tool

I don’t even ask for that anymore because it rarely leads to good ends. What I do now is send an email summarizing the dumb bullshit that they want me to do, describe the detrimental effects that it will have in excruciating detail, ask if there are any corrections and if my understanding is correct, and say that if I don’t get a reply from them by X time, I’ll do $DumbBullshitThing at Y time/date. It gets CC’ed at least one level higher than them in the food chain and also to my personal email address for CYA.

It puts the onus on them, creates a paper trail, and also places the blame on them when shit blows up because they asked me to do $DumbBullshitThing when the consequences were clearly laid out.

It’s so rare for me to have to use the modulo operator I’m actually excited when I come across a situation where I can.

Yep. I’m not making a proclamation, just stating an opinion. I don’t have a problem with what they’re doing, and if other people do, that’s fine. Some people like their cucumbers pickled, let them have their pickle.

I actually wouldn’t be surprised to see it go open source in the future, Microsoft has been doing that a lot recently, like VScode and the whole of .NET and friends like PowerShell. Pretty much the only things worthwhile from Microsoft are already open source, except Copilot.

Copilot was trained on copylefted code while itself being closed. What was brought to attention by @[email protected] isn’t efficacy, but Microsoft’s lack of ethics and social responsibility when it comes to their bottom line.

I honestly don’t have a problem with that. Everything that it was trained on is publicly-available/open-source code, and I’m not aware of any license that requires you to distribute your modifications if you don’t make modified binaries publicly available, not even GPL. And even then, you’re only required to make available the code that was modified, not related code. And I don’t even think that situation would apply in this case, since nothing was modified, it was just ingested as training data. Copilot read a book, it didn’t steal a book from the library and sell it with its name pasted over the original author’s.

This isn’t really any different of a situation than a closed-source Android app using openssl or libcurl or whatever. Just because those open-source libraries were employed in the making of the app doesn’t mean that the developer must release the source for that app, and it doesn’t make them a bad person for trying to make money from selling that app. Even Stallman is on board with selling software.

And even if you take all that off the table, you’re free to do the exact same thing and make a competitor. Microsoft didn’t make their own language model, they’re using a commercially-available model developed by OpenAI. There’s literally nothing stopping anyone else from doing this as well and making a competing service called “Programming Pal” and making their code open-source. In fact, it’s already been done with FauxPilot and CodeGeex and the like.

So yeah, I really don’t have a problem with it. This ended up a lot longer than I had originally thought it would, sorry for the novel.

Because we have some contracts that stipulate any data related to the project, including secrets/credentials, must remain on-site, and in some cases, on an air-gapped network. Doesn’t make sense to spin up something else to manage those secrets when Bitwarden can do it all and satisfy the requirements of those contracts.

Just added it to the massive Google graveyard next to Stadia, wave, hangouts, plus, music, etc etc

I am shocked and appalled that Google Reader didn’t get called out in this list and is relegated to the “etc” category.

It deserves more than “etc.”

Github Copilot is worth the money. I’ve had it finish out functions for me after just a few lines. There’s usually an error or two, but the consistency with which it can predict what I’m doing or trying to do is pretty impressive.

I pay for it just because it’s cheap and to support them

I did this too when it first came out, and then the product became robust enough that I recommended we implement it at work because secrets management was non-existent. We have a bunch of licenses on the Enterprise plan now and it just keeps getting better each update.

My only complaint is that migrating the data to a new server is a pain in the ass and never works correctly, even when following the migration instructions to the letter. Always have to open a ticket with them for that. Not enough of a pain to move to another product, though.

I also still pay for my personal plan. It really is a fantastic product.

That’s exactly why we need to give them the boot.

Hard disagree. If you’re running something business-critical, the support that you get with a RHEL license {or any other vendor, for that matter) is worth its weight in gold.

If you can’t fix something, you don’t want to be looking for solutions by sifting through forum posts directed at home users when the business is losing thousands of dollars per hour. That’s what the license is for, and that’s what you pay for.

👍

Fantastic list, thanks.

Is this really that useful though?

It’s very useful if you don’t use a password manager and/or reuse passwords.

The most useful part about it to me is the API. You can tie it in to Active Directory to blacklist all hashes that appear in any breach, plus expire/force a password change if any user on your domain uses a password that has been in a breach. It completely eliminates that vector from threat actors immediately.

So yeah, I would call this intensely useful.

If it’s that old, I’m betting it doesn’t use HTTPS for its connections. You could do a network packet capture on the XP machine (or if you can find one, hook it up to a network hub with another computer attached and capture there) while performing the “clear error” action and find out how it works/what you need to send to it to clear the error. You could also set up a SPAN port on a switch and mirror the traffic on the port going to the printer to capture the traffic, if you have a switch capable of doing that. If not, you can get one off Amazon for about $100.

It’d be pretty simple to put together a script that sends the “clear error” action to the printer after seeing how it’s done in the packet capture. I’ve done this numerous times, the latest of which was for a network-connected temperature sensor that I wanted to tie into but didn’t (publicly) expose an API of any kind.

Throw in a mysterious comment that says “Don’t change anything below this line or everything breaks” and it’s complete.

“We don’t know why this works, but it does, don’t touch it.” would also be acceptable.

Some places are insanely polluted to the point where you wonder how a whole company could be so braindead and essentially poison themselves.

“That’s the future guy’s problem, my problem is making money.”

No need to wonder. That’s how.

Unless you’re really deep into a particular provider’s unique-esque products (Lambda, Azure AD, Fargate, etc), this is exactly why things like Terraform exist.

Places like that never learn their lesson until The Event™ happens. At my last place, The Event™ was a derecho that knocked out power for a few days, and then when it came back on, the SAN was all kinds of fucked. On top of that, we didn’t have backups for everything because they didn’t want to pay for more storage. They were losing like $100K+ every hour they were down.

The speed at which they approved all-new hardware inside a colocation facility after The Event™ was absolutely hilarious, I’d never seen anything approved that quickly.

Trust me, they’re going to keep putting it off until you have your own version of The Event™, and they’ll deny that they ever disregarded the risk of it happening in the first place, even though you have years’ worth of emails saying “If we don’t do X, Y will occur.” And when when Y occurs, they’ll scream “Oh my God, Y has occurred, no one could have ever foreseen this!”

It’ll happen. Wait and watch.

You’re literally describing the system that controlled employee keyscan badges a couple of jobs ago…

That thing was fun to try and tie into the user disable/termination script that I wrote. I ended up having to just manipulate its DB tables manually in the script instead of going through an API that the software exposed, because it didn’t do that. Figuring out their fucked-up DB schema was an adventure on its own too.

I don’t even let things communicate on /30 networks via HTTP/cleartext…this whole thing is horrifying.

I still use reddit for researching problems at work, but that’s it.