cancel
Showing results for 
Search instead for 
Did you mean: 

The Actuator – August 22nd

Level 17

Getting ready for VMworld next week, working on my presentations, demos, and buying new shoes. If you are in Vegas for the show, stop by the booth to grab some swag and say hello.

As always, here are some links from the Intertubz that I hope will hold your interest. Enjoy!

An 11-year-old changed election results on a replica Florida state website in under 10 minutes

This either says a lot about the election websites, or the skills of the kids. Probably a little bit of both.

LHC physicists embrace brute-force approach to particle hunt

Nice example of not being afraid to admit what you have been doing isn’t working, and to try something different. The LHC is an example of a project that will benefit from quantum computing, look for that to be the next step in their research.

Tesla's stock falls sharply after Elon Musk reveals 'excruciating' year

So, we all see that Musk is having a meltdown, right? Might be time for him to cut back on the number of projects he’s trying to run at this time.

Telling the Truth About Defects in Technology Should Never, Ever, Ever Be Illegal. EVER.

Agreed. I recognize that in some cases you’d like to notify the company directly and give them a chance to patch. But to discourage such research isn’t helpful. I’d like to think programs like bug bounties make for a more secure online experience overall, for everyone.

Hackers steal $13.5 million from Indian bank in global attack

If only there was a way for this bank to have known there was a defect in their software. Oh wait, there was a warning. My guess is that this bank might understand the benefits of encouraging others to find security flaws before the criminals.

Make Shadow IT a Force for Good

Good list of tips for everyone that has struggled with Shadow IT. I’m a huge advocate of zero-trust networks, and I think that’s got to be the default for every company these days.

My Favorite Sayings

Well, not mine, but ones I enjoyed reading and thought you would, too.

10 years as a Microsoft MVP and I'm just as giddy as if it was my first day. My 10-year ring arrived over the weekend, and I wanted to share:

mvp_10_ring.JPG

40 Comments
smttysmth02gt
Level 13

Thanks for the links!  My favorite saying:

The only thing worse than a problem that happens all the time is a problem that doesn't happen all the time

Jfrazier
Level 18

LHC Physicists:

I take their approach akin to something I did back in the early days of scrubbing unix syslogs for "interesting events" that were not already specifically monitored for.  In other words we watched for known events and missed things that were not watched for because of the noise.  So instead of digging in the logs for something new or someone to say "this happened, watch for this new message" I changed my approach.

I took chunks of syslog data and wrote rules to discard all the non important things logging the remainder to a new daily log.  The next day go through the daily log and repeat the scrub for normal noise and filtered that out as well.  Eventually we got down to only those events that were relevant and those few unknowns.  The unknowns were then evaluated.  This allowed us to better see the anomalies and then helped to keep issues at bay. 

It is interesting the parallels in what we do and what others do in different industries.  Same concepts just different application.

petergwilson
Level 14

A kid hacking a US government site.  No new news here.  It seems to happen all the time.  Having worked in the public sector and with government systems I can safely say that they don't understand security or IT.  They also want everything done now with no money because they have spent all the time and money having meetings about having meetings about what they want and not really deciding.  They they buy something and give it to IT who have to make it work when it isn't fit for purpose.

petergwilson
Level 14

LHC.  Got to admire their vision.  We don't know what we are looking for, don't know how to do it and probably won't recognise what we find but we will keep doing it and get paid quite well as we are 'experts'.  Pity IT doesn't work that way.  If it all goes wrong we could all disappear in a flash.  Of course there would be no one left to blame them so that's OK. 

What happens after Brexit.  Do we Brits take our parts and leave.

petergwilson
Level 14

Elon Musk.  He could be a project manager here.  Loads of projects that never get completed because he gets sidetracked.  And he would only have to work 5 hours a week (judging by how often we see them).

petergwilson
Level 14

You would think companies would be grateful that someone has spent time and money to find and disclose problems with their product thereby saving them the trouble of paying for good people who are able to design products that actually work as expected.  No.  It is cheaper to pay peanuts then pay expensive lawyers when their crap products are exposed.  These companies should be named and shamed and we stop buying their products.  Once it becomes financially more viable to pay for good people to produce good product we could get rid of the parasites (Lawyers) and have stuff that works.  

petergwilson
Level 14

Indian Bank.  What a poor statement.  It wasn't the customers money that was stolen.  Of course it wasn't.  The bank had stewardship of the money.  If they lost it then they are liable not the customers who should't be affected at all.  Again not a surprise.  Banks are in it for the money so if they can do the IT on the cheap, more money for them.

petergwilson
Level 14

Shadow IT.  Always a problem because users don't understand why services from the IT department cost so much.  They forget that support, maintenance, backups / restores, upgrades and all the stuff like networking and internet also cost money.  I'm always having people complain about lack of disk space on the network (sic).  They can buy a 2Tb disk for home use for £50 but don't understand that in a corporate environment we need fault tolerance and multi user access (plus £50 per user would be approaching £3M which is more than the total cost of our server infrastructure (in an active / active mirrored server room environment).

petergwilson
Level 14

Some interesting sayings.  I use my intuition (which is really just years of experience and a brain that can drag all those memories of past problem together) to fix stuff.  There is no point asking questions HERE as management don't listen and blindly plough on with whatever new idiocy they have come up with. 

jkump
Level 15

My favorite saying

The three most powerful words for building credibility are "I don't know"

I live by this philosophy, encourage my younger co-workers to adopt it,  I probably add to it though, "I don't know, but I will find out and get back to you"

Great links !

mtgilmore1
Level 13

Fake News --- all over (election results - 11 year old)...  We needed this 11 year old 2 year ago.

rschroeder
Level 21

Kids being taught to hack--to make a better future.

Kids being taught to hack--to teach web site managers/owners/users a lesson about security.

Maybe we're missing teaching ethics and requiring mandatory compliance to ethical behavior--from everyone in the world.  Sure, it sounds impossible.  So do most worthwhile goals.  But if we don't start improving the world through better education, better morals, better enforcement and detection, when will it get better?

rschroeder
Level 21

Brute Force and the LHC?

My son's worked to support the LHC at Cern the last two summers in Switzerland.  Anything about that scientific tool and endeavor is interesting to me.  Thanks for posting this!

rschroeder
Level 21

Maybe not ALL Elon Musk projects immediately turn to gold, but I'm still betting on the man and his ideas.  He inspires, he dreams big.  It may be that many of his ideas flop.  But those that succeed are beneficial and interesting!

rschroeder
Level 21
rschroeder
Level 21

When banks went online, so did bank robbers.  I'm old enough to remember community and neighborhood banking, where people rushed to get to the banks every other Friday before they closed, so they could deposit their pay checks.

I have the impression that fewer dollars were lost to theft then, than are lost today via electronic theft.  Bank Robberies seemed to be big news, and were accompanied with violence and FBI and police car chases.  Few robberies were unsolved.

The opposite appears to be true today:  most electronic robberies appear to go unsolved, and there are no risks of car chases or violence.

Maybe we should disconnect banks from the Internet.  I wouldn't mind having to see a person at a teller every other week.  Some of my family's good friends worked at banks, and everyone knew each other.  Today we don't know anyone at a bank.

petergwilson
Level 14

Good luck teaching kids ethics these days.  Most have been brought up with the mentality of wild animals.  Here in London we are seeing 12 year olds stabbing people to death because they can.

petergwilson
Level 14

Yes,  I remember being able to borrow a sawn off shotgun for some clay pigeon shooting at the weekend (because the banks were closed).   

OK, I stole that from an episode of "Only fools and horses" but it was funny.      

rschroeder
Level 21

I'm willing to bet I work with people, or have friends, who put themselves or their employers at risk through unauthorized / insecure shadow-IT practices.

pastedImage_0.png

pastedImage_3.png

pastedImage_2.png

rschroeder
Level 21

The Favorite Sayings are filled with many truths.  I like the Coherent Systems, personally.  I worry about our Solarwinds Environment becoming a group of "coherent systems."

On the other hand, managing multiple diverse systems isn't efficient.

rschroeder
Level 21

Congratulations on another MS MVP, sqlrockstar​ !

petergwilson
Level 14

Shadow IT.  We have just now had a request come in for a restore of a supposedly mission critical SQL database.  We have never heard of it.  After some digging we have discovered that one of the developers has 'lent' some storage space on one of the dev servers to someone he knows in another part of the business.  That person has implemented a database with personally identifiable data which has now corrupted.  He needs a restore.  Problems.  The dev server isn't backed up and nothing important was to be stored on it.    It was just for dev testing.  The SQL database was unauthorised.  The data on it is personally identifiable (GDPR issues) and uncontrolled.  The two people involved may lose their jobs.  Senior people are in a big meeting to discuss what to do and won't be out for at least another hour or two.  We are going to a leaving do in 30 mins. for many many beers (and possibly strippers).  Do we wait for management to finish their meeting.  Hell NO.

petergwilson
Level 14

I don't mind coherent systems.  It's incoherent managers I object to.

vinay.by
Level 16

10 years as a Microsoft MVP and I'm just as giddy as if it was my first day. My 10-year ring arrived over the weekend, and I wanted to share: -> Congrats

ecklerwr1
Level 19

I wouldn't hold your breath and go get beers!

ecklerwr1
Level 19

Real voting machines aren't connected to the internet... hacking a webserver on the internet isn't exactly rocket science either.  With metasploit it's actually pretty easy often.

Radioteacher
Level 14

Even Secure Shadow IT could be bad.......

david.botfield
Level 13

Good articles and congratulations on the MVP.

vinay.by
Level 16

Cool article

rschroeder
Level 21

Apparently "secure shadow" is "a thing."

pastedImage_0.png

And for history buffs, this tangent:   "Secure the Shadow, 'ere the substance fades"

pastedImage_1.png

"Secure the shadow, ere the substance fades" was one of the earliest advertising slogans used by photographers . . ."

"The phrase urged one and all to capture the image (Secure the shadow) before beloved family members were dead and gone (the substance fades). "

"Secure the shadow, ere the substance fades" - Ephemera Society of America Ephemera Society of Ameri...

tallyrich
Level 15

Shadow IT, that happened more times than I can count at my last gig. The problem being non-IT type people running out and purchasing things with no clue as to how it would work in the environment. While Shadow IT has some good (when the people really know what they are doing) in most situations it causes more problems than it solves.

vinay.by
Level 16

An 11-year-old changed election results on a replica Florida state website in under 10 minutes -> Hmm

vinay.by
Level 16

LHC physicists embrace brute-force approach to particle hunt - wow, too much for me to consume

petergwilson
Level 14

So the LHC scientists are using a really big hammer to crack a very very small nut.  What could possibly go wrong.

bobmarley
Level 15

I can't believe that they figured out most of the physics a hundred years ago and they are just now to the point where they have tools to prove it.

bleggett
Level 12

For every one that gets caught, I would wonder how many others have been sneaking by. 

ecklerwr1
Level 19

The missing part of the science is the link between the world of the small and world of large... ie. the search for the unifying theorem.

rschroeder
Level 21

My son's been working at the LHC for last couple of summers during his journey towards a Ph.D in Theoretical Particle Physics.  I asked him why he likes the "theoretical" part better then the "applied" or "mechanical" areas of Particle Physics, and it seems it's guys like him that are (in part) responsible for it taking a hundred years to prove theories. 

"Dad, I like coming up with ideas and handing them off to the mechanical physicists, whose job it is to prove or disprove theories."

I'm thinking to myself in my head "Oh, sure, leave it to the poor folks in the trenches to come up with ways of showing you're either a genius or someone who doesn't know what they're talking about."

On the other hand, some of those theories are great ones, just difficult to prove.  VERY difficult, apparently.

I'm hoping the LHC or similar tools may help better explain Dark Matter.  Which might give us the ability to do good things with power we never imagined possible.   Maybe even within my life time.

bobmarley
Level 15

All they had  to work with 100 years ago was math, on a chalk board. Amazing that they could figure out what they did.

df112
Level 13

Belated congrats on 10 years as an MVP.  Definitely an accomplishment to be proud of.

About the Author
Thomas LaRock is a Head Geek at SolarWinds and a Microsoft® Certified Master, SQL Server® MVP, VMware® vExpert, and a Microsoft Certified Trainer. He has over 20 years experience in the IT industry in roles including programmer, developer, analyst, and database administrator.