Since the author of a lot of patches got serious death threats, including the archinstall one, i wouldn't be suprised that not a few posts had to be removed because of the CoC.
SSO as in Single Sign On? Yes and No, SSO allows AWS or other cloud CSP accounts to access the infrastructure, but it will not hide it from the internet. If it is exposed, then you would have an increasing attack surface compared to a hidden environment.
How much would it cost to rewrite the client tools as an intermediate solution and in the long term to replace the something that can withstand the load?
That's a valid point, but the scale makes it far from trivial. We are talking about the energy sector here, it's high-stakes and high-load. The current backend isn't just a simple SQL instance; a standard MySQL/Postgres setup would likely choke under the sheer volume of real-time sensor data coming in every few seconds.
Rewriting the client isn't just a matter of "money", it's about finding specialized engineers who understand these specific industrial protocols and high-throughput architectures. In our field, "intermediate solutions" can take years to certify and deploy. That’s why we’re forced to maintain this legacy IE/ActiveX stack in a secure way while we evaluate long-term infrastructure overhauls.
If it isn't about money, you can find people who can do the work because they have direct relevant experience with similar projects.
And that's what your company needs. Because your questions suggest that your team has a very very long way to go relative to understanding the technology to a bet-the-business level.
You are absolutely right. From a strategic and business standpoint, hiring a specialized engineering firm to overhaul this is the only correct long-term move. I entirely agree.
However, I'm the systems administrator tasked with keeping the lights on and securing the endpoints today. I don't control the hiring budget, the strategic roadmap, or the checkbook. My immediate goal is practical risk mitigation: stripping local admin rights from standard users to secure our network, while keeping this legacy ship afloat until management approves that multi-year overhaul. Hence my current trench warfare with Procmon and shims.
You could try wine, failing that it might be possible to run the software in reactos. Would be cool to have reactos actually running in the energy sector. Especially if there's a big reactor going on.
Like others said ITT, a VM to remote in would be the best bet. Local admin can escalate to domain admin. One process as local admin is practically the same as plain local admin. And not just because MSIE is vulnerable.
A networked KVM solution could also work. There's various vendors for that and basically you just shelve a few spare boxes and have them run just the one thing you need. Make sure to have a firewall between the boxes and the rest of the network to isolate only required subnets from everything else.
Because they started an discussion how to store the birthdate and give applications the information about the age since one of the optional components handles additional metadata about users.
That's the ideal, but unfortunately not always an option when you're on the receiving end. We're building a data cleaning tool, so the whole point is dealing with messy user-uploaded CSVs where we don't control the export format. If we could mandate ISO 8601 everywhere, life would be much simpler. But the reality is people copy-paste from Excel, export from legacy systems, or hand-edit CSVs, and we need to handle what shows up.
I wouldn't compare an public counsel of an lawyer with ai pretending doing the same.
If the lawyer gave bad advice, they would have been responsible.
if "AI" says there was an precent in case xyz, OpenAI, Perplexity, xai, ... will say: it was the responsiblity of the person using the tool.
reply