Slashdot Mirror
Bone-Headed IT Mistakes
snydeq writes "PCs preconfigured with stone-age malware, backups without recovery, Social Security numbers stored in plain view of high school students — Andy Brandt gives InfoWorld's Stupid Users series a new IT admin twist. Call it fratricide if you will, but getting paid to know better is no guarantee against IT idiocy, as these stories attest."
I wouldn't call that boneheaded. That probably kept a bunch of folks in their jobs.
STFU & GBTW
And already 3 people took your bait without getting the joke.
Talk about a collective whoosh...
Information Security isn't going to get better without a major shift in how people work. As a society, we need to examine who really needs what data and then truly limit everyone to what they need. Until we can define these roles/access levels in black and white terms and permanently adhere to the controls put in place, there will always be IT blunders.
The problem is that these changes are rarely permanent, but more of a pendulum that swings back and forth as events like this occur. If Bob is taking home Social Security numbers on his laptop and someone steals it, controls may be put in place to prevent people from saving files to their laptops (and Bob is let go). Six months later, Suzie complains that she needs to be able to copy a proposal she's working on so that she can work on her flight to Japan. An exception is made. This typically snowballs until we're back to where Joe can copy the accounting records with SSNs.
Ease of access and efficiency nearly always trump security when these breaches aren't fresh in everyone's minds.
When a company simply accepts what the sales drone says about a given product as a fact.
(/local/home/curiosity)-#who -u|grep thecat|cut -c 44-49|xargs kill -9
Hold on a minute here.
The IT guy blames his boss for installing the Alexa toolbar, which lead to the deletion of all dynamic content on the company's web site.
No it didn't.
Yes, the Alexa toolbar isn't something anybody needs to run, and yes, Alexa should respect robots.txt, but whoever set up their web site is clearly incompetent:
1) Never rely on robots.txt for security.
2) The article says the Alexa spider captured usernames and passwords? What the hell were usernames and passwords doing unprotected on the web site?
3) The Alexa spider clicked all the Delete links. Never ever use links to delete things! Always use a submit button with POST, not GET. Generally, most spiders won't submit POST forms.
Security through obscurity is even less effective when the obscurity is poor.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
"4. Respect your IT pro's opinions."
That has always been my most sincere wish. However, I'm young, not as highly educated as the chief engineer/company president, and so that doesn't happen.
Never mind the fact that all the workstations and servers work, all the strange high-end scientific and engineering software works, and the network never goes down.
Because I wasn't his boss at the time (I became it later). At the time I asked both him and our boss if we had a decent recovery plan in place. I was assured by both that there was. That's really all I could do. If you want to think otherwise, by all means, do. But don't tell me that I'm "being an arrogant jerk and revelling in the mistakes of others." I was one of the ones who got my ass reamed over that mistake even though I had nothing to do with it.
This guy's the limit!
He stepped over the line the moment he gave the information to another classmate. He HAD to know there was something wrong with that. I can understand perhaps not telling the school staff about it, due to the "shoot the messenger" phenomenon, but anybody with a shred of morality would have destroyed the information, not given it to another KID.
I agree that jail time would have been a pretty harsh penalty, considering the real parties at fault were not facing anything even close to that.
So if you're so clever, how come you didn't warn the guy that might happen at the time?
Maybe because wandering around the office continually reminding professionals how to do their own jobs (assuming they are competent), makes you an arrogant asshole?
"Hey Ted, I know we hired you because you're all pro and stuff, but don't forget [some mind-numbingly obvious thing]. Seriously, I'm just trying to help, not implying that you're dumb as a rock."
The Daily WTF is not the best place for open sourcerers, RMS worshippers and other idealists, and sometimes smells of Visual Basic and other vile secretions of a certain company, but is very fun nonetheless.
Be sure to first look up the fundamental memes: picture of a printout on a wooden table, The Real WTF is..., brillant (sic), and Oracle NULL=''.
Those who would give up liberty to obtain working drivers, deserve neither liberty nor working drivers.
why is this comment modded as a troll?
Talk about a collective whoosh... from the moderators
sheesh, i'd say it was insightful
Your thoughts form your reality.
System management got outsourced to Singapore, he then left the company, so Singapore deleted his account. We were left trying to reconstruct was was left from a dd image copy of the disk.
This one drives me CRAZY. Yes, it's downright stupid to have critical things running under employee accounts. But the worse failing, I think, is this silly idea that once somebody has left all traces of them must be eradicated from the universe, as if the ghost of their keypresses will arise from the ashes of their workstation and take over the entire company. So there's a user account called "jshmoe." Just because it's called "jshmoe" doesn't mean it's Joe Shmoe's account! Who gives a crap what the name on the account is? There could be, and often is, VITALLY important stuff in there. In a perfect world, all critical data would immediately be placed into a company-wide repository, but we don't live in Perfectland. Slow the hell down, look at what you're deleting, and get over your DAMN IMMATURITY AND PARANOIA.
Those evil, evil bastards. Imagine wanting to get paid for your work. They should be like you and work for free. You do your day job for free, yes? I mean, you don't mind people taking your work without paying, even if the price is as mind-bogglingly low as a fraction of a second of mindshare, do you?
Chernobyl 'not a wildlife haven' - BBC News
Easier solution.
Turn it off, turn it on. Nothing was written to running-config.
Now wait the same 15 minutes, only 15 seconds earlier.
I [Do you like things that start with "I"? Take our IT IQ test!] don't know [For more stories about people not knowing things, check out "Stupid user tricks" and "More stupider user tricks"] what you're talking about [Are people talking about you behind your back? Read our "Top 10 reasons to be paranoid" and find out]. Those text [If you enjoy reading text, you might enjoy "Stupid hacker tricks" and "Stupid hacker tricks 2: The folly of youth"] ads [Is malware putting your system at risk? Take our Network Security IQ Test] weren't irritating [Is your job getting on your nerves? Check out "The 7 dirtiest jobs in IT" to see how much worse it could be] at all!
I'm so excited I just made water in my pantaloons!
Turn it off, turn it on. Nothing was written to running-config.
In this case that's probably going to work.
When the router is at a power station in Guangzhou and you'd have to wait until 3AM and call in one of the people in the company who speaks the language so you can call the local office during their business hours and get them to power-cycle it for you... you're a lot happier that you remembered "reload in 15".
Never assume that just because Backup Exec (or other backup utility) has backed up your data, that you don't indeed have problematic tapes and/or other hardware issues.
Test your god damn tapes people! When a company loses two years worth of data because backups were *never* verified to be working correctly, they're fucked. Needless to say, you'll be out of a job too.
Again. Restore from tape and verify!
Note: this just happened to a company I know. They called me asking for help because their last few IT contractors never verified backups are taking place properly. I really feel sorry for this company, and I've only met the owner once. Sad...
Life is not for the lazy.
I thought that was a way over the top joke until I looked at TFA.. wow. Just wow.
which is totally what she said
Yeah, I have something called an "employment contract".
I didn't agree to view any ads. It's not my fault if their business model sucks (to quote a random slashdot sig I saw).
I work for a Very Large Power Company, mostly hydro-based generation. We've been running our Generation Control System on *nix for about as long as anybody can remember. It's robust, secure and dependable.
However, we're beginning to see issues, especially with subsystems on old(er) proprietary hardware (cough*Alphas*cough) and replacement components are either scarce and expensive, or just plain unobtainable.
So we've recently completed the first phase(s) of a major GCS-upgrade project and the decisions have been rubber-stamped by the Government. (We are what's known as a "State-Owned Enterprise.) The new GCS system will be running on a Microsoft Windows Server platform.
Why?
Because the two contractor chicks who presented the choices to a Government-run committee, whose members have no desire to be held responsible or accountable in any way, shape or form, heavily promoted Microsoft Windows Server, via a bunch of garish PowerPoint presentations and Word documents.
Why?
Because, as one of the contractor chicks candidly admitted not long after, "[I] only know Windows."
So, a national infrastructure control system, one which epitomises the very notion of "Mission Critical", is to be based upon what is quite probably the absolute worst choice of NOS imaginable.
The (unaffiliated) national power distribution company migrated from *nix to MWS a few years ago, for what were essentially the same reasons. Their admins are not envied. Much of their time is spent coaxing the backup-backup-backup-backup servers back up.
One immediate result of the recent decision is that three of this company's best-and-brightest IT people resigned and "moved on". The departure of several more is imminent. I can't call them rats, but they are certainly escaping a ship that's heading straight for the iceberg, full steam ahead.
It's highly likely that this country's governing party will change at the forthcoming national election, although it will change nothing else. If anything, the soon-to-be-incoming party is likely to be even more MS-friendly than the current one, so I don't foresee any likelihood of sanity prevailing anywhere near the top in the near future.
Instead, what's likely to happen is that once the system begins falling apart - as it surely will - MWS will be quietly shelved by lower echelon IT management (avoiding any embarrassment to anybody in an expensive suit) and a *nix-based one will be restored. Estimates of when that will occur range from "Within a year" to "It has to happen eventually."
I use Win XP Pro at home. It's fine for general purpose family use. But MS Windows does not belong on a server: Or, at least, not on any which are expected to remain functional most of the time.
True story and, yes MS fanboys, I know you'll be modding this down to "-1: Troll" and "Flamebait". I can cope with it, thanks. I have bigger worries right now.
A certification is not an education. It does not teach you anything.
A certification certifies that you have learned something. That is all.
The difference between a person with a certification and one who followed the exact same coursework but did not get the certification is that the first person has a piece of paper that the second person does not.
The only purpose of getting a certification is to prove to someone else that you actually followed this coursework. If you still have to prove such chickenshit things to your employers (or potential employers) then you've probably made some bad career moves over the years, or are working for (or applying to) companies which are utterly clueless. An IT worker with over 12 of experience should not need a silly piece of paper to prove his worth.
If you mod me Overrated, you are admitting that you have no penis.
Here's my take. For data of any significant value, you should test the backup and recovery procedures every so often to make sure they work. This could include figuring out what happens when critical members are out (hit by the bus) or most of the department is gone (food poisoning at the office party). So as part of Ted's job, he (and a few coworkers) should on occasion run through a test recovery so you know nothing mind-numbingly obvious has been forgotten and to verify that that recovery can still go on even if Ted is hit by the bus. Plus in addition to gaining experience and verifying that the process works, they can generate documentation to help with a real data recovery.
That stupid, mindless slashdot user. Imagine wanting to read an article without being bombarded with advertisements that render the text almost completely unreadable because of their stupid design and placement. Let's behead this flagrant offender immediately for wanting quality web design! Off with his johnson!
GP and my sibling have no idea what they are talking about.
Getting a paper that says that you have achieved some level of knowledge is a big thing, thats why some people study so bloody hard. Yes a piece of paper doesn't necessarily mean you are smart, but it does show that you where able to sit still for more than 5 minutes and actually learn something. Getting a degree is also just a piece of paper that mainly tells your employer that you are able to learn and finish something - its of course also a document proving that this field is highly interesting to you.
Having a set of certifications is nice when you are shopping for a new job - to big business a certification means you can (more likely) be put into a senior position without having to be trained first.
For remote routers I normally do:
reload in 10
This means if I accidentally make any major mistakes and drop connectivity it'll reboot with the old settings.
Once I'm sure I've not stuffed up the config you can cancel the pending reboot.
Once again I am not a cert boy, I have no certifications, I have a BS in CS. But yes, you would have to prove yourself to me if you ever came across my hiring table. Maybe not with certs, but you would have to show more than just your good word that your 12 years of experience is worth more than just 12 years with a title. A certification (better have multiple if you don't have an IT degree of some kind) shows that at least you have an aptitude for the stuff. The interview would sort out whether or not you could creatively use the knowledge.
BTW I used to think as you do, there is no difference between the guy with the cert and the guy without who read all the material. But that is just a cop-out answer because if you really do know all that the other guy does, there is no reason you wouldnt have paid your $$$ to take the test.
CS: It is all sink or swim...oh and did I mention there are sharks in that water?