* Posts by An_Old_Dog

19 posts • joined 26 Mar 2010

Your call is not important to us


Customer Service Counts

I think the "hit" you're talking about depends on who the customers are and what the product is.

As a project manager, I'm going to go with the company that gets me the answers and products I need, when and where I need them.

I don't "want to buy some routers".

I "want my infrastructure upgrade project completed seamlessly and on-time."

For time-constrained or potential-high-impact projects, I don't care much about the price, unless we're talking an order of magnitude difference between suppliers; and even then, if the lower prices are all from Billy's Back-of-the-van Wholesalers-type places, depending on the project, I might go with the higher-priced vendor if I know they are knowlegeable, reliable, and will actively work to solve/work around out-of-their-control problems (trucking strike, etc.) which affect delivery of equipment I've ordered.

(People working for short-sighted bean-counter types don't have this luxury. Bean-counters are evaluated on how many beans they saved, and are not penalized if the financial constraints they handed down caused the project to fail.)

Happy customer service story:

In the late 1990s/early 1990s, I was working as a tech with an IT consulting company. PC networks were new, and a company with 30-40 IBM PCs wanted a network.

I had various questions for IBM, and the local office was GREAT! Even though I was not the customer, whenever I called, a secretary answered the phone BEFORE the third ring. EVERY time.

If the person I wished to speak with was unavailable, the (live, human) secretary gave me the option of leaving a voicemail, or leaving a message with her.

If the person I wished to speak with was in, I STILL got the 'leave a message' options -- sometimes, you don't want to interact, you just want to give information or status.

Whomever I called always called me back within four hours, even if it was just to say, "I need to check with person X in the Y office, and will call you back by Z." (Z was usually some time the next day.)

And they did.

Good customer experience with a company means you'll use, and recommend that company. IBM's management understood the value of this.

Current corporate management doesn't seem to look past the next fiscal quarter.

Pirates: Good for Microsoft, great for open sourcers


SaaS? It depends . . .

... on the criticality of the app and the data.

If my business DEPENDS on the ability to quickly produce and access word-processing documents, my business would be hosed if any of the following happened:

* New version of SaaS WordPro removes a feature critical to fast production of documents, in the way WE work (vs a workaround requiring five more keystrokes each time one accesses the feature);

* New version of SaaS WordPro changes the underlying file format, and "automatically" converts old-style documents before accessing them (and the secretaries wait, and wait...);

* SaaS WordPro becomes unavailable due to a fat-fingered sysadmin at WordPro Corp, or due to Joe Backhoe taking out the company's Internet.

In a corporate environment, using clouds, VMs, and SaaS OUTSIDE of the corporation's facilities increases risk to the corporation; when things break, the corporation has no way of fixing it themselves, and they become (too) dependent on the service providers.

Data residence and security is a separate and troublesome ball of wax.

As a home user, I 'd appreciate some of that SaaS stuff. I'm tired of manually updating my PCs, but I don't have so many that it would be worth the trouble of "infrastructurizing" them.

I'd like to go click-click and be able to use the latest version of GIMP from any of my PCs, without updating/installing, provided my data STAYED LOCAL. Likewise for other applications.

Feds relax export curbs on open-source crypto


Where The Code Is

"...exporters must first notify the federal government exactly where the code is located."

Uh, it's "in the cloud"?

P.S.: TheReg should add a 'cloud' icon.

Facebook trains self to recognize your face

Thumb Down

Hello Mr. Yukkamoto, and welcome back to the GAP!

[From the 2002 movie 'Minority Report' -- an automated advertising sign, recognizing a set of eyeballs]: "Hello Mr. Yukkamoto, and welcome back to the GAP!"

It's so much cheaper and easier for spooks and stalkers if your so-called friends do their spying for them, by tagging photos.

'Course the info might not be unique or accurate, but, "it's good enough for government work". Once you're in Guantanamo, you're not going to be able to effectively complain.

Fanboi primer: How to move your iTunes from PC to Mac


Lesson Learned: "don't use proprietary / overly-complex data formats"

When the company owns the format your (meta)data goes into (or if the format is sufficiently complicated), you no longer own your own (meta)data.

Yes! It's the Reg Top 5 FUTURISTIC GUNS Thanksgiving Roundup!


The 'Easy Option' . . .

... already exists and is in wide deployment. It's called 'a grenade'.

Though, in a civillian situation, I suppose there might be some not-really-an-accident-accidents all-too-conveniently happening to specially-selected individuals or groups: "Your Honor, at the time of the incident, I believed the next shell up in my multi-gun was a flash-bang, instead of a fragmentation round."

Jumpin' Meerkats! Ubuntu moving to daily downloads?


Insanity / Welcome to Hell

I don't want to wake up every morning and find little gnomes have re-arranged all my furniture and the walls of my house. The "daily 'upgrade'" idea is the computer equivalent to this.

I don't see how devs can reproduce, let alone debug, a problem, when their program's environment is changing on a _daily_ basis.

My #1 requirement for a desktop OS is automatic, hassle-free security updates.

My #2 requirement for a desktop OS is stability+works-out-of-the-box, but with the option for me to go out on the bleeding edge for the apps I select.

My #3 requirement is, "don't wire in crap I don't want. You can offer the crap, but it must be optional, or at the least, easily removable."

Ubuntu and Ubuntu-based distros have been giving me this for years, but lately, Ubuntu has been falling down on numbers three and two.

Ubuntu QC is being lowered in favor of "new and shiny".

Here's a big, hearty, wet dick-slap to Mr. Shuttleworth, and I'm off to find a different distro...

Doctors' appointment system goes tits up


Plan B

Far too many hospital administrators and executives _ought_ to be forced to watch their most-loved one die in the E.R., and know it was that administrator/executive's fault, because they didn't implement (or even consider the need for) a tested-and-working backup plan for when the computers are "down".

(I worked in hospital IT, and have some bad stories...)

Über-zombie cookies give us the fear


Nuke them from orbit...

Yeah, nuke them from orbit. It's the only way to be sure.


fighting Flash cookies via file permissions doesn't work, as Flash seems to gain root privs

I've done some experiments, at a root bash prompt, setting file permissions on "settings.sol" (the Flash "master cookie").

When I run Flash as a normal user, the Flash changes the file permissions back to what it wants them to be. It appears Flash is somehow gaining root privileges (or convincing a root-privileges program to do the dirty work on Flash's behalf). This is unsettling from a security perspective.

I have more VMs to build and more experiments to do... :-(

Hack uses Google Street View data to stalk its victims



Countermeasures: a script which randomly changes one's MAC address, a script which does a frequent DHCP release/renew, and locking IPv6 OFF.

Though, this isn't helpful for the average, non-tech Sam- or Sally-in-the-street.

Security world ill-equipped to solve digital whodunnits


Non-technical, huh?

“It's important to have these tools that non-technical people can use to try and dumb down that knee-jerk reaction to miss-point fingers” said Parker.

It's non-technical people (and non-technical people _pretending_ to be technical people, and non-technical people _deluding themselves_ that they are technical people) who are making knee-jerk reactions, or advising people in power to do so.

Complicated things are complicated.

That's why we have (truly) technical people.

My firewall logs showed a host port-scanning my workstation. The IP address of that host is allocated to an ISP in China. Does that mean The Yellow Peril is sponsoring a cracking attempt on my workstation?

Who knows? It could be a bored Chinese script kiddie. It could be that the host which was port-scanning me was itself hijacked by some malware ("Click Here to See Free Big-Busted Blonde Babes!"), allowing it to be remote-controlled by someone in Eastern Parmistan, in Australia, or even in the Good Ol' U.S. of A.

Any tools that "non-technical" people can use, as Parker is calling for, will by necessity be limited, make (possibly-incorrect) assumptions, and lead to further "miss-pointing".

No tool can ever be idiot- or ignorance-proof.


Newbie: "Space Shuttle AI, blast off and take me to the moon's surface as quickly as possible!"

AI: "I have multiple options for you to consider--"

Newbie: "Don't give me options, just do it, do it now, and get me there as fast as you can! That's an order!"

AI: "Acknowledged, sir."

[Later ...]

Newbie: "Ship, it looks like the moon is getting... VERY big, and the ship's engines are still off. Aren't we going to start slowing down soon? In fact, I want you to start slowing us down now."

AI: "Unable to comply, sir."

Newbie: "Why the hell not?!"

AI: "Zero fuel remaining."

Newbie: "Why the hell are we out of fuel already?!"

AI: "It was all burned accelerating the ship, in compliance with your previous order, 'get me there as fast as you can'."

Newbie: ".... Stupid computer."

AI: "Stupid human."


Removing SCADA worm could disrupt power plants


Siemens' Sucky Security Practices

Siemens' security suckiness doesn't stop with their SCADA software.

They had us configure our WinXP PCs running their "Syngo Dynamics" medical image-viewing software to auto-login as "Administrator".

Support contract says if you don't follow their configurations, you void your support.

It was our executives' fault for not having processes in-place which required review by knowlegable IT people before purchase was approved.

Executives typically are "big-picture" people (Dilbert PowerPoint: * Oxygen is good; * Competition is bad; * I like Jello).

I can't see the stupidity stopping until they start handing out jail sentences to (our, and other deserving) corporate executives for criminal negligence.

And since "The Law" is just another bureaucracy, with "big-picture" people on top, that's not likely to happen.

Linux police offer deviant Android return from exile


square peg+round hole: quit hammering!

Why are people trying to hammer a square peg (Android) into a round hole (the generalized desktop/server kernel)?!

A real-time operating system, and an OS which needs primarily to drive a phone, are naturally going to have different requirements than a general desktop/server OS.

So, quit trying to create a gargantuan thing which serves everybody's needs, _poorly_.


Artificial 'black hole' generator fashioned out of circuit boards


Lieutenant, I've got a chunk of absolutely nothing on my scope...

... at

Bearing: 247 degrees

Range: somewhere between our antenna and that mountain chain

Speed: Mach 1.26

Cisco bugs surrender control of building's critical systems


PHB Internet-izing Critical Infrastructure Not Limited to Cisco Equipment

Yeah, this is bad, but . . .

How many "originally-good" HVAC, power, steam, natural gas, fuel-oil, water, lighting, and video-cam systems, equipped with physically-separate-and-dedicated comm lines, have been compromised by PHBs ordering staff to "Hook this [Windows-based, monitoring/control workstation] computer to the Internet, so I can access it from anywhere." ?!!

US Army portaloo-full-of-missiles project for the chop


I don't know, Yogi . . .

Even if it worked, I can see all sorts of ways for this thing to go wrong.

Against a technically-capable enemy, _our_ missiles in flight might become _their_ missiles in flight. (How well are the radio-issued flight commands encrypted? See previous debacle with U.S. un-encrypted video feeds from surveillance drones being intercepted by The Bad Guys.)

If the enemy captures one soldier's laser-designator unit, they have what they need to reverse-engineer the designator system.

And, there's the "free ammo lunchbox" aspect.

Enemy Combatant A: "Hey, what's this?"

Enemy Combatant B: "I dunno, but it says, 'U.S. Army' on it. We should steal it."

ECA: "It could be a Trojan Horse."

ECB: "You're right. We should steal it, bury it in a hole in the desert, and have our experts look at it there, rather than in the headquarters building."

. . .

U.S. Command Radio to the Missing Missile Box: "TK-23, why aren't you at your post?..."

Artillery pieces and artillery ammo can also be stolen and used against you by an enemy, but artillery pieces and ammo are usually accompanied by troops who can defend the position and/or move the equipment (depending on time- and enemy-force-constraints).

Police send Reg hack CRB check database


Spreadsheet Stupidity

An underlying factor in this (and many other) wrongful disclosures is "Spreadsheet Stupidity" --

Part A: People twist and warp spreadsheets so they are used for things they should NOT be used for; and,

Part B: People BELIEVE (due to poor education) that spreadsheets are "where data should live"; they see a row/column display (of any type) and think, "that's a spreadsheet!"

This sort of data has NO PLACE in a spreadsheet!

If a plod needs to look something up, the system should have them look at a database. Even the SQL-ignorant can enter search parameters into a GUI front-end.

Statistical analysis, if needed, can be done via SQL and/or various report generators.


Q. "Bu-bu-but my Big Screen Presentation to the Police Big Cheese!..."

A. Connect your laptop to the secure wired network and to the screen projector. Show your saved-within-the-system, not-on-your-hard-drive-and-not-on-external-media, results.

Q. "Bu-bu-but my Big Screen Presentation to the Police Chiefs Conference in Bermuda!..."

A. The other Police Chiefs have no need-to-know to see DETAIL-level data. Your statistical analysis results (pre-computed before you headed to Bermuda)/Powerpoint can be carried on your encrypted-for-good-measure external media.

Q. "Bu-bu-but my Big Boss wants to see the quarterly stats and I need to email him/her my results..."

A. As with the Police Chiefs Conference, you can send your boss the stats.

Q. "Bu-bu-but Interpol wants to know about Suspect X!..."

A. (This is an instance of authorized, limited-scope data export) Verify that it's an authorized Interpol agent making the request (and not my brother calling you up from a telecoms closet), log the request and authorization details, run the query, and send the agent the results for Suspect X (and NOT the whole god-damned database, and NOT all database records for persons whose last name is "Smith").

WD stage whispers up new AV surveillance drive


Gimme that Ol' Time Head Crash

I couldn't believe what you'd quoted WD as having said, but I looked it up on WD's website, and there it was in their blurb about the AV-25:

"Preemptive Wear Leveling (PWL) - The drive arm frequently sweeps across the disk to reduce uneven wear on the drive surface common to audio video streaming applications. "

Ummm... it's a HARD disc drive, not a floppy diskette. The head is NOT supposed to touch the media surface while the media is spinning -- that's called a "head crash".

Is this some bad, new technology which slowly, lightly, scrapes away the metallic plating in order to eventually degrade the drive's reliability and require its replacement?!

Did WD's marketing droids become confused when creating the "features" list?

Please, let's have some technical evaluation of absurd manufacturers' statements, and additional investigation (perhaps a call to WD HQ?) when appropriate.


Biting the hand that feeds IT © 1998–2021