That’s interesting. I’ve not had that sort of issue. On my phone (Android), my son’s laptop (Windows) and my desktop (Arch Linux) the NextCloud clients all sync perfectly and run at start up. Granted, knowing that the Linux landscape is fractured, I wouldn’t be overly surprised if the client had issues on some flavors of Linux.

If you are willing to self-host, I’ve found Nextcloud integrates well in Linux. I had been using it before I made the switch and it worked out just fine afterwards. I originally set it up to have a cloud-sync option for my phone, which didn’t mean passing everything through Google first. But, it also proved to be a handy way to sync files on my desktop as well.
It just shows up as another folder on my system and Libre Office is happy to work on files from there (with some permissions fiddling due to flatpak).

Every new “feature” I hear about in Windows Privacy Invasion Goes to 11, the happier I am that I switched to Linux. It’s been mostly smooth and games have just worked. Though I know that much of that is because of Proton.

I may be wrong but I figure if it’s on Fox

Oddly enough, polling is the one area where Fox News isn’t a complete shit show. 538 has consistently rated them highly throughout the years. In this case, the poll was run by Beacon Research/Shaw & Co. 538’s pollster ratings have them at #15, with a 2.8 rating out of 3.0. While it’s proper to be skeptical of anything with the Fox name attached, this is one of those areas where you can accept the poll at face value. That said, it’s still June and polls this far out are wildly bad at predicting the final outcome. They are better as a barometer of current sentiment and may help candidates to calibrate their messaging and campaigns as we get closer to the election. Also, a 1-2 point “lead” is almost certainly within the margin of error. So, this poll is really saying “it’s a dead heat” and drawing anything more of a conclusion is more of a rorschach test than anything.

I actually didn’t know that about the game, I just linked to the articled to provide details. Given the time the game was written, I suspect it was to make the music a bit more complicated. Game “Music” at the time could leave something to be desired. I played a lot of games with just a PC Speaker, which means that all of the sounds were mostly just different beeps. However, we also didn’t know any better at the time and just enjoyed it for what it was.

I’ll throw out one from my youth that I think would be really good to see updated:
Sentinel Worlds I: Future Magic. It was a very early space RPG which was way ahead of it’s time. Something like the recent Heat Signature kinda reminds me of it, though it lacks the scope and depth of combat.

It’s down to the expected use case.
If you have some reason to want portability, like you travel for work or expect to want to game at a place other than you home, then a laptop is likely the right choice.
If you only expect to game at home and don’t have a need to constantly move your system around, a desktop is usually a better “bang for the buck”.

Personally, I don’t travel and don’t have a need to move my gaming rig around. I also like having the ability to upgrade in a piecemeal fashion. So, I have a desktop. This particular PC of Theseus has been going for a decade and a half now and shows no sign of stopping.

I just kinda “fell” into IT. In terms of college, I hold an Associates Degree in Math/Science from a community college; so, slightly more than nothing, but only just. I was very lucky in that my father spent an insane amount of money in the early 80’s to buy a computer and then turned me loose on it. I was doing simple programming in GW-Basic by the time I was a teenager and got pretty good at making boot disks to play games. I just became that kid who “knew computers”. After leaving college, a friend of mine convinced me to put a resume in at the company he worked for. They needed a computer tech and I fit the bill. From there it was a long sequence of job hops every 3-5 years until I ended up as a sysadmin dealing with mostly Windows systems, Active Directory, Exchange and SQL. Plus, anything else which just needed someone to “figure it out”. That eventually landed me at a gig working as a sysadmin at a US FedGov site (which is why I got my CISSP). There I often worked closely with the cybersecurity team, as they would need stuff done on the domain, and I would get it done. When they had an opening on their team, they did everything short of drag me into the office to apply for that spot. I worked in cybersecurity for that site until a bit after the COVID pandemic when I got a message on LinkedIn about a “FULLY REMOTE” (yes, the message put that all in caps) position. I was curious and applied. I now work from home, reading other peoples’ email and trying to keep the network secure for a Fortune 500 company.

The best advice I can offer is: keep learning and never be afraid to just try.
A lot of my career is based around “oh shit, it’s broke. Here sylver_dragon, you figure it out.” I loved logic puzzles as a kid and now I basically do them for a living. I would also recommend nurturing professional relationships and don’t burn bridges you don’t need to. That friend, who got me my first IT job was also pivotal, about a decade later, in getting me to apply to a different company he worked for at the time. When I put my resume in, it passed through the hands of several different people, people whom I had worked with at that first job. Between my performance and them knowing what type of person I was, everyone one of them said, “yup, hire this guy”. Having good working relationships now can pay a lot of dividends in the future.

I currently work in cybersecurity in a Senior Incident Response role. Fair warning, my opinion is biased by my own route into cybersecurity and the fact that I deal with incidents and not managing people. Though, I do get involved in interviewing and hiring. I’d say you have a good start at it. While I am sure I will be accused of gatekeeping, I much prefer working with analysts who have spent time in help desk and even as a sysadmin/netadmin. It helps if you have a good understanding of how systems and networks work. I don’t expect new analysts to just jump into Wireshark and start reading through packets with me (I’m a weirdo who really enjoys that), but I will assume that I can talk, at a high level, about TCP/UDP, LDAP, SMB/CIFS, RDP or SSH and they won’t be completely lost. Though, no one is expected to know everything and we all have our weak spots; so, don’t be intimidated if any of that acronym soup isn’t instantly familiar. Everyone is Googling stuff constantly. You’ll memorize some of it due to repetition, but never be afraid to ask questions.

The last time my company was hiring for the SOC, the number one thing I was looking for in interviews was some evidence of an inquisitive mind. Someone geeking out over their home lab, TryHackMe or stuff like that was a sure-fire way to get my vote. I tend to be ambivalent about certs. I had some Windows 2000 certs (technically, those don’t expire, but ya…), a Sec+ (it’s expired) and an active CISSP (mile wide, inch deep, only useful for impressing hiring managers). I took a week long, in person training for the CEH but never took the test due to the COVID pandemic. Also, if the course (an official EC-Council course) was anything to judge by, that cert is just high-grade bullshit. I also have dealt with far too many “paper tigers” in my career to fall over swooning when someone has a bunch of alphabet soup behind their name. So, while I would recommend getting some certs, hiring managers love them, don’t get too caught up on them. You’ll learn far more just breaking stuff and troubleshooting it. The Net+/Sec+ duo is usually a good start.

On coding skills, I do recommend getting some ability to read/write code. The language isn’t super important. Python is a good one to have some literacy in, it gets used everywhere. But, unless you are going to push heavily into security development, you don’t need to be at the same level as a developer. If you can pop open exploits in exploit-db.com and make sense of what they are doing, and be sure the code isn’t going to root your test box, that’s usually enough.

Let me also recommend that you work to keep your communications/writing skills sharp. A lot of what one does in cybersecurity revolves around getting other people to do stuff. You will be regularly writing reports and needing to convince people to do stuff and/or explaining why you just kicked their system off the network. It really sucks to read incident reports from someone whose grasp of the language is lacking. Get in the habit of documenting what you do, taking screenshots, and writing in clear, concise language. You don’t need to be Shakespeare, but at least get your spelling right (spell check exists, use it), and get the basics of grammar down. If you hand me a resume with there/their/they’re mixed up, you’re going to walk into an interview with negative marks already against you.

On the upshot, now is a fantastic time to be getting into cybersecurity. Organizations are desperate to hire trained people and some will be willing to roll the dice on a less experienced analysts who shows potential. Feel free to ask questions, I enjoy what I do most days and am happy to talk about it.

Well, unlike the vast majority of pundits and other forecasts FiveThirtyEight had Trump at about a 28.6% chance to win, and was catching all kinds of shit over it. While you would still expect a 70-30 favorite to win a majority of the time, sometimes the dice do come up craps. So ya, while I wouldn’t take his word as gospel, he did predict Trump to flame out in the 2016 GOP Primary after all, he’s also pretty good at evaluating polling data and is probably worth taking seriously.

And let’s be honest here, the fact that Biden is somewhere between tied and a slight underdog to Trump is bad, really fucking bad. If Biden had been willing to swallow his ego a year and a half ago, and bow out of the race, we might have had a much better candidate at this point. With his numbers slipping and his approval rating being so low, it’s hard to believe we would have had worse. Of course, were he taken out behind the shed now, that could result in a lot of chaos, which could be worse for any resultant candidate. So, it may now be that Democrats are committed to Biden and just have to hope things improve for him. But, with the DNC convention yet to be held and the Democratic Candidate yet to be officially named, it may still be worth considering the metaphorical Old Yeller option.

I have to believe the actual poll and report aren’t as glaringly stupid as that headline. If you ask nearly anyone, “do you want peace?” They are going to respond with “yes.” The devil is always in the details though. Ask them, “should the war in Ukraine be ended by the Ukrainian Government capitulating to all Russian demands to secure an immediate peace?” And, you might find a lot of folks are suddenly less peaceful. This reminds me of the old saw:
There’s lies, damned lines and then there is statistics.

With a crafted question and a bit of p-hacking you can get a lot of results you want out of people.

I don’t know about “perfect” but I’ve found a career (cybersecurity) that I can take some satisfaction from. Would I keep doing it, if I won the lottery tomorrow? Fuck no. I’d be out the door and sitting on a beach somewhere doing fuck all. But, I’m pretty good at it, don’t mind doing the work 8 hours a day, and it pays well enough that I can occasionally go sit on a beach somewhere doing fuck all.

My experience has been pretty similar. With Windows turning the invasive crap up to 11, I decided to try and jump to Linux. The catch has always been gaming. But, I have a Steam Deck and so have seen first hand how well Proton has been bridging that gap and finally decided to dip my toes back in. I installed Arch on a USB 3 thumbdrive and have been running my primary system that way for about a month now. Most everything has worked well. Though, with the selection of Arch, I accepted some level of slamming my head against a wall to get things how I want them. That’s more on me than Linux. Games have been running well (except for the input bug in Enshrouded with recent major update, that’s fixed now). I’ve had no issues with software, I was already using mostly FOSS anyway. It’s really been a lot of “it just works” all around.

So, one thing to consider is that “how bad it gets” can be directly related to how well people and governments prepare. For example, if the CDC starts work on having vaccines made and stockpiled now, they may be able to react quickly and decisively to any outbreaks as they happen and prevent them from growing to a pandemic level. If infections are kept to low levels and the CDC ultimately has a lot of left over vaccines, did it “over react”? It’s actually a hard question to answer, because it’s entirely possibly that the end result was a direct result of that stockpiling and rapid reaction, leading to some level of wastage. However, had those precautionary steps not been taken, shit would have hit the fan.

We had something similar back with the Y2K Bug was being talked about. Companies lost their shit over it. But, when the date finally rolled over, it seemed to be a huge nothing-burger. Part of the reason it was such a nothing-burger was the fact that companies actually did a lot of work to validate and fix software before the date roll over. So, in retrospect, lots of people talk about the Y2K bug like it was all hype. But, had action not been taken ahead of time, it really would have caused a lot of problems.

This is the perennial problem with proactive fixes, if they are done right, people won’t be sure you have done anything at all. So, it is often difficult to get people to prioritize future problems. Even when the cost to fix those problems now will be vastly less than waiting until the problem actually arrives.

So no, I don’t think it’s “overblown” per se. It something that governments and health organizations should be tracking and should be working to have plans and resources available for. On a personal level, not much is changing. It’s not currently at a level that I feel I need to make major lifestyle changes to avoid. The CDC puts the risk as currently low, and has seen no cases of human to human transmission. If any of that changes, I’ll re-evaluate.

Warning: Spoilers Ahead

If you played the “evil” plotline, there is a point where Mission (the Twi’lek girl) is telling you how horrible you are and one of your options is to get her best friend Zaalbar (a wookie) to kill her. By this point he owes you a life debt and is honor bound to do what you say. For as terrible as “evil” plotlines tend to be in games, that was an amazingly well done moment.

It’s nice to see us reaching a tipping point where the market forces are no longer pushing so hard away from EVs. And it provides a good, texbook example, of the government stepping in to promote a better technology, until that technology can be fully competitive on it’s own.

That might be an optional requirement which can be set by the admins. On my phone (Android) I have disabled location permissions for the MS Authenticator app. I have no issues logging in. I also regularly have to deal with alerts for users with improbable geographic logins, because they have a VPN on their phone. So, they login from their PC from one location and then their phone logs into Azure from the other side of the planet moments later.

I work in cybersecurity for a large company, which also uses the MS Authenticator app on personal phones (I have it on mine). I do get the whole “Microsoft bad” knee-jerk reaction. I’m typing this from my personal system, running Arch Linux after accepting the difficulties of gaming on Linux because I sure as fuck don’t want to deal with Microsoft’s crap in Windows 11. That said, I think you’re picking the wrong hill to die on here.

In this day and age, Two Factor Authentication (2FA) is part of Security 101. So, you’re going to be asked to do something to have 2FA working on your account. And oddly enough, one of the reasons that the company is asking you to install it on your own phone is that many people really hate fiddling with multiple phones (that’s the real alternative). There was a time, not all that long ago, where people were screaming for more BYOD. Now that it can be done reasonably securely, companies have gone “all in” on it. It’s much cheaper and easier than a lot of the alternatives. I’d love to convince my company to switch over to Yubikeys or the like. As good as push authentication is, it is still vulnerable to social engineering and notification exhaustion attacks. But, like everything in security, it’s a trade off between convenience, cost and security. So, that higher level of security is only used for accessing secure enclaves where highly sensitive data is kept.

As for the “why do they pick only this app”, it’s likely some combination of picking a perceived more secure option and “picking the easiest path”. For all the shit Microsoft gets (and they deserve a lot of it), the authenticator app is actually one of the better things they have done. SMS and apps like Duo or other Time based One Time Password (TOTP) solutions, can be ok for 2FA. But, they have a well known weakness around social engineering. And while Microsoft’s “type this number” system is only marginally better, it creates one more hurdle for the attacker to get over with the user. As a network defender, the biggest vulnerability we deal with is the interface between the chair and the keyboard. The network would be so much more secure if I could just get rid of all the damned users. But, management insists on letting people actually use their computers, so we need to find a balance where users have as many chances as is practical to remember us saying “IT will never ask you to do this!” And that extra step of typing in the number from the screen is putting one more roadblock in the way of people just blinding giving up their credentials. It’s a more active thing for the user to do and may mean they turn their critical thinking skills on just long enough to stop the attack. I will agree that this is a dubious justification, but network defenders really are in a state of throwing anything they can at this problem.

Along with that extra security step, there’s probably a bit of laziness involved in picking the Microsoft option. Your company picked O365 for productivity software. While yes, “Microsoft bad” the fact is they won the productivity suite war long, long ago. Management won’t give a shit about some sort of ideological rejection of Microsoft. As much as some groups may dislike it, the world runs on Microsoft Office. And Microsoft is the king of making IT’s job a lot easier if IT just picks “the Microsoft way”. This is at the heart of Extend, Embrace, Extinguish. Once a company picks Microsoft for anything, it becomes much easier to just pick Microsoft for everything. While I haven’t personally set up O365 authentication, I’m willing to bet that this is also the case here. Microsoft wants IT teams to pick Microsoft and will make their UIs even worse for IT teams trying to pick “not Microsoft”. From the perspective of IT, you wanting to do something else creates extra work for them. If your justification is “Microsoft bad”, they are going to tell you to go get fucked. Sure, some of them might agree with you. I spent more than a decade as a Windows sysadmin and even I hate Microsoft. But being asked to stand up and support a whole bunch because of shit for one user’s unwillingness to use a Microsoft app, that’s gonna be a “no”. You’re going to need a real business justification to go with that.

That takes us to the privacy question. And I’ll admit I don’t have solid answers here. On Android, the app asks for permissions to “Camera”, “Files and Media” and “Location”. I personally have all three of these set to “Do Not Allow”. I’ve not had any issues with the authentication working; so, I suspect none of these permissions are actually required. I have no idea what the iOS version of the app requires. So, YMMV. With no other permissions, the ability of the app to spy on me is pretty limited. Sure, it might have some sooper sekret squirrel stuff buried in it. But, if that is your threat model, and you are not an activist in an authoritarian country or a journalist, you really need to get some perspective. No one, not even Microsoft is trying that hard to figure out the porn you are watching on your phone. Microsoft tracking where you log in to your work from is not all that important of information. And it’s really darned useful for cyber security teams trying to keep attackers out of the network.

So ya, this is really not a battle worth picking. It may be that they have picked this app simply because “no one ever got fired for picking Microsoft”. But, you are also trying to fight IT simplifying their processes for no real reason. The impetus isn’t really on IT to demonstrate why they picked this app. It is a secure way to do 2FA and they likely have a lot of time, effort and money wrapped up in supporting this solution. But, you want to be a special snowflake because “Microsoft bad”. Ya, fuck right off with that shit. Unless you are going to take the time to reverse engineer the app and show why the company shouldn’t pick it, you’re just being a whiny pain in the arse. Install the app, remove it’s permissions and move on with life. Or, throw a fit and have the joys of dealing with two phones. Trust me, after a year or so of that, the MS Authenticator app on your personal phone will feel like a hell of a lot better idea.

I know this is just being silly, but stop and think about the difference in scale between a yacht and the larger ships in the ocean. There was a recent case of a cruise ship showing up at port with a whale over it’s bow. The ship rammed a whale, effectively beached it on the bulbous bow and no one on the ship noticed. And then you have things like an Eisenhower Class Aircraft Carrier. At over 1000 feet long, 250 feet wide and displacing over 100,000 tons the sheer scale of the ship is hard to imagine without seeing it. Imagine taking a sky scraper, tipping it on it’s side and floating that out to sea. That’s what we’re talking about. You could have 10 large blue whales laid out tip to tail along the length of the carrier. An entire pod of whales ramming such a ship would just result in whales with concussions. And then CWIS goes brrr….

Whales, dolphins and other marine animals are amazing, but their scale and coordination pales in comparison to what humans do. We have basically no natural weapons or advantages in strength or speed. But, we dominate the planet because we can plan far ahead and work in groups much larger than a local tribe. We also harness energy in ways well beyond what animals do. Even something as simple as fire is outside the ability of other animals to create and use effectively.

If I have seen further than others, it is by standing upon the shoulders of giants.

Humans don’t exist in a vacuum, even if we think something is wholly our own, original idea, it likely pulled in stuff we don’t even know it pulled in. This doesn’t take away from the individual contribution of that inventor. There are lots of people who will see something and not think anything special about it. But, sometimes the right person sees the right thing and it kicks off a series of connections in their brain and they come up with something novel. But for that particular person’s unique set of experiences, that novel thing may not have been created.