Up On Weathertop

Discussions of Computers, the Net, IT Security and Random Things by Weathertop

Trouble in the Crimea

This is a very late night post, so my apologies if it is not coherent. I’ll try to be short as possible on this subject, and ask that anyone reading this read not only a bit on the history of the Crimea region but the events of the last few days (as of this post). The speed in which events have begun to unfold in Ukraine should be alarming to the world. In a matter of days we have seen a crisis go from a protest movement, to a revolution, to a governmental collapse (complete with a raid on state coffers), to the placement of an interim government, and culminating with the movement of Russian military forces out of the base at Sevestopol into the rest of the Crimea.

What should be of greatest concern here, is what is likely about to come: the flexing of Russian muscle after the Olympic Games. Here is my theory of Putin’s actions:

Step One: Host the international community, and in the process, bolster Nationalism

The Sochi games were entirely about bolstering Russian Greatness and Nationalism, including the portrayal of the Soviet era as a time of great prosperity, power, and influence. The opening ceremony was a message to Russians and Russian Nationals living in former Bloc states: “Remember when you were great and powerful? Yeah, so do we.” Shots from the Opening Ceremony of President Putin showed at least one individual standing next to President Putin wearing the Soviet Star clearly displayed on his coat. The Opening Ceremony couldn’t have been more of a Soviet Era circle jerk if Putin had tried.

Step Two: Take advantage of political unrest in former bloc neighbor with large Ethnic Russian region

The fact that said region hosts the Russian Black Sea Fleet at Sevestopol even more a logical place to flex muscle. The benefits are clear: regain territory under the guise of “protecting Ethnic Russians”, and a direct route to your main naval complex.

Step Three: What happens next, is anyone’s guess

Step three is what we’re seeing play out right now. My guess, assuming Putin knows when to quit, is a back-room deal to transfer the already Autonomous Republic of Crimea to Russia, in exchange for no further aggression. “We’ll take these people who don’t like you off your hands, ok?” Perhaps some economic exchange, refilling of the state coffers of Ukraine since they were looted by the former government on the way out. The equivalent of a couple billion US and the Ukraine can get some stability, just minus the Crimea.

However, if Putin decides he really wants to flex his muscles, the US may become involved in another war. This one, not so cold.

In-Security: The Root Problem of IT Security Holes

Some brand names, and you know who I’m writing about, have become synonymous with the concept of massive security breaches, which over time will come as a result of revelations of a massive security hole. The jist of it will be, someone with the right authority made a dumb-shit maneuver and created a security vulnerability so big a Boeing 747 could fit right through. It’s something I run across in a daily basis: someone, somewhere, with the best of intentions causing a security nightmare. So what is the cause of this? Well, not just one single cause is to blame. It’s rather the culmination of a wide range of other issues that come together to form a perfect storm.

Problem 1 – The C-Class and their “Infinite Wisdom”

If you’ve ever had the misfortune of being on the phone with a CEO or other C-Class suit regarding a technical issue, you already know what I’m talking about. Here you have a charismatic group of people, who are generally used to getting ‘their way’, really don’t care about ‘policy-and-procedure’, and merely want something done now, and without question. They tend to be ignorant of their ignorance, insisting someone explain to them advanced networking problems and troubleshooting, all the while not understanding a single piece of the information, until you get to the part about how much it will cost. Many C-Class individuals I’ve worked with over the years tend to be the sort that easily gets angry, blusters and stops their feet, and actually do utter the phrase “Do you know who you are speaking to?” The answer, unfortunately for them, is “someone who thinks they’re hot shit, but really, is just a boob with a title.”

How does this fit into IT Security? Simple. Some C-Class or other Executive demand something that shouldn’t be done, without any concern for the consequences, for whatever irresponsible and misguided reason. This could be as innocuous as demanding that IT just “make it work” when say an HVAC Vendor needs to access the integrated network of a major retailer. Or, something more disturbing like an executive demanding that IT un-filter his internet so he can watch porn at work. Either way, the technicians and administrators that fulfill these requests know it’s a bad idea, against policy, or against best practices, but with their job on the line, who is to say no?

Resolution: A Board of Directors, Shareholders, HR, need to institute a binding policy with all employees from C-Class down to Janitor: When it comes to IT related issues, the Head of IT is alpha and omega. Sort of like Starfleet’s Protocol regarding the Chief Medical Officer outranking anyone else in terms of medical issues (Yes, I did just make a StarTrek Reference), or a Fire Department’s Safety Officer outranking even the Chief in matters regarding the safety of personnel. The other-side to this, is IT personnel need to grow a pair. As an industry, we’re often all-too-willing to do the bidding of those above us simply because we feel we have to, or else. An executive may need a simple reminder about policy, bad ideas, best practices, what have you, and what it would do to revenue if it ever leaked that this conversation happened. Hopefully, the result will be everyone goes about their day like the discussion never happened.

Problem 2 – No real training, certification, or even experience neccisary

So one of the best things about IT is also one of the worst things about IT. It’s a skill people often pick up through on the job or hobby-based training. I have plenty of skills that were developed that way. However, this is also IT’s biggest weakness: there is no uniformity in ensuring that best practices are taught and kept up-to-date.  So while many new job openings for entry level IT do (and should remain) open to people whose technical qualifications extend to checking the power-cord first if a computer won’t turn on, or, know some basic, simple tasks. But once in the doors, IT Management needs to be pushing (and paying for) certifications and degrees. Because, seriously, if your front-level IT phone jockeys cannot complete a CompTIA A+ Certification in 2 years, a transfer to Environmental Services is in order. The same is true for Networking Teams, Developers, Infosec, and Administration.

Furthermore, those involved in hiring need to be watching for fake “Server Administrators”. Fake? The candidate worked for 6 years as a DBA… at their father’s plumbing business, supporting a cloud-based CRM using Google and Free Technical Support. These are administrators and technicians that, instead of thoroughly troubleshooting an issue, immediately reach for the phone and call up a vendor’s free technical support demanding it be “fixed immediately” and usually with exclamations of “What do you mean I need to know MySQL?” or “I know nothing about Exchange, I just work here!” It’s a bad situation for the vendor’s support, for the company, and for everyone involved.

Resolution: Hiring managers need to start demanding better credentials of upper-echelon IT staff, and paying for certification and education of trainees and other n00bs. Those IN IT need to actually make getting education and certification a priority.

Problem 3 – “If I had an enemy greater than my apathy I could have won.”

Yes, this is a line from “I Gave You All” from Mumford & Sons. And, yes, I am serious about it’s use here. Apathy is one of the biggest problems affecting IT staff from front-line help desk to CTO. No one cares about anything. The help desk doesn’t care about your problem, and really doesn’t care if it’s a problem they should be aware of, they’re paid little, have suck-ass hours, and have to deal with angry customers and idiotic management. As long as the paycheck cometh, they show up and make that seat warm. Developers don’t care about bugs, because they’re told not to, from management that doesn’t care about bugs, they want features (so the bugs become a feature). As long as a big customer doesn’t scream, no one cares. You can see this in the response to infected networks sending out spam: do the absolute minimum to get email working, the domain or IP off of blocklists, and the boss from making the back of your neck warm.

The mantra of many companies when it comes to IT is absolute minimums to get the job done, and nothing more.

Resolution: Should be self explanatory: get apathy the hell out! If you’re in IT, that network, that system, the infrastructure is your hard work. And if the Company won’t pay to do it right the first time, don’t do it at all.

Now, this is not everything that is wrong out there in IT-Land that makes jobs more difficult and results in glaring security holes, but they are big, low hanging fruit that doesn’t need to be there. Everyone working in Technology has a duty to take on these problems, from front-line help desk to CTO. And Execs? Sit down, and shut up: you’re uneducated opinion is not needed, and really, no one is going to service your computer knowing you you’re surfing the porn tubes at work.

Afraid of Windows 8’s UI? You have nothing to fear but fear itself. Really.

If you search around the internet, you’ll get the idea that Windows 8 is the poison, not to be played with, and infact you should just regress to Windows 7 and wait for Microsoft to fix their “mistake”.

The chief complaint? No traditional start menu.

That’s it. There is no button in the lower left corner to click.

Let that sink in for a moment. Sounds stupid, right?

“OH THE HORROR!!! NO START MENU BUTTON!!! HOW WILL I SURVIVE!!!!”

Oh, you’ll survive. The start menu isn’t gone. It’s still there. Calm down and have a lollipop. Feel better? Ok, on to the next complaint.

The second complaint is some vaguely worded gripe about a “touch screen UI”.

“But it’s a TOUCH UI and I don’t have a TOUCH Screen! OH THE HUGE MANATEES!”

I kid you not but there are people, people who have been using and adapting their computers for decades, that figuratively wet themselves of this thought.

Only… it’s not a “touch UI”. It’s a UI that can be used on either device. Using the updated interface on Windows 8 is not rocket science, brain surgery, or rocket surgery or brain rocketry. In fact, it’s really no harder than learning to turn on the computer in the first place.

Tired of me making you feel dumb? Well, sorry, honesty sometimes means reality slapping you in the face like bird poop at 60 MPH on the back of a motorcycle. And it tastes about the same.

Yes, you probably are dumb

But not for the reasons you may believe. The reason you probably are dumb: listening to other people’s childish rants about something you haven’t tried yourself, then moaning repetitious about it everywhere.

Let’s start with what is really, fundamentally wrong with with Windows 8. Guess what it is?

Training. When you first install or upgrade to Windows 8, Microsoft has provided a little intro. Only, rather than telling you what you need to know, they show you more crap about Windows 8 and how it’s “better” in their eyes. Microsoft missed the opportunity to train users on the differences and make the transition easier. That is where Microsoft failed.

It does take some work, though. Yes, work. You can’t just boot up and expect it to be everything you wanted and more, otherwise it would also come with an infinite craft beer dispenser. Microsoft has, as it always will, set it up how IT wants to be setup. Their shit first and foremost. To the perpetually pessimistic, this is something to hate. However, consider this an opportunity to make your PC YOURS and at the same time flip the bird to Microsoft Execs.

The start menu – The crutch for the weak and feeble minded

So, technically speaking you’ve never actually needed a start menu. You technically don’t need a mouse either. The start menu was, and I do mean WAS, a nice way to jump to what you want. It’s a lot less obtuse than Apple’s Dock, which frustrates me to no end.

If you’re still using the start menu to access, well, anything, you’ve actually been living in the computational paleolithic days anyway. And for a while. Between Windows+R, Windows+F, and the search box in the Windows 7 Start Menu, getting to the program or file you want is much faster than click-click-click. And windows 8 brings the search menu to the forefront, by itself, in the hot sidebar. I find myself using it every day.

What I like about Windows 8 most of all though is that when I boot up my computer, I’m not graced with a empty (or cluttered) desktop where I then have to find what I want. No, the start menu is opened for me, and BEHOLD!, the programs I access the most are RIGHT THERE. I want to show off my desktop? I just click Desktop. But usually I want Chrome. It’s right there. I have saved 1/2 of the minimum clicks needed to get to Chrome without having a cluttered taskbar or desktop.

When I think of you, I Touch UI

The second point of contention is the “Touch Interface”. I too was under the impression that “Balderdash! You can’t have a phone/tablet UI on a desktop/laptop! That’s just craven!”

Only, I was wrong. So has been every other person out there touting some sort of “Touch UI” complaint.

Calling it a Touch UI is boiling interfaces down to a black/white model. It’s either desktop, or mobile. It’s KVM or it’s touch. It’s both, and it’s neither.

The vast majority of your experience on a Windows 8 computer will be similar to that on a Windows 7. You have windows. You have a task bar, and a system tray. And you have a Start menu, it’s location and look has changed, but it is there.  Your menus in Windows Explorer have been updated to a much more user-friendly Ribbon, similar to Office (yes, there are complaints about the ribbon too, and frankly, those are tired and old. Other than a few minor beefs, most are just whining). The big difference is your programs in the Start Menu are no longer these small, dinky little items to click on. They’re marginally bigger. Bonus: you have less work to do in order to select the right program or file. The scroll up/down has been replaced with left and right, and if you’re using a scroll wheel, doesn’t change a thing. If you don’t, what the hell is wrong with you?

My whole point is the whole “Touch Interface/UI” argument is blown way out of proportion, from a bunch of whiny asses and their misinformed followers.

Honesty is the best policy

Let’s be just completely honest here. It’s the 21st Century. People have had to learn to adjust from telegraph, to rotary phones, to touch-tone, to cellular phones with buttons, to touch screens, and finally to voice activation. And, the transition from Paper/Pen, to the typewriter, to the electric typewriter and word processor, to the computer, to the mobile device with virtual keyboards. All in the last 100 or so years. Each time there was a group of people who staunchly stuck their noses in the air and insisted that this change was ridiculous. They ended up either adapting, or, finding themselves in early retirement. CHANGE HAPPENS. Whether you like it or not. You can whine, cry, and throw a fit, or you can learn and adapt. And the world of more streamlined UIs and cross-device integration is upon us.

You can get with the program, or you can get out of the way. Most of all, and I do mean most of all, you can quit making mountains out of a speck of dust. You have nothing to fear, but fear itself. Windows 8 is nothing to be afraid of… if you have a brain.

To the lady in the Volvo, CO License Plate ASH…

For some reason, you decided to park your shiny Volvo directly in a No Parking Zone in front of the Apple Store at Aspen Grove the night 1/14/13. Directly in front of a No Parking ANYTIME Sign. I don’t know why you chose to blatantly park that way. I’d like to think you were just stupid, but considering you walked out of the store with a smug look on your face and it did not phase you a bit when I asked you “What part of NO PARKING do you not understand?”, the true reason is clear. You’re just another one of those elitist shitheads who think that they are better than everyone else.  The rules don’t apply to you. The fear of having your car towed or a citation written isn’t enough for you. You wrap yourself in designer firs but buy products from a company that, in my professional opinion, make some of the worst products in the 21st Century, surviving only through clever marketing to people with no taste, much less brain cells.

But what you do not realize, Maddam, is that a less honorable person could have easily taken it upon themselves to put you in your place. A less honorable person could have keyed your car, broken your windows, spray painted “CUNT” on the side of your car, or worse. The point is, being an absolute bitch draws some very unwanted attention to you.

Maybe you should take this opportunity to realize that you’re just a nobody like the rest of us, you’re not special, you’re not elite, and in fact, you represent some of the very worst of humanity. So park your ass in a space with the rest of us and blend in.

Ok sysadmins: You can stop being lazy

So, I have to ask: why are so many sysadmins so gorram lazy? What do I mean, you ask?

Sysadmins are getting lazier and lazier. No troubleshooting, no knowledge of how standard protocols work, or no knowledge of standard error codes like SMTP codes. “250! Why the 250 error?!?!” “Um, dumb shit, SMTP server response codes that start with a 2 are OK codes, meaning SUCCESS. A simple Google search would take you to an RFC document hosted with IANA that would describe these in detail.”

If you’re a professional in IT, and I really don’t care if you’re a front-line phone monkey or the CTO, you should have if not the knowledge of what you have in your repertoire, but at least the knowledge and intelligence to perform a online search. If your first thought is to immediately contact support for whatever vendor you’re dealing with, and not looking at their documentation online (which likely has the answer) or in your manual, you have no business working in IT.

IT workers do not need to know everything about everything, but they should know how to find information, how to exhaust their resources before reaching out to someone else.

Sysadmins, I know we’re under the gun from CEOs whose idea of networking is playing a round of golf and calling it a “business meeting”, but, let’s be honest here: there is no excuse for the bad behavior sysadmins and IT pros have developed over the last decade.

You hate the whiny end user who calls in with inane questions that would have never happened if they only did what they should have been doing, were told to do, and had a memo about from the start: don’t be that end user with a loftier title and bigger salary.

Otherwise, people are going to hate you. I’m going to hate you.

As an aside (or ass-side, I suppose): Target

Dear Target CEO;

You want EMV credit cards? I expect my REDCard EMV system in 6 months. In the mean time, care to explain how nearly all your North American POS terminals got infected with malware? Not yet? I’ll wait.

Entry No. 1, or how I stopped worrying and learned to love the blog

A blog, something I’ve tried but failed at in the past. Why did I fail? I didn’t post. Why didn’t I post? Because the blog was on my own personal domain, and what I wanted to truly discuss I couldn’t because it was directly tied back to me. After that I just didn’t think any more on the subject. It’s not like I need another thing to fill my already filled to the brim and sometimes overflowing days!

So, today I’m laying down the first post of many in this blog (a word I hate so henceforth it’s a goddamn journal). If you happen to find this first post, stick around, especially if you’re at all interested in technology and IT security, or enjoy reading someone’s musings of the world around him.

Some standby segments I hope to add on a regular basis are:

– Tales from Tech Support

– Oh, Lord, The Stupid… It Burns

– Why?

and

– Really?

If you can’t figure out what those segments will be about, then we’re probably not going to make much sense to one another and you should just mosey on to a Justin Bieber Fanblog or something as ridiculous as that.

And, for my first entry into the “Oh, Lord, The Stupid… It Burns” category: Admitting to using pirated software, while on a conference call with no less than your boss.

THIS IS WHY WE CAN’T HAVE NICE THINGS!