* Posts by CelineDion69

8 posts • joined 27 Sep 2018

'The inmates have taken over the asylum': DNS godfather blasts DNS over HTTPS adoption


Re: Who needs DNS anyway?

They probably already have by using a different machine. Sometimes you don't have to employ any meddling at all, just be smarter than the parent.

Atlassian: Look at our ginormous Jira revenues!


Just here to say Jira is hot garbage

In defence of online ads: The 'net ain't free and you ain't paying


"The thing is, one way or another, stuff has to be paid for. Since this generation has decided not to pay for anything, least of all for factual information investigated by salaried journalists, advertising and sponsorship is all we have left."

I'm so glad you used journalism as an example:

The actual thing is - it's not our damn responsibility to pay the bills of organizations that took a decade or more to finally admit that newspapers are dead and they should probably have a solid online presence. The overwhelming majority of Top Tier papers and news rooms simply refused to do this, then decided to play scramble and just hop on the ad-based revenue bandwagon. Fuck 'em. If they die they die, and you can pin it on our generation all you want, we will proudly take that smoke.

It isn't our fault that we leverage technology to disrupt industries that refused to do so.

'This is insane!' FCC commissioner tears into colleagues over failure to stop robocalls


Re: The FCC isn't going to do anything that isn't easy

scrub alert

Looking after the corporate Apple mobile fleet? Beware: MDM onboarding is 'insecure'


Re: This is easy to fix.

Right, this was my point as well. Not to mention that having a device in DEP doesn't just magically allow you to enroll into all MDM configurations - many configs do not accept enrollments from unknown devices and users. Some require tokens to even be able to complete enrollment. And forcing authentication for DEP would break a lot of processes for a lot of enterprises. The only vulnerability here is having flunkie UEM/MDM engies and admins. If I was DUO, I'd be fairly embarrassed about "disclosing" a feature as a "critical security vulnerability".


Re: Feature not a bug

Even if you've managed to generate a serial that exists in both Apple and the target's ABM/DEP database, you're surely going to be hit with compliance policies and further directory authentication for anything sensitive. That is of course assuming the MDM engies and admins aren't complete morons.


Feature not a bug

Really not a vulnerability.


Biting the hand that feeds IT © 1998–2021