuntu there is already a patch long out that does this. "Any shared hosting" has long been mitigated if it does its job right.

Nobody is underestimating this kind of vulnerability. What's being said is that this script does not allow access to a remote server, which is accurate. Nobody is denying that if someone already has access to a server, this can get you root access. What's being denied is that if you DON'T already have access to a server, this can get you root access.

> If one of your hosted PHP websites has LFI/RFI, it could allow attacker to gain root permission on entire server. Sorry but I think you need far, far less than that, don't you? Ever since Copy Fail has been out, it has been exploitable in PHP if you can call shell code from your script. I find this exploit puzzling because instead of doing something simple like that, it relies on FFI functionality.

I don't know how it gets loaded but I can confirm that it automatically loads _somehow_.

The important parts are not truncated.

The idea was that if you had not been exploited yet, you could assume you were not vulnerable if the module was not loaded.

Sir are you being nuanced and reasonable on Reddit? I think you'll find that this is illegal to do in these parts

I'm in talks with them for a really cool purchase. I'm not saying what but let's just say it will connect Manhattan to Brooklyn!

rm: aliased to „rm

Is there even an actual open spec for NTFS? If there isn't and it's all reverse engineering to avoid getting sued, I can see why they'd end up in this situation.

Yes even if it works.

Haven't read the article yet, but this sort of thing feels like they actually don't want to have out in the public like this. To illustrate my point, I have been a Linux user at home for about 25 years now and I had never heard of either OnlyOffice or EuroOffice until stumbling across this thread just now.

I don't think they thought about it as deeply as you did

FYI in Ubuntu 26.04 beta there's a bug in it where it won't install if you use Ventoy. Not sure about other versions. So if you want to try Ubuntu you'll have to make it a dedicated USB drive.

Sure but - and I know this attempt might be futile looking at your username - there's having that opinion, and then there's putting nohello.net in your status message.

Hey good on you and I agree with OP but also feel like you're not the sort of person OP is talking about. All anyone can ask of you is to do your best. I don't have any of those things but if everyone who had trouble expressing themselves did what you do, which is try, my life would be a lot less frustrating. If you can afford to, I encourage you to see a mental health professional. Perhaps they can offer insight into how you differ from less neurodivergent people so you can have some tools to become less socially anxious - possibly lessening the ND symptoms leading to a spiral that is positive for a change. Source: I don't have any of that stuff but I've got some other stuff. Hope you're not feeling too bad or the above made you feel a little less bad.

This right here. Also learn to listen. If there's one thing I hate it's talking to people only to find that they're not listening to a word I've said all conversation. This happens to me several times a week. This combined with what you're talking about means I have to find myself asking a question only to be met with stuff that if it isn't meaningless nonsense, it doesn't answer my question either. It's even worse when it happens in writing. Especially in a ticket. Can we blame our users for our bad reputation if our coworkers literally can't read or write at an adult level and yet chose to accept a job answering tickets? My buddy is getting into IT from a wholly unrelated field, and he figured his best leg up into the business was to start at a service desk. I was like absolutely, and also you will stick out like a sore thumb in the best possible way if you are able to open a ticket or email, and then read what it says and not read what it doesn't say. It's extremely depressing that this is true, but like half a year in he knows exactly what I meant when I told him that.

What are you talking about?

First of all, just an aside but I hear good things about Micro. You might check that out as another alternative to Nano. > At what stage should a beginner start learning Vim seriously? There's no need to wait. What I did was learn the absolute basics first and then learn a small thing at a time. Delete a line. Replace a word. Replace something between a pair or parentheses. Now I have a decent skillset that serves me well for my day job. If you do want an actual answer to your question though I'd say the stage at which you're finding yourself having to edit text files on a terminal fairty often. > Do you still use Nano at all, or is Vim your default for everything? Being used to Vim, I find Nano to be clunky and much more difficult to use. So in a CLI envronment my go-to is Vim. If I can, though, I reach for VS Code. > Would love to hear your experience and whether learning Vim early is worth it 🙏 I think it can be worth it if you spend a lot of time editing text files on the CLI. If not I don't know that it's worth the effort, because of the learning curve. It pays off if you stick with it and learn it the way I did: don't learn too much, and just keep using it. Like any skill, it atrophies if you like take a course or watch some videos and then not get your hands dirty with it. If you don't have to use a CLI text editor often, TBH you're fine just using nano and letting the haters hate. Or look into micro - I haven't yet but I hear it's good and very easy to use, and I bet it's in the repos of all the major distros.

People are not replying to this and I can't speak for anyone else, but I can say that I don't want to go into that because I don't want to see this discussion rehashed *again*. This has been debated to death online publicly which makes it a great thing to ask your favorite LLM and I invite you to do so. What I do want to say is that you are implying that people hate systemd and I don't think they do. I think the haters are a vocal minority.

> You can run Linux successfully with or without systemd. Literally nobody in this entire comment section is claiming the opposite. In fact _the whole point of this thread is that you can do that_.

> pid0 process It's pid 1 on my machine.

I don't think it actually is popular. I suspect the most popular thing is not to care too much about it and the hate is from like 0.1% of Linux users who are very vocal about it.

This makes me wonder why your own init system implements runlevels. I like systemd's abstraction of them and it seems that you do, too. Was there a conscious decision to move away from that and back onto numbered run levels, if so what influenced that decision?