Archive for October, 2010

Hey boss…

Wednesday, October 20th, 2010

Why is it you can splurge on a hotel room for $260/night for a conference, yet you can’t replace the 9-year-old desktop-class machine that I do all my development on?  You know, the development of things like the password change page that the entire department and all external users rely on?  The evaluation of new paradigms like a new LDAP structure?  Like LDAP failover / mirroring?  You know – the important stuff that keeps the whole infrastructure running.

Cripes, I didn’t even spend that much on a hotel when I was a consultant traveling to New York City and staying in Manhattan!

Oh hello stupid…

Friday, October 15th, 2010

You know, when you’re supposedly a senior systems administrator with 15 plus years of experience, you really ought to be able to use Google effectively.  When you come to me with a problem you’ve been working on for several hours, and I figure out it isn’t really a problem but rather expected (and correct) behavior in under 20 seconds with a very simple Google search pattern, you tend to undermine my faith in your ability to do anything else with any competence at all.

The Nightmare Continues

Tuesday, October 12th, 2010

For those of you who haven’t read the previous “nightmare” entry at, this is a continuation of that saga.  You may be aware that a prestigious cancer researcher was recently demoted and had her salary cut by almost 50% (, for being negligent in securing her project’s data.  This situation is arguably worse – the idiot programmer in question actively handed out the hostname, username, and password to the entire world.  His argument will be that he locked down the database to UNC-only connections, but let’s be honest here – it’s trivially easy to walk into one of the UNC libraries, find an open port, jack in, and sniff for an available IP address.  Heck, all you really need to do is find a weak machine somewhere and exploit it, then you’ve got immediate access to this database through a bounce-box.  You could even just spoof the IP you’re coming from – it really is just that easy!

Well, in light of the mammography study issues, I reiterated my concern to my boss.  The response I got back was that he has raised the issue with the programmer, and been told that it’s not an issue.  And nobody’s concerned!  Not a one of them are worried at all about having hostnames, usernames, database names, and passwords out on the Internet available anonymously from SourceForge to the entire world!  I’ve raised this issue with the departmental security person (he’s at the “dean” level of things, so fairly high up) and with my boss, and nobody wants to do anything about it.  Even after the mammography thing, they don’t get it…

I am out of options.  I can do nothing further to warn them of this disaster waiting to happen.  I feel like I’m standing alone on the borders of the Roman Empire, shortsword in hand, watching the Goths mass just beyond bowshot, listening to the banquet the rest of the legion is partaking of and telling me to stop worrying, that no group of natives could possibly breach the fort’s defensive walls.  Hearing the manongels being built, but not able to see them, not able to make anyone believe.

Why are so many people in the computer industry (be it corporate or academic) so blindly incompetent?

Learning experiences

Friday, October 8th, 2010

Not all of them involve making mistakes.  Some of them, and my most recent one, involve realizing just how much of an ass you’ve been in previous jobs by coming face-to-face with the same type of behavior from someone else in your current job.  Yes, this just happened to me, and I almost immediately realized I’d done the same type of thing in previous jobs.  Fortunately, I don’t think I’ve done it too often, but often enough to be embarrassed about it.

This is definitely something I’ll be keeping in mind as time goes on…  with luck, my new business venture will work out and I’ll have the opportunity to do something about all these little lessons I’ve learned over the course of my career.