Tag: Microsoft

Voice of Reason @realDonaldtrump @glennbeck

When the likes of Whoopi Goldberg or a Hollywood celebrity uses their megaphone of stardom to taint the election process, it sets me on edge.

Much like unions having their member’s vote for who they want them to, that to me is collusion of the process, or at the very least, a corruption of it. That is one-reason preachers cannot use the pulpit for such things.

John Stewart in my mind is in large part the reason we have had 7 plus years of Obama. Why? People conflate his comedy show with actual news. I would suggest that they don’t read, watch, or listen to the news or tune out when a politician is mentioned.

California is in horrible economic shape. They vote for overly liberal candidates, which have been pushed in large part by the media and of course celebrities. A conservative celebrity is black balled which to me should tell the voters that maybe they should not listen to those that use the megaphone of talk shows, to convince you how to vote.

Liberal giants own most of the mainstream media so a form of “yellow journalism” is a standard.

Glenn Beck who is on the opposite side of the isle has endorsed Ted Cruz. Cruz is as far right as Bernie is left… This in my mind makes him complicit if Cruz becomes elected, and then screws things up. (Another first time Senator.)

Beck has always been entertaining in a John Stewart kind of way except that Glenn is much more macabre that John. Becks’ theatrics have engendered support from the far right. With his advertisers selling things suited for preppers, he has created an atmosphere of paranoia. With such talks of Fema camps, we have many spending their hard-earned dollars on things that they will probably never need.

Gold comes to mind. The multi billionaires of the world can change the value of it in a heartbeat! It was not long ago that oil was a safe bet. Right before the collapse, there were many radio and TV ads trying to get people with a minimum of $40K to invest. Surprise!

Beck’s message resonates with those on the far right. Those who would happily take the world back to the days of no internet. Maybe even take away women’s rights to vote and to drive. Too much? I wonder…

Obama’s talk about guns is responsible for the huge amount of gun sales as well as driven the NRA to receive lots of money from new membership. The gun folks should be thanking Obama! Now we have grandma thinking that she needs an assault rifle with thousands of rounds…just in case! In case of what?

At a Sanders caucus, a college student who was caucusing for him was asked to explain socialism. She was unable to do so but, still firmly entrenched in his camp. “Oh Bernie…what a man…. (Sarcasm)”

Beating Sanders will be simple. Whoever is opposed to him simply needs to educate the useful idiots what socialism is, and why it never ever works! I would suggest they do it with comedy, maybe even a Saturday morning cartoon, as those who vote for him must certainly be ill informed. (Yes, I am being nice…)

Clinton who should not even be running is another example of people not watching or knowing the news. This person should be doing time … Not running for Commander in Chief! …

The Democratic candidates are all incredibly old … One would think that should cause some sort of concern among the voters as we have no idea who would inherit the office if or when they kick the bucket!

Stress releases something in the body known as cortisol. “The stress hormone.” That hormone kills people. Now a young person can handle it however it still takes a toll on their health. And older person???

Truth told the DNC does not have a viable candidate. The RNC has many. Finding a moderate among them should be easy.

What are Americans looking for in a leader?

Trustworthy
Vision
In touch with the people
Defense of the homeland
Limited government
Set the stage where businesses can flourish
Bring Americans together, instead of dividing us on every possible angle.
Someone who can fix Washington … Tall order … Start with Term limits!
Fix the Tax Code, so we do not need accountants.
Stop screwing the Middle Class!

As far as Trump is concerned, Americans should be thanking him. His celebrity status has focused the country to talk about topics that the political elite would love to not talk about. The here to for technique is to control the narrative, talking about things that are benign issues.

Trump has forced the narrative to address things like Immigration.

Political correctness; which is nothing more than a voluntary surrendering of your first amendment.

Trump has made us painfully aware of how bad our “deals are.”

Trump is the elephant in the room and has forced the narrative to substantive issues vs team names and political correctness, not to mention Sandra Fluke. You know the rich girl that wants you to pay for her $6 birth control pills.

This is why both sides abhor him. They cannot talk about bullshit issues. The narrative is now more real and they all have to talk about it.

One final note, Microsoft is not a Trump supporter. If I were he, I would have all of the “free software” looked over carefully by people who know things about such things.

-Best

Single point of #failure, #programming and why a #CIO is important.

A few weeks ago we talked about, single points of failure. We talked about power lines and data lines having more than one place of ingress to the building. We spoke of multiple power sources, as well as multiple data paths; much like the internet has multiple data paths. See that post for more information about hardware single points of failure.

Today the subject closely relates to this but it is “software.”

Some companies use off-the-shelf solutions and some decide to “roll their own.”

Today we are going to look at the pros and cons of this practice.

Off the shelf:

PRO—

Ready to go with a company to back you up.

A “normal” IT guy or gal can install it and most probably support it as most of these types of software companies have classes on their software. They offer such classes because they want their product to be successful and they most probably offer some sort of certification for it as IT folk seems to be “gaga” over certifications!

If there is a problem there is a support path.

Depending upon the complexity of the software there may be add-on-modules for your particular needs. That translates to a cost savings of only buying what you need.

IT personnel are much less expensive than in house programmers and unlike in house software, there is an end to the expense.

Canned software is also easier to find IT people who can work with it vs some home grown software that no one has ever seen before.

Hiring your own in house programmers is like hiring a carpenter to do some project for you that charges by the hour and the project that you want him to do is ill defined.

There was a show not too many years ago called Murphy Brown who had Eldon the painter in her house. Eldon was always doing something and was in her house for the entire show doing something. While Eldon was a bit player and supposed to be there for this part, the analogy is that she left everything up to him and he had a job for life.

You don’t want an Eldon working for you, unless you really like his company.

With off the shelf or canned software you work within its limitations.

Scope Creep:

Having managed programmers in the past and reporting their progress to the president and or board, it never ceased to amaze me that someone would ask the question, what would it take to make the software do X.

The way that this works is the decision makers come up with a defined set of expectations, which allow a budget to be created. Once that process is done, so is the definition of the project. It is then up to the manager to manage the project and make sure that certain milestones are met and in budget.

The danger of developing things in house is that inevitably someone modifies the definition after the budget has been blessed. If you have no “extra” built in for unforeseen events, than you have to go back to the board and beg.

You can explain it is because they wanted something else but you still come off looking bad. You should have foreseen that they were going to ask for that and put it into the budget. (There is a little truth to that last statement.)

With canned software, the project is much more manageable as the cost is pretty much set in stone. Support contracts are easily budgeted for as is training of your people.

Designing in house software has more risk than payback.

Most probably you keep your staff small so if one person does this part of the project and another that part of the project and then something happens to them, well, you have a single point of failure.

Documentation of the software developed in house must be meticulously managed and like a DR plan, it must be tested! If it is not done in this manner the software becomes worthless when that developer is no longer there.

Around 10% of development time is or should be documentation time. Documentation should contain a version number much like the rev level of the software. Outdated documentation is worthless.

Unlike the mindset among some IT people that do not document anything, the programmer must document their software in such a way that a future programmer can pick it up and run with it. This documentation might include things like UML diagrams and key design features. Comments in the code are nice, but are not enough.

As with any DR, there is a “living document” as it also is with code. The documentation is a live process and must be updated as the code is developed.

Programmers certainly know the best practice techniques of this process but the CEO may not. Some people develop self documenting code.

The old adage “Don’t expect what you don’t inspect.” Is salient, germane and just damned important!

There are no good surprises in business and if you keep with that as your mantra, you will be served well.

The Cons to off the shelf are that it is fixed. Whatever you purchased is only as flexible as it was designed to be, “a one size fits all” solution. For most companies this may be enough.

Most companies are generic enough that they can work with that.

Some projects are just foolish to try and roll your own as the cost will not justify the ends.

I know of one company who has someone in the upper echelon of the company that is a developer. Instead of using canned software for such things as DNS, they wrote some scripts with pointers to a LMhost file. Of course there was no documentation so as an engineer figuring out why there were duplicate IP addresses or why IP addresses did not match the device and so forth was a nightmare! Wireshark to the rescue.

There are standards in the industry for a reason.

Canned software allows the CEO to get the best talent for the job and allows him a wider field to choose from. If their set up is so unique that only a select few can manage it, he is paying way more for a system that dies when the creator of it dies or just gets upset and quits. The golden handcuffs are than on the business owner as he must necessary play nice with his programmers.

Remember, no employee should be sacrosanct. Everyone must necessarily be treated as expendable because of the “hit by a bus scenario.”

In house code must be tested to make certain that it is supportable by outside people. If it is not, it should be fixed, scrapped or replaced with something that is, or is off the shelf.

This is a very important reason to have a “good CIO!” Any good CIO has the companies’ best interests at heart and knows better to save a penny here and waste thousands there. The CIO must be incredibly technology savvy as well as possess business acumen.

I have worked for many over the years that were one or the other or neither, but they did go to school with the president so they were buds.

Failure to plan is planning to fail!

Hire a CIO that knows his or her stuff.

If you are uncertain, hire a DR consultant to come do an audit.

The consultant, if met with truculence on the part of the IT staff, would be a good indicator that your staff know that they have bones buried.

Plan to look carefully at your software needs and if you decide to develop in-house, make sure that your CIO knows what his or her programmers are doing.

Programmers make lousy CIO’s, just like a surgeon makes a lousy GP.

If you have a belly ache and go to a surgeon for advice, what do they do? They cut flesh. Their first thought is to open you up and see why you hurt!

You go to a GP who takes your history and discovers that you had sushi some time back, has you checked for the helicobacter virus; a few antibiotics later you are fine and you don’t have some scar on your belly, not to mention a long recovery time.

Bad decisions in business cost money and bad decisions with your health also cost money and could cost you your life.

Programmers not only make bad CIO’s, they make bad managers. Most programmers are very myopic. They have to be to code. When you take someone with that skill set and throw them into management, they do not have the breadth of experience necessary to handle a wide variety of issues. I have seen too many over my career that started out as programmers and made convoluted programmatic solutions for an easy fix situation.

There was an old cartoon many years ago where there were two computers in a room. The Secretary and the exec, both on their computer. The IT guy played as Goofy, or a Goofy look-a-like was asked to find a way to get the file on a diskette from this computer to that one. Goofy takes the disk, scratches his head for a second and then like a Frisbee, tossed the disk to the secretary. K.I.S.S.

The CIO must know enough about all things IT, to know when smoke is being blown up his or her southern most orifice. The CIO must also have enough business savvy to be able to negotiate with the CFO who has a different skill set, as well as deal the CEO and those on the board of directors.

What you don’t want is some sycophant working for you and you don’t want a control freak either. The CIO must be very well rounded with lots of experience.

Management must not become your single point of failure.

-Best

Security

Happy Friday!

Today I want to talk about security. With the recent events involving our President, along with major companies data base’s of credit card holders being hacked, it seemed timely.

Companies either focus on cyber-security, physical security or both or neither. I realize that this statement seems ambiguous but, the simple facts are that few companies think about hiring a Security Officer, much less installing the systems to make certain that their physical plant is secure; not to mention their Data infrastructure. A security Officer is well rounded and incorporates all facets of security into their repertoire.

Part of a Disaster Recovery plan is an audit of security measures taken.

Thanks to recent hacks by various outside entities, companies are becoming more in tune with things like passwords that change, that the user sets, as well as administrative passwords that also are forced to change and be “strong in nature.”

Instead of vilifying some of my clients practices which; many would find audacious, some entertaining, and some down right stupid; allow me to pontificate about “security in a nutshell.”

Let’s start with the employee.

All employees (present and future) should have a background check completed. Are they who they say that they are and do they have any criminal history? What is their credit score and, can they pass a “drug test” now and at some future date?

What someone writes on their resume is not a legal document therefore; you must necessarily have them fill out an application for employment which “is a legal document.” You can buy these at Office Depot, so there is really no excuse not to do this.

The resume is an instrument to get a person in the door for an interview, not to hire them by. What one writes on the application are grounds for termination, if fabricated. I can write that I am King of the Emirates on my CV, if that gets me in the door, so be it. Once I write that on an application, I have committed fraud.. Some would argue that the CV should me more sacrosanct than it is. That would be nice but the truth is, that few do.

There is a complete art regarding your CV and making it stand out among others. Like English 101, it is subjective, research the company to whom you are sending it to. That is why one must have several different resumes. I will not belabor that point or this subject here, suffice it so say, if it gets me past the first cut that is all that I care about. Until you are sitting in front of a person who gets to know you personally and uniquely from the masses, your resume is one of tens of thousands languishing in a sea of anonymity.

Once your HR department is satisfied that this person is a viable candidate for the job at hand; then and only then, should the hiring manager start the interview process.

Q. What difference does it make if the person has a less than stellar history?

A. If they have a track record for making bad decisions, there is nothing to stop them from doing so again. Once you hire them, they represent you and or your company.

Q. What difference does it make regarding their credit score?

A. If they have a lousy credit score that simply means that once again they have a higher probability of making poor decisions and even more germane, might be someone who has character issues.

One company I know of ran reports of how many coffee creamers, sugar and toilette paper their individual branches went through. They tied that data together with the branches that had “shorts.” (Shorts meaning the cash drawer did not balance, was missing money.) The interesting thing was that the branches that used more supplies, had more shorts thus; the criminal element was behind the counter.

Q. Piss Quiz? What does a little pot, or drinking, have to do with a person being a good and faithful employee?

A. Once again we are looking at character traits. If a person plays loose with the rules, they too will have a proclivity to play loose with your rules. Good behavior should be rewarded. If someone plays by the rules, they should be first up for the job.

Q. What about pre-employment test?

A. Having total empathy for those of us who suffer from test anxiety, I am more interested in a person’s history and track record. The EU is really big on all sorts of pre-employment test to get the “brightest and best” however; as a hiring manager for most of my adult life, I am here to tell you that test are not the end all be all. If HR does their part, I trust that I can weed out the rest. While a test may give you some idea of a person’s character, remember that if they are nervous or not feeling well that particular day, the results will be skewed. You may in fact be overlooking a diamond. Get to know the person.

Once a long time ago I interviewed with Microsoft. As it happened I was suffering from bronchitis, had not slept well but; I would have still gone to work as I could function so why not go on the interview. There were several parts of the process including test of different parts. Did I know the materiel? In truth I was over qualified for the job in so many ways but I thought that working for Microsoft would be a good thing so I went through with the interview. The last part of the interview some very attractive young lady brought me into an office and ask me “Why was a pothole cover round?” In the haze of DayQuil and the anxiety of the entire process, the question threw me. I chucked at her and looked at her like I was waiting for the real question like “what are the different layers of the OSI model and how are they relevant to data communications?” That question I could have handled and was expecting; not why is a pothole cover round.

After a short period of silence which seemed like an eternity I realized that she was quite serious. “I had never thought about before.” i said, “I suppose that it might have something to do with the fact that if it were any other geometric shape, it could fall in.”

That answer was met with a dis-approving look, which again threw me; as I could not think of any other reason why.

She then started asking me another question about a farmer, and a boat, and grain, and chickens, and a fox, and a river..

At this point in the process I ended the interview. I was not feeling well and this to me seemed like games that one might play with someone who had never worked in the industry before; not someone who had the years doing this that I had.

My next job was that of an IT Director (instead of working at Microsoft) , where I would be the one in charge of purchasing tens of thousands of dollars at at time of software from “Microsoft.” Microsoft has a tendency to hire a lot of young pretty girls to do their bidding, much like the drug industry does to push their pharmaceuticals to doctors. It is good to be a customer.

Physical Security

Physical security should be well thought out. I know of some companies that think this is too-expensive or don’t want to invest in this. They have a key pad entry that they change once a quarter or so, if they think about it. I have seen others who simply use a lock and key and they don’t even change them out when they have employee turnover.

Q. What should my building security look like?

A. Depending upon your business, let’s take a typical office environment.

The reception area has your normal door locks for after hours as well as video surveillance. Today we have technology that allows surveillance to be somewhat obscure but not so much so that the people who come into the lobby don’t notice it. Today’s casinos for instance have tons of cameras and you know that if you scratch yourself someone somewhere watched you do it. My point is that they are barely noticeable. They are there and you know that they are there but you quickly might forget. Your lobby should not be intimidating because your customers come through there too however; it should be obvious that you have security.

Each entrance to areas past the reception area should be hard keyed with electronic pass devices that respond to individual key cards. Piggy backing of employees traversing these doors should be discouraged however; video surveillance of these doors from both the inside and outside will allow you to track employee movement should the need arise.

Electronic time clocks which use RFID or even bio metrics are not only good for payroll but, once again a good way to track employee movement. Again the clock(s) should have video cameras in them and pointed at them so there is no way someone could be clocking in someone other than themselves. The more secure the area is, the more visible you should make your security.

Depending upon your organization doors, controlling access to certain areas aka HR, development, data center etc should be keyed to allow only people with a need for entrance to that area. Again these doors are also under video surveillance from both the inside and outside.

Employee cards should have a picture of the employee on them and should be visible at all times when the employee is on campus.

With unique employee key cards and programmed entrance to the areas that each unique employee will need, the only changes to the system will be when that employee leaves and it only has to change with that one person.

Not only does this give your physical building / plant a security that this day and time calls for but, it allows you to track your employees movements if the need arises.

Q. Why would I need to track an employee?

A. Lets say you have an area of production that is suffering and you don’t know why. What if you pulled a report and found that your manager of that area was spending a lot of time in places other than where he or she should be? This actually happened at one of my clients. They had several thefts one night and found that by tracking the people that came and went and correlating those times with security footage were able to actually see the person perpetrating the crime. This person spent some time behind bars and the company was quickly able to remove undesirable elements from their work staff.

Q: Is there any other physical security measures that I should look at?

A: Glass breakage detectors, motion detectors, smoke and gas detectors and I like to add water detection equipment. The later inclusion would have come in handy a couple of times in my career. We were in the middle of a remodel and one of the plumbers forgot to solder a fitting. They turned on the water and it held pressure so they left. Sometime over the weekend the fitting let loose and the entire building was flooded. Water detection sensors would have kept the damage to a minimum instead of flooding an entire high rise. Since most fire suppression system are water, this too would let you know if something failed with that system.

Note: there are several different fire suppression system and water is good for general purpose however; a data center needs a little more thought.

How about your computer systems? While the above is an abbreviated look at employee and physical security, what about your data?

Passwords that change
Cable infrastructure
Admin passwords that change and are strong
Firewalls with the appropriate updates and configurations
SNMP manageable devices that are updated and set to user specific user name and passwords
Physical cable plant that is locked down to only allow access from expected devices.
WiFi that is locked down
VLANS segregating departments and traffic
Servers with specific access to files and or data needed by departments and or users.
S.A.M. (Software Asset Management) in place and kept up to date
VPN encrypted access with security token
All outside connections to the network identified and locked down.
Roaming profiles up dated and checked for security
No remote control software on company computers either remote or host.
Admin access to user computer restricted or not at all.
Thumb drives and laptops encrypted.

You would be shocked if I told you how many times I find loose if not non-existent password policies. It is almost as if they are begging for industrial espionage or begging some disgruntled employee to have their way with them.

Much like having a PC without a locking screensaver is down right idiocy; these folks beg to be burned.

User passwords must change every 90 days at max and should be strong, meaning special characters, numbers and so forth. One company that I know of keeps a spreadsheet of everyone’s assigned password that never changes. That keeps the sys-admin from re-setting passwords but opens the company up to so many security violations it is unbelievable. This practice is in direct violation of policies set forth for publicly traded companies, and those that follow ISO standards.

Admin or super user passwords should also change on no particular date but often, more often than every 90 days but with no predictability. There might be some inventive programmer who could write an app that would randomly go off and invoke a password change for administrators and not let you continue on until you have done so.

Another ambiguity with our illustrious data folk is a lack of documentation with their data plant. Why is that important?

In the server room that contains the switches should be a map. This map should contain a map of each floor and the data drops. Not only should these drops be labeled as such they should be secured. How do you secure a data drop and why?

Let’s start with the Why? If I were a bad guy I might come in disguised as a janitor. I would have a small laptop and that would have on it some software to sleuth your network with my goal being to get into your servers. The first thing that I would do is find a data port that had nothing in it and plug right in “assuming that there was no wifi that I could get into.”

Now if you do your cable management correctly, that vacant port that I just plugged into is not hooked up via the patch panel. That forces me to go unplug a computer or printer and try it there as that is an active device so it is cabled.. In our switch we can have it only talk to the device if it is the MAC address that it is programmed to expect. The idea is to make it is difficult as possible for the would-be intruder to gain access to your data.

In most shops, we have no idea what drops are live, and where they are or what they are, much less what is plugged into them.

With VLAN’s we offer yet another layer of security in that if this guy plugs into some port that the secretary uses, he will not be able to get access to the engineers VLAN.

Many times I see networks where more ports were needed so a switch was just thrown into the drop, problem solved. This is poor on many levels. Anyone with any networking sense knows better but yet I see it every day. You take a multi-thousand dollar cable plant and install a $30 switch screwing up collision rates, security, traffic throughput and so forth rather than do it right.

Jumping down the list to S.A.M. While most things on this list are common sense S.A.M. might not be that intuitive.

Q. Why do I need to keep up with what is on each and every computer and how does that relate to security?

A. Really good question. In running an audit of all software on all computers within an organization you will quickly find that your organization has a lot of software that the business owner is responsible for. If some disgruntled employee calls the Business Software Alliance http://www.bsa.org/ and reports that you are using pirated software; it then becomes your responsibility to prove otherwise.

Can you show proof of purchase for all software within your organization?
Can you show the license keys for that software, if so, prove it to yourself.
Do you know what each and every executable is on each and every desktop?
Do you have software on computers that is not being used?

The long and the short of this exercise is that I do an inventory of software on PC’s as part of a DR. While this is a painful exhaustive process, it is important because you have to know what you have, if you want to re-create it in the case of a disaster.

I always find software that the company was unaware of.

I most always find Trojans, viruses, games and more importantly, I find remote control software.

While this is a real good reason why people should not have access to the administrative rights on their computers, it is also a real good reason to do this inventory.

The normal computer user does not need to modify their computer to use word, excel and power point. IT should be in charge of adding software and then the PC should stay fairly static.

Remote control software is used to either allow a user to take control of their computer from outside the building or control another PC outside the building or inside the building. Maybe that is perfectly legitimate or very possibly it is not. That Is why I insist that things like copy inhibit, and auditing, be enabled on the servers. If forensic investigations are needed down the road, we have the tools to do so, we simply must use them.

Industrial espionage is real and the business owner should take it real seriously. There are “certifications for data security experts” out there. What I know of this stems from over 30 years of doing this. It actually might be interesting to go through the class and see what I have not thought of.

A word about industrial espionage.

People often wonder if I struggle with paranoia. I assure you that I am purrrfectly normal, I don’t struggle, I submit to it; everyone has their children followed, and thinks that their cats are spying on them, right?

So I am not a comedian..

The idea that I wanted to mention here is really from WWII. “Loose lips sink ships.” The idiom means “beware of unguarded talk.” No, I am not that old but; I am a student of history among other things. We live in a high-tech world and we live in a social world. We have several areas of town where there are high tech industries and where employees of those industries gather for lunch, or to have a beer and shoot pool after work. Too many times I am in ear shot of engineers talking shop, in public. If you own or manage a company that has “secrets” I would caution your employees about talking shop in public. There are most likely posters that someone sells that you could hang on the wall as a subtle reminder about this subject.

The above picture proves that this concept is not lost on today’s companies.

If I worked at company Y who had company X as a competitor, I might very well have someone go down to the area where company X was and scope out restaurants where there were known hangouts for their engineers or technical guys. I might also; if I were unscrupulous, have someone go stake out the place and make certain that I had them there when their folks had lunch. In this day and age where there is a complete science behind “blending in,” it would be rather easy to go eaves drop. In this day of technology, bugging someone would not be out of the realm of possibility. When fountain pens that are a self-contained Digital Video Camera / Recorder which can record up to an hour per charge are less than $20; you had best beware that your cats may very well be spying on you. Ok, not your cats, but certainly your employees or strangers.

Thinking back to Mission Impossible, where the tape recorder would start spewing smoke out ten seconds after the message had been listened to, devices are worth mentioning here.

Devices that leave the confines of the building; in this case laptops and thumb drives need to be secure. Folks it is downright foolish not to have these things encrypted. We have so many different types of encryption techniques available today. Encrypting your data should it fall into the wrong hands will still make it useless to those who take it. Even the smart phone has a failsafe built into it.

Because we store so many things on our Smartphone’s, they are more than just a phone. The courts recently rules that police can no longer take your phone and access it to see what you have been up to as the phone is so much more than a simple phone. My iPhone for example after X attempts to guess my password will wipe itself. Can we write such security programs for thumb drives and laptops? Not a programmer; well since COBOL, but I am guessing that it is do-able.

Is the Cloud safe?

At this point in time, I would say no. As much as we hear how safe that it is, each and every day we also hear about how it was violated, or how some major organization was hacked.

Back up your data and send a copy to your safe deposit box at the bank. Make certain that your safe deposit box is a few miles from your office or residence so that if a tornado or other type disaster takes out your business or residence, your data stored in that safe deposit box and is still there. Utilize a service to take your data off site if you like, or set up your own “cloud” via a secure tunnel over the internet to another location.

Hard drives are cheap and UNIX or Linux is not all that difficult to use to set up an FTP server. While anything is better than nothing, have a strategy and test it; even if you do use the cloud.

With the White House being violated by a crazy person, the president in an elevator with a known criminal with a gun, not to mention the secret service allowing him to go to Mandela’s Funeral and speak just a few feet away from the translator who was not who he said he was, we must question everything.

The only way to really trust that your data is safe and for that matter your business or residence; is to test your plan once you implement it. There are people you can hire “good guys” that will test your security from different angles as well as your disaster recovery plan.

The framework above is an excellent starting point. Trust me when I say this, many CEO’s have no idea how vulnerable they are as they trust that their CIO or SysAdmins know this stuff. Each and every DR that I do, I find that most do not. The more that I dig; the more truculent these folks become and are really happy when I leave. They don’t want their boss’s to know the truth. While I would happily work with them to fix these things and offer as much, they would rather hide the facts from those that should know their vulnerabilities.

If you are a CIO or head of a company that is interested in this, read my blog “attention CIO CEO ….

-Best to you and those that you care about!

Good Luck Jim

The below is an addendum to this article which really puts things into perspective…

FOR IMMEDIATE RELEASE

Tuesday, September 30, 2014

Four Members of International Computer Hacking Ring Indicted for Stealing Gaming Technology, Apache Helicopter Training Software

Four members of an international computer hacking ring have been charged with breaking into computer networks of prominent technology companies and the U.S. Army and stealing more than $100 million in intellectual property and other proprietary data. Two of the charged members have already pleaded guilty. The alleged cyber theft included software and data related to the Xbox One gaming console and Xbox Live online gaming system; popular games such as “Call of Duty: Modern Warfare 3” and “Gears of War 3”; and proprietary software used to train military helicopter pilots.

Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, U.S. Attorney Charles M. Oberly III of the District of Delaware and Special Agent in Charge Stephen E. Vogt of the FBI’s Baltimore Field Office made the announcement.

“As the indictment charges, the members of this international hacking ring stole trade secret data used in high-tech American products, ranging from software that trains U.S. soldiers to fly Apache helicopters to Xbox games that entertain millions around the world,” said Assistant Attorney General Caldwell. “The American economy is driven by innovation. But American innovation is only valuable when it can be protected. Today’s guilty pleas show that we will protect America’s intellectual property from hackers, whether they hack from here or from abroad.”

“Electronic breaking and entering of computer networks and the digital looting of identities and intellectual property have become much too common,” said U.S. Attorney Oberly. “These are not harmless crimes, and those who commit them should not believe they are safely beyond our reach.”

Nathan Leroux, 20, of Bowie, Maryland; Sanadodeh Nesheiwat, 28, of Washington, New Jersey; David Pokora, 22, of Mississauga, Ontario, Canada; and Austin Alcala, 18, of McCordsville, Indiana, were charged in an 18-count superseding indictment returned by a federal grand jury in the District of Delaware on April 23, 2014, and unsealed earlier today. The charges in the indictment include conspiracies to commit computer fraud, copyright infringement, wire fraud, mail fraud, identity theft and theft of trade secrets. The defendants are also charged with individual counts of aggravated identity theft, unauthorized computer access, copyright infringement and wire fraud.

Today, Pokora and Nesheiwat pleaded guilty to conspiracy to commit computer fraud and copyright infringement and are scheduled for sentencing on Jan. 13, 2015. Pokora was arrested on March 28, 2014, while attempting to enter the United States at the Lewiston, New York, Port of Entry. Pokora’s plea is believed to be the first conviction of a foreign-based individual for hacking into U.S. businesses to steal trade secret information.

According to the superseding indictment and other court records, from January 2011 to March 2014, the four men and others located in the United States and abroad allegedly hacked into the computer networks of Microsoft Corporation, Epic Games Inc., Valve Corporation, Zombie Studios and the U.S. Army. The defendants and others allegedly obtained access to the victims’ computer networks through methods including SQL injection and the use of stolen usernames and passwords of company employees and their software development partners. Once inside the victims’ computer networks, the conspirators accessed and stole unreleased software, software source code, trade secrets, copyrighted and pre-release works and other confidential and proprietary information. Members of the conspiracy also allegedly stole financial and other sensitive information relating to the companies – but not their customers – and certain employees of such companies.

Specifically, the data cyber-theft allegedly included source code, technical specifications and related information for Microsoft’s then-unreleased Xbox One gaming console; intellectual property and proprietary data related to Xbox Live, Microsoft’s online multi-player gaming and media-delivery system; Apache helicopter simulator software developed by Zombie Studios for the U.S. Army; a pre-release version of Epic’s video game, “Gears of War 3;” and a pre-release version of Activision’s video game, “Call of Duty: Modern Warfare 3.” The defendants also allegedly conspired to use, share and sell the stolen information.

The value of the intellectual property and other data that the defendants stole, as well as the costs associated with the victims’ responses to the conduct, is estimated to range between $100 million and $200 million. To date, the United States has seized over $620,000 in cash and other proceeds related to the charged conduct.

In addition to those charged in the United States, an Australian citizen has been charged under Australian law for his alleged role in the conspiracy.

An indictment is merely an allegation, and the defendants are presumed innocent unless and until proven guilty in a court of law.

This case is being investigated by the FBI, with assistance from the Criminal Division’s Office of International Affairs, the U.S. Department of Homeland Security’s Homeland Security Investigations and Customs and Border Patrol, and the U.S. Postal Inspection Service. The investigation also has been coordinated with the Western Australia Police and the Peel Regional Police of Ontario, Canada.

The case is being prosecuted by Trial Attorney James Silver of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Edward J. McAndrew of the District of Delaware.

Life, Wealth and Happiness

I chose the title carefully as the three can me mutually exclusive.

Stuff and Reality

Most of us grow up seeing a pattern of “wealth = happy.” In fact some of the poorest people that I know are some of the happiest. How is that possible?

The world today tells us that we “need” an expensive car, or the largest flat screen TV or whatever the newest gadget is. Apple is doing their part by providing a new version of their products about every 18 months or so.

A few years ago a “car phone” was for the most exclusive and wealthiest of us. Today, kids in grade school have a much more sophisticated version than I would have dreamed possible just a few years ago.

A simple automobile that cost a few thousand not too many years ago now cost upwards or $40K. Of course you can spend $24K for the same basic car but it does not have the “logo” that the $40K car has. Will the less expensive car do the same as the expensive car, probably; but it will not have the social status of the $40k car? I cannot envision spending $150K on a car but there are many on the roads.

If you are a churched person you no-doubt know that “God will provide.” Does that mean that if you pray really hard and give money to the church that you will get the $40K or $150K car? No. It means that you will have the necessities of life. The trick of course is realizing what the “necessities are.”

This is where the poorest among us have the rest of us beat. They are happy with what they have. One of my favorite song writers penned the phrase, “it’s not about having what you want, it’s about wanting what you got.” If you think about that, it is so true.

“Failure to plan is planning to fail!”

Am I telling you to settle for less than what you have or want? No, I am telling you to set your expectations accordingly, set your goals a little higher than your expectations, and take the actions necessary to achieve those goals.

Much like project management, your goals need to be fully planned. What do you want, what does the end goal look like, and what does it take to achieve it? What milestones must you achieve to get to where you want to go or be? Goals should be on some sort of timed deadline. If you set dates to accomplish certain milestones you are more apt to succeed at the end goal. Start with prayer for wisdom. Praying to win the lottery is probably not going to get you anywhere. If it does; please keep me in mind.. J Realistic goals are part of the prayer process. Few grow up with the goal of being a garbage man. If you did, “bless your heart.” Many end up there because they failed to plan.

Do I look down on those folks, not on your life! It takes all kinds of folks to make the world go round. If more folks planned better, I think that finding a ditch digger or garbage man might cost more money. I make a point to know my garbage collection folks. If I can, I go out and tell them good morning etc. The same is true of the mail person and even the janitor at the office. They are all people and disserve the respect that you yourself would want. If you think that you are better than them you are in dangerous territory.

Wealth or the lack thereof.

I would seriously recommend taking the Dave Ramsey course for you who are just starting out. After listening to his radio show for several months, I am convinced that he should be a required course in high school. Credit card companies would lobby against that but, that would be just too bad. Our progeny need to understand the fundamentals of his wisdom, and the sooner the better.

The good news is that if you are a parent you can go through the course with your kids. It does not need to be mandated from the Ivory towers of DC. Many churches around the country offer this course. Why? A tenant of the course is to be generous, think there could be a connection? Too Cynical? Only they and God know their motives.

His mantra goes against current trends in advertising and indeed the way that we spend money! His philosophy and wisdom really came from making mistakes and learning from them. These are mistakes he made many years ago. So, why make the mistake if you can learn from those that have already done it? Like history, if you don’t know it, you will repeat it.

The jobs that you take should reflect some part of the path that you are on in order to achieve your goals. Jobs can be milestones. Let’s say I want to be a geologist. I would start out learning everything I could about the subject from books to social groups that are like minded. I might take an internship at a company that studies core samples. Even if I have to wash beakers or crush rocks, I would be part of the process and undoubtedly something I learned would stick that I could apply later.

The society we are in today has kids out of college with no practical experience looking for the big paycheck and the corner office. Bless their heart!

Many out there just take anything to get some sort of income. Folks, this is ludicrous. Letting fate decide your future is a formula for a life filled with dead end jobs being someone’s slave. If you can’t afford to leave the bedroom that you grew up in, you are on the wrong path! If you are forced to return to the bedroom that you grew up in because you are not making enough money to live on your own and be investing money in your future, you are certainly on the wrong path, or making bad decisions.

Briefly, fast food jobs are for kids in school. Those jobs will allow them to earn some spending money, gasoline and insurance money and if they are strict with themselves, some savings for college. They teach the fundamentals of the working world and truthfully make one appreciate a real job when they get one. I am a firm believer that everyone should have a fast food job as a child.

Retail jobs in general are the same type of job. Most retail jobs are not a career choice that should be anywhere in your decision making process. If those jobs are part time they are for kids living at home. Unless your end goal is to manage some high end retail establishment, you have no business working there unless of course, you are a teenager.

There is definitely a difference between adult jobs and “youth” jobs. “Youth jobs are training wheels for life.”

One job does not fit all.

I see way too many older folks taking retail jobs in places where there should be kids. I think this is a direct reflection of the times that we live in. The sad fact is that these older folks in these jobs allow their attitude towards that job to come through while dealing with the customer. It is not hard to tell that they are not happy and feel that the job is beneath them. Guess what; it most definitely is! Staying in that job is mistake of monumental proportions. Stay in it long enough to retrain and re-invent yourself if necessary, and then leave it for the teenagers that it was originally designed for.

Some older folks are taking these jobs to get out of the house. If you need the money, at least shoot for management. Leave the kid jobs for kids. Of course if you had planned correctly you would not need the money and could be spending your time out of the house, volunteering somewhere.

The last few years, entitlement spending is at an all time high. We are paying people to stay home and live on the government tit. That money that the government gives away comes from those of us who are working, not living on the ignorance of a government run amuck. If the politicians that think that what they are doing is correct they need to revisit it.

Anyone taking money from the government that should be working should be “reinventing” themselves. Currently if you are attending school you are not eligible for unemployment. What kind of foolishness is this? If you don’t find suitable employment in X months you should be required to take some classes and I would argue that those classes should be subsidized by the government. If you get an “A” 100% re-imbursement and so forth. It is almost as if we don’t want you to ever work again, we want you to live on some small amount of money taken from those that are working. Folks this is crazy!

If you know a politician or someone that you can talk some sense into by all means lets push this initiative. People need a hand up, not a handout!

Business is not ignorant of this fact. To get skilled workers to work for peanuts on a part time basis vs. dealing with kids who often have not developed a good work ethic is a bargain. If they get college graduates to slave away at minimum wage jobs, that too is a bargain for them! Keeping them at part time so they don’t have to screw with benefits, another win!

We see the argument to raise the minimum wage so people can make a living at these part time jobs that school kids should be doing. The pay is not the issue, the issue is that adults should not be doing these jobs!

Slavery is not Dead!

The problem is that these kids need those jobs as that is the next part of their training to become good workers. A part time retail or fast food job is not for anyone that is serious about making a living. Managing these occupations is another story however; it is slavery at best as you are most undoubtedly salaried and will work 50 or 60 hours a week and “it will be expected.”

Raising the retirement age was another mistake on so many levels. Companies are shoving you out the door when you are 50 and looking for the college kids fresh out of school to bring in and abuse.

This guy still votes too. That is another blog for another time.

Very few companies see the value in bringing in older Americans as they would have to pay them a decent wage. On top of that, these folks have experience and to some degree that experience might be askance of the job requirements and or environment of that company. The phrase “you can’t teach an old dog new tricks” certainly may play through their mind. Mature workers are excellent employees most always as they are skilled professionals and are not the party animals that they once may have been. Their children are most probably out of the house, so little will pull them away from their task.

Mature workers indeed need a vocation as we were designed to work. Those of us who linger in the couch or in front of the TV or video games all day are most probably going to expire way before our time. “A body in motion stays in motion!” Keeping a regular schedule, going to bed at a decent hour, getting up at a decent hour, greeting the morning sun for fifteen minutes in the morning will keep you healthy. There is of course more to it but these fundamentals are all too often overlooked!

If you take a look at the richest people in the world (which is out there on the internet) you will notice Bill Gates is number 1. The Wallmart and Sam’s ilk are close to that and there are so many others. What I would like to call to your attention is that none of these made it there because they are “nice people.” They are shrewd business people. One has to wonder if they are “happy!”

Some of you may try to extol the virtues of Mr. Gates as he gives money to different charities, “what a nice guy!” When Bill was buying the first operating system from a guy for $4k and licensing it to IBM for millions, I was involved with computers. When Mr. Jobs was a criminal, phone phreaking, making his first large sum of money, I knew about it and how he did it. When Bill got the windows idea from Xerox who happily showed him their ideas and products and told him about it being open source he happily took it and ran with it.

I have kept up with Bill, not because I am angry with him, he is a shrewd business man. One has to wonder if they “the richest folks in the world” are “happy” and how much money is enough? How do people get so rich? I wish I could say it was by treating people right and practicing good “ethical” business practices…

Retail stores hire folks are minimum wage and then give them just enough hours so they don’t have to pay for benefits. Some reward their slaves with a few more hours for extra effort while only giving a few to the people who are not really motivated to be there. Folks, it is hard to be motivated for $8 and hour, especially when it takes more than that to get a hamburger. If you are working for someone, even as a slave, do your best as you are gaining experience not just in folding clothing but in dealing with people, managers and situations out of your control. This also should teach you the value of an education and setting goals!

What is your goal? Money is not a goal, but a tool. Like a hammer or saw, it is nothing more or less than a tool. Money is a common tool that everyone can use to pay for or gain enough of to obtain food, shelter and the other basics for life. In some cases it can buy you an island or maybe a small country.. It is still a tool and a means to an end.

Your goal should be to be happy, that I would wish for you. Deciding on what is (happy) is another story. Some find happiness in stuff, and others find it in family and friends. Some of the happiest people that I know find happiness in serving others and or taking care of the other creatures that live amongst us.

I think that happiness is nothing more than a state of mind and those that have little to worry about seem the happiest. I guess if you’re rich enough to hire people to worry about things for you, so you can focus on being “happy” that might be one example of being one of the world’s richest folks might work for you.

Personal growth, understanding the person in the mirror, makes me happy. Each and every time I learn something about me, I am a little happier. There are few things that are in “your control.” Getting a good education, understanding that knowledge is power is a great foundation for being happy. Using that knowledge in a way that is consistent with “enlightened people” to me is a mark of wisdom. Serving others, in some way that is consistent with who you are is another way to become happy. I find that helping others takes my mind off of “self.” Looking at the bigger picture, one can appreciate the complexities of life and sort out the small stuff that should be in the noise, and not artificially elevated to demand your full attention.

This is a lot to chew on. Questions and thoughts are always welcome.

-Best to you and those that you care about!

IT in a Nutshell

IT in a nutshell..

Most CEO’s or presidents of companies have no idea that the sword of Damocles’ is right over their head. They don’t know because they are blissfully ignorant of the workings of their IT department. Truth be told IT, is a cost center and frowned upon in most companies as they “don’t produce.” This is true in the mindset of the upper echelon. They put up with the CIO or his people and equivocate when it comes to allowing them money for projects, as they really don’t have a clue. Their job is to run the company, not IT.

There are three basics tenants of IT.

Provide the infrastructure for people to be productive.
Provide the security to safeguard the company’s assets both in intellectual property as well as physical property.
Provide mechanisms for future growth and have a robust enough environment to handle ad-hoc projects.

In working with most companies the infrastructure grew behind the power curve out of necessity. This of course is the most expensive way to grow your infrastructure in that many things are done to “temporarily” get them through the “event”. Emergency projects are hardly ever well thought out, and hidden surprises are always lurking. Remember that old axiom; there are never any good surprises in business.

One of the things that I talk about a lot is hardware management. Each and every piece of hardware in your company has a life cycle. Not unlike your car or home computer or cell phone. Planning for the life cycle for equipment allows the company to budget for replacement of same and keeps the down time to a minimum as well as keeps the employees productive.

Down time is expensive both in hard and soft dollars. If you have 300 people who can’t work because the server is down, you are loosing money. If Sally can’t assist the outside sales people because her pc is moving at the speed of drying paint, they both are loosing time which is “MONEY!”

S.A.M. or software asset management is also something that the IT department seems to ignore and this is really something that should grab at least the attention of the CFO. Does each and every person need a full copy of office or do they simply need Word or Outlook. I was in one account where each and every machine had a full version of office on it. 40% of these were used as a terminal: that was it! Five hundred dollars times 120 machines is $60K wasted! Can you tell me one company that could not use an extra $60K?

Now, add to this scenario that this guy was installing this software on machines that were already past their life cycle. I don’t profess to be an attorney or a legal scholar on EULA but, it is conceivable that when that machine dies, that license will die with it. There may be hoops that you can jump through to get Microsoft to allow a transfer of the license but, what are the odds that this guy will do it. It is not his money after all.

There was one company who had 300 locations with 2.5 machines per location. These were servers so each had a copy of Microsoft “flavor of the day” server on it.

The application that was on there was a home grown point of sale. It was compiled to run on the Microsoft platform.

When I ask why they had not considered LINUX as an alternative I was laughed at. Here are the scissors that will cut the thread.

There support desk was equipped with PcAnywhere and each and every call for help meant that a remote session would be placed to assist the person with their machine. Push come to shove the machine was sent to the Depot where another was sent out as a replacement. As the hardware evolved some locations had newer equipment. The variables were mind numbing.

Had they used LINUX a simple telnet session would have allowed the help desk to terminate a daemon and restart it all behind the scene. Licenses for server software, remote connection software, anti virus software would have been avoided. The other thing about LINUX is that it is more forgiving of hardware platforms in that they could have used their equipment until it died vs. replacing it when the software dictated it. This particular CIO had no technical background other than he knew some programming. He did not embrace technology at all and did not have a computer at his home until his kids wore him down. Any CIO that does not embrace technology ought not be a CIO. Oh yes, LINUX is free and the kernel can be hardened so it can be very secure.

How is it that these two people were in the place that they were in? They were likable! The failure here cleary sits on the CEO or the person they report to. If I am hiring someone for a position, I don’t care if I like them or not. They must be able to perform the job that they are being hired for and, if I like them it is a plus, not mandatory!

Ethical hacking is becoming more and more in vogue. The bad guys are out there doing their thing and we simply buy anti virus software and hope for the best. Some of us don’t do that, we use something that is free or not at all. Free is not worth what you pay for it when it comes to anti virus software! Do your homework and see who is touting what and why.

As another add on to the cost center and depending upon your desire to be safe, I would consider hiring a security person who has been around the block a few times. This is not some kid fresh out of college who is academically savvy but, someone who has the scars on their back to prove that they have been there.

In a nutshell, any connection to the outside world is a portal for the bad guy to get in. Even if you have a secure firewall you have people on the inside who may be working for the competition. There are many products that allow a PC to be remote controlled from outside the building. Some are actually viruses and others are installed by an unwitting employee or worse, a spy. Software audits are a necessity; not something you do if you have time. Speaking of which; the anti piracy folks are at it again offering huge rewards if you report someone using business software without a license. Another reason for SAM.

While you may think that I am paranoid (a little paranoia is a good thing btw) I assure you that industrial espionage is real and there are those that do it for a living. Your security person would be actively monitoring the traffic coming in and leaving the building, looking for anything on ports that are typically used for such things. Activity during off hours should be a red flag. There is something called SYSLOG which is basically a service that talks with a server and creates logs of events. Along with server logs this log should be monitored for unusual activity.

One way a person might gain access to your stuff is to drop a thumb drive or dvd in the parking lot. Label the dvd X pics or have bunny rabbit ears on the thumb drive. I would be surprised if someone did not pick it up and stick it into their machine to see what was one it. Of course it would contain a program that would install a remote control host and the person would never know as he would be too busy looking for pictures.

Physical security is also a must. Keycards with picture ID’s on them would be ideal. Cheap and effective. With this you can track employees movements through the day / night. Along with security cameras if things turned up missing one could read the keycard report and know who it was and where they were and then look at the footage with that timestamp to see if they were carrying anything.

Biometrics are becoming in fashion as well. While I would want to stay with tried and true I would definitely be monitoring this to see when and if it made sense to move that way.

This scratches the surface and as you can see, security is physical, it is Cyber and it is employee education along with policies. Any configuration of a user’s machine should be done by IT. Users should not have any more rights than they need to function. That allows for protection of your data, declines viruses administrative rights as they usually assume the rights of the user and, protects the machine from being altered making more work for the IT department when it breaks or more often than not broken.

A little forethought and planning on the IT department can help them to run lean on employees as well as protect the company’s assets.

The statement is an excellent ingress into the last thing that needs addressing.

More times than I can write about I find that data centers are a cobbled together disaster waiting for some event to push them over the edge. There is a web site dedicated to such things and if I had had a mind to, I could have created such a site like that with just what I have seen.

Along with hardware management and software management a strong dialogue needs to exist between the CEO and the CIO. Business needs and or possible needs to be accounted for and anticipated. Looking back at the past one could extrapolate what may be needed into the future and at least make plans for growth. A robust well thought out network that is well managed and maintained is a crucial starting point.

I could write on entire book on what that means but, what it does not mean are knee jerk throw it together solutions “because we needed it yesterday!” Any change might effect some other part of the business and or company or have unintended side effects. If they don’t have one I stress the importance of change management. This is crucial to the success of just about any company with technology.

Proper consideration should be given to each and every device and or software that is to be installed.

Parting thoughts:

There is no room for emotions in Information systems. Emotions cloud judgment and, judgment is crucial for success.

You do not hire or fire someone because you find them likable or distasteful. Either they are well qualified and have a well defined track record or they don’t. The rest does not matter unless they are insubordinate or are deemed unfit. They are not your friend and don’t think that they are.

Never hire anyone that you cannot fire. Family and friends even if the company is ok with it are a liability as employees. At best they will be a burden upon yourself, and at worst you will loose them as friends and they might compromise your job.

Surround yourself with people that are smarter than you, you will be well served.

Keep your ego in check as it will defeat you. Humility will allow you to “hear” from those that probably know what you are seeking.

When you get in too deep, call for help; admitting trouble is always preferable than suffering defeat because of pride.

There is never any case for listening to or passing on rumors. Small people talk about people, others talk about ideas and things.

Your employees and vendors job is to make you look good; your job is to make them look good.

-Best to you and those that you care about!

The case of the password vs insanity.

We have all heard that the definition of insanity is: doing the same thing over and over again expecting different results. This was not lost on me when recently my password on my home PC was no longer accepted.

Imagine logging in to your own PC, that no one else touches, and the password no longer works.

I cannot tell you how many times that I tried the password that I know that it is supposed to be, and then doubting my sanity, trying every other password that it might be “just in case I changed it” without remembering I did.

The only reason there was a smidgeon of a doubt is that recently Yahoo forced me to change my password. They would accept nothing less than a strong password which by the way is so strong that I have trouble typing it while looking at it, and there is not a chance of remembering it.

No longer are the days of the family pet or address or birthday acceptable as passwords. Imagine having to type a password like this T4^s#hg^9? every time you logged on to your computer!

While the home PC’s password was not quite this strong, there is more than room for error. This led to a rather frustrating afternoon as one might guess.

The trouble shooting process was difficult as Windows allows little room for error and certainly not much for diagnostics. My first guess was the keyboard had to be messing up in some way so I changed the batteries. When that did not bear fruit I hooked up a hard wired keyboard to the USB port and still nothing. “Incorrect login name or password.”

Google produced nothing relevant other than an ad for some company that sells some software to recover your password. Microsoft was no help. If I were in a decision making role at Microsoft I would make some sort of option on the login screen that would allow for one to make certain that their keyboard is typing the correct letter and that the caps is on or off. Wireless keyboards don’t have any LED on them to tell you about “num lock” or shift lock and , the screen was not giving me any hint of this either although it normally would.

Windows 7 offers a way to reset the password, but you have to plan for it first and oh yes, it requires the “A drive, a floppy.” This too needs to be re-thought as few computers today have a floppy drive.

Somewhere in the process of trying to boot into safe mode I get an error that says “keyboard failure.”

At this point I try the wired keyboard into several different USB ports with the same results. I then installed a usb card thinking that maybe that would work, nope same results.

I could do things in Bios but not in Windows. The thing that would have helped is a way to check the keyboard, in Bios. My guess is that Bios is not as picky about what it sees from the keyboard and since you are only using limited keyboard functions, curser movements, enter and tab, one would not have guessed that the USB was having issues.

I just happen to own another machine of identical configuration, so a swap of the hardrive to the other machine rendered a machine that worked with my password that worked all along.

I can only conclude that there is an issue with the USB controller on the motherboard.

I am considering clearing out the Bios on the old board and trying a re-install of the software just to see if that fixes it. There may also be some sort of update from Dell for that Bios.

For you hardware junkies out there, this is probably standard fare. While I could have purchased a new machine for the $$ wasted in time to diagnose this, I have a new found empathy towards those who just use the machine and have no clue how it works.

Can you imagine Joe Q User out there that really looks for the “any key” having an issue like this?

If I was frustrated (and I have been at this when DOS 1 was new,) I cannot even fathom what something like this would be like for others who have less experience than I.

I hope that this helps someone somewhere possibly saving some time and frustration as this type of bugaboo should not happen.

Best to you and those that you care about!

Certifications a good idea or bad?

Is the person with the most certifications the best hire? Maybe yes, maybe no.

The history of the certification for IT really started with Novell. Novell used to charge computer manufacturers to “certify” that their equipment was compatible with their software. This was no inexpensive proposition. Somewhere around the release of V2.15 there was the invention of the CNE or Certified Netware Administrator.

Back at this time this was no easy certification to obtain. Proficiency in hardware, DOS, NetWare, Networking equipment and topologies, datagram’s, IPX XPS, NetBIOS and the list went on.

As the certification idea took off, adaptive test were created. If the test found a weakness, it would give you more questions around that weakness which may very well be your doom. These tests were not inexpensive. The study material was not cheap and when you boiled it all down, unless you are really good at taking test; you had to have the experience and knowledge the back it up.

So in theory this was a good idea and should have given employers an excellent way to gauge someone’s level of expertise.

What changed?

It is human nature to cheat. I am beginning to think that making ones way through college was in part, how good you were at gaming the system.

This is true of the certifications today for the most part. There are too many websites and groups dedicated to giving out information to the applicant, that we really have no idea how much the person knows. That is why it is paramount that you, the hiring manager know the technology and not just look at his or her pedigree.

We don’t like to take test and I appreciate that. As a professional I want to know that I know the material. Would you want your doctor or Pilot to “game the system?” Why would we hold them to a higher standard; other than the obvious of the life and death thing?

Do we not put the company at risk if we are not qualified? The people that you hire absolutely can make bad decisions and as one who sells disaster recovery, that is one of the things to consider, “an oops.” I have seen this happen more times than I would like to say and it is never pretty. (No, it never happened on my watch.)

After my company hired a person on their credentials alone, I soon learned that you had better know more or at least as much about the subject as that person who you are looking to hire. The person was a paper certified pro meaning he could take test, not actually do it.

I look for someone with a good track record in the field that they want to pursue, a solid work history and lastly I consider their certifications. I need to know if they can do the job and not just take a test. I also check their references and backgrounds if they make it past the first few hurdles.

Technology is an extremely liquid entity. The books and materials that you buy today may not be salient tomorrow. Spending thousands of dollars on classes, books and test is only good for such a short time, before you have to hit the books again.

Your “technologist” the CIO in most cases should understand technology better than anyone else in the company. He or She should have a very in depth background and not only understand the nuts and bolts of things but, should possess enough business acumen to know what products or services are relevant for their company; and those that would have a poor ROI or high TCO not to mention poor application.

All purchases and changes to the architecture should make sense. Anyone that you hire to administer that equipment should not only grasp the equipment or technology, but also the company’s vision.

In short, I am not given to looking solely at certifications. Can they do the job and how did they do it before? Were they successful? Are they willing to go to classes if the job requires it?

The trick to committing to obtaining a certification is to determine the viability of the company or product, and if that product will take off or die on the vine? That is the rub in that I have seen technology come and go. Xerox had the best of the best, 30 years ago and had their marketing been better, and they not try to recover their total development cost with the first few sales, Bill gates might still be working out of his garage.

Xerox had the GUI and the Mouse before Steve and Bill. That is another story.

If you are looking to the information technology field as a career I can tell you from experience that the length of your job at that company will only take you until you have maxed out on the salary that they want to pay; or they find a way to outsource what you do. There are fewer and fewer indispensible employees any more as most CEO’s or owners have figured out that everyone should be replaceable. If you are one of the people who have stayed in one place for a long time you are either underpaid, or the company does not have the guts to replace you with a less expensive alternative. Keep doing what you are doing as it is working for you and for the boss, get real; nobody is indispensable.

It is therefore paramount for you the job seeker to keep your resume up and current, analyze trends in the market to see what company is doing what, and who is using them. Most of us will get into the rhythm of our jobs and get comfortable. This can no longer be the case, as very few companies have any loyalty to their employee’s . Employee should empower themselves to become even more marketable. Accomplishments are a great thing to put on your CV especially projects with dollar figures or some other quantifiable metric. “saved the company $13 million dollars a year by changing the way that they did business.”

It is up to you the worker to maintain your marketability through skills, career choices, education and even personal appearance plays a role. I cringe when I see these young people today with piercings and tattoos. I personally see this as not a real bright decision and a possible impediment to getting a good job as I know that most serious business people feel the same way. You now will have to go with some young company that is really out there like Google or Microsoft or, find a way to cover up your decisions… I don’t mean to sound critical but, it is a shame that youth is wasted on the young.

These are pearls from me to you…

-Best to you and those that you care about!

Windows 8 First Glance

Windows 8

Even as management, I still enjoy messing with new technology. If there is a new gadget I must at least see it, but most probably have it.

Having said that I have a lab at the house with different Pc’s Routers and such that I mess with as time permits. As time was running out to get a “cheap” copy of Windows 8 pro to evaluate, I bought one to put on a PC that was sporting “Vista.”

While I would compare Vista to ME as in the “not very well thought out” category, I have been happy with Windows 7 and 8 seems to be on equal footing. I have installed 7 on several PC’s which were at their end of life cycle as they were dog slow with XP. Windows 7 makes them viable once again.

Pro’s: runs well on 2 gig or ram with a 2.8ghz processor. Machine indexed at 5.4 because the video card rates a 3.5. All in all, the machine is responsive. Windows defender is included but I am not sure how that compares to Eset Node 32. My hunch is not to well.

Cons: One of the secrets of Microsoft’s success is its GUI. Once you get the basics of “start and find the program” even the slowest grandmother can be sending e-mails in no time. 8 has the e-mail icon on the start page so that might even be better. Intuitive software is key to their success story.

After a few moments of playing with it, I had no issue doing what ever I wanted to do. That is me; someone who can install UNIX and mess with it. Since I have been doing this since DOS was 1.0 and before Good old Al invented the Internet (cough), I cannot judge adequately how others will perceive it. It looks as though it would do well with a touch screen device.

Huge Con: I added some memory to the machine and 8 promptly crashed. It went into a loop of trying to repair itself and crashed again and again. It would not even boot in safe mode. With all of the normal tricks tried, I re-loaded 8 from scratch as it would not even let me repair it.

I am not sure if the additional memory which came from Crucial http://www.crucial.com/ has issues but, I had to remove it before I could even get the PC to go into the defective loop. The Bios recognized the extra memory but, the machine did not like something about it.

I have used Crucial for years and have promoted them as their hardware scanner works well for the non-techie person and even for someone like me. Anything to make life a little easier deserves to be supported.

As your mileage may vary, I would be interested in hearing your thoughts and experience with 8.

-Best to you and those that you care about.