Been running this anonymously for a few days, had no idea El Reg had a team.
Running in a tower with a GTX 1050 Ti the fan is hardly noticeable on medium. Quadro in the work laptop is though!
36 posts • joined 7 Jul 2017
In my experience most companies think they don't need to encrypt data because "To reach it they'd need to break into our network and then we'd be fscked anyway".
It takes time and money to make changes to insecure applications, which cuts into profits, share prices and ultimately exec bonuses.
I worked at a place where several managers left their PCs on every Thursday night because they believed local drives were imaged to "the server" weekly.
I never found this mystical server with enough space to hold a 1:1 copy of every local drive but I did put in an estimate to build one.
My suspicion is someone high up had this hare-brained idea and the IT Mangler played along knowing it was less painful than explaining why it's ridiculous (sending that much traffic over a 100Mb network in a 24x7 operation for a start)
You learn to image disks and for some "special" users you screenshot the desktop because if the icons are rearranged they complain it's broken and refuse to use it.
Years ago my senior mangler told me to get evidence of someone from Sales spending all day on FriendFace* so he could have her sacked. He described her in unflattering height/weight/intelligence terms so clearly a personal rather than professional reason.
Being my boss's boss I had to do as I was told so I did track her internet usage over a week, along with everyone else from the Sales Dept. He didn't like the fact she was the only one *not* spending all day on the site in that office. "Oh they must be updating the company page" was his answer.
She eventually left of her own free will and probably went somewhere that sees getting on with your work as an asset as opposed to a sacking offence.
Said Mangler was a lovely chap, tried recruiting a junior to work under me for much more than I was earning at the time and told me I wasn't worth the going rate when I queried it.
* from that wonderful documentary The IT Crowd but I'm sure you know which I mean
Used to work at a company where server room access was restricted to a few trusted individuals, getting access for new staff could be a nightmare.
One day we found the door propped open because the building manger was "too busy to chaperone" the external maintenance engineer in there, so he was left alone with millions of customer details on the servers.
Needless to say TPTB kept this quite during the ISO27001 audit.
At myself naturally. At school we had safety lectures before being allowed on the pillar drill or lathe.
To be semi-fair she was probably educated in the very un-PC (in both senses) 70's / 80's when anything mechanical not involving cooking / sewing / typing was deemed "not for girles" by the education system and society at large.
Yeah he was off sick my last day to avoid the whole "All the best, here's something we pitched in to show our appreciation" malarkey. Did get presents off the cleaners and HR manager tho, cleaners also brought tea / coffee 3 times a day so IMHO were *the* most important part of the business :)
Heard on the grapevine he blamed me for a ransomware attack months after I left. He convinced the higher-ups he'd phoned me and I'd refused to give him the unlock code so they'd lost all their data. The backups had failed for ages but the procedure to check them daily (you guessed it, pinned to the server cabinet) hadn't been followed since I left.
They're still in business, IT manager was demoted after his boss retired (hmm...) and support is contracted out to a company once owned by a drinking buddy of the MD. Useless new guy is still there and widely regarded as useless.
Icon - to those who've survived IT Hell, to those yet to escape IT Hell, or for the Hell of it!
That only works if they get followed.
Early in my career my boss insisted I create, print and laminate procedures for critical systems for the new guy (moved from office temp to IT support thanks to an embellished CV) to follow when I wasn't around.
One day I come back from buying lunch to office panic.
Boss: (dirty look) The main ISP went down 20 mins ago, why isn't there a procedure to switch to the backup?
Me: (calmly points to laminated procedure pinned to the server cabinet in clear line of sight 6 feet away) You mean like that one?
Boss: Oh. Yeah. Didn't see that.
Me: That you asked me to create and print out?
Boss: Yeah, I didn't..
Me: That you had (non-technical new guy) laminate and pin to the server cabinet?
Boss: We didn't think to look there...
Me: So between the 2 of you it didn't occur to look at the wall of procedures 1 of you told me to create and the other physically pinned up there? You've spent 20 mins doing what?
Boss: (to new guy) Let's follow this procedure as far as we can and use this as an opportunity to improve it.
I then calmly sit at my desk to finish lunch while Tweedle Dumb & Tweedle Dumber work through the instructions. They fix the problem quickly then Boss decides to pick it apart with awkward "what if" questions. The answer to each was "It's in the procedure, read all of it"
Luckily years of family tech support taught me to write for non-technical folks. The new guy had a post-it with the AD admin password on his monitor and the manager couldn't see why that was a problem in an office with high staff traffic, so not exactly IT professionals.
My 2nd best day working there, runner up to the day I left :)
Tea bags? Cup-a-Soups? Pah!
Worked at a certain outsourcer that decided toilet paper and soap were optional luxuries. For months we were encouraged to use the facilities at a nearby supermarket. Talk about pushing staff to not give a shit!
You often had an early lunch if you needed to go or risk a stomach upset, not something you want in a building where the remaining soap was so watered down it was homeopathic.
According to their marketing it's manufactured in China to German standards, even seems to be a selling point. The server that holds all tracking data is housed in Germany. I hope the security is better than the watch.
I don't even know all the people on my street, let alone the closest 350,000.
The guy must be pitching at naive parents who don't understand that a "Smart Watch" shouldn't have what their blurb boasts is a "Traditional Analogue Watch Face to Hide away the High Tech Construction".
It also says you can track almost to the meter, which is somewhat at odds with his 500 meter range defence.
Plus any kid can leave the tracker at a friend's house if they're going somewhere they've been told not to.
Still, I'm sure their Safe Kid Two is much more secure, it has a pedometer.
I worked in a small engineering company about 10 years ago and they had a DOS machine running a specialist software package linked to a handheld colour scanner in the QC dept (I'm thinking spectrometer but not 100% sure).
Until it broke one day I didn't even know it existed, no network connection so it never showed up on scans.
The HDD had some bad sectors which a VCR scan with remap fixed and it booted back up. I recommended an upgrade but the software cost was in the £thousands so no go. I did P2V into VMWare Player just in case though.
They probably still use it.
My 80-odd year old Nan saw through the "please ring straight back" scam and she's never used a computer in her life. She realised there was no ring tone when she called the number and the same voice answered, so she played dumb and pretended she couldn't find her glasses to read the card details they asked for.
The other scam someone tried on her was a supposed call from the police who wanted her to go to an ATM immediately because someone was stealing her money and they needed her there as a witness or they couldn't prosecute. She quite rightly thought it was nonsense and pretended she had mobility problems and would wait for her son to bring her down. She might have mentioned kickboxing.
Being non-technical doesn't automatically make someone fall for these scams just as knowing how to play tunes using a dot matrix printer doesn't make you immune.
Comment from a colleague after a particularly taxing time with the guy in charge of sales at an old job.
Amongst his support calls:
"I've saved an attachment and it's disappeared, it's really important come down now and fix it" - Saved a PDF and was trying to open it through the Excel file open dialog.
"I've an Excel sheet with figures and I want an answer at the bottom"
"What kind of answer? A total? Average?
"I don't know, I just think it should have something at the bottom"
Also a doomed project to work out the profit on all products:
"OK, so how do you work out profit now?"
"Well, I know we sell it for this amount and I've decided we'll make 2% profit so I divide the sales price by 1.02 and that tells me what it costs to make"
"Then I take off the material costs which gives me the machining costs"
"OK... but aren't the machining costs fixed? I mean running the same machine for the same amount of time must cost the same every time"
"Well no because if I decide to sell the product at 5% profit then I divide the sales price by 1.05 and the cost to make it goes down. The materials cost the same so the machine time must cost less or the figures don't add up"
I think the last one sent said colleague over the edge.
"Datacentres are built around redundance; offsite locations, backup, power supplies etc so what is really happening here when entire banking systems go offline."
Erm... hands up anyone who knows a datacentre that charges for resilience but can't provide it.
Prefix that with "Good" and I agree completely.
Outsourcing usually comes down to a complicated lowest bidder / jobs for the boys formula that doesn't include quality. Over the years I've come across so many clangers from these bargain-basement companies that I'm sure they just drag random people in from the street to implement critical projects dealing with people's lives/health/money/future.
Sadly I can't post any without being identified at work and I'm not quite ready to retire...
@JamesPond - it's not just tiny local companies, I've dealt with huge national and global IT companies that struggle beyond "My password needs resetting" including a very big blue one.
> You can believe that all you want but I know for certain that a major non-banking player in the UK held plain text passwords because I manipulated them into telling me what my password was.
The password could be stored using reversible encryption, PCI compliance allows this for card numbers which don't change often if at all.
Of course the "encryption" could just be strrev() or Igpay Atinlay and nothing excuses giving out passwords. Bad major non-banking player!
I was once at a friend's wedding where my boss's boss was also attending. He jokingly said my name was mud because the firm was have problems during stock take and I wasn't answering my phone. Bit selfish I know but this was the middle of 2 weeks leave, the bosses knew about the wedding because the bride worked at the firm and it was my birthday.
Turns out the stock take program crashed and in some attempt to get at the data the IT manager had dismantled the barcode scanner, pressing too hard while unscrewing the back and pressing the hard reset key combination so a factory reset ensued.
It was still on my desk when I got back along with the notes he'd made chronicling my part in this debacle - "3pm not answering phone". I think you can guess what time the couple took their vows and why I didn't answer my phone.
The couple are still happily married and I'm happily not working there any more.
Biting the hand that feeds IT © 1998–2020