It may be a case of laziness which has started creating a local dialect. This is one of the ways living languages change over time, people start sluring words and sounds together until there is almost nothing left of the original words and there is a new word in their place.
Na, my experience is that Defender is fine with users downloading browsers and “updates” from random Russian sites. It’s happy to let the users install that software and only bothers to log a “hey, maybe this was bad” alert some time later. Edge, on the other hand, loses it’s shit when you visit the official download sites for Chrome or FireFox.
You only get a short time with the pointy end of the spear and then once a sword wielder is inside your range, you’ve got an unwieldy stick and they have a sword. Good for stand off melee maybe but prob not.
Yes, but getting in close without getting stabbed is really hard.
Here’s an actual example of modern HEMA folks giving it a lot of goes:
https://www.youtube.com/watch?v=uLLv8E2pWdk
That sounds more like a feature than a bug. I remember when Twitter was actually useful. You could sort by “new” as the default and your feed only included stuff from people you followed. And then it went to complete shit with the sort defaulting to “fuck your preferences”, sponsored content and your feed being littered with click bait, paid content and all the other bits of enshitification. And that is all built on the algorithmic selection of content.
Step one, take a deep breath and realize that, unless you own the company, killing yourself to save it is dumb.
That said, there are some things you can do to try and improve thing:
Learn to “talk business”. Yup, this one sucks, but it’s also the only way you are ever going to get traction. Take that Windows 7 system, why do you want to upgrade it? “Because security”, right? Well, how does that translate into costs to the business? Because, businesses don’t care about security. I work in cybersecurity for a large (Fortune 500) company and upper management has given exactly zero fucks about security for a very long time. They only started coming around when that lack of security starting costing them real money. They still give zero fucks about security, but they do care about risks to the business and what that might cost them. Having security and money linked in their heads means we can actually implement better security. You need to put the lack of security of that Windows 7 system in terms of dollars potentially lost. Something like the Annualized Loss Expectancy. If that box gets popped, how much would it reasonably cost the business to recover from? Is that something which you expect to happen once a year, once every five years? These numbers will be mostly made up and wildly inaccurate. But, the goal is to just get in the right ballpark. How does that cost compare with the cost to upgrade? What about other possible mitigating controls you could use to protect it? Does it need to have internet access? Could you VLAN it off into it’s own little world and keep it running with reduced risk? Give management the expected costs of that system becoming patient zero in a ransomware outbreak and then give them several options and the associated costs (upfront and ongoing) to secure it. Have multiple options. A high cost one (e.g. replace the box), a low cost one (FW and VLAN controls) and the one you actually want right in between (OS Upgrade). Managers are like children, they need to feel like they made a choice, even if you steered them into it.
Next, don’t try to boil the ocean. You’re not going to fix everything, everywhere, all at once. Get some small wins under your belt and prove to management that you aren’t going to break the business. Show that you aren’t just some greenhorn cowboy who is going to break the business because you think you are so smart. If you can make a plan for that Windows 7 system, show the costs involved and actually get the job done smoothly, then you might be able to move on to other things. Sure, you might actually be right; but, you could also end up breaking a lot of stuff in your quest to have perfect security (which you’ll never actually achieve). Take one one or maybe two things at a time. It’s a slow process and it leaves things broke far longer than you will like, but it builds trust and gets more action than just screaming about everything at everyone. Slow is steady, steady is fast.
Moving on, be aware that you probably don’t know everything about the business, and the business functioning is paramount. Why does everyone have local admin? Because that’s the way it’s always been and it has always worked. If you start pulling those permissions back, what processes get broken? This is a tough one, because it means documenting other people’s processes, many of which probably only exist in the heads of those people. How often are people moving around critical files using CIFS and the share. It’s fucking stupid, but there’s a good chance that the number is greater than zero. You pull local admin from people, and now work doesn’t get done. If work doesn’t get done, the business loses money. You need to have a plan which shows that you have considered these things. Design a slow rollout which phases local admin rights out for the users who are least likely to affect the business. Again, slow is steady, steady is fast.
And thins brings us to another point, auditors are your friends. No really, those folks who come in and ask you where all your documentation is and point out every single flaw in your network, ya, they deserve hugs not hate. You’re in healthcare, where does your business fall on regulations like HIPAA (US-centric but similar regulations may apply in other countries)? 'Cause nothing says, “fuck your wallet” to a business quite like failing an audit. If you can link the security failures of the business to required audit controls, that’s going to give you tons of ammunition to get stuff done. I’ve watched businesses move mountains to comply with audit controls. Granted, it all becomes “checkbox security” at some point; but, that is vastly better than nothing.
All that said, company loyalty is a sucker’s game. I’m guessing you’re early in your career and an early IT career likely means job hopping every 3 years or so. Unless you get a major promotion and associated pay bump in that time, it’s probably time to move on. Later in your career, this can slow down as you top out in whatever specialization you choose (or you get lured in by the siren song of management). So, there is that to consider. It might just be time to go find greener pastures and discover that pastures are green because the cows shit all over them. But, it can feel better for a while. Having your resume up to date and flying it out there usually doesn’t hurt. Don’t job hop too fast or you start to look like a risk (I stick to a 1 year minimum). But, don’t stick around trying to save a sinking company.
Along with that, remember that you don’t own the company; so, don’t let it own you. When you get to the end of your day, go the fuck home. Don’t let the business consume your personal time in actions or thoughts. If they place burns, that’s the owner’s problem, not yours. Do your best while on the clock, do try to make positive changes. But, killing yourself to make the owner just a bit richer makes no sense. The only person who is ever going to truly have your best interests in minds is you, don’t lose sight of them. Say it with me, “Fuck you, pay me”
So, where to go from here? Well, you sound like you have a good plan at the moment:
I am also looking into getting my Linux+ (currently only have my A+)
Sounds solid. If you care about security, let me recommend poking your head into the cybersecurity field. I’m am absolutely biased, but I feel it’s a fantastic field to be in right now. Following up the Linux+ with the Sec+ can be a great start and maybe the Net+. The A+, Net+, Sec+ trifecta can open a lot of doors. And you now have some IT/systems background, which I always suggest for folks (I look for 3-5 years in IT on resumes). As a lead, I get to be in on interviews and always ask questions about networking, Active Directory, email security and Linux. I don’t expect entry level analysts to know everything about all of them; but, I do expect them to be able to hold a conversation about them.
Good luck, whatever path you choose.
The diver probably has some food on him, which the stingray is trying to get.
I visited Stingray City in Grand Cayman a lot of years back. Part of the tour package was that they gave you small squid to feed to the stingrays, and they would climb up you, out of the water for that snack. Also, there were a lot of stingrays in the area. We were instructed to shuffle our feet as we walked, to avoid stepping on one. The swimmer in the picture only needed to hang out for a bit before one or more stingrays would have come over, looking for any handouts.
That said, the experience of Stingray City was absolutely worth it. Between that, and snorkeling at the barrier reef, I have a lot of fond memories of my time at Grand Cayman.
Real Druids are kinda an unknown. We have writings about their practices and beliefs from Roman writers and much later Christian writers. The former were known to be exaggerate and just make shit up when it came to “barbarians” and the enemies of Rome. And the later were often working with incomplete knowledge and also making shit up. This was muddled further by 18th Century work which liked to make ancient cultures even more fantastical. And then you get all the Neo-Pagan revival crap which cast their own beliefs onto ancient cultures, such as the druids, which completely muddied the waters. The fact is, we don’t actually know a whole lot about the real Druids.
The new seasons have been lackluster. I think one of the main issues is that the show did a lot to wrap up the majority of the main character arcs prior to the cancellations. Fry and Leela are the central characters, often trading off the position as the audience stand-in. And there is basically zero room left for character growth. We know how the Fry/Leela love story arc ends, we’ve seen it. Kif and Amy have also hit the end of their main character arcs. They are married, have kids, and mostly are settled into domestic life. Bender is Bender. A core part of his character is his resistance to growth. So, even when they drop a backstory on him and try to give him growth, it just feels out of place. That only leaves background characters to work with. But, since it takes the focus off the main characters, it makes things feel like a money-grab spin-off.
All that’s left is the sort of 90’s sit-com style, “story of the week” where nothing really changes and we all learn whatever moral lesson the writers wanted to foist on us this week in 22-minutes, plus commercial breaks. We all want “more Futurama”; but, I think the problem may be that there isn’t “more Futurama”. The stories are done, we just keep hanging on because of nostalgia, and the producers keep making it because of money. There are going to be good bits here and there. But, what we are seeing is what we are going to keep getting.
Someone is trying to re-create the virus from Snow Crash
He chased a ball into the street.