Yeah, but that security patch level.

In Chromium browsers you can simply type “thisisunsafe” to bypass even HSTS failures.

They mean CAA records:

https://developers.cloudflare.com/ssl/edge-certificates/caa-records/

You need to demand a raise. And keep working from home.

Right, because international hackers are going to mobilize boots on the ground across the world to steal your fucking Optiplex.

Yep totally. The documentation is downright wrong so much more today than it used to be. It’s all written like they pawned it off on a junior engineer, who then threw shit at the wall until they got it working, then that process becomes the official documentation.

And don’t get me started on Copilot hallucinating Powershell cmdlets.

With support it’s become kind of a game to see how quick you can get to T2. My tactic is to passive aggressively point out how their first response shows a complete lack of understanding of the topic, then directly request escalation.

The reality is they probably don’t know the full scope or root cause and are going off of limited reporting coming from their beta channels.

But they likely determined the impact was low enough that they could still ship the update while they investigate further.

There are similar known issues reported in the update KBs all the time that sound much worse to me as an admin but are as equally low impact in the end. But they’re not as easy for the layperson to latch onto like these low-effort “VPN no worky” articles.

Regardless, none of this absolves IT of the responsibility of testing patches.

Exactly. Everybody on Lemmy a couple days ago was acting like the sky was falling when all we had were these one-paragraph FUD articles quoting Microsoft’s own KB article. Most people commenting have no clue that “VPN” is a broad term covering at least a dozen different possible protocols and acted like Microsoft was intentionally breaking all VPNs.

The only thing I found was a reddit thread talking about how some VPNs using TPM-backed certs were broken. I, for one, am using an IPsec VPN with certs stored in TPM on one of the affected versions of Windows 11 and have had no problems. Nor have I had any issues with SSL or Wireguard-based VPNs, so it does just seem to be a fringe case they’re warning about.

So Microsoft is just giving a heads-up that IT should probably include VPN testing in their patch cycle test rings and all the anti-MS people are losing their shit.

The rootkit is easy enough to turn off in the BIOS but I highly, highly recommend G-Helper instead of Armoury Crate.

Moving to it from AC is like leaving a prison cell full of screaming children and entering a calm beach.

Oh yeah. They all do/will. But they are still better firewalls than ASAs.

ASAs are still way more prevalent than they should be when Palo Alto and others are much better options. Still, I’m glad I barely have to deal with them any more.

No, and it never has been. I use Firefox as my default and it has never changed.

I still fail to see how that’s the product’s fault.

Is there some ransomware-proof backup solution that you find most people do set up correctly?

Why name drop Veeam as if they’re part of the problem?

They at least have good options to protect backups from ransomware with Linux hardened repos and immutable object storage.

Heh yeah, I maybe get to use it for one game/series every 2-3 years. The blackout restrictions are complete BS.

Three digits is not that easy to get by brute force. It’ll be locked for fraud pretty quickly.

However the CVV is usually only required for card-not-present purchases. One way around that is to imprint the number onto their own magstripe card and run it as a card-present transaction.

Exactly. I decided to check it out a couple weeks ago and needing to install the Amazon app store was an instant nope.

Was going to look into side-loading but I didn’t really have a use case to make it worth my time.

So you classify yourself as an average consumer or a non-techie when it comes to computers?

To be fair, for the average consumer there are huge advantages to using a MSA.

Both Windows Hello and OneDrive bring both security and convenience to non-technical people in a big way.

There is no good reason the average non-techie user should be using a local Windows account in a cloud world.

Yeah, I personally will only use hardware solutions for passkeys – YubiKeys and TPM-backed WHFB creds.

But the other reply makes a very good point about adoption being more important than perfection since, even with software-backed passkeys, you still have the benefit of the secret never leaving the client.