Thursday, December 29, 2005

Platform Zealots and the Peter Principle

I work in an predominantly Microsoft environment. This is because I built the environment, and I knew as I was building it, that support resources in the future would be limited. I would be the support resource, and I would have to live with and support what I built. I like Microsoft products, and I believe that they provide a tremendous value due to the amount of features and integration they provide. Having said that, I must also add that if some other entity/company/space aliens were to come up with software that was easier to implement, manage, and use, then of course, I would consider using it. I am not a Microsoft zealot by any means, and have used or currently using linux, Novell and VMS, not mentioning the countless other software packages used as client apps. My opinion is that software and hardware are tools, and you pick a tool based upon the job that needs to be done.

That said as some background, in the course of troubleshooting my executable attachment issue (see previous post), one of my users was trying to open an executable attachment, and Outlook would not allow it, and would block the user's access to the file. When he inquired about it, I sent him the cut and pasted article right out of the Outlook help about the file attachment security. I "replied all" to the user's email, figuring that perhaps the dolt that sent him the executable, who was CC'd on the user's email to me, wasn't aware of the impropriety of sending it.

I received the following communication from a client:




[COMPANY NAME REDACTED] does not use Outlook for some of the reasons you have outlined below. We prefer more robust "non-Microsoft" products to carry process our e-mail and it is true that we also block these files. The first one I had sent was with a truncated .exe extension but you had a server problem at that time.
Since these files are encrypted to insure our HIPAA compliance, we avoid sending them with the .xls extension. You should have received the file by now but let me know if you continue experiencing any further problems.


The most common lesson I am learning in IT is that the world knows no shortage of jackasses.

"more robust 'non-Microsoft' products"?? "to carry and process e-mail?" Hold on, now. If I encrypt a file, and create a self-extracting archive out of it, and then rename the file extension from "exe" to "xls", does that suddenly, automagically unencrypt the file and make it an Excel spreadsheet? "does not use Outlook for some of the reasons you have outlined below" - the reasons I outlined, where the security features in Outlook that block access to potentially dangerous file attachments. What a clown. On top of that, "server problem"???? Those are fighting words! There were no server problems, just iD10T user problems!!!!

This from a CTO/CIO. Would you hire this man to manage (or should I say, PROCESS?) your IT? Clearly a bigotted zealot from deduced from the "more robust 'non-Microsoft' " line. Does an e-mail client really "process" e-mail? Or is it used to "access" e-mail? How do you conclude that there are more "robust" e-mail client applications? If I loaded one Eudora/Thunderbird/Outlook/Groupwise/Notes Client on a bunch of PC's, what makes someone make the inane declaration that one is more ROBUST? Is the Notes Client more robust because it is a system hog that takes forever to load? I could see saying one is more robust if any of the above software would spontaneously close, lock up or otherwise flake out, and your pet email client didn't. Then you could say more robust.

And why on earth would you purposefully ALWAYS exclude software from the world's largest software company???

Do you think he regularly patches all his desktop client apps with the latest and greatest security patches????? I DOUBT IT! I will admit, I am and have always been a patch freak. Even in my Novell days, I always patched to latest and greatest. You know, there are reasons software companies release patches, and therefore you should patch. If you don't patch because the patch would break your app, then you have a broken app. Additonally to the broken app, you also get a free vector for an exploit/script kiddie/virus. Always patch. Always.

Are you ready for the cherry on top?

He doesn't allow executables as inbound file attachments in his company.

Wednesday, December 28, 2005

An Observation on Security

Recently I discovered that I had misconfigured my e-mail gateway/spam filter and that the wildcard expression I used to block executables as attachments to inbound e-mail was invalid. The result was that files attached as executables were being let in. Not a good thing, but not dramatically bad. As soon as I discovered this, I fixed it.

I also disallow executables, among a long list of other file types, as attachments to outbound email. To me, disallowing executables as an e-mail attachment is standard practice (at least since the late mid-1990's). Doesn't everybody block them?

So I get a call from a user who regularly gets an encrypted, self-extracting archive which happens to be an executable file, and my "fixing" of the problem now means that he can no longer receive this file as an email attachment. This file, by the way, originates at a major national bank. Apparently, the user is too stupid to create an encrypted archive that is not self-extracting.

Now, here is my question. With all the compliance regs that banks and financial institiutions are forced to adhere to, and all the money these guys spend on IT "security", this bank still allows executables as file attachments. What the hell are they thinking?

What is the point of that policy? I know for certain that if I were send an e-mail to a user at this bank with an executable as a file attachment, it would get rejected, or would undergo "hygene" and have the attachment stripped out. And that is as it should be. But why should their users be able to "shit" on my network, and send out executables??? I find it irresponsible.

The bank, btw, rhymes with "Hell's Cargo". I think I have a friend and former co-worker who works at their corporate. I think I'll call him and give him hell. GRRRRRRRRRRRRR.

Friday, December 16, 2005

On the Blackberry 8700c

I just retired my Blackberry 6280 today and replaced it with the spiffy new Blackberry 8700c. In case you are wondering, the "c" stands for "Cingular". Blackberry appends an operator code to their models (for example, "t" stands for T-Mobile, "v" for vodaphone, "r" for Rogers, "i" for Nextel, etc). I carry a Blackberry in additon to my personal phone.

I am one of those people who like to upgrade their cellphone every year (or sometimes, less). Personally, I am waiting for RIMM to settle their NTP suit so I can get a NOKIA with the Blackberry Client on it. Presently, Nokia has phones with Blackberry capability, but due to the NTP lawsuit, they will not sell them in the US. Of course, that is what E-bay is for, so you can get a grey market phone.

As I have had, at this point, the 8700c for all of 2 hours, I can give you my initial impressions:

The display screen is great! It is the first thing you notice when you turn on the unit. The display is bright and clear, and very sharp! I am used to the monochrome screens of the 6280 and the 7200 series, after all, who really needs a color display to read text emails, contacts and calendar appointments? With the 8700 series, have the options of selecting different themes and backgrounds. However, the great part about it is that, as I understand it, RIMM is going to add JPEG conversion support to BES (Blackberry Enterprise Server- the product that "runs" the Blackberries.) which will enable the opening and viewing of images on the handheld (gee, I can't wait for that, with my users downloading porn on their handhelds. Well, I guess better on the Blackberry then on their PC's, eh?). I also am under the impression that RIMM is going to add the ability to convert audio files to BES, so that you can listen to WAV voicemails (that is the intent) on your handheld. This functionality is not yet implemented on the current version of BES.

The form factor of the 8700c is a bit smaller then the 6280 and 7200 series. The size of the 6280 never seemed to bother me much, but smaller is better in some respects, and the smaller form factor does not in this case mean a smaller display. I will have to get out and use this pig a bit before I can say if the smaller size makes much of a difference. The form factor of the keys are also changed from the 6200/7200 series, and they are raised higher and are less rounded and more of a squarish shape. The keys are higher profile, and you can certainly notice that they are raised from the casing more then in previous models. The case does not appear as rugged as the older traditional handhelds, but I need to stress this is just an observation. I beat the heck out of my mobile devices, and it's just a matter of time before I discover how rugged this design is.

Additionally, the 8700 has support for

  • MP3 and polyphonic ringtones
  • MMS messaging
  • bluetooth
  • quad band 850/900/1800/1900 MHz GSM/GPRS
  • EDGE
  • Speakerphone

Yes! EDGE support! No more painfully slow internet on the Blackberry! In case you don't know what EDGE is, it is a protocol that allows for better/faster/larger data transfer to your Blackberry or other mobile phone. It is a good thing to have, and it's about time RIMM got on the EDGE bandwagon.

Quad-band means that this phone is suitable for international travel, and you will have a higher likelyhood of it working overseas than a phone that is not quad-band. If you are a road warrior, you want to have quad-band. Even if you do not travel internationally, a quad-band phone can allow you to have better reception in certain areas.

A lot of people like the bluetooth support, but I am ambivilant about bluetooth for headsets on mobiles. Most bluetooth headsets that I have seen or used are just plain ugly, and I really don't want to have to bother with another device that routinely needs to be charged, as well as having the clutter of another charger lying around on my desk. I'll take a wired earpiece any day over a bluetooth one (well, at least until the day I find a bluetooth headset that doesn't make you look like the freakin' Terminator, and has a standby/talk time of weeks, and doesn't use its own charger- USB maybe?).

On the other hand, the speakerphone is a feature I can't live without. I always carry a Nokia as my personal phone, and for me, the speaker phone feature is a must. Three cheers for RIMM adding a speakerphone!

OK, this is quite a rambling review. So what's the bottom line? You've got your quad-band, your bluetooth, EDGE support, speakerphone and your nice and shiney color display. Pile that on top of what a Blackberry does (real-time e-mail synchronization, calendering, contact list etc etc.) and it is pretty darn spiffy. However, if given a choice, I would probably want something along the lines of a Siemens SK65. Or even better yet, I would want my Nokia 6680 to have the Blackberry capability.

On Users

So there I was, slaying IT dragons and trying to keep all the green lights green and I get a call from a user. He wants me to come up and take a look at something that he wants to use at work. Now, this user is a sort of prima donna. Actually, where I work there are a lot of prima donna type users. But this user wants to bring in "a superior technology" then what we are presently using as the corporate standard PC. He wants to bring his consumer-grade P O S SONY VAIO (oh, it's sooo cute, it's PURPLE! IT MUST BE A GOOD PC then!) and use it on MY network. Well, to make a long story short, I will let the following do the talking:


From: (SENDER NAME REDACTED)

Sent: Wednesday, June 02, 2004 4:00 PMTo: (RECIPIENT NAME REDACTED)

Cc: (SENDER NAME REDACTED)

Subject: (MY NAME REDACTED)Please guide me here.

(MY NAME REDACTED):

Your responses to me, both your voicemail and email were, as usual,unprofessional and indicative of your lack of commitment and dedication to providing excellent information technology to maximize the efficiency and productivity of the (COMPANY NAME REDACTED) Organization. In particular I would like you to know that I consider my integrity to be very important and I do not ever knowingly say things that are untrue or otherwise "breach" my word. I resent your accusation and deny it entirely. Regarding the new computer. I have a great deal of experience as a consultant working with many companies in many industries and also have a functional knowledge of information systems. In many cases, clients not only permitted, but encouraged us to hook our laptops onto their networks to ease the integration of our work with theirs. This sort of hosting of computers is routine and common. More importantly, I have had experience with myriad information technology professionals and the good ones, in contrast to you, are problem solvers.They look for creative ways to resolve issues. In my experience, you take precisely the opposite approach. You work very hard to find a way to say no and then do so in a pompous and infuriating manner hoping to intimidate people with your limited knowledge of information technology. This case is just one example. Upon hearing the request, your first reaction was to launch into a tirade and spout a flury of (many nonsensical)reasons to say no. You did this before asking a single probative questionto see whether there might be a way to help me, and, potentially, the (COMPANY NAME REDACTED)Organization. For example, you don't even know what kind of computer it isthat I am hoping to hook up. You don't know what it is running; you don'tknow whether it might be something that could be in improvement that we could work together to beta test for the organization. All you knew when you reacted was that you had an opportunity to flex your authority and you leapt at that opportunity with gusto. "You wanna be on my network; you gotta play by my rules" is just one of the high handed remarks that you left for me on my voicemail. A better approach would have been to look for asolution. For example, if the issue is ownership, perhaps the solution isfor (COMPANY NAME REDACTED) to lease the computer from me; or buy it outright. However it isc lear to me from your pattern of behavior that you are not interested infinding solutions, you are only interested in self-aggrandizement while youare in the office and finding way to get out of the office as soon aspossible every day. But this is just one example of your incompetance and lack of dedication. . As I mentioned before I resent your assault on my integrity and am seriously offended by it, particularly since I have witnessed a number of occasions where it is you who have played fast and loose with the truth. Your email contains yet another such example. You say that you made an exception for my Sony laptop. This is simply not true. My Sony laptop has been connected to this network since before you were hired as a junior assistant to (NAME OF FORMER COWORKER WHO WAS FIRED REDACTED). It has remained on this network, not because you gave your permission, but rather because (COMPANY NAME REDACTED)(sensibly) declined the offer to spend money to replace a computerthat was working just fine. In addition, I have largely maintained the computer myself in order to help the organization as much as possible. You may recall that you were offered the opportunity to purchase a new computer for me from your budget but declined the opportunity as, apparantly, the risk to the network wasn't so great as to merit an expenditure of cash from your budget. (MY NAME REDACTED), your manner is abbrasive and your skills are limited.Please resign and let this organization go forward without your unfortunate contributions. (SENDER NAME REDACTED)



WAAAAAAAAAH!!! WAAAAAAAAAH!!! Some people clearly don't like it when you tell them they just can't drag any PC off the street and throw it on the network. Actually, in this case, I think he just didn't like it that I told him no. It amazes me (well, not really) that people think because they can walk into Best Buy and fill a shopping cart up with with "cool" stuff like Wi-Fi/Bluetooth/name a trendy technology that they can set up a reliable, scaleable computing environment.


I'll be posting some stuff that I have lying around. This is a classic, that not only applies to IT, but to business in general. I can't remember where I originally found this (somewhere on the 'net), but it is absolutely priceless. Enjoy!

Thursday, December 15, 2005

Welcome to my blog. Who am I and why am I blogging, and why do you care?

Firstly, I have been working in Information Technology (aka I.T./IT/IS etc etc) for almost 10 years, primarily focusing on system administration, network design and support. I build and support the communication systems that run businesses, and have spent time working in businesses from as small as 100 users, to large trans-national corporations with over 5,000 users. I've been an FTE (Full Time Employee), as well as a consultant and contractor. I've been around the block, and I can pull out miracles, bullet proof designs, and uptime where most meet with certain failure.

In this blog, I hope to provide an insight into the lunacy I see everyday in my profession. Everyone has heard the stories of the users who can't plug in their PC's, and it is my intent to convey some of those stories. I've been doing this long enough that when I hear stories like that, I find it hard to laugh - it hurts my head. I will now blog about it providing me an outlet to vent, and hopefully provide everyone some laughs and some understanding about what those IT people do.