back to article BOFH: They say you either love it or you hate it. We can confirm you're going to hate it

BOFH logo telephone with devil's horns "Where've you been?" the Boss asks. "Holiday. I … booked it several months ago." "And where's Stephen?" "No idea – is he not here?" "He called in sick yesterday." "Oh, then I'm guessing he's sick." "Well, I don't have time to sort that out, we have a situation!" "What situation …

  1. acousticm

    ... to be continued ...

    right ?

    Or are we being held ransom, and have to pay to read the conclusion ?

    1. gerdesj Silver badge
      Mushroom

      Re: ... to be continued ...

      The PFY is getting the backups and the Marmite. You don't need too much imagination for how this all ends (it's spelt out earlier)

      1. WanderingHaggis

        Re: ... to be continued ...

        I think this is a case for escalation to vegemite.

        1. Hot Diggity

          Re: ... to be continued ...

          Or a indeed a situation involving Marmite, an escalator and the Tube.

          With enough Marmite, who needs quicklime?

          The possibilities are endless.

          1. bpfh

            Re: ... to be continued ...

            I would have thought that with that amount of salt, anything embalmed in Marmite would be preserved for eternity....

            Now thinking about what to do with an industrial pot of Marmite and a hock of ham...

            1. Antonius_Prime

              Re: ... to be continued ...

              "Now thinking about what to do with an industrial pot of Marmite and a hock of ham..."

              Have a tasty, sodium filled, yet frequently running to the bog weekend?

              1. bpfh

                Re: ... to be continued ...

                Brings a new meaning to a "call out". P1 call from Nature...

            2. Anonymous Coward
              Anonymous Coward

              Re: ... to be continued ...

              I would have though Marmite was ideal for embalming... that pot's been sitting in the back of the cupboard for years... or possibly decades

              Hmm... the price label says 'Bejams 2/5d'

        2. Adrian 4 Silver badge

          Re: ... to be continued ...

          Escalation ? How do you escalate to a pale imitation ?

          1. Hazmoid

            Re: ... to be continued ...

            Vegemite is by far the superior item

      2. Chris G Silver badge

        Re: ... to be continued ...

        I sincerely hope that marmite is not going to be wasted coating a laptop.

        The minimum ought to be a tactical strength cattle prod.

        An ex-boss of mine was a Doctor of Divinity, I can't knock a qualification like that, he would believe anything I told him.

        1. Rich 11 Silver badge

          Re: ... to be continued ...

          he would believe anything I told him.

          Six impossible things before breakfast. Seven, if you include the marmite.

      3. TRT Silver badge

        Re: ... to be continued ...

        I think I've just worked out BOFH's password... it's marmitelaptopinsertion isn't it?

        1. Anonymous Coward
          Anonymous Coward

          Re: ... to be continued ...

          Or perhaps the "three little words" index of where he'll be taking a discreet drive...

          (May be kept as a note - to avoid re-use...)

        2. Captain Scarlet

          Re: ... to be continued ...

          Nah, Marmitelaptopinsertion1

          Don't most password policies require a capital letter and a number?

          1. TRT Silver badge

            Re: ... to be continued ...

            And some form of non-alphanumeric symbol... like * or #...

            maybe a L33T variation then...

            1#sMarmiteLapt0pIntoBrown*|~TearsFl0w

            1. TRT Silver badge

              Re: ... to be continued ...

              Best read with a North American interpretation of some of the symbol characters.

              1. BobTheIntern

                Re: ... to be continued ...

                One pounds the Marmite....

                After a period of deep personal introspection as well as a thorough review of the previous comment to which I have endeavored to reply, I have come to understand that the action clearly specified therein was that the prospective password was "best *read* with a North American interpretation.. ".

                Just as clearly, at absolutely no point whatsoever was there the inclusion of even a hint of the suggestion that *anything* should be subsequently *written* after said reading had been completed.

                Apologies, etc.

  2. Maverick

    oh this will run & run

    1. I Am Spartacus
      Pirate

      Not with a surgically inserted laptop it won't.

      1. bpfh
        Boffin

        Who said anything…

        About surgically inserted? Or it even being closed beforehand?

        1. Doctor Syntax Silver badge

          Re: Who said anything…

          Or having the charger disconnected?

          1. JR
            Mushroom

            Re: Who said anything…

            ...about surgically inserted. I would opt for a ballistically insertion of said laptop, wrapped in barbed wire & Marmite and a charger with a loose wire attached to building mains.

            1. Hot Diggity

              Re: Who said anything…

              I am seriously hoping that you aren't one of my overworked colleagues.

              Although I will happily listen to your ideas in one of the many boring meetings that I sit through each week.

            2. Anonymous Coward
              Anonymous Coward

              Re: Who said anything…

              May I suggest my bespoke line in sodium buttplugs? Or a liquid nitrogen enema?

            3. bombastic bob Silver badge
              Trollface

              Re: Who said anything…

              must be curari tipped and several feet long as well (see Jargon File)

      2. stiine Silver badge

        Remember, he has a luggable. Surely that will be the next machine 'fixed' by the dumbass.

    2. Sgt_Oddball Silver badge
      Coat

      C://dos

      C://dos/run

      run/dos/run

      ?

      On the original note, I suspect we'll all be reminded of why Simon is 'From Hell' and so will Jim. Possibly with the aid of a cattle prod... Or the lift shaft and lift... A slim Jim?

      Mines the one with book of command line jokes.

      1. handle handle

        Ummm, about the directory separator char?

        C:\dos

        C:\dos\run

        \run\dos\run

        Richtig?

  3. Wellyboot Silver badge

    Doctorate in Divinity

    I think he's soon to discover how accurate that thesis was...

    1. steelpillow Silver badge
      Devil

      Re: Doctorate in Divinity: does God like Marmite?

      Simon hinted as much.

      But perhaps Jim can actually tell us whether God like Marmite, before he joins the other team for good?

      1. Spanners Silver badge
        Go

        Re: Doctorate in Divinity: does God like Marmite?

        I suggest you contact the Reverend Richard Coles*. Not only is he very clever but he is *extremely* English. He must know about Marmite!

        *@RevRichardColes

  4. chivo243 Silver badge
    Holmes

    Jim and the long game

    I smell plans within plans. Is Jim a "Frenemy"?

    1. NBCanuck

      Re: Jim and the long game

      "I smell plans within plans. Is Jim a "Frenemy"?"

      I suspected that too at first...that it was all means to get extra overtime to offset holiday expenses. Then I saw the words....."BRING THE MARMITE!"

      1. chivo243 Silver badge
        Trollface

        Re: Jim and the long game

        Gotta say that someone has access to the network when 'BOTH' the BOFH and PFY are mysteriously off-site? Jim has the chops or direction to get through the BOFH and PFY's defenses. Ransomeware... I think I've said too much... OK, how much is Jim's cut? It's obvious that Jim works for\with the BOFH. Jim is infecting the network at behest of the BOFH and PFY.

        Jim did plug his USB into all the right computers!

        1. doublelayer Silver badge

          Re: Jim and the long game

          I doubt it. He wouldn't have to infect the BOFH's personal computer in that case because that doesn't affect anyone. From the description, the PFY appears to have really been sick. And we know that sometimes someone without the skills gets loose on a computer because they volunteered to help. I'm sure there are backups which this guy couldn't infect--there is no way they would let him get to the server room, but still a lot of work for them ahead which isn't going to end well for the clueless idiot.

          1. handle handle

            Re: Jim and the long game

            Doesn’t the PFY have a lodge in Scotland?

            1. stiine Silver badge

              Re: Jim and the long game

              And they both drink like fish...

  5. Evil Auditor

    Nearly 30 years ago an telecom technician brought in his (infected) CD-ROM to update the phone switch. The update apparently acted funkily in the switch and to test the CD-ROM he shove it into one of our PCs, which was connected to the network...

    It was my job to clean up. And my boss, the BOFH, dealt with the technician, of whom I 've never heard again. So better not mentioning any names.

    1. Anonymous Coward
      Anonymous Coward

      In the days of DOS, we had a few Xtree licenses and I kept all the 3,5" disks in drawers which were not to be accessed by anyone but me. But hey, Mr "I am director and I don't have to follow to rules" came and borrowed the disk because "he knew about computers" and so decided he didn't have to wait until I got back from lunch.

      A day later I needed to install it on someone's machine, and I notice the disk was write enabled which I *never* allowed - software that wrote back to masters was first copied (which sometimes took some effort) and then allowed to write to the copy - so I flipped it back to read only and installed.

      At which point it complained about the disk being read-only.

      From experience I knew that Xtree did not need that, and sure enough, on inspection this thing emerges as infected. Cue me starting to look for a recent install, with run-ins with the aforementioned moron already giving me a hint where I should start my search.

      Turns out said idiot had not only installed it on his already infected computer and had just happily write-enabled the disk on request, but he had also "helped" two more board members to a virus.

      That was the last time he was allowed near any computer but his own.

      And I finally got the firesafe I wanted.

    2. steelpillow Silver badge

      I do recall a similar escapade, which eventually turned out to have arrived in an infected floppy - via the Boss's PC.

      1. Potty Professor
        Holmes

        Infected Floppy

        When I was working for a publishing company, we had a sandbox (airgapped from the network) that checked every incoming and outgoing 3.5" disk. One afternoon I was checking the day's production before sending it out, when I came across an infected disk. I immediately crashed the network by disconnecting the thin Ethernet, and instructed everyone to continue working on their hard drive, but not use any floppies or the network. I found out who had produced the infected disk and went to check his machine - it was infected with a mild virus, nothing serious, luckily. I also checked all of his floppies, and found the virus on one he had brought in from another branch. I asked him why he had not submitted the disk for checking before inserting it into his desktop machine, and his reply was that, as it had originated from within our organisation, he didn't think it necessary. I soon disabused him of that opinion, and co-opted him to help me use the Silver Bullet disks to check every other machine in our building (63 IIRC). Luckily, the infection had not spread beyond his own workstation, so I was able to reinstate the network later that afternoon. The office from which he had brought the disk (Coventry) was then informed, and they had to go through the whole virus checking rigmarole the next morning. They had considerably more computers that we had, so it took them all day. My Boss, the IT Director, was distinctly peeved that it had been allowed to happen, and the culprit was summarily dismissed (what we referred to as Instant Dismal). I received a commendation for my prompt action, but I was only doing my job, really.

        1. John Brown (no body) Silver badge

          Re: Infected Floppy

          One of our clients had a similar gateway/sandbox floppy checking system too. Theirs went a step further than yours though. It moved the directory track somewhere else on the disk so it couldn't be read normally. Every PC had a device driver installed in CONFIG.SYS which made the PC aware of the new location. Normal disks couldn't be read on a corporate PC and "adjusted" disks couldn't be read on "normal" PCs. Each disk going in got scanned and then moved directory track. Outgoing disks got scanned and the directory track put back to normal.

          IIRC, only part of the HDD was readable as normal too, so booting from a floppy could not do much damage other than to the boot sectors and the PCs own AV booted first and checked for that. Simpler times when viruses were far less likely to be able to get past a scan that early in the boot process, even if it has started running.

  6. Michael H.F. Wilkinson

    I suppose...

    the marmite contain a high concentration of quicklime

    1. b0llchit Silver badge
      Joke

      Re: I suppose...

      The assessment probably should be "marmite contains a high level of former technician" after we're done, I guess.

      1. Anonymous Custard Silver badge
        Trollface

        Re: I suppose...

        Or more likely the other way around...

      2. Anonymous Coward
        Anonymous Coward

        Re: I suppose...

        Won't that make it less suitable for vegans, or do we consider such technicians plant life?

        Just curious.

        1. EnviableOne Silver badge

          Re: I suppose...

          would you consider pondscum plant life?

    2. Anonymous Coward
      Anonymous Coward

      Re: I suppose...

      If inserted, some capsaicin oil will help eacalating matters....

  7. Pascal Monett Silver badge

    So he was "visiting" during working hours

    I think Jim is not the only one who should discover the wonders of marmite. Looks to me as the head of accounting should also get a taste for allowing personal visits during work hours, and for allowing a perfect stranger to use unsecured media on company property.

    Then, of course, there's the boss who actively made the situation worse by granting a security risk access to the Holy Sanctum. And, obviously, the sheer blasphemy of his grubby hands on the PHY's and BOFH's computers.

    Oh yes, they're going to need a lot of marmite.

    1. The First Dave

      Re: So he was "visiting" during working hours

      Slightly surprised that mere users are allowed to run USB keys at all

      1. Doctor Syntax Silver badge

        Re: So he was "visiting" during working hours

        Not being allowed doesn't mean it can't happen, just that it shouldn't. Not being able to is a different matter.

      2. Loyal Commenter Silver badge

        Re: So he was "visiting" during working hours

        The security model of USB is irretrievably broken, because the device is responsible for telling the host what it is and what it does (i.e. "I'm a keyboard"), without any sort of verification, so if you allow any USB devices at all, then you're open to all of them. Want to use a USB mouse? There's no way of knowing it also hasn't been secretly engineered to be a boot device on the second Thursday of every seventh month.

        1. Nick Ryan Silver badge

          Re: So he was "visiting" during working hours

          USB devices can be blocked by device class.

          Keyboard? OK

          Multifunction device? No.

          Storage device? No

          The problem can really come from a USB device that has DMA access...

          1. John Brown (no body) Silver badge

            Re: So he was "visiting" during working hours

            What if it's a USB storage device that tells the PC it's a keyboard then starts sending keyboard shortcuts to open a command shell followed by nefarious commands?

            1. doublelayer Silver badge

              Re: So he was "visiting" during working hours

              What if it's a keyboard which does that? Whatever the device looks like, it will tell the computer it's a keyboard. So you have three options:

              1. Trust any USB keyboards, including the prospect of a malicious one.

              2. Do not trust any USB keyboards, using something else to connect the trusted keyboard.

              3. Go through a registration process to trust only a certain kind of keyboard. Some methods include only allowing a certain set of known keyboard IDs and therefore a randomly-chosen ID probably won't work or requiring the keyboard to enter a certain set of keystrokes to be added to the trusted list.

              In any case, this has nothing to do with USB. A fake PS/2 keyboard could do all of the same things and you would have exactly the same trust problem. USB having the ability to connect multiple devices doesn't cause the keyboard attack. The closest it can get is that you can make a USB device that looks like something else, but the only way to solve that comparatively minor problem is to have separate connector types for everything which still doesn't fix the larger problem and also makes hardware a lot less convenient.

              1. Anonymous Coward
                Anonymous Coward

                Re: So he was "visiting" during working hours

                I miss PS2....

                1. Waseem Alkurdi

                  Re: So he was "visiting" during working hours

                  I don't miss no hotplug and easily bendable pins.

        2. doublelayer Silver badge

          Re: So he was "visiting" during working hours

          "Want to use a USB mouse? There's no way of knowing it also hasn't been secretly engineered to be a boot device on the second Thursday of every seventh month."

          Yeah, that wouldn't work. There are only a few profiles that can be used, so in this particular example, it would have to be a device that shows as a mouse and also adds a storage device on a schedule. Here are your problems:

          First, you can block storage. Really easily. It's done all the time in secure environments--they just don't let you access USB storage. This includes during boot and while the OS is running. It doesn't take much sophistication to do that.

          Second, even if that wasn't in place, there is very little chance just popping up a storage device will act as boot media. If it does so while the computer is on, then the computer has already booted and will ignore it. If it does so while the computer is off, the computer is likely to ignore it anyway because basically no computers are configured to try booting to USB media before the hard drive. This isn't the 1980s and floppies--I have booted USB devices on lots of machines and all of them after 2005 have required me to select that manually or change the settings if I want it to be the new default.

      3. Anonymous Coward
        Anonymous Coward

        Re: So he was "visiting" during working hours

        A few years ago, when we learnt the name of our soon-to-be director of IT, we googled him.

        We found out that in his place of work "someone" had taken out the whole network with an infected USB. That was the impetus required for us to enforce only access by encrypted ones we issued and a virusscan before they even became readable.

        By the time this chap started, it was all locked down and the process did not reoccur with us.

  8. Charlie Clark Silver badge

    Eerily good

    There is so much in this that has the ring of truth. Many users are incredibly trusting of any jargon wielding computer boffin and will let them do almost anything with their computer… and wonder afterwards why nothing works any more. But what surely can't be true is that one of the unwashed gets physical access to the BOFH's and PFY's machines without sustaining physical injury, becoming contaminated with narcotics with the police being informed by the intrusion detection system. And that's just on the show machines that they use to pretend to work from…

    Next episdoe: Does anyone know anyone called Jim?

    1. Evil Auditor

      Re: Eerily good

      Back in the day, we actually worked from the show machines. That is, we used them run Phantasmagoria and other essential stuff (during lunch breaks only, of course) and to remote log on to the safely located machines for doing the real work.

    2. Anonymous Coward Silver badge
      Pirate

      Re: Eerily good

      Exactly. Why wasn't the cattle-prod keyboard energised? Or the claymore connected to the power button?

      1. Wellyboot Silver badge

        Re: Eerily good

        That's risking there being survivors and/or witnesses, besides, hands on with the cattle prod is far more satisfying.

        1. Charlie Clark Silver badge
          Mushroom

          Re: Eerily good

          You mean the BOFH is prepared to let someone touch his computer and live? You could at least expect the doorlock to kick in and the Halon, because it obviously wasn't disposed after last week, to flood the room?

          On what kind of IT planet do you live on? Or are you some kind of grubby little manager?

  9. Anonymous Coward
    Anonymous Coward

    Where are you going with that tape

    Inn my first week in a new company as tech support manager I took on a mainframe based team with real reliability and stability issues. What summed things up to me in the first week was when I stopped a sysadmin walking into the DC with a stranger holding a tape.

    It was explained to me that they were about to load a preview version of some new 3rd party VM tools. When I asked where it was being installed I was looked at with some incredulity as there was only one VM machine, the production IBM Mainframe.

    When pushed the 'systems engineer' who wanted to perform the install agreed that it might be best if we installed it on a new virtual machine and admitted the bloody tools had an API hook into the O/S Kernel.

    I kicked him off site and then had to have a conversation with the sysadmin about what I had meant when I had imposed a change freeze on the IBM mainframe while we sorted out stability issues affecting end user services.

    I mentored that team for the next 18 months introducing test environments for all regimes, enforcing strict change control processes, adopting quarterly patching cycles for the O/S and the middle ware and generally implementing best practice. At the end of the 18 months we were meeting every SLA and my team were not being called out every night.

    We even had the capacity to look at new stuff rather than just firefighting and could actually start having some fun

    1. A.P. Veening Silver badge

      Re: Where are you going with that tape

      and my team were not being called out every night.

      Thus cutting the overtime payments they were used to.

      1. Outski Bronze badge
        Pint

        Re: Where are you going with that tape

        Improvements like AC mentioned (and AC sounds like they had a good management team if they were able to make those improvements) will often lead to noticeable improvements to base salary, reducing the reliance on overtime, meaning happier bank managers and an easier domestic life. Happened to me.

        Icon - good, long-sighted senior management should be recognised.

      2. Wellyboot Silver badge

        Re: Where are you going with that tape

        Many tasks can only be performed as overtime ;)

        Beancounters will only see the staff overtime being reasonably stable.

      3. Charlie Clark Silver badge

        Re: Where are you going with that tape

        No one likes callouts at night.

        Overtime payments are overrated not least because of the extra tax.

        Callouts to the systems in Dubai, Singapore, Vegas (we have our humidity sensitive reserve backup systems there), etc. are, of course, welcome.

    2. Charlie van Becelaere

      Re: Where are you going with that tape

      Careful with that tape, Eugene.

    3. Dimmer

      Re: Where are you going with that tape

      The first time i went to our disaster site test with the core system Sysadmin I thought it was odd that he brought 2 tapes as I knew the backup data would fit on one.

      He says “learn from experience”. He placed the first tape in the dr vendors tape unit and it promptly ate it.

      An hour later the unit was cleared of the sacrifice and the data one was installed and read without issue.

      He said it happens every time and the every time the vendor promised it would not happen again.

  10. storner
    Facepalm

    Incredibly sloppy BOFH's

    Going on holiday without securing Mission Central with bank-vault level locks and auto-firing machine guns/cattle prods? Serves them well to have their machines encrypted.

    1. bpfh

      Re: Incredibly sloppy BOFH's

      Sloppy? Depends who's bitcoin wallet receives the ransom...? Who knows as it's anonymous.

      I hope the PFY wiped down the usb key before he took a day off ~to the pub~ sick.

      1. bpfh

        Re: Incredibly sloppy BOFH's

        Extra points if just replaced the screen saver, desktop image and lock screen...

      2. Doctor Syntax Silver badge

        Re: Incredibly sloppy BOFH's

        I see we share the same suspicions.

      3. imanidiot Silver badge

        Re: Incredibly sloppy BOFH's

        I don't think we'd have seen that particular throbbing vain on the PFY's forehead if he'd been in on it. And I suspect the Marmite might well serve to get the git who got the infection started to confess it was his doing all along and give them the decryption key.

        Because it all sounds a little TOO convenient in terms of timing and EVERYTHING getting locked. We might well be dealing with a BSFT (Bastard Shitstain From Hell). The type that knows exactly how to start shit and profit from it, not caring where the filth and stink rub off on.

      4. John Brown (no body) Silver badge

        Re: Incredibly sloppy BOFH's

        "I hope the PFY wiped down the usb key before he took a day off ~to the pub~ sick."

        It crossed my mind that this may have been the PFYs final exam before becoming a BOFH in his own right and moving onto to his own infernal domain, taking a nice wodge of cash with him for "moving expenses".

    2. qwerty360

      Re: Incredibly sloppy BOFH's

      More to the point:

      The Emergency procedures don't specify that the backups are in the basement, through the dented heavy duty steel security door with the "Beware of Killer Robot" sign...

      1. stiine Silver badge
        Coffee/keyboard

        Re: Incredibly sloppy BOFH's

        Hopefully, there is a copy of the backup behind that false wall...

  11. frankvw

    Deja vu!

    This reminds me of 1996, when I was working as a contractor for a large telco. The "Security Manager" (read: an utterly useless bloke they couldn't get rid of and who was therefore parked in a made-up function) decided to email the entire company, all 3,500 or so employees, about the dangers of MS Word macro viruses. Remember, this was when Windows 95 and Office were just taking over the desktop, and Outlook was still fairly new to most people, including our Security Damager. So what did he do? He typed it up in Word and then used Word's "send document as email" function to distribute it to the masses, not realizing, of course, that this would send everyone an email with his Word file attached.

    You can probably guess what happened next.

    Fortunately at the networking department we ran Solaris on our workstations rather than M$ rubbish, so our little enclave remained unaffected (and uninfected), as opposed to the rest of the 3,500+ staff were less lucky. I remember that episode as a very, very long weekend.

    1. Outski Bronze badge
      Alert

      Re: Deja vu!

      I was doing holiday cover as an outsourced Notes admin at a telecomms company when Melissa hit. Most of the rest of the company was on MS Mail, or possibly Exchange 4, and came to a juddering halt. All systems teams were ordered to isolate their servers, install this new-fangled AV software (not so enlightened management had deemed it an unnecessary cost), and run full scans, before being allowed back on the network.

      This being a Notes mail environment, our users weren't spreading Melissa, but we did almost run out of disk quarantining all the macro-virus infected attachments in their mail. We were still the first team back on the network at that site (it helped that my boss and mentor lived nearby and was on hand to help).

      1. Doctor Syntax Silver badge

        Re: Deja vu!

        My experience was somewhat the converse of that. Also in a telecoms company in Leeds. There was another building with some consultants working on something or other that, AFAIK, never happened but they were using Notes. According to those in our building who had dealings with them the emails coming from the Notes users were regularly infected.

        1. Outski Bronze badge

          Re: Deja vu!

          To be a pedant, it would have been the attachments in the emails; it is technically possible to add code to a Notes email, but the execution control list should stop it running internally, and if it's come from outside, why are you letting any code run from an external email.

          1. Doctor Syntax Silver badge

            Re: Deja vu!

            I don't think the PC/network guys actually let anything run - they were complaining about what was coming at them. From my PoV HP-UX mail was strictly ASCII.

      2. Anonymous Coward
        Anonymous Coward

        Re: Deja vu!

        One of the good things about Notes/Domino.

        Counterpointed by the fact that when a user sent out a 2 MB file to 30,000 (yes, 30.000) users the company mail stores lost a lot of free space in a short time.

        The next version introduced single copy object store.

        1. Outski Bronze badge

          Re: Deja vu!

          Single Copy Object Store was an absolute nightmare, not least because, before version 6, all it took was a misplaced tell router update config and you'd enabled it, rather than updating your router configuration as you'd intended and had done on your v 6 servers.

          All SCOS content was stored in a single .nsf with the storage limits and risks of db corruption that entailed - just attachments but any rich text - and if you weren't careful with your overnight collect tasks, that was easily provoked.

          DAOS (Domino Attachment & Object Service) is a far more refined beast, dropping attachments to a different drive as encrypted .nlo objects which can be backed up by a non-Domino aware backup regime, and also with a far greater capacity: our largest DAOS drive is currently about 1.8 TB (our users never damn delete anything, even, or rather, especially case-related emails that should have been uploaded to the case management system).

      3. Kobus Botes
        Mushroom

        Re: Deja vu!

        @Outski

        Aaaah, Melissa!

        I remember her well. A user called me to come and have a look at her machine, as it was doing funny things. The first thing I did was to ask her to unplug the network cable, in case it was a virus.

        Unfortunately we were using Outlook, as we had moved to MS Office two years previously (to the utter dismay of the typists, I must admit, as they were extremely happy with WordPerfect), and not on Pegasus Mail anymore, so the first thing I did was to call the people that the mail had gone out to to ask them to delete the message immediately and not open the attachment (luckily not many people in her contact list at the time - it would have been a major issue a year or so later when Head Office created mailing lists and put those at the top of the contact list ("to make it easy to use")).

        I was less lucky with ILOVEYOU; a user forwarded the message to me to ask to check if it could be a virus (although my standing instruction was to first unplug the network cable and then call me to come and have a look).

        Since my policy had always been to set all machines to display file extensions (I cannot believe that it is still MS practice to hide extensions by default, despite all the mayhem it has caused. It is still in Windows 11 - I do not buy the excuse that it prevents people from accidentally removing the extension when renaming files - it is an easy enough mistake to fix. Mageia highlights only the file name before the extension when renaming - does Windows still highlight the whole name, including the extension? I am not interested enough to fire up my dual-booting laptop just to check), I saw the .vbs extension (which was what triggered my user to not open it and pass it on to me).

        I did some searching (as an aside, my search engines of choice before Google were Alta Vista, Excite! and Lycos, with Webcrawler as fallback in case I did not find what I was looking for - in 2000 I still used all of them, but Google had become my go-to) but could not really find anything.

        So I unplugged my network cable and decided to see what happens if I run it. I did lose some jpg's, but nothing of note - mostly stuff that others had sent me that I kept for some reason. And I had to wipe the hard drive and reinstall Windows 2000. Since I had contemplated using server 2000 as my desktop, this was as good an opportunity as any.

        Since we're on the topic of ancient viruses, just this tale: the very first machine we had in the company (recounted earlier in my posts), an IBM XT, had a virus checker that ran on boot. The typist who used it at the time had the following routine: she would come in earlier in the morning, start the machine and set the date and time (well before CMOS batteries came into fashion!) and then go and make coffee, attend to her make-up, gossip a little check what was in her in-tray and then go to each of us to ask for new typing that we had not yet delivered to her. By the time all of that was done, the machine might have finished booting - it took about 30 minutes or so for it to finish scanning the hard drive (40 MB by that time, if I remember correctly).

        Icon, because I had to nuke my machine.

        1. TSM

          Re: Deja vu!

          > Mageia highlights only the file name before the extension when renaming - does Windows still highlight the whole name, including the extension? I am not interested enough to fire up my dual-booting laptop just to check

          Nope; from about 7 onwards, I think, it initially only highlights the part before the extension. You can of course subsequently alter the selection as you choose, but if you just go click-pause-type, the extension will be untouched.

          And if you do change the extension* it pops up a dialog to warn you that you might be making the file unusable and asking you if you really want to go ahead. Though of course the average user won't read the warning and will just press "OK" anyway.

          * except in the case where it didn't have an extension originally

        2. Allan George Dyer Silver badge
          Facepalm

          Re: Deja vu!

          @Kobus Botes - "So I unplugged my network cable and decided to see what happens if I run it. I did lose some jpg's, but nothing of note - mostly stuff that others had sent me that I kept for some reason."

          You didn't open the vbs in a text editor? It was quite easy to see the part where it deleted image files.

      4. Anonymous Coward
        Anonymous Coward

        Re: Deja vu!

        Was working for a small company that had two offices. Head office was infected, we were fine - partly because I had blocked access from head office. Got my ear bent on that one by some dear that wanted to send email to our office.

        Also reminded me of a "salesman" that we had - he didn't believe in AV software, if he had a virus then his customers will let him know.....

        1. Outski Bronze badge

          Re: Deja vu!

          if he had a virus then his customers will let him know.....

          Yoiks!! Presumably his customers would also be letting him know why they were now ex-customers

    2. Anonymous South African Coward Silver badge

      Re: Deja vu!

      Heh, I used to run Thunderbird on OS/2 - somebody from a previous employer got infected with something and said something forwarded itself via email to me.

      I jus laughed at the offending executable and deleted it.

  12. Boris the Cockroach Silver badge
    Coffee/keyboard

    What happened to

    'Jim' ?

    I must know otherwise another innocent keyboard will be sacrificed.....

    1. A.P. Veening Silver badge

      Re: What happened to

      innocent keyboard

      There ain't no such critter.

    2. Juillen 1

      Re: What happened to

      The UK Census now says there never was such a person, so no investigation into their disappearance can ever be started.

  13. Zarno Silver badge
    Coffee/keyboard

    Spatter shields deployed.

    I got to marmite, let out a hoot of laughter, and nearly covered my M13 in Code Red.

    Now to continue with the rest of the reading, safely not drinking anything.

    EDIT:

    Oh my. Oh my my my... What an ending.

    1. Doctor Syntax Silver badge

      Re: Spatter shields deployed.

      "Now to continue with the rest of the reading, safely not drinking anything."

      It's BOFH. You should know better than to eat or drink whilst reading.

  14. Will Godfrey Silver badge
    Thumb Up

    A thing of beauty

    Both the week's BOFH... and marmite.

  15. TomPhan

    offline backups on the recovery laptop?

    So just how small is this company really?

    1. Doctor Syntax Silver badge

      Re: offline backups on the recovery laptop?

      You're asking the wrong question. How big was the laptop?

    2. doublelayer Silver badge

      Re: offline backups on the recovery laptop?

      My guess is that the recovery laptop has the clients for the backup servers and the encryption keys which are not stored on the tapes. Destroy those and you won't be able to decrypt and you'll need a new machine even to start reading. Of course, I'm sure the BOFH has plenty of other places where those keys are stored for insurance purposes.

  16. BOFH in Training

    In the pass 15-20 years or so

    I have never had anyone touch any of my computing devices without my permission.

    Regardless at work or my own gear at home.

    Letting some one else touch any of my devices is asking for trouble in terms of random configuration changes to other craziness.

    1. Anonymous Coward
      Anonymous Coward

      Re: In the pass 15-20 years or so

      I come from a hardware /electronics background and sort of drifted into IT.... I started off as a YTS trainee and saw my first IBM AT PC. It was two years before I found out it comes with a cover as it was always open for testing ISA cards.

      So now I'm in IT, trying to recover data off a HDD in a PC too small for two drives, I tend to leave the case off, monitor balanced on PSU, cables everywhere - I think that the other people are too scared to touch it in case they get electrocuted.

      Bunch of pansies - using RDP to connect to a virtual server. Bet they never burnt their fingers with a soldering iron, the smell of magic smoke, or felt the jolt of 120V from a discharged capacitor!!*

      * From a LCD PSU PCB - had laying unplugged on the desk for 24 hours before I picked it up

  17. Rich 10

    Me thinks our bastard doth protest too much.....but one must clean up the evidence.....sounds like a marmite sort of Breaking Bad moment for Jim.

  18. Mr. Moose
    Devil

    Don't Waste the Marmite!

    This is a job for the firm of Cosh Carpet & Lime. Just, "add" the laptop dry. That should get the point across.

  19. The Oncoming Scorn Silver badge
    Pint

    This Was So Low (USB) Key.

    The thing that got the biggest & genuine laugh out loud was.

    "I blame myself," the Boss says.

    "So do I," I respond.

  20. Unicornpiss

    Surely the cattle prod..

    ..is still operational?

  21. Anonymous South African Coward Silver badge

    >KZERRRRRRRT<

    You touched my machine, did you?

    All I did was...

    >KZERRRRRT<

  22. Il Midga di Macaroni
    Holmes

    Hidden message?

    Is SimonT actually talking about human rather than computer viruses? And how they get distributed via a plausible sounding expert and an idiot on the inside? If so the reason justice hasn't yet been served on Jim is because it hasn't yet been served on the culprits IRL.

    That said, if the BOFH is on form Jim won't suffer anything as mundane as a fall from a window or a cattleprod-carpet-quicklime operation. It'll be something special - probably involving him "offering" to help clean up the mess and then being found, along with his mate the idiot on the inside, en flagrant and smeared in Marmite having unfortunately passed away in the middle of a particularly depraved act together.

  23. Captain Obvious

    I think many are missing the obvious

    It is a plot between Jim and the Head Accountant to milk the company for all the money they can with selling equipment and paying for their "services". It was a deliberate sabotage as an end-user would not even know what a BIOS is, how to clear the BIOS, how to disassemble a computers, etc.

    Maybe we find out that this was pre-arranged with BOFH and PFY?

    To be continued.....

  24. Hero Protagonist
    Flame

    Marmite? Or…

    s/marm/therm/

  25. Blackjack Silver badge

    Just the Marmite?

    Why not tie the guy up, coat him in honey and shove him inside an ant hill instead?

    If anyone asks, just say he was an anti vaccine protester.

  26. Anonymous Coward
    Anonymous Coward

    My first experience with an email virus

    We were still using the X400 email system that was common in the NHS (at least our bit of it). This meant that, although lots of us received infected mails they were just a long listing of the .VBS. As I had never seen a virus in the wild before, I had an interesting read.

    This however did not stop the onward growth of the Microsith stranglehold and we succumbed within the year. We have used Outlook ever since and are now using 365 so that people can now read their email from the public library, their grannies or whatever virus sanctuary they like,

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021