I have a client trying to tell me how to do my job. It’s very evident that he doesn’t understand how to do my job, but he thinks he does, and I’m not really sure how to reply to his email without insulting him.
The problem we’re facing is due to him (and his team) not recognizing the impacts of something, and now that I’m looking to approve it, they’re upset because I’m asking for documentation that they didn’t think they had to provide. Their argument amounts to trust me, bro, it’s compliant.
In order to avoid a repeat of the Marshall fire, that burned several suburban neighborhoods near Boulder, Colorado, Xcel is turning off power in areas in anticipation of 70 MPH wind gusts. No problem, I get it.
1pm yesterday: all of campus will lose power at 10am tomorrow (which is now today)
6pm yesterday: snow day tomorrow! (because “wind day” sounds stupid)
7:30am today: all of campus will lose power at 10am today
9:30am today: all of campus will lose power at 10am today
9:45am today: I turn off all computer servers
10:02am today: power will remain on for all of campus (except a few buildings)
Oh well, we officially get a snow day (even though it’s 60+F outside), so the computers being off isn’t a big deal, unless one of them doesn’t turn back on, but that will be a tonight’s me problem.
My building has a large generator to keep freezers and labs running during a power outage. The building next door, which is also part of my department, does not have a generator. It does have several -80C freezers. Facilities management is currently onsite running cables from the generator to the freezers. Perhaps after this they will come up with a proper emergency plan.
Nobody is sure how the building should be accessed if the card readers lose power. It’s possible the card readers have batteries, but they’re old enough that nobody knows. Some people think the card readers might fail open, but nobody is sure. My real guess is that someone knows, but nobody involved at the moment knows who that person is.
Our new guest wifi network requires that you enter a code from an email in order to access it. So you need to be online to get online. This is by design, and will not change.
I teach at two universities. At one, 2FA works like this: click the login link; enter your credentials (or if your credentials are saved on your computer, click “login”); enter the code that pops up in the app on your phone. Done. Want to log in to another service? You’re already in (for however long the time-out period is). Already logged in to University WiFi? No need for 2FA at all.
The other? Go to the main login page. Click the login button. Enter your username. Click enter. Enter your password. Why are these two separate screens? Nobody knows. Click login. Get push notification. Confirm it’s you. Perform secondary identification (in my case fingerprint). Congratulations, you’re logged in to the main dashboard! Want to open your faculty management page? Do it all again! Want to open Canvas? Do it all again! Want to open Workday? Do it all again! Want to open your email? Do it all again! Oh, you were logged in to email from a previous session? Sorry, we have to log you out first. Now do it all again! Already logged in to University WiFi? Fuck you.
I wonder if the latter, the one with the repetitive logins is for a larger/smaller university or perhaps the security department head is just a tightly-rusted lug nut.
One Uni probably has fully integrated systems. The other Uni buys a grab-bag of silo-ed apps from various vendors for the various functions of running a university. And doesn’t bother to set up a central SSO to make all the grab bag items work together easily.
Heck, there may be enough variation between which authentication systems the various grab bag apps support that there is no way to get to “single” sign-on. There is small value in consistency in have each app doing its own sign-on versus e.g. sorta SSO over here gets you into these 3 apps, and sorta SSO over there gets you into this other set of 5 apps, and oh yeah, these other 4 apps each need separate sign-ons just for themselves.
I have actually experienced this before, but what happens is that they allow access to the internet for a limited amount of time for you to get the email on your device and confirm. It works well enough, though I am guessing that is not the case at your work?
Nope, it is a full registration for a new account and then password setup type system.
From the portal page put in your email address. You will get a randomly generated user id and password. Login with that and go through a forced password change (because there’s no guarantee the emailed password was transmitted securely). The account stays active for 7 days, then you’ll have to do it all over again.
The old guest wifi system was the “click accept” type.
I’m sympathetic to the security concerns of the old system. This is a public university, so anyone can come on campus and use the wifi from outdoors, or inside an open building. At least now an email address will be tied to any particular MAC address that accesses the wifi.
I have no idea how much of a problem there was with bad behavior originating from the guest wifi, though, and I’m skeptical that require an email address will diminish it.
The complaint I’ve heard so far is people starting the process, then having to go outside where they can get a mobile signal to check their email, then going back inside where they can get on the wifi to finish setup.
That sounds vastly like a theoretical fear in search of a problem leading to an overkill solution.
IOW…
What if we has a mass shooter event and it emerged that they were on our wifi and we didn’t have their email? We’d look bad. Time for a total overhaul of our guest access. Just in case.