Recent comments in /f/massachusetts

HeyaShinyObject t1_jdzzp82 wrote

Reply to comment by swatlord in Greenland turns clocks forward for last,should Massachusetts/eastern US do the same by Hoosac_Love

The company I must recently worked at would turn a zero day around essentially overnight as well. But we didn't like it, because something else got pushed aside for it. This will be somewhat more than a typical zero day because it will affect every class of device, whereas most zero days only affect certain classes or versions of devices. The original point was that you don't want to turn something like this into a last minute emergency by passing legislation that doesn't allow industry time to deal with it.

1

Hoosac_Love OP t1_jdzzld9 wrote

Reply to comment by melissafromtherivah in Teenagers arrested in now famous State Police rifle theft! by Hoosac_Love

I have no recollection of a specific model/caliber ever mentioned in any article I read or posted,i posted myself the theft original article,the safe recovery follow up article and this mornings teens arrested article.I have no recollection.

I believe you ,the M4 Carbine is a shoter barreled lighter weight version in the .223/5.6mm caliber that is the same as the M16/AR-15

If one was keeping a rifle in their car they'd want the light weight carbine model.

5

swatlord t1_jdzykji wrote

Reply to comment by HeyaShinyObject in Greenland turns clocks forward for last,should Massachusetts/eastern US do the same by Hoosac_Love

Yep, I'm one of those people who works in said environments. I can say, with confidence, that with automation available at the orgs you mention (Commonly MECM, Intune, or GPO for Windows and Ansible for Linux/anything else SSH) this change would be pretty dang trivial.

Windows Registry example (likely delivered through GPO, MECM, or Intune) - This would cover most use-cases for the environments you mention.

To add, I also work in one of those "regulated industries" (government/defense). There are specific processes for stuff like this that requires quick action and to bypass normal CCBs. An example for the gov/mil side is when 0-days are discovered (think SolarWinds and Log4J). Do they want to spend months testing and approving? Hell no! While flipping a time-zone config isn't exactly the same as remediating a vulnerability, fixing it would be important to business continuity to justify some expedited changes.

> The actual change might only take a couple days to roll out, but it's not like companies have people sitting around waiting to do this, they have day to day business to take care of as well.

Most of the companies you mentioned in regulated industries do have folks that spend their work day doing this. People like ISSOs/ISSMs, change/config managers, automation engineers just to name a few. It is their business to stay abreast of upcoming changes and respond.

2

HeyaShinyObject t1_jdzvxgm wrote

Reply to comment by swatlord in Greenland turns clocks forward for last,should Massachusetts/eastern US do the same by Hoosac_Love

I understand how ntp and timezone files work. I know most people won't have an issue, or maybe their lights won't come on at the right time because their automation hub didn't update, but no big deal. In commercial environments, often with thousands of devices, automatic updates are often disabled. Updates are tested in a lab, then a QA environment, then rolled out to production servers in phases. In regulated industries like healthcare and finance, there is typically more process. Every change is documented, scheduled, authorized and verified. The actual change might only take a couple days to roll out, but it's not like companies have people sitting around waiting to do this, they have day to day business to take care of as well.

−1