"We are going to pay you as much as a monthly family mobile plan to keep our two-site, eight-building, three-hundred-user network running flawlessly; when we can't fix any issue by throwing an AP at it, we will insist that you should absorb the costs of parts, licensing, and labor because otherwise why are we paying you the cost of a single firewall a year to maintain our entire network? Isn't an annual upgrade to modern hardware with no cost increase on our part included in that cable-bill-priced service?"

UNFORTUNATELY KIND OF, YES THAT IS WHAT THE CONTRACT SAYS. FANTASTIC THAT NOBODY HAS UPDATED THIS IN THE LAST TWELVE YEARS.

every time i think i'm getting a handle on how fucked up things are at work i'm assigned another task that unearths an entirely new flavor of fucked up.

this week:

we have multiple clients who pay us (FAR FAR FAR too little) for network management and maintenance who ALSO employ services which add devices and change things on networks without reaching out to us. I have absolutely no idea how a contract could have been built by a sane business owner that said "you will fix all the problems with my network for a flat monthly pay of less than five hundred dollars, also I will allow employees working on my network to plug both ends of an ethernet cable into the same switch for funsies" and beyond that I have no idea how we managed to mash together TWO companies who had made that same flavor of agreement with multiple clients.

a client asked for us to add a license and it turns out the licenses are managed under a VAR that merged into another VAR under the account of a company that we acquired and put in an account that was cancelled for underutlization. I now don't know how the clients have been getting their licenses but I suspect that the VAR has a direct sales portal that was whitelabled with our acquisition's branding and that the client has no idea that they are actually managing their own licenses. Either that or the client is getting their licenses from their hosting provider and neither we nor the client know that for sure.

We have a service bundle called, basically "inclusive security" that is supposed to include all of the security products we offer. We sell this bundle to most of our clients. I have been auditing the licenses assigned to clients and so far, after looking at 80 contracts, we do not have ANY clients whose bundles include the same products in the same proportions.

every time i think i'm getting a handle on how fucked up things are at work i'm assigned another task that unearths an entirely new flavor of fucked up.

every time i think i'm getting a handle on how fucked up things are at work i'm assigned another task that unearths an entirely new flavor of fucked up.

I’ve gone down with the ship so many times on tumblr that I’m starting to think it might be a submarine

It's super easy to fake screenshots and monitor photos so even though you don't want to reveal your identity if you can avoid it, publishers may want you to prove the documents are legitimate by using less sensitive information to verify that you actually have access to the info you're sending, and may need some kind of back and forth to prove the veracity of your leak. I think mailing a leak totally anonymously is probably going to get less traction than using a leak platform because it's going to be pretty much impossible to verify without some communication between the leaker and the publisher.

That said, I think mailing stuff CAN be pretty anonymous with a bunch of caveats. US mail gets scanned in its envelopes so if you're mailing something you don't want to include a return address, and of course there are cameras at the post office and you don't want to pay for your postage with a card linked to your identity and you don't want to send from a post office or mailbox close to where you live or close to your work, but other than that and being cautious about your printers (there are ALWAYS printers at the secondhand stores near me) I think mailing is relatively safe but has the problem that you have no way of knowing whether your message was received.

But, yeah, if you wanted to mail leaks to a newspaper or abortion pills to someone in Texas, there are reasonably safe ways to do it.

buds, this is the wrong article to put under an email gate.

Here's the info from that article (with a lot of heavy editorializing from me):

Don't call or text; you want to leave as minimal a traceable digital footprint as possible and cellphones are extremely traceable. The Trump admin is committed to collecting metadata from journalists who receive leaks and that includes call history and who sent text messages; even if the message gets deleted there is a record of it with the carrier that can be subpoenaed.

If you are going to email, do so from a burner account created for the purpose of leaking/whistleblowing. (my advice: use a service like protonmail that allows you to encrypt messages and doesn't collect any data beyond what is absolutely necessary for an email system to function; email is inherently insecure you have to treat it as insecure, but a burner account at a privacy-focused company like proton that facilitates sending encrypted messages is the best option for email; here's some information about how to use protonmail as privately as possible) When setting up your burner email, do not use your phone number for 2FA or include any accurate biographical information during the account setup. Set up the account while using a traffic anonymizer like Tor. Here's a PDF about what Tor is and how it works and here's the Tor project's manual explaining how to install and configure the browser for privacy. (The article advises to use Tor or a VPN but that raises the question of whether you trust your VPN provider; if you are going to use a VPN use one of the ones recommended by privacyguides; I know fuck all about VPNs but I know I wouldn't trust most VPN providers in this context).

Don't reach out to the person you're leaking to on social media. I feel like this should be obvious, but it may not be - don't reach out through meta or X or tumblr, these are not anonymous platforms and they can and will be compelled to share messages sent to journalists or data sent from your account. Don't follow the people you're leaking to (unless you already happened to be following them), don't interact with their posts. Do not make any kind of visible connection between you and the person you are leaking to.

Be careful about using encrypted messaging platforms. I personally wouldn't trust telegram or whatsapp, and I haven't heard of Session until now, but generally speaking Signal is one of your safest bets for sending messages. Signal collects the smallest amount of user data it can, and while it does require a phone number to sign up, the phone number doesn't have to stay connected to your username. If you don't already have a signal account, create one NOW because one of the things that they do track and can be compelled to disclose is when an account was created. If an account is linked to you and it was created shortly before a leak, that's suspicious. Create an account now and have it handy for when you need it. IF you are using signal, be aware that people can still screencap your messages; don't share personally identifying data via signal chats.

Have good opsec about how you collect the data that you're going to leak. For example, don't email yourself a copy of the data from your work email account, take photos of the data on a non-work phone and then strip the metadata. If you require login access to get the info you're looking to leak, figure out if there's a way that you can make the leak more ambiguous about the access by making sure there's time between your access and the leak, or that the time of your access isn't included in the information that is leaked. Take a lot of time to think about how someone might track a leak back to you and take steps to mitigate that.

Don't save copies of the data that you've leaked; once you've passed the message on to people who can get it out there, destroy any copies that you had.

GlobaLeaks and SecureDrop are tools to securely share leaks with organizations that will publicize the information you're sharing while protecting you to the best of their ability. Do not access those sites through your normal browser when you are preparing to leak data, only access them through Tor.

Be cautious about who you leak to. (Look I love the team at It Could Happen Here but you don't share a leak with a podcaster you share a leak with a group like Distributed Denial of Secrets). Focus on groups that have a history of securely sharing leaked info and on outlets that might have some legal protection from sharing information about you. The Intercept and DDoSecrets are the two that spring to mind immediately for me. (In fact I got the screenshot at the top of this thread because I went searching for this intercept article to paste on to a reply to another post but then this happened so here we are). Both of those links have their tips for leakers, btw.

It isn't stated elsewhere here so I'll add it at the end: if you are using Tor, don't log in to personal accounts that are associated with your real name or your private data. If you create burner accounts, don't use them to communicate with accounts associated with your real name or private data.

Also don't tell people - partners, parents, friends, etc. - that you're going to leak something.

And, I cannot emphasize this enough, do not tell me or any other tumblr user if you have data you are thinking about leaking or a hack you think you've pulled off. Don't talk about doing crime on the internet and definitely don't talk to me about it. Don't send an anonymous ask, don't send a private message. "The hacker or hacker-adjacent person I parasocially know from tumblr" is not a safe recipient for your leak and tumblr is not a secure or anonymous platform EVER.

buds, this is the wrong article to put under an email gate.

buds, this is the wrong article to put under an email gate.

ad in playboy november 1986

'bubblegum gem ring iii' by julia maria künnap, 2018 in ring redux: the susan grant lewin collection - ursula ilse-neuman (2021)

tiktoks with vine energy

Syd Mead (1933 - 2019)

You can have ingenuity when you understand what event logs are.

excuse me, i'm borrowing a work laptop and there's a wall to stop me from going to gaming sites. do you or anyone else have any suggestions to bypass the wall?

I would strongly recommend not trying to get around blocking rules on your work laptop because your work is almost certainly logging what happens on the laptop; if they check those logs at the very least you will no longer be allowed to borrow the laptop, and possibly you won't continue to have a work to borrow a laptop from.

Also, depending on how huge a deal anyone wants to make of this, it may be actually illegal to do this on someone else's computer (and even if they lent it to you, that is their computer, and what you are discussing is sometimes described as "unauthorized access" and is a no-shit crime; people also don't think that logging into an ex's email that they had the password to is a crime - it is. Don't do this shit)

You can do whatever you want on your own computer and your own network. If you are on somebody else's computer you have to follow their rules. This is annoying, but unless you are certain that you are good enough to do this in a way that will be completely undetectable to your employer, you shouldn't do this.

If you work someplace that provides you a computer for work, you should ONLY use that computer for work. Assume that your boss can see everything that you do on that work computer and act accordingly.

Life in plastic is fantastic

hey.

so i was sold a shit ton (7 really large trash bags full) of suffolk/hampshire cross fleece for $20 by a local farmer. it makes a lovely soft and sproingy yarn. not as soft as merino but still very nice imo

it is however very dirty

I am telling you this because if you are in the us (as i do not think i can ship this overseas) i am willing to send you an unskirted and unscoured fleece for the price of shipping if you dm me. will send numbers within reason as i do want to keep a fair amount of it. but i think there are about 30 fleeces. the chances of me processing and spinning it all before there are more next spring seems close to 0.

So dm me if you want one/part of one and we will work out the shipping.

Window Reflections - Kristie Bretzke , 2024.

American , b. 1978 -

oil on linen panel , 20 x 16 in.

In French they say "80 blaze it"

Btw, important blep.