Yup traffic works if people just follow the rules. There are lots of four way stops in DC and when someone from VA waves me through when it’s not my turn, they aren’t helping, they’re just screwing up the system.
I don’t leave dishes behind either. In fact , I try not to bring my actual dishes there. For the most part, I bring food in disposable foil pans- if it’s something cooked in the oven like a lasagna , it gets prepared in the foil pan. There are a few foods I bring in special containers (like a cupcake carrier) but those containers are for traveling , not storage so I bring them home with me.
I often bring food in a container i value. But i never (intentionally) leave those containers behind. If I’m leaving food, it gets transferred to the host’s container before i leave.
Do what my spouse and her sisters do: bring the food in those cheap foil-like containers. Sometimes, the food is even baked in those things. After the meal, if it’s left at the house of the host, it can be thrown away when the food has been consumed.
Disposable foil is a great idea.
Pajama bottom ties. I hate them but feel obliged to work with them for a period of time.
Until I attack them with scissors and send them to the trash.
Gah. Work passwords. Need x amount of characters (it’s in the teens) + number and special character. Oh, and upper and lower case of course.
Not asking for a DNA sample. Yet.
The document in our work wiki is WRONG. It is apparently ALPHA characters. + number and special character. And the number of characters in the document is WRONG. It’s one more than it states.
I have a system for remembering these stupid things. It takes a little time to put one together. But because the requirements are WRONG, I always have to start over from scratch to build/remember a new pwd.
GAAAA. We ain’t NORAD.
(Sorry if this is a repeat rant)
In my case I’m fine with work because at least it is a constant. How about all of the dozens and dozens of one-off website passwords we need to create on the fly?
Some websites tell us all of the rules and they are arcane. Others only spoon-feed the rules to us one by one as we violate them.
Still others have lots of rules but don’t mention anywhere that there is a limit of 12 characters, and creating a 15 character password might succeed while not allowing you to log in unless you truncate your 15 character password by hand.
It’s 2025…you’d think that in a world where passwords are still needed, the list of rules for passwords would be solidly defined and not the Wild Wild West.
Someone at work got phished leading to a major data breach. So they changed the password system.
16 characters minimum. 1 UPPER CASE, 1 lower case, 1 numb3r, 1 $pecial ¢haracter minimum
Not single sign on so you have to enter your password for every server.
And every time you use your password, you have to respond to Duo that yes this is me.
Duo authorization only lasts for 24 hours, meaning there is no way to tell the system that this machine in my classroom should be authorized at all times. It’s not sitting in some hacker’s basement in NK, Russia, China, etc.
Now remember, this is all a result of being phished so how does all of this prevent a repeat of
“Hey, this is IT. I need to check your password real quick.”
“OK, it’s Mr.MeowMittens143”
(note this is what happened last time, what follows would be new.)
“Thanks for that. You’ll be getting a Duo notification within the next minute. Just hit ‘Yes’.”
“OK, hitting the ‘Yes’ button now.”
Our workplace is doing a bit better. They perform phishing tests every couple of months, sending out a fake phishing email and seeing how many people report it, how many ignore/delete it, and how many are dumb enough to click on something they shouldn’t. We get a report afterwards telling us how we (in the aggregate) did, and what clues we should have been looking for that indicated a phishing attempt. It varies from instance to instance depending on how subtle they were about embedding phishing clues in the fake email, but lately only about half a percent of users are clicking on something they shouldn’t have. Frustratingly, only 20-30% of people bother to report it.
Mine does that as well. Only once was there an email that was remotely convincing. But then again I have to remember I’m in an organization that someone gave up their password because “he told me to”.
Ha. We get those too. The last one was a challenge to see who had the most sooper sekret pwd. “Send them to me, and I will compare”
The price of cheese. Gruyere cheese to be specific. I can get a block of basic aged cheddar for $5 /lb, a fancier cheese like smoked gouda or brie etc. for $10/lb, but every single Gruyere I see is $20+. It’s priced like a 3 year aged Parmigiano Reggiano, and ain’t all that special. It’s just a vacuum packed block like a Cabot Monterey Jack and costs 4x as much.
“It melts nice”, yeah, so does Velveeta. And don’t get me started on the price of Velveeta.
I used to report them. Then I’d invariably get a “You passed the test!” email to which I’d think “Stop sending me garbage spam and let me do my job”. I never sent in a report that wasn’t just my own company fucking with me so now I don’t bother.
If I can tell by the subject line that the email is Not My Problem, I delete it unopened. I’m not going to search spam to see if it’s a real or fake phishing attempt.
The same thing as been implemented where I work.
We also had a data breach some time ago and the county required significant security adjustments.
Have to log in and then authenticate through my work cell with the Duo mobile ap.
Our authorization only lasts 12 hours.
It’s a pain.
Twice in the past month I had to create a password which required a special character.
Because I need to type in both German and English, I usually choose a special character that’s in the same position for both keyboards.
Nope, that particular special character is not allowed. Only /, %, #, &, and a few other special characters. All of which are in different positions in the German and English keyboards.
Oh. And at least one of them, I can’t see the password when I type it, which makes it even more maddening.
For the same reason I avoid Y and Z in my passwords. Just waiting for the day when some company requires one of both of them.
Yes and Yes. The company pays me to do better things than keep IT happy by reading far enough into an unwanted email to decide if it’s worth reporting or not.
I did eventually start reporting every email from IT that had the word “phishing” in it. They didn’t appreciate that.
Last year, the City hired an outside company to give users online training in cyber security. IT did not warn us, so a significant number of users labeled their email with the links to training, from an unknown address, as phishing.
Now they send an announcement through admin to let us know that training is coming and what email address and url it should have. Which is good, because the contract for online training is likely to change from time to time.
One of my workplaces does the “catch the phish” thing every month. You need to click a particular button, called “[workplace]Aware” to successfully do so. Also, a while back, they disabled the “[workplace]Aware” button for external emails, and all of the simulated phish attacks were from external addresses. You could still report it, but not in a way as to actually record whether you successfully caught it. They got pretty bad statistics on that campaign for a while…
(Also, phone, I am not referring to the band from Vermont. Please stop capitalizing things.)