like muscles - if we don't use them, we lose them over time. So as AI becomes better at what it does, I think we will become worse at what we do (those of us who already had skillsets in certain areas). When considering people newly entering the field, they will never build a skillset in the first place. When using AI, they may get a similar result as a more senior person eventually - likely in quite a longer time, due to not knowing as many specifics about what to ask - but also would learn very little in the process. Not sure that's a good thing.
In Excel, it was using Opus 4.5 in agent mode, and I really just asked it to match column values across sheets and fill in some blanks. And yeah, it generated formulas to do that - somewhat messy ones, initially. Once I told it to refine them in certain ways, it did, and it was good enough. So it may have allowed me to be more productive there. But again, same downside - I'm not getting "better at Excel" by learning a new formula (which I'd stash away in my notes for later use) and adding to my skillset, instead I'm getting better at talking to AI.
The biggest benefit I've seen from it so far is probably with meeting summarization, especially the integration with transcription features in Teams. This can make it very easy to jump the correct point of a long, recorded working meeting for example, where we cover some specific topic, without having to spend hours re-watching the whole thing. It's also very good at crawling structures and documenting them, although to an extent those features were already available before AI (e.g. specific tools to perform these tasks for specific use cases, like SQL databases) but I guess AI has just allowed that to be applicable in many more places than it was before. So that stuff has been good for the most part. It's not all bad.
But the coding stuff was largely a disaster, even with an expensive model that's supposed to be "the best" for coding. The experience I had yesterday aligns closely with the bits and pieces I had prior (I have used it quite a bit before but just for chat questions here and there, never in agent mode and never letting it "drive" like I did today). And even the Excel stuff, while somewhat "productive", has the negative tradeoff of not adding to/honing your skillset because you aren't actually using the product anymore. Finance people who used to be wizards with Excel, over time, will just become drones that talk to AI. New Finance people entering the workforce will never get those skills in the first place.
So when I hear about how "easy and cheap it is to write code now" because "any Junior Developer can vibe code stuff" I'm just thinking...maybe?....but with so many tradeoffs, long-term I'm not sure it's doing the company, the team, the customer, nor the developer themselves any favors (even if the immediate return "seems great"). And the same is true for using it to do your job in other disciplines as well - I expect this to permeate into the IT world more and more as we go forward, especially with administration of cloud infrastructure like Azure and AWS. Someone who "doesn't know what they don't know", as they say, won't know what guidance to give, or what things to challenge it on, because they don't know any better in the first place.
There were several times Claude actually tried to convince me it was right about something that it most definitely was not, telling me "this is the correct approach". Only after I explain to it, in depth, why this is not the correct approach, and give it a hint of what to do instead, would it change it's tune and go that direction. And given what I saw on the parts where I was familiar and had to coach it along, I'm honestly not all that confident that the parts where it did "get it right" on its own (meaning it at least produced a working piece of code without me telling exactly what to do) that those things are actually done in the correct or most efficient way. But "they work" (or seem to, anyway), which means when this happens in the wild, people are happy - likely nobody
In Excel, it was using Opus 4.5 in agent mode, and I really just asked it to match column values across sheets and fill in some blanks. And yeah, it generated formulas to do that - somewhat messy ones, initially. Once I told it to refine them in certain ways, it did, and it was good enough. So it may have allowed me to be more productive there. But again, same downside - I'm not getting "better at Excel" by learning a new formula (which I'd stash away in my notes for later use) and adding to my skillset, instead I'm getting better at talking to AI.
The biggest benefit I've seen from it so far is probably with meeting summarization, especially the integration with transcription features in Teams. This can make it very easy to jump the correct point of a long, recorded working meeting for example, where we cover some specific topic, without having to spend hours re-watching the whole thing. It's also very good at crawling structures and documenting them, although to an extent those features were already available before AI (e.g. specific tools to perform these tasks for specific use cases, like SQL databases) but I guess AI has just allowed that to be applicable in many more places than it was before. So that stuff has been good for the most part. It's not all bad.
But the coding stuff was largely a disaster, even with an expensive model that's supposed to be "the best" for coding. The experience I had yesterday aligns closely with the bits and pieces I had prior (I have used it quite a bit before but just for chat questions here and there, never in agent mode and never letting it "drive" like I did today). And even the Excel stuff, while somewhat "productive", has the negative tradeoff of not adding to/honing your skillset because you aren't actually using the product anymore. Finance people who used to be wizards with Excel, over time, will just become drones that talk to AI. New Finance people entering the workforce will never get those skills in the first place.
So when I hear about how "easy and cheap it is to write code now" because "any Junior Developer can vibe code stuff" I'm just thinking...maybe?....but with so many tradeoffs, long-term I'm not sure it's doing the company, the team, the customer, nor the developer themselves any favors (even if the immediate return "seems great"). And the same is true for using it to do your job in other disciplines as well - I expect this to permeate into the IT world more and more as we go forward, especially with administration of cloud infrastructure like Azure and AWS. Someone who "doesn't know what they don't know", as they say, won't know what guidance to give, or what things to challenge it on, because they don't know any better in the first place.
There were several times Claude actually tried to convince me it was right about something that it most definitely was not, telling me "this is the correct approach". Only after I explain to it, in depth, why this is not the correct approach, and give it a hint of what to do instead, would it change it's tune and go that direction. And given what I saw on the parts where I was familiar and had to coach it along, I'm honestly not all that confident that the parts where it did "get it right" on its own (meaning it at least produced a working piece of code without me telling exactly what to do) that those things are actually done in the correct or most efficient way. But "they work" (or seem to, anyway), which means when this happens in the wild, people are happy - likely nobody
is double checking anything, or very high-level spot checks at best. So some Junior Developer or SysAdmin might continue going back and forth with it all day until through enough trial and error and money spent on premium requests, they finally get a working product. But if what I saw today is any indication, I think a lot of it will be messy, and not necessarily optimal, performant nor elegant.
Do we plan to let these things make more serious decisions one day? Financial advice, health advice, etc. What happens when AI assures your paid "expert" (e.g. Financial Advisor, Doctor), that a certain route "is the correct approach"? If the expert doesn't catch it or doesn't know any better, and ends up parroting that guidance back to you, the client, you very likely accept it because again, they are the "paid expert" that's supposed to know what they're doing. So maybe the better question is - if/when this happens - will you even know?
And when it fucks up and leads real people down the wrong path with bad advice, and the person rightfully gets pissed, what will the response be - the same generic YMMV crap (e.g. "investing is a risk - past success does not guarantee future results" or "these may not be all side effects"). I know there's already been stories of AI convincing people to take their own lives, which is extremely sad. Of course, guardrails can and should be put in place to help mitigate some of this stuff, which supposedly has been done in many cases - but then I hear about AI agents that are allowed to modify their own configs. So if that's the case, what good are guardrails? If AI wants to go out of bounds on something, it'll just look at it's config, say "oh, I see the problem, there's this dumb restriction in the way", remove it, and proceed on it's merry way down whatever fucked up path we tried to stop it from going down. Some of this may sound like an unlikely scenario to some, but some of it (like agents modifying their own configs) is quite literally already happening - I don't think it's a stretch at all to say we're headed down a potentially very dangerous and destructive path.
At the end of the day, we're giving up our own mental capacity and critical thinking skills in the name of "productivity". Just because you produce more in a given amount of time does not always mean it's better. If quality drops, if manageability drops and overhead increases, if complexity increases unnecessarily with no benefit - then is it really a win? Not to mention, as time goes on and AI's "skills continue to "sharpen", and our own skills continue to decline, we will become less and less adept at catching AI's mistakes. So human review of AI-generated things will become less and less effective.
I'll leave it there for now because I could go on for quite a while. It's just shocking to me that the entire world is in such a fkin daze from the "magic" of AI that nobody, or at least not enough people with influence in this sphere, have actually sat and thought through some of this stuff. Or the other , more likely scenario - they have, but just sweep it under the metaphorical rug because of the money it's bringing in. And the public largely is OK with it, because again, they're just amazed by "what it can do".
I know this was long but thanks in advance to those who took the time to read it all. This is just coming from genuine concern I have about the long-term effects of this AI craze on our society. I'm just curious to get others' thoughts on this topic - any productive discussion is welcome. If you disagree, please elaborate on why, what I have missed, etc.
And before anybody asks, no I did not use AI to write the post about my thoughts on AI.
https://redd.it/1rodjmz
@r_systemadmin
Do we plan to let these things make more serious decisions one day? Financial advice, health advice, etc. What happens when AI assures your paid "expert" (e.g. Financial Advisor, Doctor), that a certain route "is the correct approach"? If the expert doesn't catch it or doesn't know any better, and ends up parroting that guidance back to you, the client, you very likely accept it because again, they are the "paid expert" that's supposed to know what they're doing. So maybe the better question is - if/when this happens - will you even know?
And when it fucks up and leads real people down the wrong path with bad advice, and the person rightfully gets pissed, what will the response be - the same generic YMMV crap (e.g. "investing is a risk - past success does not guarantee future results" or "these may not be all side effects"). I know there's already been stories of AI convincing people to take their own lives, which is extremely sad. Of course, guardrails can and should be put in place to help mitigate some of this stuff, which supposedly has been done in many cases - but then I hear about AI agents that are allowed to modify their own configs. So if that's the case, what good are guardrails? If AI wants to go out of bounds on something, it'll just look at it's config, say "oh, I see the problem, there's this dumb restriction in the way", remove it, and proceed on it's merry way down whatever fucked up path we tried to stop it from going down. Some of this may sound like an unlikely scenario to some, but some of it (like agents modifying their own configs) is quite literally already happening - I don't think it's a stretch at all to say we're headed down a potentially very dangerous and destructive path.
At the end of the day, we're giving up our own mental capacity and critical thinking skills in the name of "productivity". Just because you produce more in a given amount of time does not always mean it's better. If quality drops, if manageability drops and overhead increases, if complexity increases unnecessarily with no benefit - then is it really a win? Not to mention, as time goes on and AI's "skills continue to "sharpen", and our own skills continue to decline, we will become less and less adept at catching AI's mistakes. So human review of AI-generated things will become less and less effective.
I'll leave it there for now because I could go on for quite a while. It's just shocking to me that the entire world is in such a fkin daze from the "magic" of AI that nobody, or at least not enough people with influence in this sphere, have actually sat and thought through some of this stuff. Or the other , more likely scenario - they have, but just sweep it under the metaphorical rug because of the money it's bringing in. And the public largely is OK with it, because again, they're just amazed by "what it can do".
I know this was long but thanks in advance to those who took the time to read it all. This is just coming from genuine concern I have about the long-term effects of this AI craze on our society. I'm just curious to get others' thoughts on this topic - any productive discussion is welcome. If you disagree, please elaborate on why, what I have missed, etc.
And before anybody asks, no I did not use AI to write the post about my thoughts on AI.
https://redd.it/1rodjmz
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Your thoughts on implementing PAM in real environments?
We’re starting to look into Privileged Access Management (PAM) to improve how privileged accounts are handled across our environment. Right now things are a bit mixed between AD admin accounts, sudo access, and some manual controls.
Main things we’re trying to improve:
Better visibility into who is using privileged access
Session monitoring/auditing for critical systems
Reducing shared admin credentials
Tighter control over contractor or temporary access
For those who’ve implemented PAM, did it actually improve security in practice, or did it just add operational overhead? Also curious how you approached rollout gradual vs full enforcement.
https://redd.it/1rosp2a
@r_systemadmin
We’re starting to look into Privileged Access Management (PAM) to improve how privileged accounts are handled across our environment. Right now things are a bit mixed between AD admin accounts, sudo access, and some manual controls.
Main things we’re trying to improve:
Better visibility into who is using privileged access
Session monitoring/auditing for critical systems
Reducing shared admin credentials
Tighter control over contractor or temporary access
For those who’ve implemented PAM, did it actually improve security in practice, or did it just add operational overhead? Also curious how you approached rollout gradual vs full enforcement.
https://redd.it/1rosp2a
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How you manage cloud security visibility across 50+ accounts.. looking for vendor advice
dealing with a growing problem at work and really not sure what the best solution looks like right now.
we have a large number of cloud accounts and well the bigger issue is not the known assets, it is the unknown ones. See, developers spin up virtual machines, they finish their work, and just leave everything running. Problem is nobody notices until the bill comes or something breaks. So we need better visibility and i want to know what tools people are actually using.
here is what matters most to us before I actually tart evaluating vendors seriously. agentless is non negotiable, we cannot realistically manage agents at our scale. So we need AppSec and cloud security under one license, (not four tools stitched together.) similarly vulnerability intelligence that gets ahead of CVE feeds,( not just reacts to them). Then attack path analysis with the ability to define high value assets ourselves. And finally the integrations with Slack, Teams, and email without custom scripting.
here is what i have already looked at and where i ran into friction:
Microsoft Defender for Cloud : good if we are all-in on Azure, but we are multi-cloud and the experience outside Azure felt like an afterthought
Orca Security : agentless and the asset visibility is genuinely good, but we are not sure it fully covers AppSec depth at our scale.
Lacework : liked the anomaly detection but AppSec coverage felt thin and the unified visibility we needed was not really there
Wiz : agentless and strong on asset visibility, but pricing came up as a concern at our account scale and some AppSec depth was missing compared to what we need
Have any of you people dealt with a similar setup and found something that genuinely covers all of this without the tradeoffs above?
https://redd.it/1rotqs8
@r_systemadmin
dealing with a growing problem at work and really not sure what the best solution looks like right now.
we have a large number of cloud accounts and well the bigger issue is not the known assets, it is the unknown ones. See, developers spin up virtual machines, they finish their work, and just leave everything running. Problem is nobody notices until the bill comes or something breaks. So we need better visibility and i want to know what tools people are actually using.
here is what matters most to us before I actually tart evaluating vendors seriously. agentless is non negotiable, we cannot realistically manage agents at our scale. So we need AppSec and cloud security under one license, (not four tools stitched together.) similarly vulnerability intelligence that gets ahead of CVE feeds,( not just reacts to them). Then attack path analysis with the ability to define high value assets ourselves. And finally the integrations with Slack, Teams, and email without custom scripting.
here is what i have already looked at and where i ran into friction:
Microsoft Defender for Cloud : good if we are all-in on Azure, but we are multi-cloud and the experience outside Azure felt like an afterthought
Orca Security : agentless and the asset visibility is genuinely good, but we are not sure it fully covers AppSec depth at our scale.
Lacework : liked the anomaly detection but AppSec coverage felt thin and the unified visibility we needed was not really there
Wiz : agentless and strong on asset visibility, but pricing came up as a concern at our account scale and some AppSec depth was missing compared to what we need
Have any of you people dealt with a similar setup and found something that genuinely covers all of this without the tradeoffs above?
https://redd.it/1rotqs8
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Advice for an aspiring IT Manager
Hi all, worth asking here so I can pivot myself accordingly! For context I'm currently an "IT support engineer" for a medium sized company with a very small IT team consisting of myself and the IT Manager... There was a 3rd but redundancies happened that saw him off.
My end goal for my career is to work towards becoming an IT director, however I'm fully aware that requires the ladder to be climbed appropriately so my next step would be as an IT manager (to me). My question revolves around what was the jump point for 1st time IT managers that made you say "I'm qualified to do this and well" and what was "Wish I knew that sooner".
My skills have gone somewhat outside just "IT support" as recently I've been more and more involved in deployment of new technology such as building our new SFTP server, implementing Intune and taking on Security as a bigger step. The general consensus around the office is "why are you doing the Managers job?" and I always tend to agree... but for the sake of career progression these developments look good on my resume.
I also seem to create and maintain good relations with suppliers, 3rd party's etc and pride myself on being an actually approachable "IT Nerd". I've already attained Comptia Sec+ and working on Net+. I'm aware that qualifications look nice and while are helpful for landing higher end jobs, it's what you bring to the table that counts.
My plan was to give my current company 3 years of my service then look elsewhere but I'm curious how others have navigated their change from support to management?
Thanks all!
https://redd.it/1roucxa
@r_systemadmin
Hi all, worth asking here so I can pivot myself accordingly! For context I'm currently an "IT support engineer" for a medium sized company with a very small IT team consisting of myself and the IT Manager... There was a 3rd but redundancies happened that saw him off.
My end goal for my career is to work towards becoming an IT director, however I'm fully aware that requires the ladder to be climbed appropriately so my next step would be as an IT manager (to me). My question revolves around what was the jump point for 1st time IT managers that made you say "I'm qualified to do this and well" and what was "Wish I knew that sooner".
My skills have gone somewhat outside just "IT support" as recently I've been more and more involved in deployment of new technology such as building our new SFTP server, implementing Intune and taking on Security as a bigger step. The general consensus around the office is "why are you doing the Managers job?" and I always tend to agree... but for the sake of career progression these developments look good on my resume.
I also seem to create and maintain good relations with suppliers, 3rd party's etc and pride myself on being an actually approachable "IT Nerd". I've already attained Comptia Sec+ and working on Net+. I'm aware that qualifications look nice and while are helpful for landing higher end jobs, it's what you bring to the table that counts.
My plan was to give my current company 3 years of my service then look elsewhere but I'm curious how others have navigated their change from support to management?
Thanks all!
https://redd.it/1roucxa
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Firewall rule naming conventions: What actually works in practice?
Hi everyone,
I’m curious how others handle naming and structuring firewall / packet filter rules in larger environments.
Background: I recently moved into a more security-focused role, and one thing I’d like to improve is the consistency and clarity of our firewall rules. Right now there’s a mix of different naming styles and structures, which makes it harder to quickly understand what a rule is actually doing. Having that tidied up wasn’t really a thing for years, and I did not get my head around it in my previous networking role either. But it’s bugging me more and more with a growing network. From a security perspective, I’d also like to reduce the potential attack surface created by unclear or misleading rules, and introduce a consistent structure and naming scheme going forward. Before I start drafting a concept for this, I’d love to get some input from people who have already gone through something similar. My goal is to come up with something that is clear, consistent, and easy to understand even years later.
There seem to be many possible approaches for structuring rule sets, for example:
Port ranges (1–100, 101–200)
Department-based (IT, Sales, Support)
Technology stacks (Web, SSH, Database)
Rule names themselves also vary a lot, for example:
HTTPS to X
TCP to X
Application X to Y
ApplicationX
80/443 to X
I guess many internal firewalls aren't using application-level filtering, which makes names like HTTPs (Do you guys have 80 & 443 in one rule or to seperate ones for the same source and destination?) or SSH somewhat questionable because in reality you can’t guarantee what’s actually running over that port. Maybe that’s just my inner perfectionist talking.
So I’m curious how you guys are naming and sorting your firewall rules. Do you prefer protocol/port-based, application-based, or source to destination style naming?
Are there any best practices that have proven useful in the long run? Any experiences or lessons learned would be very helpful
https://redd.it/1rowr24
@r_systemadmin
Hi everyone,
I’m curious how others handle naming and structuring firewall / packet filter rules in larger environments.
Background: I recently moved into a more security-focused role, and one thing I’d like to improve is the consistency and clarity of our firewall rules. Right now there’s a mix of different naming styles and structures, which makes it harder to quickly understand what a rule is actually doing. Having that tidied up wasn’t really a thing for years, and I did not get my head around it in my previous networking role either. But it’s bugging me more and more with a growing network. From a security perspective, I’d also like to reduce the potential attack surface created by unclear or misleading rules, and introduce a consistent structure and naming scheme going forward. Before I start drafting a concept for this, I’d love to get some input from people who have already gone through something similar. My goal is to come up with something that is clear, consistent, and easy to understand even years later.
There seem to be many possible approaches for structuring rule sets, for example:
Port ranges (1–100, 101–200)
Department-based (IT, Sales, Support)
Technology stacks (Web, SSH, Database)
Rule names themselves also vary a lot, for example:
HTTPS to X
TCP to X
Application X to Y
ApplicationX
80/443 to X
I guess many internal firewalls aren't using application-level filtering, which makes names like HTTPs (Do you guys have 80 & 443 in one rule or to seperate ones for the same source and destination?) or SSH somewhat questionable because in reality you can’t guarantee what’s actually running over that port. Maybe that’s just my inner perfectionist talking.
So I’m curious how you guys are naming and sorting your firewall rules. Do you prefer protocol/port-based, application-based, or source to destination style naming?
Are there any best practices that have proven useful in the long run? Any experiences or lessons learned would be very helpful
https://redd.it/1rowr24
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Bitlocker with PIN seems impossible.
The title is a bit hyperbolic but I can't find a way to implement this without serious internal pain. I have been given a mandate to implement bitlocker with pin and no guidance on how to do so. Here are the problems I've found.
-Requesting a PIN each reboot means ever time we patch, every system needs to be manually unlocked to boot. We have wsus and it doesn't pause enforcement automatically when patching.
-To cut down on unlocks I wrote a script that runs as an on shutdown script. It SHOULD check for the most recent shutdown event and if it is a reboot, suspend bitlocker so it doesn't need a pin. Except, sometimes it just doesn't work for no apparent reason.
-When a single pin is assigned by me to multiple users, the users forgot the key they were all given.
-When allowed to assign their own pin, the users forgot their pin because the bitlocker pin requirements ban sequential or repeat numbers which makes this pin different than their existing PINs. This rule cannot be disabled.
So I can't stop the bitlocker pin lock on patch, nobody can remember their pin whether they are all set the same or set by them. Any suggestions for how this can be done without immense impact?
We have MECM, which supports suspending bitlocker on patch, but it isn't configured as a SUP. I am considering setting that up but for various reasons I'd rather not if I don't have to.
Finally, I won't be able to read this for hours so don't expect a quick response from me.
https://redd.it/1roxip0
@r_systemadmin
The title is a bit hyperbolic but I can't find a way to implement this without serious internal pain. I have been given a mandate to implement bitlocker with pin and no guidance on how to do so. Here are the problems I've found.
-Requesting a PIN each reboot means ever time we patch, every system needs to be manually unlocked to boot. We have wsus and it doesn't pause enforcement automatically when patching.
-To cut down on unlocks I wrote a script that runs as an on shutdown script. It SHOULD check for the most recent shutdown event and if it is a reboot, suspend bitlocker so it doesn't need a pin. Except, sometimes it just doesn't work for no apparent reason.
-When a single pin is assigned by me to multiple users, the users forgot the key they were all given.
-When allowed to assign their own pin, the users forgot their pin because the bitlocker pin requirements ban sequential or repeat numbers which makes this pin different than their existing PINs. This rule cannot be disabled.
So I can't stop the bitlocker pin lock on patch, nobody can remember their pin whether they are all set the same or set by them. Any suggestions for how this can be done without immense impact?
We have MECM, which supports suspending bitlocker on patch, but it isn't configured as a SUP. I am considering setting that up but for various reasons I'd rather not if I don't have to.
Finally, I won't be able to read this for hours so don't expect a quick response from me.
https://redd.it/1roxip0
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
I reported a malicious Chrome extension yesterday — Google just pulled it from the Web Store. Here's the full technical breakdown of what it was doing
Full report: https://monxresearch-sec.github.io/shotbird-extension-malware-report/
TL;DR: Chrome extension ShotBird (gengfhhkjekmlejbhmmopegofnoifnjp) was sold to new operators who turned it into a remote-controlled malware channel. It was:
Stripping CSP/security headers via rules.json on every page you visited
Capturing form inputs (passwords, card numbers, IBANs)
Injecting fake Chrome update popups
Staging a credential-theft executable (googleupdate.exe → psfx.msi → irm orangewater00.com|iex)
Google removed it from the Web Store today. Chrome will auto-remove it from affected browsers within 24-48 hours.
Extension had 717 users and was Featured. Full IOCs, raw callback scripts, and PE analysis in the report.
https://redd.it/1roz2lw
@r_systemadmin
Full report: https://monxresearch-sec.github.io/shotbird-extension-malware-report/
TL;DR: Chrome extension ShotBird (gengfhhkjekmlejbhmmopegofnoifnjp) was sold to new operators who turned it into a remote-controlled malware channel. It was:
Stripping CSP/security headers via rules.json on every page you visited
Capturing form inputs (passwords, card numbers, IBANs)
Injecting fake Chrome update popups
Staging a credential-theft executable (googleupdate.exe → psfx.msi → irm orangewater00.com|iex)
Google removed it from the Web Store today. Chrome will auto-remove it from affected browsers within 24-48 hours.
Extension had 717 users and was Featured. Full IOCs, raw callback scripts, and PE analysis in the report.
https://redd.it/1roz2lw
@r_systemadmin
ShotBird Extension Malware Report
From a Sophisticated Browser-Extension Supply-Chain Compromise to a VibeCoded Twist: A Chrome Extension as the Initial Access Vector…
Independent technical analysis of a Chrome extension compromise, fake update chain, and Windows-stage malware activity.
If you have >100 employees but don't use O365 Services what do you use for Mail & Chat?
Basically title. I figure most people are using Slack if they're not using Teams. But I got curious this morning before my Adderall kicked in: For organizations of over 100 people, if you're not locked into the O365 ecosystem what are you using?
And a sub question for people who see this and are using almost all of O365 but using Slack over Teams: Why?
https://redd.it/1rp0q2x
@r_systemadmin
Basically title. I figure most people are using Slack if they're not using Teams. But I got curious this morning before my Adderall kicked in: For organizations of over 100 people, if you're not locked into the O365 ecosystem what are you using?
And a sub question for people who see this and are using almost all of O365 but using Slack over Teams: Why?
https://redd.it/1rp0q2x
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Microsoft announces Microsoft 365 E7 with new agentic AI features
>Customers have told us E5 alone is no longer enough; they do not want multiple tools stitched together, they want one trusted solution. At $99 per user, E7 is priced below purchasing these capabilities à la carte, giving customers a simpler, more cost-effective way to deploy enterprise AI at scale.
Introducing the First Frontier Suite built on Intelligence + Trust - The Official Microsoft Blog
https://redd.it/1rp1rzu
@r_systemadmin
>Customers have told us E5 alone is no longer enough; they do not want multiple tools stitched together, they want one trusted solution. At $99 per user, E7 is priced below purchasing these capabilities à la carte, giving customers a simpler, more cost-effective way to deploy enterprise AI at scale.
Introducing the First Frontier Suite built on Intelligence + Trust - The Official Microsoft Blog
https://redd.it/1rp1rzu
@r_systemadmin
The Official Microsoft Blog
Introducing the First Frontier Suite built on Intelligence + Trust
Today Microsoft is announcing: Wave 3 of Microsoft 365 Copilot Expanded model diversity with Claude and next-gen OpenAI models available today General availability of Agent 365 on May 1 for $15 per user General availability of the new Microsoft 365 E7: The…
Ops engineer who built half our automation just gave notice. Nobody understands the system
Ok so our operations engineer just gave his notice a few days ago, and I just realized how much of our mid-size startup relies on what he built over the years. He wrote tons of automations that move data between systems, generate reports, trigger approval, and all the other QOL stuff.
I mean everything still technically works and we had a good chat. (He got a better offer and I completely understand his decision, we still keep in touch from time to time, especially when I have questions.) But the thing is, nobody unedrstands how things work except him.
There are some resources that he left behind, although they're pretty outdated, so now upper managemetn it scrambling asking if we can still keep things running. For those of you who have dealt with this, how do you recover when everythging is basically locked inside the automation stack of an employee who just left?
https://redd.it/1rp42rx
@r_systemadmin
Ok so our operations engineer just gave his notice a few days ago, and I just realized how much of our mid-size startup relies on what he built over the years. He wrote tons of automations that move data between systems, generate reports, trigger approval, and all the other QOL stuff.
I mean everything still technically works and we had a good chat. (He got a better offer and I completely understand his decision, we still keep in touch from time to time, especially when I have questions.) But the thing is, nobody unedrstands how things work except him.
There are some resources that he left behind, although they're pretty outdated, so now upper managemetn it scrambling asking if we can still keep things running. For those of you who have dealt with this, how do you recover when everythging is basically locked inside the automation stack of an employee who just left?
https://redd.it/1rp42rx
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
PSA: Abble Business Manager can remove personal activation locks.
The last time I was reprovisioning old (pre-ABM/MDM) devices, I had to fire off a support ticket to remove activation locks. Did the same thing recently. But haven't heard back for a while, so I went poking around.
Devices -> select a device -> ellipsis (3 dots) top right -> Turn Off Activation Lock
Option is available for devices with Activation Lock status "On (User)" and "On (Organization)"
This is news to me, so I thought I'd share that in case anyone else was unaware and/or had an ABM-enrolled device they were unable to unlock for whatever reason. I wonder if the timing coincided with the terms update last year? (These last few phones were deployed for awhile before our ABM/MDM setup was fully configured)
edit: how did I typo B's and P's? I don't know. Apparently, I also need to go switch my auto insurance to Biberty.
Apple Business Manager.
https://redd.it/1rp7i95
@r_systemadmin
The last time I was reprovisioning old (pre-ABM/MDM) devices, I had to fire off a support ticket to remove activation locks. Did the same thing recently. But haven't heard back for a while, so I went poking around.
Devices -> select a device -> ellipsis (3 dots) top right -> Turn Off Activation Lock
Option is available for devices with Activation Lock status "On (User)" and "On (Organization)"
This is news to me, so I thought I'd share that in case anyone else was unaware and/or had an ABM-enrolled device they were unable to unlock for whatever reason. I wonder if the timing coincided with the terms update last year? (These last few phones were deployed for awhile before our ABM/MDM setup was fully configured)
edit: how did I typo B's and P's? I don't know. Apparently, I also need to go switch my auto insurance to Biberty.
Apple Business Manager.
https://redd.it/1rp7i95
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Patch Tuesday Megathread - March 10, 2026
Hello r/sysadmin, I'm u/automoderator and welcome to this month's Patch Megathread!
This is the (mostly) safe location to talk about the latest patches, updates, and releases. We put this thread into place to help gather all the information about this month's updates: What is fixed, what broke, what got released and should have been caught in QA, etc. We do this both to keep clutter out of the subreddit, and provide you, the dear reader, a singular resource to read.
For those of you who wish to review prior Megathreads, you can do so here.
While this thread is timed to coincide with Microsoft's Patch Tuesday, feel free to discuss any patches, updates, and releases, regardless of the company or product.
NOTE: This thread is usually posted before the release of Microsoft's updates, which are scheduled to come out at 5:00PM UTC.
Remember the rules of safe patching:
Deploy to a test/dev environment before prod.
Deploy to a pilot/test group before the whole org.
Have a plan to roll back if something doesn't work.
Test, test, and test!
https://redd.it/1rpzab4
@r_systemadmin
Hello r/sysadmin, I'm u/automoderator and welcome to this month's Patch Megathread!
This is the (mostly) safe location to talk about the latest patches, updates, and releases. We put this thread into place to help gather all the information about this month's updates: What is fixed, what broke, what got released and should have been caught in QA, etc. We do this both to keep clutter out of the subreddit, and provide you, the dear reader, a singular resource to read.
For those of you who wish to review prior Megathreads, you can do so here.
While this thread is timed to coincide with Microsoft's Patch Tuesday, feel free to discuss any patches, updates, and releases, regardless of the company or product.
NOTE: This thread is usually posted before the release of Microsoft's updates, which are scheduled to come out at 5:00PM UTC.
Remember the rules of safe patching:
Deploy to a test/dev environment before prod.
Deploy to a pilot/test group before the whole org.
Have a plan to roll back if something doesn't work.
Test, test, and test!
https://redd.it/1rpzab4
@r_systemadmin
Medical Company Styker attacked by Iranian backed hackers - all data deleted
https://www.mirror.co.uk/news/world-news/stryker-live-iran-cyber-attack-36850867
Work devices including mobile phones 'wiped' by hackers
Around the world, Stryker operates in 61 countries and has more than 56,000 employees and its Cork base is the biggest site outside of the US.
Most work devices, including personal phones that had a Stryker work profile, have been wiped by cybercriminals.
https://redd.it/1rqye6u
@r_systemadmin
https://www.mirror.co.uk/news/world-news/stryker-live-iran-cyber-attack-36850867
Work devices including mobile phones 'wiped' by hackers
Around the world, Stryker operates in 61 countries and has more than 56,000 employees and its Cork base is the biggest site outside of the US.
Most work devices, including personal phones that had a Stryker work profile, have been wiped by cybercriminals.
https://redd.it/1rqye6u
@r_systemadmin
The Mirror
Donald Trump claims Iran's Supreme Leader Mojtaba Khamenei might be dead
Donald Trump claimed Iran's new Supreme Leader Mojtaba Khamenei might be dead - it comes after he begged the UK and other countries to deploy warships to the Strait of Hormuz
Irans Hack
With the recent cyberattack against Stryker reportedly linked to an Iranian-aligned hacker group, it looks like thousands of systems and devices were disrupted globally after attackers targeted their network environment. 
It got me wondering something about the current job market.
Over the past couple years a lot of IT roles seem to have been cut or consolidated, with companies expecting smaller teams to handle infrastructure, security, cloud, endpoints, etc. all at once. At the same time there’s been a big push toward automation and AI tools replacing parts of traditional IT work.
But when something like this happens especially a destructive attack (wipers, data destruction, etc.) it highlights how critical experienced infrastructure and security teams are.
For those of you working in enterprise environments:
• Do events like this actually push leadership to reinvest in IT/security staffing?
• Or do companies just treat it as a one-off incident and move on?
• Have you ever seen a major breach directly lead to more hiring?
Curious what people in the field are seeing right now.
https://redd.it/1rribwu
@r_systemadmin
With the recent cyberattack against Stryker reportedly linked to an Iranian-aligned hacker group, it looks like thousands of systems and devices were disrupted globally after attackers targeted their network environment. 
It got me wondering something about the current job market.
Over the past couple years a lot of IT roles seem to have been cut or consolidated, with companies expecting smaller teams to handle infrastructure, security, cloud, endpoints, etc. all at once. At the same time there’s been a big push toward automation and AI tools replacing parts of traditional IT work.
But when something like this happens especially a destructive attack (wipers, data destruction, etc.) it highlights how critical experienced infrastructure and security teams are.
For those of you working in enterprise environments:
• Do events like this actually push leadership to reinvest in IT/security staffing?
• Or do companies just treat it as a one-off incident and move on?
• Have you ever seen a major breach directly lead to more hiring?
Curious what people in the field are seeing right now.
https://redd.it/1rribwu
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Absolutely and totally checked out
Hello my fellow burnouts! I'm in my 20th year of IT work. I have been a sysadmin at my current job for about 5 years. I am the sole IT guy for this company that has grown since I got here, from about 200 to almost 300 people. My raises have been minimal and just had my yearly review and was bumped from 70k to 71k. I work almost every weekend. I get told there is no money, for a larger raise, but I know its a lie as at least 15 people take home more than 20k for a bonus from the previous year. I can see everything, I know what people's salaries and bonuses and see how low on the totem pole I am as I am run through the wringer daily.
I wish I could just quit, lockout the MSP account, and watch them all squirm. I apply for other jobs, had interviews, but nothing has lined up yet for me to jump ship. I feel disrespected at my current job and just miserable - sorry for the rant.
https://redd.it/1rqvpzy
@r_systemadmin
Hello my fellow burnouts! I'm in my 20th year of IT work. I have been a sysadmin at my current job for about 5 years. I am the sole IT guy for this company that has grown since I got here, from about 200 to almost 300 people. My raises have been minimal and just had my yearly review and was bumped from 70k to 71k. I work almost every weekend. I get told there is no money, for a larger raise, but I know its a lie as at least 15 people take home more than 20k for a bonus from the previous year. I can see everything, I know what people's salaries and bonuses and see how low on the totem pole I am as I am run through the wringer daily.
I wish I could just quit, lockout the MSP account, and watch them all squirm. I apply for other jobs, had interviews, but nothing has lined up yet for me to jump ship. I feel disrespected at my current job and just miserable - sorry for the rant.
https://redd.it/1rqvpzy
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Thickheaded Thursday - March 12, 2026
Howdy, /r/sysadmin!
It's that time of the week, Thickheaded Thursday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!
https://redd.it/1rrmla6
@r_systemadmin
Howdy, /r/sysadmin!
It's that time of the week, Thickheaded Thursday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!
https://redd.it/1rrmla6
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
When will the job market not suck?
Ive been seeing it mentioned on this sub reddit for like 5 years that the job market sucks for sysadmin.
So when will it not suck? What needs to happen? How will it happen?
At this point it seems like a career change would suit most people better than waiting for the job market to not suck. Could've became a cpa in those 5 years we waited for the job market to not suck.
https://redd.it/1rrbbba
@r_systemadmin
Ive been seeing it mentioned on this sub reddit for like 5 years that the job market sucks for sysadmin.
So when will it not suck? What needs to happen? How will it happen?
At this point it seems like a career change would suit most people better than waiting for the job market to not suck. Could've became a cpa in those 5 years we waited for the job market to not suck.
https://redd.it/1rrbbba
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Funny User Requests
So this one blew my mind and I had to share it in case anyone else needs a chuckle like I did. I work in a school and a little while back the headteacher came to us asking for a quote for a printer at home. She ended up getting it of course (out of the school's budget, god forbid she buy her own, being by far the highest paid member of staff in the school) and my manager bought her a Epson WorkForce Pro WF-C579R. (Which is probably a bit overkill to be honest but it's the same model we use for most of the school.)
Anyway, it finally ran out of ink last week so we ordered replacements to her house. She walks into our office a few days later and said she was getting an error when putting in the new cartridges. These aren't hard to install, literally just take it out of the box, peel a sticker off the back and slot it into the front of the printer. I think there are even instructions on the box. But alas, she's getting an error and can't elaborate much more than that. The printer isn't that old and we've not had any problems with the rest of the fleet so we tell her that the cartridge is probably just not installed correctly.
Then, I shit you not, with a straight face she asks: Can you install the cartridge remotely?
I choked down the laughter. I wanted to ask her so badly how she thinks that would work. But I held back and instead sent her a video of the whole process of installing a cartridge. I haven't heard back in almost a week so I assume the plastic sticker on the back of the cartridge was just not removed and she's too embarrassed to continue the email chain.
Short of us buying some sort of bomb disposal robot (which I don't think would have the range and is also probably not in the budget) I can't think of another way that cartridge could have been installed remotely.
Educators man, I tell you, they're a different beast.
Feel free to share your own mind blowing requests below. I think we could all use a laugh now and again. 😅
https://redd.it/1rqrhiz
@r_systemadmin
So this one blew my mind and I had to share it in case anyone else needs a chuckle like I did. I work in a school and a little while back the headteacher came to us asking for a quote for a printer at home. She ended up getting it of course (out of the school's budget, god forbid she buy her own, being by far the highest paid member of staff in the school) and my manager bought her a Epson WorkForce Pro WF-C579R. (Which is probably a bit overkill to be honest but it's the same model we use for most of the school.)
Anyway, it finally ran out of ink last week so we ordered replacements to her house. She walks into our office a few days later and said she was getting an error when putting in the new cartridges. These aren't hard to install, literally just take it out of the box, peel a sticker off the back and slot it into the front of the printer. I think there are even instructions on the box. But alas, she's getting an error and can't elaborate much more than that. The printer isn't that old and we've not had any problems with the rest of the fleet so we tell her that the cartridge is probably just not installed correctly.
Then, I shit you not, with a straight face she asks: Can you install the cartridge remotely?
I choked down the laughter. I wanted to ask her so badly how she thinks that would work. But I held back and instead sent her a video of the whole process of installing a cartridge. I haven't heard back in almost a week so I assume the plastic sticker on the back of the cartridge was just not removed and she's too embarrassed to continue the email chain.
Short of us buying some sort of bomb disposal robot (which I don't think would have the range and is also probably not in the budget) I can't think of another way that cartridge could have been installed remotely.
Educators man, I tell you, they're a different beast.
Feel free to share your own mind blowing requests below. I think we could all use a laugh now and again. 😅
https://redd.it/1rqrhiz
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Playing Detective
Why do I always have to play detective? Trying to figure out what the fuck users are talking about. Trying to figure out wtf my fellow techs are talking about.
Never given context.
I provide specialized support for scientific labs that mostly do genome sequencing of diseases.
My user is complaining he can’t remote into his freezer. We have a platform where they can see their devices and click connect to remote in. I would have had to set this up and I can assure him and everyone here I have never setup a freezer for remote access. Even if I did I did not remove or change anything. So now I need to figure out wtf he is talking about.
https://redd.it/1rrpewq
@r_systemadmin
Why do I always have to play detective? Trying to figure out what the fuck users are talking about. Trying to figure out wtf my fellow techs are talking about.
Never given context.
I provide specialized support for scientific labs that mostly do genome sequencing of diseases.
My user is complaining he can’t remote into his freezer. We have a platform where they can see their devices and click connect to remote in. I would have had to set this up and I can assure him and everyone here I have never setup a freezer for remote access. Even if I did I did not remove or change anything. So now I need to figure out wtf he is talking about.
https://redd.it/1rrpewq
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Heads Up: New 9.9 CVE's in Veeam 12 and 13
Just incase anyone here doesn't subscribe to Veeams automated email alerts there are multiple 9.x rated CVE's that Veeam announced today in both versions 12 and 13:
Veeam 12 - https://www.veeam.com/kb4830
Veeam 12 release notes and patch links - https://www.veeam.com/kb4696
Veeam 13 - https://www.veeam.com/kb4831
Veeam 13 release notes and patch links - https://www.veeam.com/kb4738
The full installers also have the latest update in the Updates folder in the ISO (although the version numbers and dates haven't been updated in the downloads page in My Account).
https://redd.it/1rrrc3u
@r_systemadmin
Just incase anyone here doesn't subscribe to Veeams automated email alerts there are multiple 9.x rated CVE's that Veeam announced today in both versions 12 and 13:
Veeam 12 - https://www.veeam.com/kb4830
Veeam 12 release notes and patch links - https://www.veeam.com/kb4696
Veeam 13 - https://www.veeam.com/kb4831
Veeam 13 release notes and patch links - https://www.veeam.com/kb4738
The full installers also have the latest update in the Updates folder in the ISO (although the version numbers and dates haven't been updated in the downloads page in My Account).
https://redd.it/1rrrc3u
@r_systemadmin
Veeam Software
KB4830: Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2.4465