Category: Information Technology

The Old Gray Mare Ain’t What She Used to Be

The Old Gray Mare Ain’t What She Used to Be

This might seem like a blog about horses or livestock but we will be talking about technology, and how to breathe new life in to your old computers.

In 1946 they designed the ENIAC to be the end all be all in technology.  Twenty minutes of Computer time would replace over 240 man hours where calculations were concerned.  The economic model fell apart with the amount of man hours needed to maintain the computer, not to mention the parts, ‘tubes’ and the energy needed to power it.  

Today in this modern era of technology we have something known as Hardware Asset Management.  If your CIO gives you a blank stare if you talk with him or her about it, consider hiring a new one.

CFO’s hate surprises. Without asset management one quickly learns there are no good surprises in business.

The modern day desktop has a life cycle of five years and the laptop, three.  What if there was a way to extend that life cycle for a minimum investment?

They rate components in computers in something known as MTBF or Mean Time between Failures.  Notice that does not ‘if it fails, but when.’

Looking at the different components within a computer, one of the most fragile and arguable important is the hard drive.  Next would be the power supply, and any moving parts, which would be the fans, drives and cd-rom.

How do we mitigate this to an acceptable level of risk, and push the envelope out one to two or more years?

Normal physical maintenance should be at the top of every ‘engineers’ duties.
·         Visiting with the users looking for clues about what they are dealing with.
·         Visual inspections of how the machines are installed and cared for.
·         Regular dusting of the CPU and other fans looking or listening for bearings, etc.
·         Frayed cables or broken tabs on network cables.
·         Non-authorized software.

Managers of those individuals should be mindful of updates, security and so on.  License compliance is part of Software Asset management and not in the scope of this document.

Now what about extending the life cycle of a computer?

The secret is SSD drives.  As developers constantly up the requirements for applications to perform, we cast aside perfectly viable computers for newer hardware.

What if? 

What if we could solve some of those issues with a simple upgrade? SSD Drives are under $100 for a Terabyte drive.  A disk duplicator cost around $40 or certainly less than one hundred dollars.

Taking out the hard drive, placing it in the source compartment of the duplicator and the new SSD drive in the target; in 4 hours’ time you have a solid state drive that is no longer subject to accidental jars such as in laptops.  More importantly than this, is the speed issue.  You also have a perfect clone of the original meaning, you have a backup should something happen.

SSD drives are much faster than regular hard drives and there are no moving parts.

The laptop I am writing this on, was a retired HP with an I 3 processor and 6 gig of ram.  One $100 drive later this laptop performs like a new one.  Yes, the Office applications are still 2010 but, I have Windows 10 and it runs just fine.
Boot up time went from over three minutes, to under thirty seconds.

Application loading time is incredible and if Windows needs to swap, it is swapping to memory and not a slow hard drive.

Bottom line, I have a perfectly good laptop pulled from the retirement pile, for $100 and four hours of my time.

Since the copy process is automatic, you put the two drives into the machine, hit copy and go do something else until it is finished.  Actual human hours involved were less than 20 minutes.
The old Gray Mare now is running like a colt, and I can save the money I would spend on a laptop and new software for something else.

For an individual this is an easy decision to make.  Multiply this by ten or a thousand employees.  Could your P&L use the extra boost?

Like always, I am a consultant and would be happy to visit with you about how you are doing business, and if there are ways to improve upon them.

Bio:
I was working with computers before Bill Gates was a household name, and Steve Jobs was still a criminal working out of his garage, designing and building ways to scam the phone company.  I met him while supporting Next Step Computers during one of my jobs years ago.
From before ‘Al Gore’ invented the internet, to performing disaster recovery strategies for large and small companies, I stay active. Reach out to me on Linked In, or through this blog.
-Best

 

Is the lowest price always your best option?

Is the lowest price always your best option?

 

From time to time, I share with you pearls of wisdom learned through the school of hard knocks.

We all do it.  We look for the best price on things from hotels to rental cars to stuff.  Consumables like food from reputable sources you might do better at a big box store.  When shopping for groceries, I pay attention to coupons vs., the added luxury of services that are offered.

Some stores are pushing the industry of shopping for groceries on-line. They do this by one checker open while ‘nudging’ you to take your selections to the self-checkout, which rarely work correctly.

Sam’s has probably one of the better systems. Using the bar code reader, one can efficiently facilitate their purchase, and I would add a giant asterisk to this statement.  I know few people who want to price, bag and pay for their things, only to be stalled exiting the building, waiting in a long line for some person to take forever to do an inventory of your items, and all of those people in front of you.   This, to me, is a bridge too far, especially when I already pay a membership fee.  All things considered, I will not renew.

While big-box stores killed the mom and pop businesses, so too will the likes of Amazon and other online services, kill bricks and mortar establishments?   The impetus for doing such things comes down to the P&L and morons seeking 15 dollars an hour salaries for entry-level jobs.  They obviously have stopped teaching economics in school, and they surely have stopped teaching critical thinking.

 

In my line of work, I provide several services.  One of them which is the reason for this blog is File Date Stamps.  I also offer other legacy products to municipalities and other businesses who use such things. I serve a dying industry, as we move to do everything electronically.

Leaving forensic computing and disaster recovery my next items to push, those two are also outsourced to other countries who can exploit people without unions and protestors to raise hell.

The Rapidprint and Widmer products have been around for well over thirty years.  Both are robust machines that serve many customers.  With minor attention to replacing ink ribbons and not knocking the things on the floor, they require little maintenance.  Some customers who use these hundreds of times a day, however, cause wear and tear that at some point needs to be addressed.

The year wheel last ten years and I have replaced year wheels in the same machines three-times and counting.  Where else can you purchase a machine that lasts over 30 years?

As a highly trained engineer, my company handles thousands of these clocks in a service capacity.  The catch is this.  Companies must make a profit, or we will not be around to service them.  I could teach someone how to repair them in hours, what takes decades is knowing from the very feel of the wheels if they are right or not.  From the look and sound of the imprint, I can tell you what is going on.  That expertize takes years.

I know of a customer through one of my vendors who purchased a machine online, at some cheap price.  The dealer is responsible for the warranty issues per our contract with the vendor.  That is part and parcel of how this all works.  They allow us a discount, and we must absorb the cost incurred with warranty issues… from the machines we sell!

This customer purchased this machine from some internet-only dealer and had an issue and was told to deal with the vendor.  Nope… not the way it works, and they were not happy.  I don’t blame them but… they looked for the lowest price and not reputation. Sending it to another vendor for repair, eating the cost, the machine broke once again sometime later.

Without going there to see if it is something they are doing, vs. a botched repair job, the vendor would have little way of knowing.  Offering to repair it for them at no charge, the customer balked at the cost of shipping it back to them.

Contacting me, who is in Texas, I told them I would provide the service at no charge, even though I did not sell the machine.  The idea behind that decision is to take care of the customer, and have that customer from then on.   Word of mouth is how I grow my business.  Can I do that for everyone… no?

Doubling down on the $20 shipping charge to get it to me, they are now in some stalemate.  The vendor offering to assist them did not sell it to them, and it is not even their brand of equipment. This vendor goes well out of their way to help customers with the same goal in mind, turn them into their customers.

The original seller is who they should be contacting, but of course, they don’t provide any service, so the customer’s ‘good deal’ has backfired, even though another vendor and I have offered to rescue them from their dilemma.

Is it wise to purchase a machine from some internet vendor that does not provide service?

“Do you feel lucky???”

A word about shipping…

Having intimate knowledge of the different carriers, your package, whether it is diapers or light bulbs, is dropped up to six feet several times during its voyage from the dealer to you.  The heavier the parcel, the more likely it is to be damaged.

As a rule, I insure packages sent by me.  I have had them crushed in the process.  One machine which was packaged in the factory shipping box, had the metal casting broken.  The problem is most customers are not aware of the claims process.

If you get a packaged that appears damaged, take pictures of everything before you open it, and then through the process.  If there is damage to the ‘item,’ you will need those pictures along with the original packaging to file a claim and get reimbursed.

On rare occasions, the jostling of the machine through the shipping process can cause internal damage.  If your new or repaired device does not function straight out of the box as intended, there is a good chance that in the process the ‘500-pound Gorilla’ got too exuberant.  Machines sent from my shop are bench tested for two weeks before they are shipped.  My percentage of warranted returns is less than 2%, and in every instance, it was due to shipping and handling issues.

In known bad areas of the country, I will double box the machine.  Please let us know if you suspect your postage, UPS or Fed X handlers employ the proverbial gorilla.  The cost of double-boxing is minimal, considering the frustration of getting a broken machine back from a sale or service.  We have all seen the video where the delivery person launches your package toward your door from over twenty feet away and leaves.  Those warehouses are hot or cold, and those people don’t have too much skin in the game.  Much like the baggage handlers at the airport, they don’t seem to care.

If you are in Louisiana, you probably remember this event from the picture above.

We very much enjoyed meeting those of you that were there and look forward to serving your needs without pestering you.

We are planning a tour of your state in the upcoming months.  Please take a look at my site for products and or services and let me know if you would like a visit.  www.timedok.com  Unlike most, I will not bother you if you don’t need what I offer.  As a businessman, I too have to screen calls and ignore the 866 numbers.

Most of my customer base is word of mouth, and that bodes well for what I do.  I will go the extra mile for my customers… If you would like that kind of service, check us out… It is DOK with a K!.

 

Cheers!

Is Buffoonery the new American Norm?

Is Buffoonery the new American Norm?

 

“Doctor, when I do this it hurts.  My hair is thinning, and I am tired all the time.”

“Is that all?”

“Yes, other than this strange growth on my neck. What can you give me to make it better?”

“We must run some test first to see if these symptoms are related and then figure out what is causing them.”

“You doctors are all alike, you just want to run my bill up with unnecessary test, so you can make a car payment or even a house payment.  Just prescribe something, and I will be on my way.”

The patient in the above dialogue is a Buffoon.

Oddly enough, I get this same kind of rhetoric when I am called out to come up with a disaster recovery plan and discover that they have many other issues.

“Do you think you can fix these issues we are having?”

“What are some of the issues?”

“Computers drop off the network for no reason.  Printers often don’t get their print jobs, we think it is the printer, so we keep calling Cannon out, but they never fix it! The internet is slow and sometimes unresponsive.  Our phones don’t always work.  The phone vendor keeps telling us it is not his problem but you know those vendors, get your money and then forget they know you.  My lead guy tells me we need more internet bandwidth, would that fix it?”

“It sounds like you have some serious issues, when would you like me to start?”

“Start?  Just go push the right button and fix it!  How long will it take?”

“It depends on what I find.”

“What do you charge?”

“$125 an hour unless you would like to have me out here on a contract for a set amount of time.”

“What would you charge if I contract with you for two hours.”

“$250, (and it may be more if I have to deal with stupid nonsense like this, while I am working.)

“Truly I get this kind of stuff from CIO’s no less.”

The old joke about a thousand dollars regarding kicking a computer to make it work is just a joke.  While that might end up being the final diagnosis (which I doubt), this is a mindset from those who have no idea of what they are talking about.

Truly if it is from someone outside of IT, it is not their fault. Their job is to run the company, turn a profit or drive the business to produce more of what they do.  It is not to run IT.  Now if the CIO has this dialogue with you as a consultant then you have issues.

Some people are in high up positions because of who they knew and not what they knew.  Some are there because their parents own the company.  I personally try to stay out of situations like that because it hardly ever ends well.  I have done it many times in the past.  One of the most frustrating things is working for a guy “CIO” who did not even have a computer at home.  He knew little about computers or technology other than green screen 5250 stuff as a programmer, using RPG or Cobol.

When I walk in your door to resolve an issue or create a disaster recovery plan, there are things that I want to see.

  • Up to date network map.
  • A runbook
  • I will want to see the recent logs from the servers.
  • I will want to see your notes from the change control committee. (living document)
  • I will ask about your issues from the past to current. Are there pain points and what are they?
  • I will want to know what you would like to see as a deliverable. (an end goal)
  • I will want to know about your business model, so I can best position you for the future.
  • I will ask about the age of the hardware and what your hardware asset management looks like.
  • I will also want to know the same about your software. S.A.M.
  • I will want to see the licenses for the software that you have and I will want to see where the software is and when, if ever was it updated.

If you asked your CIO for these things, could he provide them?

As the CEO, ignorance is not an option.  There are seldom good surprises in business.

There are many other things I will want to have handy before I even begin to diagnose, troubleshoot or create a disaster recovery plan.  One of the most effusive displays of frustration from a client was when I discovered through digging that someone had spliced network cable improperly and it would need to be replaced.  Cat 5 to Cat 3 no less.

Yes, I will want to know about the cable plant. Was it installed all at one time or has it evolved over the years?   When you climb into the overhead ceiling to find a gob of electrical tape or even scotch tape holding network cable together, that will make your blood run cold.  If they are that stupid or cheap unless they are under new management or are willing to hand you the checkbook, you probably should just walk away.  Life is too short.

When I talk with potential customers, I can get a sense of their knowledge level quick enough.  How is that done?

I was in data processing long before Bill Gates was a household name.  Steve Jobs was still a criminal selling blue boxes made in his garage and CPM was the operating system.  What I do is not cheap but, it is worth it.  Most companies that have a disaster if not resolved within three days go out of business.

“We live in Dallas Texas, what kind of disaster could we have that would put us out of  business?”

The disaster that I see the most often was caused by employee error.  I do a risk assessment as part of the deliverable which many companies need for their insurance provider.

Now that we are in 2018 is this the year that you pay attention to your network and other infrastructure?  Is this the year that you look at security both digital and physical? “yes, I do that too.”

If you like my blog, please consider following me.

-Best

 

When Should You Replace Equipment and Why

When Should You Replace Equipment and Why

 

 

Today I thought I would talk about a subject that is near and dear to the hearts of most CFO’s.  Money and budgets.

 

In the IT ARENA as it were all hardware has a lifespan.

 

  • Desktops 5 years
  • Laptops 3 years
  • Tablets, PDA’s and phones about 2. *

 

HAM or Hardware Asset Management is close cousins to SAM or Software asset management.

Many that I deal with in this industry are loath to do either of these.

 

Why?

What seems so intuitive to a business minded person is out in left field to the IT Manager.

 

While most hardcore IT people will undoubtedly have the updated newest most magnificent PC at home, they will be loath to keep the hardware at work current.  Either budgetary constraints, lack of planning on their IT staff, laziness or foolishness on managements parts while keeping the dinosaurs alive.

IT is a moving target.

One of my clients was experiencing a strange anomaly on one of their machines.  I was there for other reasons, and they ask me if I had ever seen anything like it.

 

On occasion, the mouse pointer would change with some strange addition to it, making the original tip Indistinguishable from where it should be pointing.

 

Nobody has seen everything and the same is true for me.  Offering my services, as they did not have the time for this, I did the usual stuff.

After hours of doing my routine including removing the hard drive and running scans on it outside of its operating system, the problem looked more and more like hardware.  Faulty graphics adapter perhaps.

After moving the PC into the shop, the problem disappeared.

Going back to the work area where the PC was, under the desk was an old UPS.  Taking the UPS into the shop and checking it out, I soon discovered that the sine wave of 60 cycles was anything but clean and, it was not holding the right voltages even though the battery was good.   Upon further investigation, I learned that they had a routine of replacing batteries in old UPS’s and putting them back out.

Putting a new ups under the ladies desk, solved the problem.  It was a $79 solution which should have been automatic.

I don’t want to go into the weeds here, but electronics have a lifespan.  Things called MOV’s for one (metal oxide Varistor) are sacrificial devices that are designed to clamp power spikes keeping them from going downstream, in this case, into your PC and monitor.  They have a finite lifespan.

UPS’s or Uninterruptable power supplies are insurance.  When the battery dies, replace them.

Recycle them after you remove the battery and dispose of it accordingly.   I would bet that all over every office building they have surge protectors that are no longer functioning.  For the same reason, they too have an MOV across the 120V AC line.  They die!

I have written about PC’s lifespan before, so I don’t want to repeat myself.

Hardware Asset Management protects the company in many ways.

You should never put an old machine at someone desk having them limp by with a clunker when they need a Corvette. The software today is memory and CPU intensive with the ever growing demands of anti-virus software and the numerous updates, it is worse.

Soft dollars are real.  If you have employees that cannot work because their network is down, that is real money!

Employing a good software deployment strategy along with keeping the same model of machine in the business is wise, and worth looking into.

Software and Hardware management are critical pieces of a business strategy.

One client I had, bought whatever was on sale on New Egg.  Support was a bloody nightmare and oh by the way, why do you think it is on sale?

Always purchase from a VAR, and build that relationship with them.  You may need them one day!

Leasing vs. owning is worth looking into for many reasons.  Bottom line, you change out the PC’s every few years, and you get the same PC to support throughout the company.

The clunkers end up on eBay and eventually, someone somewhere will be playing solitaire on it.   Today’s Corvettes are tomorrow Clunkers, simple truth! 

Depending on the size of your company software licensing needs to be evaluated and care taken to make sure that you are in compliance. An enterprise license is excellent to have if you are large enough. Software and licensing are evolving daily it seems, with lease being the operative word.  Subscription services much like antivirus software is commonplace, ensuring a revenue stream for the developers.

Gone are the days of buying a box of software with a few floppy disk and using it forever.

I was visiting some friend when I saw an old 486 computer sitting on his mother’s desk.

My first computer was a Kaypro, and I went through the 8088 @4.7 mhz to GHz and beyond.  To see the old 486 running with Solitaire on the screen and windows version three, you could see the mindset and how it evolved.

I recently trashed (recycled) a bin full of disks with programs, backups, and god only knows what all.  The next week I tossed an entire bookshelf full of technical books from Novell to MSCE windows NT stuff.  Thousands of dollars and hundreds of hours studying in the bin.  SAD

Your PC is not too dissimilar from your car.  You don’t buy it as a thing but as a resource. When your vehicle starts to spend more time in the shop than on the road, you trade it in.  The same is true of your PC, Laptop and the rest.

Somewhere in my closet I still have a 16mg stick of memory that I paid over $500 for back in the early 80’s.  $500 back then was a lot of cash.  The stick of memory is nothing.  What it did for me was why I bought it.

If you are not connected to the internet as long as you can keep your 486 running, and it does what you need it to do, it is viable.  If you still have a copy of lotus 123, you too can relive the days of / .. 🙂

 

*  2 years on the average portable device is recommended because they are portable, and often dropped.  If you budget 2 years, you can indeed budget correctly.

 

If you find my blogs helpful or entertaining, please follow me.

 

-Best

Why should you use Rent-A-Geeks for your disaster recovery drills?

Why should you use Rent-A-Geeks for your disaster recovery drills?

 

The pushback I get on this one topic is phenomenal.  Their IT people who know their boss better than I, always question the need for a disaster recovery audit in the first place.

“I Get it!  To them, that is synonymous with taking your shoebox full of tax information to the IRS and asking them for an audit. Please let me suffer through an audit because I love pain!”

So who in their right mind would do it?

I can think of no better argument than Puerto Rico.  That island was wiped off the map.  They have no power grid left.  They have no data communications and let’s face it; It will take years for them to recover.

I had customers there, but I bet that those businesses may no longer be viable.

They are requesting of all things truck drivers, among their many lists of needs.  Why?

Their truck drivers were affected by the buss’s called Irma and then Maria.

I am speaking to the owners of businesses with this next sentence. “Folks, your IT guy that tells you that you don’t need an outside firm or audit, is setting you up for disaster.”

Objectivity is essential.  You need an honest assessment by someone who does not have a dog in that fight.

If a team of rent-a-geeks cannot restore your company at a warm site, the DR plan that you think you have is worthless. It may satisfy the ISO folks or the other government or banking or insurance companies, but the sad truth is, in an actual Disaster your people may not be around to add their collective knowledge to the process.

One client did not even look at one I prepared for them.  When I asked if he wanted to go over it he shook his head.  “No, I just need something for the auditor to show that we have one.”

My reports go to you the customer, nowhere else.  My recommendations are put forth in a clear, concise manner that you will not need your IT guy to explain to you.  Read and understand my blogs on the topic and then ask the critical questions.  If you hold your SA’s feet to the fire or your CIO’s feet to the fire, you will far better off than most of the firms I deal with.

One firms CIO that I worked with was not suited for desktop wizard much less the end all be all guru of all things technology.  Now if numbers are what interested the CEO, this was his guy.  He could pinch a nickel with the best of them. “Penny wise pound foolish,” should be on this man’s card.

It does not take an Irma or Maria to sink your business.  It only takes a Ted or Bob or a fire of some small part in the computer room to decimate your company.  Assume nothing!  Do you have the right employees doing the job?

Pray for our brothers and sisters in Puerto Rico, and if you have the ability, you might consider donating something to some of the excellent organizations who are working so hard to bring some relief to those affected.

Having lived through Alicia, I would not wish that on my worst enemy.

 

-Best

 

 

What If?

What If?

Every day someone finds something.  This day was no exception.  The more creative the attack the more interesting the day.  If you call that number they try to get you to give them $199.00 to unlock your computer.

You can send me some money if you like but, here is the fix for this…

CTL ALT DEL , task manager, kill the process, aka browser and then do not restore the page when you reload the browser.

I am not affiliated with CCleaner but I sell a heck of a lot of it for them.  Install it and let it clean your browser after every use.  $25 a year and damn well worth it!

As one might use an explicative to emphasize a point, I often use a somewhat tawdry analogy for this purpose.  Surfing the web with inadequate anti-virus software is like “hooking up with a stranger” without using protection.   Not only is it idiotic, but dangerous!

Having been in Data Processing, or the IT business since before Steve Jobs or Bill Gates was a household name, I know a thing or two.  The scars on my back are from arrows taken in the trenches of digital mayhem. This bedlam was caused by such things as bosses wanting to be on the bleeding edge, to software not ready for prime time, been there done that.

Free antivirus software is not worth what you pay for it!  

The best security software is going to have a price or cost to it.  Why?  It takes many engineers, coders, and much research to create and maintain a massive program like anti-virus software.  Who is going to do that for free?  More importantly, why?

While someone might write an app for free, to get their name out there; anti-virus software takes a village.

Much like hiring someone to sell your home, you don’t hire someone who does it part-time or as a hobby. If you want to get something done, give it to a busy person.  If you want to sell your home, hire someone who’s lively hood depends upon them being successful.  You want a secure computer, hire or purchase the product with the most to lose if it fails.

There is much more to the process of considering which product to purchase but, free is not a reason.  I would argue that free is a cause to eliminate that choice.

The reality is that the internet has become the wild west.  The bullet that finds you can come from almost anywhere. Every company that uses computers should have a security officer.  His or her job should be to focus their attention on threats out there and the best way to keep them from affecting that company.

I find it surprising that politicians are screaming about Russian hacking of our computers.  What the hell do you expect?  You just assume that someone with a certification gives a damn!?

What worked in 1982 does not work now.  Having a “PC Wizard, or your grandchildren” working for you is tantamount to a trapeze act, blindfolded and working without a net.  Insurance companies and credit card companies are now aware of this and demanding your strategies to be secure in the world of cyber threats.  They should audit you, and they should hire folks like me who know what to look for.

White Hat hacking allows us an inside look at what one might expect.  We learn many ways to infiltrate a company.  The same applies to the TSA in homeland security.  While I would probably choose a job to be that guy that test the security systems of the homeland, airports and such, it is much easier to check companies.

The first thing I must do is understand you.  More importantly, know that entity many of us in the biz call “users.”

Too many infiltrations are accomplished with something called click bait.   “Ten pictures that should never have been made public…” With half a picture of some scantily clad woman visible, how many will click?

Human nature dictates men will want to see what the camera saw. “Boom, you’re infected.”

Good antivirus software will stop any activity created by software manipulation but, the caveat or keyword there is “good.”  What if you bought the bargain basement software or just used the free stuff?

For the coders to write the fix, someone must fall prey to it, report it, and then they must institute a fix.  That is why Software of this type is never static.  Updates are consistent and often.  New threats are released hourly.  To run a company dedicated to this is no small task.

Maybe you own a plant which produces widgets.  Your widgets are better than others, and your competition wants the skinny.  You hired someone like me for your IT manager or CIO so they cannot get in through your firewalls.  Your safe, or so you think.  Industrial espionage is rife in the competitive world of gadgets and widgets.  If I want in bad enough, I will contract one of my guys to write a program that will hide on a computer until certain key phrases are typed, and then it will activate.

“Wait, you said my firewall is secure, Fort Knox secure!”

“Why yes I did, so I am going to place this little program on a thumb drive and…I am going to put some naughty pictures on it with some commercial looking writing on the outside of the device to make the person who picks it up from the parking lot where I dropped it, think that they have something juicy.”

Possibly just tossing a thumb drive out the window of my car near the parking lot with a few files on it, and the Trojan would be enough to get me into your network.  I will purchase some chrome colored or fancy looking thumb drive to be sure that it is spotted.  I will know when the landscape folks work, so I make sure and plant it after they have done their thing so that one of your employees will find it.

Maybe I send one of my spies out to places that your guys eat and leave the drive on the table by the ashtray or the salt and pepper shaker at the table they eat every week on a given day and time.

Possibly I get one of my people inside your company, hired by you.  They install some remotely controlled program like Team Viewer on their PC and Viola; you are hacked.

Because your IT guy is so sure that his firewall is good enough, or your engineers are so demanding that he left the USB ports open for use by them, with lax policies he leaves your company vulnerable too.

How do we stop the threats?

One way we do this is with training.  Every employee should sit through CE training on the essential use of the corporate computers.  This is information that they can bring home and share.  Education is by far the best tool one can have in their arsenal.

All of the policies are trumpeted for them to hear and before they leave they sign a document saying they will adhere to them.  With it harder and harder to fire people these days, that too is one more tool in your belt.  Good employees, you want to keep, those that prove lacking, they need to go.

I could easily make the argument that good computing practices are patriotic.  I could certainly apply this to purchasing respectable anti-virus software and creating policies and procedures that protect your business but, the bottom line is, in the end, it will save the company money.

I was making this argument to a CEO of a good-sized company when he stopped me and said, but viruses help your bottom line too.

I argued that I would much rather use my time and talents to design safe environments for companies like his than put out fires.   It is considerably less expensive to install a good fire retardant system then to try and rebuild.  Yes, a metaphor for using robust best practice standards in computing vs. reacting to noise.

Noise is the result of a problem created by an event that was unplanned or caused by employee error.

A good security person is somewhat paranoid and is always asking, what if?  I do this in disaster recovery scenarios balancing those “what if’s” against statistics and a risks assessment.

With proper education, we can mitigate the employee errors.  Using proper procedures and policies, we can diminish the unplanned events, i.e. viruses or other malicious code.

When I run into companies that think free antivirus software is adequate, it makes me a little crazy.  If they are a public company, trust me, I will not purchase their stock.  Flirting with disaster out of sheer frugality or ignorance is idiotic.

If you keep your guys around because you like them, think again.  I may love some folks, but I would not hire them for certain positions if I could find someone better.  I don’t have to like you, for you to work for me.  If you are the best person for the job, you get the job.  P&L trumps feelings!  Feelings can be costly and can be a liability.  Logic in business is your ally.  Logic must always be forefront when making business decisions.

I have walked away from companies who have their kids working for them.  By hiring the children, you open yourself up to losses that could be untold.  One company had their children not doing the paperwork necessary to complete the task, thus losing money in that department.  Hiring me to do an analysis, it did not take long to find the problem.  I fired her children after trying to work with them.  I kid you not one of them actually cried in my office after telling him time after time he must do all of the job.  A grown man crying!  There is no crying in IT.  Either perform the work or get the hell out!  Either do all of the job or learn to ask, “Do you want fries with that?”   Is that too tough?  I felt for the kid but, feelings do not dictate policy.

Do your kids a favor and don’t hire them.  The real world does not work that way so why in the world handicap them, and make them believe that it does?

Over the years there are best practices that have been created by time trusted procedures and policies.

Some are things like:

  • Hardware Asset management.
  • Software Asset Management
  • Security both physical and digital

I could write a book on the subject, but I will spare you the details.

Today, now more than ever we must harden our networks.  We must have sound policies and procedures in place, and they must be adhered to.  Documentation is essential, and it must be updated.

I don’t relish firing people but, sometimes their people are the problem, and the CEO is so far removed from the process they just don’t know it.  If training can fix it, I am all for it.  Attitude too plays a crucial role in the process, and I will not tolerate a crappy attitude.  Life is too short, and the subject matter is too important.

I love the HR folks because often they are the gatekeepers, saving the CEO from disaster.  Good HR folks are worth their weight in silver.  Gold, maybe not, so let’s stick with silver. Worthy people are not that hard to find as many would have you believe.  Upright people are around, but they may not have everything that you are looking for immediately.

Instant gratification is an expensive luxury and can be elusive at best.  Where employees are concerned, I want to start with a “good foundation.”

We place certifications above character, and that is part of our modern day conundrum.

I hired a grocery store manager and trained him for a job in IT.  He had little experience in the job I hired him for, so why did I hire him?

He had the right attitude and wanted to learn.

I had the time to train him.

The money used for training him was penny’s compared to hiring exactly what I was looking for.

He did not have the bad habits that come with so many “experts”  with the certifications, and their egos.

He ran a grocery store and let me tell you; he was not afraid of work!

Back in the day, we had interns or apprentices.  Folks, we need to look carefully at that once again.  I have hired many over the years that had the right attitude and the skill set to learn.  American people are out there struggling, and we won’t give them a chance.  Why?  Instant gratification.  We need someone who can step into the job right now, and we run with minimum employees because of what?  Because it is so expensive to have employees.

That is one of the things we need to push back on Congress and health care to fix, but the reality is, internships and apprentices I think are essential to finding and creating good employees.

Every job fair that I go to has thousands of workers looking for work.  If you can’t find them, you are not looking!  I spot good employees daily.  There are times I would love to go work for a recruiter just because I can spot talent!

Are they the exact racehorse ready for the Derby today?  Maybe not, but can they be trained?  There are virtual diamonds in the rough everywhere, looking for a chance! We are begging to bring in more H1B folks instead of taking care of our own.  That is not very damned patriotic if you ask me!

Our schools are a disaster in my opinion.  In speaking with college graduates today, I am frequently amazed at just how ignorant and totally out of touch with reality that they are.  Someone somewhere screwed them to the tune of tens of thousands of dollars for an education that is worthless.  When they think voting for a socialist is a good idea, they were screwed by their college and should demand their money back!

Today we have kids tens of thousands of dollars in debt, and they cannot find a job.  I know of several college grades making much less than $15 an hour.  Our educational system needs an overhaul.

As quickly as a company can get a process documented and packaged, they send it overseas via a VPN over the internet, sending jobs out of the country.

Trades are being overlooked for white collar jobs which are going the same way.  IT jobs are vanishing in the states.  Virtual IT shops are set up in some foreign country, hiring an English speaking American to act as a liaison between them and their Indian or other counterparts.  With an American point of contact, it is then up to the American to manage the folks in another country who speak little English, making little money, to be the IT shop for these American companies.  This same person puts an American face on their business while working with their client managing the “noise.”

“Do you see any security risk there?”

You have no clue where your intellectual property is going or who is seeing it.  Maybe you have a contract but so what.  Much like HIPAA was created to protect your health information, do you honestly feel as if your information is secure?  If you do, you are fooling yourself.  Read the documents you sign when you visit the doctor.  You sign things saying that your information is protected and then you sign a document which pretty much gives them a pass to do whatever they want to do with your information.  Smoke and mirrors.

Doctors and hospitals are hacked and the information is stolen all too often.  Why?  How?  Piss poor planning on someone’s part. Using some cheap method to get things done perhaps?

Your contract with your Virtual IT company is as worthless as the paper it was printed on.  Yes, that deal might make you feel better but, know if you are a developer, someone in some other country has your work and if they can use it, they will.

I want to touch on Software Asset Management as it is germane to this subject.  All of the subjects are salient, but that one, in particular, is in the case of security.

There are tools which you can use to inventory every program on every PC.  Why?  Why would you want to do this?

Licensing of software is an issue, but more importantly, you should want to know what is on those PCs.  The first time I did this for a company I was struck with the reality of the sheer number of programs designed for remote control of a PC, that was active.

In this world we live in, corporations can ill afford to have the wild west inside their computer networks.  Besides the games and other foolishness that was identified, the risk to the infrastructure was phenomenal. The company is liable for every program on their PC’s, no matter who put it there.  If they are audited for their licenses, and someone like myself does an audit and finds them, they must then produce that license.  Can you?  Can you put your hands on all of your licenses?

Ignorance is no excuse!

Having been part of the evolution of the business process, dating back to the secretary and the typewriter to current day, I have seen the learning curve first hand.  Fighting the first virus on a network before there was anti-virus software; asking “what if” became second nature.

Back when Gregg shorthand was used, a business letter cost an average of $100.00 back then.  Now we type out e-mails with the ease of few keystrokes and dictation is a thing of history.  Technology has improved the business process, but the bad guys have found a way to make it interesting.

The very tools we use to make our lives easier are under constant threat by evil forces that look for ways to extort money or steal your property either through the exploitation of your network, or your employees themselves.

We use the cloud as if it were a hard drive in some vault in our closet.  We send information to the cloud without a clue where the cloud is and who has access to it.  Why we don’t encrypt that data before it leaves our computers is beyond me.  If I were a villain, I would be looking for ways to infiltrate the “cloud.”

“What if?”

The opinions expressed are my own as well as the intellectual value of the information put forth for your consumption.

© All Rights Reserved 2017

 

Netflix Scam

Netflix Scam

 

No Netflix is not the problem, a phishing scam, however, is out that you should be aware of.

Since so many of us now receive our entertainment over the internet, it is a good gamble that you might have Netflix.

Again many of us have it set up to bill once a month from some sort of banking institution whether it be your bank, credit card or PayPal. The e-mail looks like it came from Netflix until you look a little closer at the sent from.

Netflix AT dallas180.arvixeshared.com  (don’t e-mail to it…)

You will notice it is not Netflix.com

The message is telling you that they were unable to get your payment info and if you don’t update the info soon you will lose Netflix.

Then, of course, there is a link that they want you to follow.

God only knows how many will fall for this. Considering it was sent to tens of thousands you can bet a percentage will click and update. Always check to see that the sending e-mail is legitimate. IE Netflix.com and, hover over the link and make sure it stays Netflix.com and not something like I posted.

If you question it at all, call the institution or get online, not following any link from an e-mail and check for yourself. Once they get money from your account, if that is indeed their ploy it will be gone. The ploy could simply be to get you to click so they can put some sort of virus or cookie on your computer. E-mail is an excellent way to get infected, and because the scheme requires input from you, your protection might just allow it.

Practice safe computing… -Best

 

Hidden White House camera catches Trump’s leaker!

Hidden White House camera catches Trump’s leaker!

 

 

Did I get you to click, did I get your attention?

Many have e-mailed me asking where I have been as my phone has been busy.  What I just did with that title is called phishing.   No, I am not infecting you, as the matter of fact if you read this you might very well be better off!

Had I said something even more audacious using Ivanka’s name and Nude in that title more of you would have clicked.

Those that write worms and Trojans and other malevolent spyware know how to prey upon your weakness.  They studied the human heart enough to know that we cannot resist a story like this, especially if it is something negative about Trump.  They manipulate you through your emotions.

Once you click on a link, many firewalls and antivirus software’s will assume that you know what you are doing and let you click, thus screwing up your computer and possibly give you something to “wannacry” about.

Yes, I specialize in disaster recovery, but if someone has not taken me or someone like myself up on these services before the crises and they suffer a loss, They might want to cry!

CIO’s and their teams must provide the company with several layers of protection which includes the best anti-virus software on the market.  It includes making sure that all systems are patched and up to date.  The companies that are the most vulnerable are the companies who take IT and what it does for granted, not supplying them the resources that they might need.  These businesses that have someone in their IT department who is lackluster in keeping up with updates is another.  Maybe they fail to stay informed of threats making their company fair game for the people inside the castle who click on the shiny red button or trinket of knowledge; looking for scandalous information on a person that they hate or a nude picture of their daughter or wife.

Human nature is predictable which is what the evil dudes depend on.  You too know human nature if you are a human.  There are few good surprises in business and even fewer in the IT industry. Vigilance on your IT crews part must be elevated as the threats are more dangerous and more frequent.

I have an article called Attention CEO-CIO and so forth, read that.  I don’t want to waste my time writing it all over again.  It is full of good information.

Develop and test a DR plan.

Use technology only to give your employees access to what they need and not what they want. Be judicious with updates, checking of logs and the software that is in your domain.

  • What is on each PC?
  • Do they need it?
  • Do you have licenses for it?
  • Do you have that software updated and in a vault in case the worst happens?

Using a program like Spiceworks not only can you account for all of your hardware but you can get a listing of every executable on each PC.  This information is an eye-opener.  Frequently the CEO will ask, what do they need that for?

That is a good question, but the real wake-up calls are, is it legal? What is it and where did it come from? What does it do?

I find remote control software on PC’s that is waiting for some remote PC to dial in and take over the PC which if left attached to the network, lets the villain into everything!

This is where I have been and will most likely be again as the threats are more often now than ever before.

Those of you that follow my blog know of what I speak. Vigilance is not a nice thing if you have time.  Attention to Security is mandatory.  It is much easier and cheaper to fix what you have now vs. trying to restore what you have with an untested backup solution.

“How do I do that, we don’t have time?”

If that is your answer, you probably ought not to be where you are at.

Hire a technical crew (preferably from your vendors which you should have a relationship with) give them the backups in an offsite facility designed for such things and tell them to restore your company.

You have a person there to take notes, but not to assist them, for practical reasons that man went under the bus with the rest of your IT employees.   When they get your company “live;” you then bring in a Skelton crew. Have them perform their functions at that site, and again take notes.

I can almost guarantee it will never get to the point of your employees headed to the hot site to test things unless of course, you are one of the few who is vigilant.

The purpose of the exercise is to figure out what the deficits are and then create a plan to fix it.

“Our stuff is configured so that we would need to be there to make it work?”

I have seen it, and that is not smart.  Best Practice is around for that reason.  Your company must be using “best practice methodologies” as those are what SME’s  will be expecting.  You don’t want some outside firm to guess at what you have done and try to put band-aids on stuff.  In the event, your IT folks do get hit by the bus you want to be able to hire SME’s and have them quickly take your documentation and step in, while your IT guy recovers or you replace him or her.

  • Don’t fall for bogus click baits
  • Don’t surf the web carelessly at work
  • No Nigerian prince wants to give you money
  • The IRS will not send you an E-mail telling you to look at this attachment.
  • Buy install and maintain the best antivirus on the market.
  • Have an inventory of your purchased software, know where the licenses are and the updated software disk.

“I just download the software when I need it.”

“Your internet is down, and will not be restored for three weeks…where is that software going to come from?”

Just when I think I have seen and heard it all, I am amazed at the stupidity or ignorance that abounds in this industry. Folks, if your ego cannot afford to look at how you are doing things, possibly you are in the wrong job.

I had finished advising a client recently and was still in earshot when I hear the CIO tell his boss that I was not correct and making too much out of it!  WTF!  This guy was so egocentric or afraid for his job that his ego could not handle the fact that he was wrong about so many things that he lied to his boss and put the company in harm’s way!  I was not wrong!

Look, I have no dog in the fight!  I am going to call them as I see them and what you do after that is on you.  If your IT guy hung the moon; good for you! When the feces hits the rotating oscillator, I would love to be a fly on the wall when he tries to talk his way out of it.

A short story totally out of left field is this.  We have all seen drivers text or do something with that smartphone going down the road.  If you haven’t maybe you are texting and driving and I am talking about you!

Driving up 45 from Houston, during a thunderstorm, there was this fuel truck, 18 wheeler doing the dance.  You know the dance where they are all over their lane occasionally dipping into the next lane or possibly onto the shoulder. I saw him in my mirror as he was advancing close to me.  Getting out of his way, I noticed as he passed me that yes, he had his phone in his hand.

This was a fuel truck; you know the kind with the volatile product in it!  Slowing way the hell down I let him pass.  Ten miles down the road there he was, stuck in the ditch.  He ran off the shoulder into the rain-soaked ditch and buried it! Now, this could have been so much worse!

“Do you think he called his boss and said.” Funny thing, I was texting my wife a grocery list and the next thing you know I am stuck in the ditch, isn’t that a knee slapper?”

“No, he will tell him that someone cut him off and if he has an otherwise good track record his boss will buy the lie!”

IT guys with ego problems are like that, as was this one guy. Trust but verify!

Look at that other article and ask your folks some of those questions and see what they say.

Hope you don’t WANNACRY and that all of your employees don’t click on stupid things.

 

-Best

 

 

When is the right time to think about Disaster Recovery?

When is the right time to think about Disaster Recovery?

 

Spring rains bring on more than just flowers or in my case, weeds.  The phone started ringing early the other morning.  My coffee was still brewing when the continuous ring of the phone demanded me instead of the regular answering service.

It would seem that lightning hit a pole close to one of my clients.

Lightning is far from respectful of your deadlines or the amount of work that your staff has lined up to accomplish.  From simple power outages to fire, lightning all by itself is a disaster in the making.  Some simple steps ahead of time can keep your company from being a victim to what this client was.

One girl had her headset in when the lightning struck and was shocked. Happily, she is ok, but their systems were not so fortunate.  Had the grounding been worse; she may have been the path to ground.

Once the power was restored the server, router, and switch, did not recover.

The one machine on a UPS died as the power went out.

What went wrong?

Surge protectors have a finite lifetime.  People buy these power strips with surge protectors and forget about them.  Surge protectors are nothing more than a power strip with something in them known as a “Metal Oxide Varistor or MOV.”

Any power surge above an acceptable voltage is clamped or shorted to ground by this device.  The problem is the MOV only last so long before it no longer functions.  Every time there is any spike in the line from compressors shutting off to other electronic “noise” these components are adversely affected.

What is better?”

A UPS of enough wattage to allow the computer to be safely powered down in the event of a power failure.  Along with the backup power ability, these devices have more sophisticated line conditioning circuitry protecting your equipment from stray voltage spikes.

One note to remember, these too only last so long before they must at least be maintained, or replaced.  Any CIO worth his salt is familiar with Hardware asset management and has this is mind for his budget.  CEO’s hate surprises like unexpected expenses.  It is much easier to argue a budgeted expense than going hat in hand begging forgiveness for your ineptitude.

Suffer a catastrophe like this client, hope your boss does not hire someone like me to do a root cause analysis.

At the very least batteries must be changed out but keep in mind that an MOV is also part of that piece of hardware.  I would budget the replacement of a UPS, rather than just the batteries if it were me.

Unless you have electrical engineers on staff, who are qualified to re-certify that equipment, it is too cheap not just to replace it.

 

Along with outdated hardware or not enough of it, I have seen too many times the ground plug defeated to save a dollar from an electrician.   Those ground plugs are there for your protection, not because someone wanted to make it difficult for you.  The problem with temporary is all too often it becomes permanent.

Lightning struck outside one of my client’s offices hitting a pine tree.  Finding the electrical ground for the building, which was poorly grounded, everything in the building suffered a power surge knocking out much of their equipment.

Many times, building management will only do what is necessary by code and leave the gamble up to you the tenant.

Depending upon your location, achieving a good ground could be difficult.  The type of soil must is taken into account among other things. Again, depending upon your location, you might want to invest in grounding your building with lightning protection equipment including lightning rods or now they call them “air terminals.”  The idea is to have some amount of confidence that if lightning hits, it will strike your planned target and be dissipated safely into the earth.

Since all computer equipment and now phones are wired through the network, this last customer lost computers and phones along with the network infrastructure.

Failure to plan is planning to fail.

The cost of the hardware and time to repair was minimal, compared to the amount of time the company was out of business.

Insurance will only get you so far.  As these spring storms fire up, there is a real element of danger to your building, business and, like the one young lady found out, to her person.  Had proper grounding been utilized I doubt the girl would have felt the shock in her ears.

While a tested, reliable disaster recovery plan will allow you to sleep at night, preventing the disaster in the first place is what you should shoot for.  That starts with planning.

From your building security to network security, right down to protecting your infrastructure from mother nature, accounting for every contingency is paramount.

Truth told, there are seldom good surprises in business.  Mitigating the surprises with proper planning can prevent poor performance.  Asking “what if” is key to any plan.  Weighing cost vs. probability allows anyone with some business acumen to make sound decisions without breaking the bank. Understanding the risks, are the starting point.

 

-Best

 

What do I do when?

What do I do when?

If I had a nickel for every time that someone asked me this, I might very well be in Bora Bora or the Maldives working on a tan after that wicked winter that we did not have.

While I stress good anti-virus software such as Eset, no one program is the “Silver Bullet!” You must have some computer smarts when accessing the internet.

When we traverse the back alleys and the main thoroughfares of the “information highway,” it is imperative that we employ a little common sense.

I have written extensively about what to do and not to do in the past, but this latest phone call was rather unique.

While navigating the highways and byways sometimes, we are thrown a curve. Much like a roundabout in a city that does not have them, ever!

“What do I do if a dialogue box appears and it is in some other language?”

You are either surfing the internet or on Twitter or some other app and all of the sudden a dialogue box appears with prominent places to click but, the writing is in a language that you don’t recognize, what do you do?

“If you don’t know the answer to this send, me a nickel.”  I am joking but can you imagine someone spending .50 cents to send me a nickel?  I guess I could do a PayPal donation button. 🙂

What do I do when a dialogue box appears that I am not expecting and it might be in another language?

A:) Click on one of the boxes that appear to be the “no” box.

B:) Get out your smartphone. Look for a translation application and see what it is before clicking

C:) Pull up task manager, {ctrl alt del}, and kill the app completely (end task)

I realize I made that too easy but would you care to guess how many will just click the button to the right hoping it is the “go away” button?

Pop-ups are rarely a good thing.  There are settings in most browsers that will eliminate such things, but still, some brilliant programmer somewhere figures out a workaround to get the pop up to appear anyway.

With all of this talk about cyber warfare and cyber espionage, having real anti-virus software is not only critical but also patriotic.

I was giving a talk, and one bright young man said that his free antivirus was all that he put on his companies PCs. Later that evening I learned that he worked for his parents! I sure hope that they have good insurance and a great backup, disaster recovery plan when their computers are trashed, or compromised or both.  Free is not worth what you pay for it.  PS… Never hire anyone you can not fire!

If you love your kids (and your sanity) make them find a job with another company.

Why is it patriotic?

Infections of all kinds make it through and sit there waiting for the right moment to activate. Once someone, somewhere, wants to pull off his or her attack, they only “turn it on.” Your computer along with millions of others attached to the internet becomes active participants. The attack could be something as common as a DOS (denial of service) attack, or it is watching every keystroke you make looking for passwords and identity info passing that info back to some nefarious server in someone’s closet.

I have no deals or allegiance to ESET, right now I think it is one of the best out there.

Anytime your application is acting “wonky” task manager is your friend.  Pop-ups are rarely useful, especially if they make it through your no pop-up settings.

Bonus Question, Why is B not a right answer?

Think about it; some programmer wrote some interesting looking dialogue box to do something that popped up in the middle of searching for more information on March Madness “while you are working.”

You pull out your smartphone, the camera comes on, and soon you discover that some programmer tells you that you are a winner!  Click here to claim your free IPad!  You know that is a ruse because you have already won one and it never materialized.  Begrudgingly, still upset about the last fraud, you click the no thank you button with hopes that it will now go away.  What if the “No thank you” button activates some series of scripts? These scripts require your input to tell your antivirus software to ignore the threats.  Yes, you understand all of the risks, and you want to do this anyway?

By the way, that little X up in the corner could also be a “yes please screw up my computer and infect it as our IT staff does not have enough to do.”

Task manager good, Task manager is your friend, become one with Task manager….

“What if the pop up is in English and it tells me I won and iPad.”

Task manager good, Task manager is your friend, become one with Task manager….

Now get back to work!   🙂