"The business critical software we're using is not supported on 2012 or later"
MelodiousFunk 11 points 2 years ago
It gets worse.
Sometimes the software update is free. All it needs is a half dozen VMs spun up (in an environment of 1500+) and an approved change window to migrate the current version to new servers, and then another window to update. But your request for new VMs gets back burnered for close to a year because there's still production machines on unsupported OSes.
Then a very large breach of the software in question happens while you're on vacation.
By sheer luck, the outdated version is not affected. But suddenly it's super important to upgrade to the latest version NOW. So you end up spending the next few days of vacation splitting your time between defending yourself, re-explaining the situation to "tech" VPs and up that are total frauds, and dealing with top level vendor support because migrating software and OS versions at the same time is not recommended. And then spending a nice relaxing overnight with one of their top engineers doing what was supposed to be an involved but routine process over multiple change windows, but is instead 9 hours of "this should work, guess we'll find out" sphincter-clenching Leroy Jenkins action, in which the top-level engineer was needed more than once to fix something. All this while flying blind on a 2000+ node network because the software you had to emergency update without any guardrails (aside from snapshots) is the network monitoring software. Hell of a thing to back-burner, but I didn't run the company that got sold for several billion so what do I know?
Oh, and three months later you get denied a merit raise because Covid and "nobody" got a raise.
So fucking glad to be rid of that toxic shithole.
PrettyFlyForAFatGuy 4 points 2 years ago
or off windows server entirely
MonkderVierte 2 points 2 years ago
But less of it.
remotelove 11 points 2 years ago
That probably means there wasn't a good testing process for patching and there wasn't adequate redundancy. In theory, if a patch breaks one server it shouldn't matter.
In reality, patch testing stacks up and gets behind and redundancies are rarely tested. That is expensive, time consuming work which probably isn't worth the time of someone who is already underpaid and overworked. And fuck! If patch and redundancy testing ever breaks anything prod for whatever reason, the person who was testing everything gets blamed and fired so nobody is going to volunteer for that.
MonkderVierte 7 points 2 years ago
Use a static site generator instead of Wordpress.
olafurp 4 points 2 years ago
I'm a programmer that doesn't know all that much about cybersecurity beyond the basic.
What do you guys think of AI pentesting? Is it made completely redundant by tools or is it going to be a viable strategy for pentesting?
DahGangalang 9 points 2 years ago
As with most things, I expect it'll help the guys who know what they're doing do their thing faster and more efficiently.
I don't expect it to replace nor be a effective substitute for a properly trained pen tester.
It might be helpful to developers to fast track security testing, but I think there's already a wide array of "non-AI" tools that accomplish that? Don't know a lot about how it.couod affect that side of things.
cybersecuritymemes
@lemmy.world
4417
119
595
Only the hottest memes in Cybersecurity
go to feed...
cybersecuritymemes
@lemmy.world
4417
119
595
Only the hottest memes in Cybersecurity
go to feed...
Move it off server 2008.
I wish that was not a discussion we had with a customer.
save