Dr. jonny phd on Nostr: npub1js3xn…5ntcw definitely right. I think a lot of it comes from being in a ...
npub1js3xn907ajm7f63vqk7ckkqf4pjwchedlux88szmhgypvcf98k7sx5ntcw (npub1js3…ntcw)
definitely right. I think a lot of it comes from being in a medical school where they want to make a big show about Security without actually considering the actual threat surface or protecting the thing that needs to be protected. what you're describing is like... a sensible auth situation in an elevated risk context.
eg. apparently you can access the literal medical records db if you are within the medical network (I have not tried), and rather than, idk, restricting access to that they restrict access to doing anything within the network by eg. requiring spyware to be installed on registered machines. so needless to say it's ridiculously porous to actual malicious actors while being impossibly restrictive to well behaved actors - my machines certainly don't have the spyware, and there's no way I'm going to volunteer for that.
so the result is they are always ridiculously slow on any request because they apparently are tending to the 500 request for sudo tickets and setting up meetings between three departments to issue me an IP rather than tending to a big info leak I reported 6 months ago. completely broken incentives because meanwhile the admins believe they have Secured The Network because they have bought 50 products from vendors that sell Securing The Network as a Service.
definitely right. I think a lot of it comes from being in a medical school where they want to make a big show about Security without actually considering the actual threat surface or protecting the thing that needs to be protected. what you're describing is like... a sensible auth situation in an elevated risk context.
eg. apparently you can access the literal medical records db if you are within the medical network (I have not tried), and rather than, idk, restricting access to that they restrict access to doing anything within the network by eg. requiring spyware to be installed on registered machines. so needless to say it's ridiculously porous to actual malicious actors while being impossibly restrictive to well behaved actors - my machines certainly don't have the spyware, and there's no way I'm going to volunteer for that.
so the result is they are always ridiculously slow on any request because they apparently are tending to the 500 request for sudo tickets and setting up meetings between three departments to issue me an IP rather than tending to a big info leak I reported 6 months ago. completely broken incentives because meanwhile the admins believe they have Secured The Network because they have bought 50 products from vendors that sell Securing The Network as a Service.