665
submitted 9 months ago by misk@sopuli.xyz to c/technology@lemmy.world
top 50 comments
sorted by: hot top controversial new old
[-] dual_sport_dork@lemmy.world 311 points 9 months ago* (last edited 9 months ago)

I did a similar thing at a place I worked at. In order to go over the heads of insane management and actually get work done, rather than just have sugar cubes counted at me all day, I created an administrator account with the username of  .

Not blank. The character " ".

What, you can't see it? It's a non-breaking space. You can type one (on a Windows machine) by holding Alt and pressing 0160 on your number pad.

A shocking amount of "enterprise" software is not equipped to handle a non-breaking space, and will not detect it as a naughty character nor treat it as whitespace -- which is probably what should happen. So what you get is an invisible user, which is also helpfully sorted to the bottom of lists where no one will notice it, because its numerical index in character space is well below all the typical letters and numbers that'll be used for user account names. Does your software require a user name of greater-than-one character length? No problem, just type in a whole bunch of them.

Non breaking spaces can also mess with the formatting of systems with user-facing text input that'll regurgitate it later. Like, oh, forums. Or comment threads. Like this one. Even those that are "smart" and attempt to collapse repeated whitespaces into a single line break.

For instance.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Yeah, that sort of thing.

[-] punkwalrus@lemmy.world 93 points 9 months ago* (last edited 9 months ago)

I was burned afoul by a former admin who, instead of diagnosing why a mail service was failing, labeled a script as a /etc/cron.d file entry as "..." (three dots) which, unless you were careful, you'd never notice in an "ls " listing casually. The cron job ran a script with a similar name which he ran once every 5 minutes. It would launch the mail service, but simultaneous services were not allowed to run on the same box, so if it was running, nothing would happen, although this later explained hundreds of "[program] service is already running" errors in our logs. It was every 5 minutes because our solarwinds check would only notice if the service had been down for 5 minutes. The reason why the service was crashing was later fixed in a patch, but nobody knew about this little "helper" script for years.

Until one day, we had a service failover from primary to backup. Normally, we had two mail servers servers behind a load balancer. It would serve only the IP that was reporting as up. Before, we manually disabled the other network port, but this time, that step was forgotten, so BOTH IPs were listening. We shut down the primary mail service, but after 5 minutes, it came back up. The mail software would sync all the mail from one server to the other (like primary to backup, or reversed, but one way only). With both up, the load balancer just sent traffic to a random one.

So now, both IPs received and sent mail, along with web interface users could use. But now, with mail going to both, it created mass confusion, and the mailbox sync was copying from backup to primary. Mail would appear and disappear randomly, and if it disappeared, it was because backup was syncing to primary. It was slow, and the first people to notice were the scant IMAP customers over the next several days. Those customers were always complaining because they had old and cranky systems, and our weekend customer service just told them to wait until Monday. But then more and more POP3 customers started to notice, and after 5 days had passed, we figured out what had happened. And we only did Netbackups every week, so now thousands of legitimate emails were lost for good over 3000 customers. A lot of them were lawyers.

Oof.

[-] Kid_Thunder@kbin.social 41 points 9 months ago

I was shadow IT for a project and asked IT to design this special unconventional thing which of course they wouldn't. So I made this little embedded linux device to take care of it. Gave them the design and steps I made and all that. They were like "nah" so I told them to give me admin on their file server and switch and I'd just do it myself. So they did (lol?).

I had to create a service account, so instead of just having the system account do it on their file server because I figured that wouldn't be OK. I asked them how do I properly get a service account approved and they passed me to Cyber who had me submit a user request. It got denied because it didn't have a signed user agreement or a Sec+ or similar cert......

So I created a word doc that said "I am not a real person and therefore cannot sign any contracts. I am just software man." and exported it to PDF and named it the same name of the agreement file name. Did the same for the cert. They approved it.

Then nobody ever created the account because IT's helpdesk couldn't figure out how to do it. I think it was more that they probably didn't have an OU structure properly set up so they wanted some architect or something to weigh in.

Anyway, I just let System do it because, well I had been waiting months at that point. The service account probably still doesn't exist in AD. They then took my admin privs away and got credit from upper management for solving this odd problem that my stuff took care of.

Eventually they needed a more robust solution and also in a few more places since it worked well but they started slamming it a bit too hard with data. They wanted to just keep giving me specific rights and then take them away when I was done but also submit paperwork every single time to them to do it.

Apparently, I burnt bridges when I said "nah" as a Reply to All when they told me that. But who cares to have a bridge to nowhere anyway? As far as I know (since I still occasionally get a technical question about it) my little guy is still chugging away today, though I've moved on since then.

[-] electric@lemmy.world 13 points 9 months ago

I hope to be this based.

[-] wahming 23 points 9 months ago

A lot of them were lawyers.

I'm not seeing the downside here

load more comments (1 replies)
load more comments (1 replies)
[-] Moose@moose.best 65 points 9 months ago

I enjoy that the character that can break a lot of things is called the "non-breaking space".

[-] Rustmilian@lemmy.world 46 points 9 months ago
[-] Lemminary@lemmy.world 28 points 9 months ago
[-] Rustmilian@lemmy.world 10 points 9 months ago* (last edited 9 months ago)

? I'm using Mobile

 

 

 

 

 

 

 

 

I just copied the markdown and stuck it in a code block to make it visible.

[-] Lemminary@lemmy.world 5 points 9 months ago

I was joking lol

[-] kambusha@feddit.ch 45 points 9 months ago

Is this what chaotic good looks like?

[-] yamanii@lemmy.world 20 points 9 months ago

I only know about it because it was a popular way to make an invisible folder no the desktop, teens loved it for stuff.

[-] driving_crooner@lemmy.eco.br 11 points 9 months ago

I did a lot of web scrapping this week at work and it's looks like that character is used a lot on XPaths and CSS selectors. I only noticed it because VS Code put a yellow box around the character and give you a warning that that character is not a whitespace.

[-] RagnarokOnline@programming.dev 10 points 9 months ago

I love this

[-] Empricorn@feddit.nl 10 points 9 months ago

I can't tell if you're starting a cult. Whatever, I'm in...

[-] ndondo@lemmy.dbzer0.com 8 points 9 months ago

The software developer in me hates you. You're not wrong but still 😡

[-] Guest_User@lemmy.world 8 points 9 months ago

Where did you make the admin account if you don't mind me asking. You saying you made a local admin account or maybe an admin account in AD?

[-] roguetrick@kbin.social 6 points 9 months ago

Kbin didn't feel like translating your example.

[-] lowleveldata@programming.dev 6 points 9 months ago

That's interesting but what I really want to know is what kind of evil things you did with the invisible superpower

[-] Bassman1805@lemmy.world 5 points 9 months ago

Connect for Lemmy renders these as  

So it's at least acknowledging that there's something there.

load more comments (4 replies)
[-] jjjalljs@ttrpg.network 161 points 9 months ago

There was a brief period at an old job where people thought it was hilarious to change their name to other people in slack (or maybe hipchat? whatever we used at the time). Like, change your name to the team lead and be like "I smell like butts." Funny! HILARIOUS.

Until I asked 'What are you going to do when someone messages you instead of the person whose name you took with "I'm so sorry about your miscarriage. You can take off as much time as you need" or something else really private.

"Oh. I didn't think of that."

No shit.

Yes, I am a kill joy.

[-] PhlubbaDubba@lemm.ee 109 points 9 months ago

"IDENTITY THEFT ISN'T A JOKE JIM! MILLIONS OF FAMILIES SUFFER EVERY YEAR!"

[-] lechatron@lemmy.today 27 points 9 months ago
[-] Jerkface@lemmy.world 43 points 9 months ago

"Please give Mrs. Slackbot my condolences."

load more comments (2 replies)
[-] 800XL@lemmy.world 13 points 9 months ago

No, you're doing Ra's work. Thank you for your empathy.

[-] slaacaa@lemmy.world 64 points 9 months ago* (last edited 9 months ago)

We use MS Teams, and even if there’s so much shit you can throw at it for valid reasons (e.g. not working with AirPods Pro 2, wtf?) this could never happen, as our single MS Office account is linked throughout all the software/services we use (and of course you can’t change your name).

I don’t undertsand why a corporation would give up this kind of central account control and use a service, where - based on the article - most likely a poor IT admin guy has to manually search for the username of a leaving employee.

[-] Evotech@lemmy.world 27 points 9 months ago

It would've been connected to his email... You just need good offboarding routines

[-] soggy_kitty@sopuli.xyz 21 points 9 months ago

Ignorance and/or incompetence.

Thats your answer to "I don't understand why"

[-] Toribor@corndog.social 15 points 9 months ago* (last edited 9 months ago)

Slack Business/Enterprise supports SAML single sign-on. At any scale larger than a single team or two this is probably the better way of handling it, then the account gets disabled as soon as it's disabled in the identity provider. Otherwise if I remember right Slack accounts are tied to the email address and users can set their own display names. I used to administrate Slack for ~60 users but now we're on Teams.

[-] corsicanguppy@lemmy.ca 10 points 9 months ago

a poor IT admin guy has to manually search for the username of a leaving employee.

Your comment suggests you think IT Admins are told about departing employees, timely or at all.

HR doesn't trust Staff with that knowledge, even if that Staff member needs to disable an account because we must act quickly to protect the company against the same horrible criminals who enjoyed free reign and ultimate trust as the paragons of virtue they were the MOMENT before they were fired.

[-] Rakonat@lemmy.world 6 points 9 months ago

I don't even work in that sector and HR is the exact same here. Employee did something horribly egregious that got them fired? You're lucky if their supervisor was informed to take them off the schedule. No reason given, just they no longer work here. Did they quit? They no longer work here. Did they get fired? They no longer work here. Can I tell my staff what they did wrong so they don't get fired on short notice? They no longer work here, but you can't tell your staff. WHY THE FUCK NOT?!

load more comments (1 replies)
[-] douglasg14b@lemmy.world 9 points 9 months ago* (last edited 9 months ago)

Our enterprise has all of that automated, who's searching for names manually in any business of nontrivial size....?

This can, and should, be scripted.

[-] cuppaconcrete@aussie.zone 5 points 9 months ago

Exactly, most services can be tied into a central authentication system/SSO and can automatically be disabled upon disabling an SSO user.

[-] Shadow@lemmy.ca 64 points 9 months ago

Maybe if slack didn't have an SSO tax, it wouldn't be an issue.

[-] fartsparkles@sh.itjust.works 33 points 9 months ago

I’m honestly baffled this is a thing (but appreciate learning the condemning phrasing of “SSO Tax”).

We implemented federated auth support for Entra, ADFS, and OIDC straight out the gate in our project. It’s just a base platform feature, regardless of tier. Charging for it would be like charging for MFA/2FA. I mean, it’s great for us. I’d prefer if everyone used the feature. What the utter fuck are some vendors thinking?

[-] Shadow@lemmy.ca 18 points 9 months ago

Tell me about it. Github goes from $4 to $21 per user per month, and the only feature I want is sso.

[-] RecallMadness@lemmy.nz 13 points 9 months ago

I suspect it’s a cost/capability/requirements thing.

The larger the corporation, the more likely they’re going to have SSO as a minimum requirement. The more inflexible your customers are, the more you can charge.

load more comments (2 replies)
load more comments (2 replies)
[-] ipkpjersi@lemmy.ml 40 points 9 months ago

That's why companies use SSO, so when they lay off someone, they just have to disable one account.

[-] Cort@lemmy.world 8 points 9 months ago

Also easier than resetting passwords for 15 different sites and accounts because a user lost their post-it note

[-] Fullest@sh.itjust.works 8 points 9 months ago* (last edited 9 months ago)

Not necessarily to justify Gizmodo in this instance, but Slack does paywall their SSO feature behind their Business+ Plan, which seems to currently run $12.50/mo/user, which is about a 70% increase from their next pricing tier. See: https://slack.com/pricing

Given the price difference I wouldn't be surprised if they didn't want to pay for that.

Edit: someone later in the thread linked this page which helps explain why this is generally a bad practice https://sso.tax/

load more comments (1 replies)
[-] elbucho@lemmy.world 27 points 9 months ago* (last edited 9 months ago)

Oh hey - catturd2; isn't that that sycophantic piece of shit who fawns all over Elon Musk every chance he gets? Maybe it's a different catturd2 on bluesky.

Edit: Actually, yeah; it does look like it's a different person entirely:

[-] elliot_crane@lemmy.world 28 points 9 months ago* (last edited 9 months ago)

I’m pretty sure I’ve seen this guy being a total shithead on Twitter before. One sec..

Edit: yep, catturd2 is a MAGA cultist - https://lemmy.world/comment/6563244

Edit 2: I took one for the team and checked bluesky catturd2’s profile on Twitter and it looks pretty anti-MAGA; there’s a couple tweets that address: cops hiding their badge numbers (bluesky catturd2 is against this), Twitter being a conservative cesspool, and generally talking shit about the trump family. I wonder if bluesky catturd2 intentionally co-opted the name to troll Twitter catturd2.

[-] thesporkeffect@lemmy.world 7 points 9 months ago

It's a podcaster and/or journalist who is not actually catturd2 doing a bit

load more comments (1 replies)
load more comments (1 replies)
[-] BehindTheBarrier@programming.dev 16 points 9 months ago

Our company did a thing like this, focusing on the manager and above. They got password and authenticator codes out of them and admin access to the slack...

Good method to have users learn about critical thinking.

[-] Bishma@discuss.tchncs.de 9 points 9 months ago

"Have a Slack-ly day" was a nice touch

[-] Paragone@lemmy.world 8 points 9 months ago

This should be under BOFH, for Bastard Operator From Hell, the Register concept..

yEEEks, people..

[-] scytale@lemm.ee 7 points 9 months ago

Centralized identity and federation with proper account deactivation/termination procedures folks.

[-] jqubed@lemmy.world 5 points 9 months ago

This really isn’t newsworthy, but it is funny

load more comments
view more: next ›
this post was submitted on 23 Feb 2024
665 points (98.7% liked)

Technology

59598 readers
4636 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS