Sure was! You need to be on top of paid and free and open source software from a security stand point. There’s no shortcut no matter what you think you’re paying for. Your threat model might be better when the service automates a Web proxy for you, but that’s only one facet. You trade problems but should never feel like you can “set and forget”. Sometimes it’s better for you to do it yourself because there’s no lying about responsibilities that way.

100%

Almost like that xkcd joke…

Explains the bird feathers

First of all it clearly says counter clockwise so like first of all don’t rotate it clockwise like I did. Then secondly google image search rick roll. Thirdly consider the methods and time people go to to land a joke. Like I wonder if it was assisted by AI to just obfuscate it just enough to not be obvious.

Anyway I had to go to the comments too but mostly because I didn’t read the instructions.

Plex was how last pass got hacked. https://www.howtogeek.com/147554/lastpass-data-breach-shows-why-plex-updates-are-important/

You still need to do stuff even if it is plex.

To back off your post, does anyone have one for Australia?

April first.

I don’t think that works on my Samsung TV, or my partners iPad though. :)

Although not especially effective on the YouTube front, it actually increases network security just by blocking api access to ad networks on those kinds of IoT and walled garden devices. Ironically my partner loves it not for YouTube but apparently all her Chinese drama streaming websites. So when we go travel and she’s subjected to those ads she’s much more frustrated than when she’s at home lol.

So the little joke while not strictly true, is pretty true just if you just say ‘streaming content provider’.

Hey so it seems like you don’t really get licensing or ‘too expensive’ is just business speak for wanting it done free.

Exchange plan 1 licenses are minimally very very small licenses, but you can get even cheaper. You can even get exchange kiosk. Kiosk isn’t designed for users, it’s designed for things like an MFP then you’re allowed to relay with an authenticated startTLS account setup on the MFP to connect to exchange Online.

However, if you don’t use an authenticated account, you can still send internally. That way your inevitable compromised device doesn’t spam the world with mail throttle Microsoft servers. However you can scan to your own internal staff. And by internal staff I’m guessing at more and more here but I’m betting you have two mail domains. Only domains in your exchange Online Admin centre which are added into the domains, will be ‘internal’.

If you wanted hybrid you should do hybrid using the hybrid configuration wizard and it will connect your on premises exchange to your exchange Online using mail transports. You need to fix up a bunch of things to get that connected. But doing so will count the mailboxes which are on premise as ‘internal’ and unauthenticated mail will be allowed to relay to them.

But 40 exchange online only accounts with exchange plan 1 is hardly a few seconds of wage time per month in costs.

I’m guessing a lot here, but you said you have two different mail servers currently, online and on premise, I can only assume you’ve either got two different mail domains otherwise MX routing would be dead to one or the other. And I guess that because you said you’re getting errors that only happen when you send mail to external users.

So…

Five words into the article says

Apple’s internal presentation from 2013

Literally at the top under TL;DR

deleted by creator

How are they placing this data? Api? Not possible to align disk tiers to api requests per minute? Api response limited to every 1ms for some clients, 0.1ms rate for others?

You’re pretty forthcoming about the problems so I do genuinely hope you get some talking points since this issue affects, app&db design, sales, and maintenance teams minimally. Considering all aspects will give you more chance for the business to realise there’s a problem that affects customer experience.

I think from handling tickets, maybe processes to auto respond to rate limited/throttled customers with 'your instance been rate limited as it has reached the {tier limit} as per your performance tier. This limit is until {rate limit block time expiry}. Support tickets related to performance or limits will be limited to P3 until this rate limit expires."

Work with your sales and contracts team to update the sla to exclude rate limited customers from priority sla.

I guess I’m still on the “maybe there’s more you can do to get your feet out of the fire for customer self inflicted injury” like correctly classifying customer stuff right. It’s bad when one customer can misclassify stuff and harm another customer with an issue by jumping a queue and delaying response to real issues, when it’s working as intended.

If a customer was warned and did it anyway, it can’t be a top priority issue, which is your argument I guess. Customers who need more, but pay for less and then have a expectation for more than they get. It’s really not your fault or problem. But if it’s affecting you I guess I’m wondering how to get it to affect you less.

If it’s possible to do, and it causes a user experience issue, especially one as jarring as “stop accepting writes” you should start adding rate limits and validate inputs with rate limits expressed to the user before they hit the error rate.

To me you should already be sanitising input anyway, and this would just be part of that logic. If a user is trying to upload more than x it warns (with link to documentation of the limit). If user has gone past the rate limits, then error.

I’m not a sre or dev, just a sysadmin though. Users expect guard rails. If it’s possible, it’s permitted.

This article was hard to read, based on zero facts they’ve determined experience factors like battery life and performance which all depends on more than just hardware.

Then setting the conversation again argumentatively like valve doesn’t win no matter who makes a clone, is just ignorant. Valve wins by making a store that sells. They could even sell for a loss.

I went to that article to get information and read hype and antagonism. I came away frustrated.

There have been a few cases where ports are blocked. For example on many residential port 25 is blocked. If you pay and get a static ip this often gets unblocked. Same with port 10443 on a few residential services. There’s probably more but these are issues I’ve seen.

If you think about how trivial these are to bypass, but also that often aligns to fixing the problem for why they’re blocked. Iirc port 10443 was abused by malicious actors when home routers accepted Nat- pnp from say an unpatched qnap. Automatically forwarding inbound traffic on 10443 to the nas which has terrible security flaws and was part of a wide spread botnet. If you changed the Web port, you probably also are maintaining the qnap maybe. Also port 25 can be bypassed by using start-tls authenticated mail on 587 or 465 and therefore aren’t relaying outbound mail spam from infected local computers.

Overall fair enough.

It’s paraphrasing Torvalds himself though. It’s a cheeky title.

“… and I have absolutely no excuses to delay the v6.6 release any more, so here it is,”

Yeah that’s fair but I wouldn’t put a cap on it. If a game developer takes 4 years to make a game, then that’s the time period I’d want to assess though when comparing what AI might be able to do. Given the rapid development so far, I’d not bet it can’t make a 3d game with the right amount of management.

But calling it worring is fair. It sure is a big unknown. I’m using it daily but I can see how using a team of 200 ai organised together to self regulate past their weaknesses, kind of already exponentially improves them and that sure is… Something.

Anyway just a thought to share that paper review on that YouTube and my thoughts. It’s a strange world we are looking forward to.

Oh because if an application doesn’t exist natively in azure, ie not a MS Store app, then you can only deploy by uploading the msi which of course is one version. At an MSP with thousands of devices in dozens if not a hundred tenancies, and new software versions being released daily, you need something that will update all that.

Chocolatey is just for the poorer customers, a best effort, immybot for soe management though if the customer is full. Whenever Microsoft finishes getting their own repository fixed though, using winget could be the new chocolatey. Right now it doesn’t do patching or at least it didn’t 12 months ago. It could install and report but not update.

So thinking of solution life cycle you want something that doesn’t need tons of manual innervation, and you can use PDQ or chocolatey or immybot or whatever. Microsoft can handle its first party software suites and rmm deployment but 3rd party at this stage is just not good enough.

Hope that helps

Just to add more confusion, we are removing MDT from all customers and replacing with intune using the already created json templates we have plus then also deploying chocolatey with intune then calling powershell from intune to install other software. I’d say only 20% of our customers have on-premise AD the other 80% are all Microsoft Business Premium licensed unless over 300 staff, and that’s why we have been transitioning customers to only that for the last few years.

MDT is the right tool for AD on premises though so don’t be dissuaded from that, just more, you should know.