CrowdStrike did test it, but because of a bug in their validation tool it got a clean bill of health and was released to cause carnage.
Why they can't spin up a VM with something like Vagrant as part of their pipeline is another matter...
46 publicly visible posts • joined 7 Jul 2017
Windows is the abusive partner I've been trying to leave for years, but can't because we've been together so long and only they seem to do some of the things I like.
I didn't even know my PC was being backed up until I created a VM for testing and logged in with my MS account. It offered to restore from my main Windows PC so I did to see what the deal was. It installed placeholders for a lot of the software installed on the "old" PC which might be useful if you're migrating to a new one.
BUT - I didn't opt-in to this and don't want or need it, I've 3rd party software that does a full backup every day. I turned PC backup off straight away and am now getting the unskippables with the "choice" of "join us" or "join us in 3 days".
The old main PC is now an Ubuntu server and the gaming PC multiboots between Windows and different Linux distros to see which tickles enough of my fancies for a long-term commitment.
Open source alternatives and WINE are a lot better than when I first tried them, so the shackles are getting weaker...
Their Guidance Hub was last updated tomorrow morning (showing 2024-07-22 0943 UTC at time of posting), so maybe it is Skynet come from the future to destroy us?
You'd hope that DR plan included a bare-metal rebuild and data recovery after the Wannacry incident, though we all know it usually comes down to budget.
If you happen to be writing a contract for IT services you should specify that *successful* DR tests are required. I've worked at a large company that did it's contractually-obliged regular DR tests but wasn't required to report the results. They failed every time.
"I've had to replace a number of cobbled together customer apps based on Access or Lotus Notes once the number of people using them had grown and they started to fall over."
My twisted mind is picturing staff falling over after too many of these ->
Time for bed...
My first official IT creation was a Lotus 123 file that read in and parsed an EDIFACT file, then produced another for input back into the same system to complete certain orders. Things that weren't physically sent out like warranties.
The second was another 123 file that took supplier and order numbers pasted in from a DB query in Approach and created a macro for the CICS system to automate completing orders. Before that most of the floor became highly paid data entry clerks on Friday afternoons.
The company was quoted my annual salary and 2 weeks for the first and I quoted a week working from home. I got 2 days in a quiet office on another floor. I'd used Scottie's rule of doubling estimates so still got it done.
I made the second because keying in numbers for hours on end every week isn't fun. Got no thanks from TPTB when they found out but a lot from my immediate manager and fellow data entry draftees.
Sometimes you have to cobble things together from what you're given.
Way back in the last millennium I was sent to a warehouse job interview by the unemployment office. The pay was something insulting like "your benefits plus £10 a week" and it was miles away so I really didn't want the job, but had to go or I might lose my benefits.
So I turned up late in a thrash metal t-shirt, ripped jeans and with my long hair down.
The interviewer was so nice explaining why I hadn't got the job and giving tips for future interviews I played dumb and pretended it was all new to me.
Then I got the same job at another branch of the same company closer to home on full pay.
In my experience most companies think they don't need to encrypt data because "To reach it they'd need to break into our network and then we'd be fscked anyway".
It takes time and money to make changes to insecure applications, which cuts into profits, share prices and ultimately exec bonuses.
I worked at a place where several managers left their PCs on every Thursday night because they believed local drives were imaged to "the server" weekly.
I never found this mystical server with enough space to hold a 1:1 copy of every local drive but I did put in an estimate to build one.
My suspicion is someone high up had this hare-brained idea and the IT Mangler played along knowing it was less painful than explaining why it's ridiculous (sending that much traffic over a 100Mb network in a 24x7 operation for a start)
You learn to image disks and for some "special" users you screenshot the desktop because if the icons are rearranged they complain it's broken and refuse to use it.
Happy days!
Years ago my senior mangler told me to get evidence of someone from Sales spending all day on FriendFace* so he could have her sacked. He described her in unflattering height/weight/intelligence terms so clearly a personal rather than professional reason.
Being my boss's boss I had to do as I was told so I did track her internet usage over a week, along with everyone else from the Sales Dept. He didn't like the fact she was the only one *not* spending all day on the site in that office. "Oh they must be updating the company page" was his answer.
She eventually left of her own free will and probably went somewhere that sees getting on with your work as an asset as opposed to a sacking offence.
Said Mangler was a lovely chap, tried recruiting a junior to work under me for much more than I was earning at the time and told me I wasn't worth the going rate when I queried it.
* from that wonderful documentary The IT Crowd but I'm sure you know which I mean
Used to work at a company where server room access was restricted to a few trusted individuals, getting access for new staff could be a nightmare.
One day we found the door propped open because the building manger was "too busy to chaperone" the external maintenance engineer in there, so he was left alone with millions of customer details on the servers.
Needless to say TPTB kept this quite during the ISO27001 audit.
At myself naturally. At school we had safety lectures before being allowed on the pillar drill or lathe.
To be semi-fair she was probably educated in the very un-PC (in both senses) 70's / 80's when anything mechanical not involving cooking / sewing / typing was deemed "not for girles" by the education system and society at large.
Yeah he was off sick my last day to avoid the whole "All the best, here's something we pitched in to show our appreciation" malarkey. Did get presents off the cleaners and HR manager tho, cleaners also brought tea / coffee 3 times a day so IMHO were *the* most important part of the business :)
Heard on the grapevine he blamed me for a ransomware attack months after I left. He convinced the higher-ups he'd phoned me and I'd refused to give him the unlock code so they'd lost all their data. The backups had failed for ages but the procedure to check them daily (you guessed it, pinned to the server cabinet) hadn't been followed since I left.
They're still in business, IT manager was demoted after his boss retired (hmm...) and support is contracted out to a company once owned by a drinking buddy of the MD. Useless new guy is still there and widely regarded as useless.
Icon - to those who've survived IT Hell, to those yet to escape IT Hell, or for the Hell of it!
That only works if they get followed.
Early in my career my boss insisted I create, print and laminate procedures for critical systems for the new guy (moved from office temp to IT support thanks to an embellished CV) to follow when I wasn't around.
One day I come back from buying lunch to office panic.
Boss: (dirty look) The main ISP went down 20 mins ago, why isn't there a procedure to switch to the backup?
Me: (calmly points to laminated procedure pinned to the server cabinet in clear line of sight 6 feet away) You mean like that one?
Boss: Oh. Yeah. Didn't see that.
Me: That you asked me to create and print out?
Boss: Yeah, I didn't..
Me: That you had (non-technical new guy) laminate and pin to the server cabinet?
Boss: We didn't think to look there...
Me: So between the 2 of you it didn't occur to look at the wall of procedures 1 of you told me to create and the other physically pinned up there? You've spent 20 mins doing what?
Boss: (to new guy) Let's follow this procedure as far as we can and use this as an opportunity to improve it.
I then calmly sit at my desk to finish lunch while Tweedle Dumb & Tweedle Dumber work through the instructions. They fix the problem quickly then Boss decides to pick it apart with awkward "what if" questions. The answer to each was "It's in the procedure, read all of it"
Luckily years of family tech support taught me to write for non-technical folks. The new guy had a post-it with the AD admin password on his monitor and the manager couldn't see why that was a problem in an office with high staff traffic, so not exactly IT professionals.
My 2nd best day working there, runner up to the day I left :)
Tea bags? Cup-a-Soups? Pah!
Worked at a certain outsourcer that decided toilet paper and soap were optional luxuries. For months we were encouraged to use the facilities at a nearby supermarket. Talk about pushing staff to not give a shit!
You often had an early lunch if you needed to go or risk a stomach upset, not something you want in a building where the remaining soap was so watered down it was homeopathic.
According to their marketing it's manufactured in China to German standards, even seems to be a selling point. The server that holds all tracking data is housed in Germany. I hope the security is better than the watch.
I don't even know all the people on my street, let alone the closest 350,000.
The guy must be pitching at naive parents who don't understand that a "Smart Watch" shouldn't have what their blurb boasts is a "Traditional Analogue Watch Face to Hide away the High Tech Construction".
It also says you can track almost to the meter, which is somewhat at odds with his 500 meter range defence.
Plus any kid can leave the tracker at a friend's house if they're going somewhere they've been told not to.
Still, I'm sure their Safe Kid Two is much more secure, it has a pedometer.
I worked in a small engineering company about 10 years ago and they had a DOS machine running a specialist software package linked to a handheld colour scanner in the QC dept (I'm thinking spectrometer but not 100% sure).
Until it broke one day I didn't even know it existed, no network connection so it never showed up on scans.
The HDD had some bad sectors which a VCR scan with remap fixed and it booted back up. I recommended an upgrade but the software cost was in the £thousands so no go. I did P2V into VMWare Player just in case though.
They probably still use it.
My 80-odd year old Nan saw through the "please ring straight back" scam and she's never used a computer in her life. She realised there was no ring tone when she called the number and the same voice answered, so she played dumb and pretended she couldn't find her glasses to read the card details they asked for.
The other scam someone tried on her was a supposed call from the police who wanted her to go to an ATM immediately because someone was stealing her money and they needed her there as a witness or they couldn't prosecute. She quite rightly thought it was nonsense and pretended she had mobility problems and would wait for her son to bring her down. She might have mentioned kickboxing.
Being non-technical doesn't automatically make someone fall for these scams just as knowing how to play tunes using a dot matrix printer doesn't make you immune.
Comment from a colleague after a particularly taxing time with the guy in charge of sales at an old job.
Amongst his support calls:
"I've saved an attachment and it's disappeared, it's really important come down now and fix it" - Saved a PDF and was trying to open it through the Excel file open dialog.
"I've an Excel sheet with figures and I want an answer at the bottom"
"What kind of answer? A total? Average?
"I don't know, I just think it should have something at the bottom"
Also a doomed project to work out the profit on all products:
"OK, so how do you work out profit now?"
"Well, I know we sell it for this amount and I've decided we'll make 2% profit so I divide the sales price by 1.02 and that tells me what it costs to make"
"Riiight..."
"Then I take off the material costs which gives me the machining costs"
"OK... but aren't the machining costs fixed? I mean running the same machine for the same amount of time must cost the same every time"
"Well no because if I decide to sell the product at 5% profit then I divide the sales price by 1.05 and the cost to make it goes down. The materials cost the same so the machine time must cost less or the figures don't add up"
I think the last one sent said colleague over the edge.
"Datacentres are built around redundance; offsite locations, backup, power supplies etc so what is really happening here when entire banking systems go offline."
Erm... hands up anyone who knows a datacentre that charges for resilience but can't provide it.
Prefix that with "Good" and I agree completely.
Outsourcing usually comes down to a complicated lowest bidder / jobs for the boys formula that doesn't include quality. Over the years I've come across so many clangers from these bargain-basement companies that I'm sure they just drag random people in from the street to implement critical projects dealing with people's lives/health/money/future.
Sadly I can't post any without being identified at work and I'm not quite ready to retire...
@JamesPond - it's not just tiny local companies, I've dealt with huge national and global IT companies that struggle beyond "My password needs resetting" including a very big blue one.
> You can believe that all you want but I know for certain that a major non-banking player in the UK held plain text passwords because I manipulated them into telling me what my password was.
The password could be stored using reversible encryption, PCI compliance allows this for card numbers which don't change often if at all.
Of course the "encryption" could just be strrev() or Igpay Atinlay and nothing excuses giving out passwords. Bad major non-banking player!
I was once at a friend's wedding where my boss's boss was also attending. He jokingly said my name was mud because the firm was have problems during stock take and I wasn't answering my phone. Bit selfish I know but this was the middle of 2 weeks leave, the bosses knew about the wedding because the bride worked at the firm and it was my birthday.
Turns out the stock take program crashed and in some attempt to get at the data the IT manager had dismantled the barcode scanner, pressing too hard while unscrewing the back and pressing the hard reset key combination so a factory reset ensued.
It was still on my desk when I got back along with the notes he'd made chronicling my part in this debacle - "3pm not answering phone". I think you can guess what time the couple took their vows and why I didn't answer my phone.
The couple are still happily married and I'm happily not working there any more.