Maybe I'm just cranky because my hand remains sore, but I don't go for a lot of the 'how to handle conflict and difficult people' approach we've just worked on today. It's perhaps the idea that a win-win situation is best that turns me off - all too often, this doesn't seem possible, and the best solution is one that meets the organisation's needs, not the individual's. It's too easy to complain, be the victim and expect sympathetic treatment, even when a distateful situation is self-inflicted. Sometimes you just have to bite the bullet and get on with life.
If that's not acceptable, try Plan B. That's frequent and enthusiastic application of the baseball bat.
20060330
20060329
Finger trouble
Just before Christmas, I had the misfortune to break one of the bones in my hand. It was the result of a brief moment of carelessness, catching my foot in a trailing wire during a computer install at a client site. For the next five or six weeks, I had the hand, wrist and forearm plastered up, but the break wasn't knitting at all. So the consultant put me on the operation list and allowed me the use of the hand back, with the proviso that I underwent physio to restore some of the lost function and power.
The day for the op arrived today. But the last three weeks or so have seen immense improvements in the hand's flexibility and it actually seems to have healed somewhat. The little finger remains a bit crooked, but the surgeon suggested that the possible complications in operating (nerve and tendon damage) probably outweighed the potential benefits of resetting the bone. So, after waiting over three months - no operation. I had thought this might be the case, but it seems that once you're in the pattern, getting out of an operation is more difficult than getting the original go-ahead, and my calls and requests for an earlier examination went unheard. Someone might have been able to make use of the slot that my recovery left vacant, but I guess it does at least save the struggling NHS some money.
The really ironic twist to all this is that given an extra and unexpected day at work, I went back to the original site where the damage occurred to do yet another system install...this time without incident.
The day for the op arrived today. But the last three weeks or so have seen immense improvements in the hand's flexibility and it actually seems to have healed somewhat. The little finger remains a bit crooked, but the surgeon suggested that the possible complications in operating (nerve and tendon damage) probably outweighed the potential benefits of resetting the bone. So, after waiting over three months - no operation. I had thought this might be the case, but it seems that once you're in the pattern, getting out of an operation is more difficult than getting the original go-ahead, and my calls and requests for an earlier examination went unheard. Someone might have been able to make use of the slot that my recovery left vacant, but I guess it does at least save the struggling NHS some money.
The really ironic twist to all this is that given an extra and unexpected day at work, I went back to the original site where the damage occurred to do yet another system install...this time without incident.
20060326
Cheap electronics
We're in the market for a TV/DVD combi, probably around 21" screen size. Whilst I'd like a LCD unit, I suspect - no, I'm absolutely sure - that these are too expensive, and so it will have to be an old-fashioned heavy CRT.
After limited research, we picked a Logik unit from Curry's - reasonable size, very cheap, OK-ish design and good functionality. Unfortunately, we've just had to return the second example because of problems with the DVD player. The TV part of the deal was fine, easy to tune, clear enough picture for my tired old eyes, but the DVDs keep hanging and skipping, making watching anything a real pain.
So the question is whether it's worth trying another low-end brand, or whether I need to bite the bullet and be prepared to hand over more money to the credit card company. Looking around the web, it seems that people are reporting lots of problems with the DVD player part of combi units: are manufacturers really skimping on what should be a relatively easy part to spec up and install, or is there something else causing problems?
BTW, kudos to the guys at Curry's - no problem at all in getting a refund, and no pressure to try another (probably more expensive) unit. Travel expenses would have been nice, but it's sufficient nowadays to part without harsh words.
After limited research, we picked a Logik unit from Curry's - reasonable size, very cheap, OK-ish design and good functionality. Unfortunately, we've just had to return the second example because of problems with the DVD player. The TV part of the deal was fine, easy to tune, clear enough picture for my tired old eyes, but the DVDs keep hanging and skipping, making watching anything a real pain.
So the question is whether it's worth trying another low-end brand, or whether I need to bite the bullet and be prepared to hand over more money to the credit card company. Looking around the web, it seems that people are reporting lots of problems with the DVD player part of combi units: are manufacturers really skimping on what should be a relatively easy part to spec up and install, or is there something else causing problems?
BTW, kudos to the guys at Curry's - no problem at all in getting a refund, and no pressure to try another (probably more expensive) unit. Travel expenses would have been nice, but it's sufficient nowadays to part without harsh words.
20060324
Absolute power
How do you tell someone that they shouldn't have administrator privileges, and why this is the case?
I was faced with the issue of explaining to a friend and colleague why I was unhappy about them having a copy of the domain administrator password. This was made more difficult by the fact that the rest of the room was listening in. In essence, it's one of those things that is either obvious, or very difficult to explain, and I'm very much afraid that I made a mess of it.
Although I said it wasn't a question of trust, however you look at it this is what it reduces to. But it's not personal trust - I know that no-one in our organisation would do anything to damage the system or to cause any problems. It's trust in the system itself. We need confidence that we know what is installed, what is happening and how things are configured. And when you get more than one person with the ability to make the sort of changes involved in administrator privileges, you get a dilution of that confidence. Spread that level of ability around too far, and you can guarantee that mistakes and errors will happen.
Things will get changed without record; files will go missing,and no-one will remember removing them; applications will appear and downloads run that no-one can take responsibility for. At least when the admin account is restricted, the responsibility for these sort of changes is equally restricted and it increases the likelihood of getting problems fixed. And not insignificantly, when things do get broken, it's clear that the responsibility for fixing them lies with whoever broke them in the first place: much easier to establish, agree and accept that when it's a select group - preferably one person.
Equally, there's the argument that getting the day job done should not mean having to use admin access. One of the most common traps is to live in the admin account when a much more restricted account will do. That message at least I think is well understood, with nobody suggesting that it's acceptable or desirable.
Finally, there's the question of culture and policy - which ought to be closely linked. A company may have a policy of restricting access, but if that policy is clearly ignored in the company culture, it will lead to increased laxity in observing other precautions. If 80% of the staff have admin access, why not let the other 20% have it as well? They may be called upon to act in whatever scenario was used to justify the original release of the information, and so would argue that general access be permitted. But I believe quite strongly that the only proactive approach that should be followed here is to plan for that eventual possibility that privilege enhancement may be required, only granting that enhancement when the circumstances demand it. There's no need for the password or any other privileged information to proliferate in advance of the need (and it must be a "need", not simply a matter of convenience. Nearly every situation that can be envisaged which could be handled by admin access can also be managed with alternate, lesser privileges). Identifying and implementing mechanisms to answer these questions is part of policy management, and this is an area where continuous communication is essential - if we understand the requirements, we can perhaps provide answers in advance of the occurence. So the company culture must encourage feedback and relaxed exploration of these issues, in order that all parties are comfortable with the conclusions. Only when this is achieved can successful and mutually acceptable policies be agreed.
If power corrupts, what hope is there for the omnipotent system administrator? I'm glad that I have friends who can bring me back to earth, as happened today. I really had to think about this, and will re-visit the question with the rest of the team until we're all happy.
I was faced with the issue of explaining to a friend and colleague why I was unhappy about them having a copy of the domain administrator password. This was made more difficult by the fact that the rest of the room was listening in. In essence, it's one of those things that is either obvious, or very difficult to explain, and I'm very much afraid that I made a mess of it.
Although I said it wasn't a question of trust, however you look at it this is what it reduces to. But it's not personal trust - I know that no-one in our organisation would do anything to damage the system or to cause any problems. It's trust in the system itself. We need confidence that we know what is installed, what is happening and how things are configured. And when you get more than one person with the ability to make the sort of changes involved in administrator privileges, you get a dilution of that confidence. Spread that level of ability around too far, and you can guarantee that mistakes and errors will happen.
Things will get changed without record; files will go missing,and no-one will remember removing them; applications will appear and downloads run that no-one can take responsibility for. At least when the admin account is restricted, the responsibility for these sort of changes is equally restricted and it increases the likelihood of getting problems fixed. And not insignificantly, when things do get broken, it's clear that the responsibility for fixing them lies with whoever broke them in the first place: much easier to establish, agree and accept that when it's a select group - preferably one person.
Equally, there's the argument that getting the day job done should not mean having to use admin access. One of the most common traps is to live in the admin account when a much more restricted account will do. That message at least I think is well understood, with nobody suggesting that it's acceptable or desirable.
Finally, there's the question of culture and policy - which ought to be closely linked. A company may have a policy of restricting access, but if that policy is clearly ignored in the company culture, it will lead to increased laxity in observing other precautions. If 80% of the staff have admin access, why not let the other 20% have it as well? They may be called upon to act in whatever scenario was used to justify the original release of the information, and so would argue that general access be permitted. But I believe quite strongly that the only proactive approach that should be followed here is to plan for that eventual possibility that privilege enhancement may be required, only granting that enhancement when the circumstances demand it. There's no need for the password or any other privileged information to proliferate in advance of the need (and it must be a "need", not simply a matter of convenience. Nearly every situation that can be envisaged which could be handled by admin access can also be managed with alternate, lesser privileges). Identifying and implementing mechanisms to answer these questions is part of policy management, and this is an area where continuous communication is essential - if we understand the requirements, we can perhaps provide answers in advance of the occurence. So the company culture must encourage feedback and relaxed exploration of these issues, in order that all parties are comfortable with the conclusions. Only when this is achieved can successful and mutually acceptable policies be agreed.
If power corrupts, what hope is there for the omnipotent system administrator? I'm glad that I have friends who can bring me back to earth, as happened today. I really had to think about this, and will re-visit the question with the rest of the team until we're all happy.
20060321
Quick - before anyone notices
I had cause to go down to the shops today - just a brief outing, but I noticed something rather odd. It was busier than I'd expect on a Tuesday lunchtime, and a lot of the shoppers were male business men of an older persuasion - i.e., not geeks or junior staff coming in for a quick bite of lunch.
What caught my eye was the furtive way they were placing their purchases on the counter for scanning and payment. They all seemed to be buying DVD's, but didn't want it to be too obvious. Well, that's like a red rag to a bull, and closer inspection showed that these were all copies of the new Harry Potter release. I guess they just didn't want anyone thinking it was for them.
What was I down there for? Well, ah, you see, the DVD's a present for my wife...
What caught my eye was the furtive way they were placing their purchases on the counter for scanning and payment. They all seemed to be buying DVD's, but didn't want it to be too obvious. Well, that's like a red rag to a bull, and closer inspection showed that these were all copies of the new Harry Potter release. I guess they just didn't want anyone thinking it was for them.
What was I down there for? Well, ah, you see, the DVD's a present for my wife...
20060318
Death before dishonour
We'll hang on to our DRM even if it kills you!
In the light of the past week's evidence about the effect of DRM on battery life in MP3 players, you'd think the media industry don't need any more bad press. But it appears, according to reports here, that they are unwilling to concede anything at all, even if it means killing people.
Would it really hurt that much to allow for exemptions in the name of safety? Or are they so scared of someone actually showing that their business model is wrong that they cannot even do that? After all, it's not as though any amount of protection is actually going to stop deliberate pirating of content, so I'm unclear about the real objective here. It looks as though the industry wants some sort of stranglehold to blackmail society with, a most unsavoury, unsatisfactory and unacceptable state of affairs.
In the light of the past week's evidence about the effect of DRM on battery life in MP3 players, you'd think the media industry don't need any more bad press. But it appears, according to reports here, that they are unwilling to concede anything at all, even if it means killing people.
Would it really hurt that much to allow for exemptions in the name of safety? Or are they so scared of someone actually showing that their business model is wrong that they cannot even do that? After all, it's not as though any amount of protection is actually going to stop deliberate pirating of content, so I'm unclear about the real objective here. It looks as though the industry wants some sort of stranglehold to blackmail society with, a most unsavoury, unsatisfactory and unacceptable state of affairs.
20060317
TGIF
It's certainly been "one of those days", an apt finish to "one of those weeks". Initially, it seemed as though the phone wouldn't stop, and I even (briefly!) considered closing the mailserver to any new incoming messages. However, by lunchtime matters had settled a bit and I got back to the best bit of the job - spending money. This time it's just a low-powered server for a new development job, but it will fill a gap in the cabinets.
Earlier in the week, we were talking about older systems, and I was trying to remember the first real Windows server I ran - I'm sure it was a 286 processor, but the details are very hazy. What is surprising is that the rate of change seems to have slowed down a bit now, Moore's Law notwithstanding. We are looking after three-year old systems that you could probably still purchase today - I can't remember that being the case any time in the last dozen years or so. Yes, there are newer boxes around, but the jump much beyond 3 GHz processors seems be taking a good long run-up.
At the same time, however, software requirements don't seem to have diminished, and ever-increasing memory allocations seem to be the order of the day. While I'd accept that the functionality is way beyond what we thought was state-of-the-art when I started in this game, the pursuit of optimised code seems have been ignored. How many of the new generation of programmers have ever had to handcraft machine code? We accept bloated software all in the name of enhanced functionality, but what percentage of those Unique Selling Point features are really necessary or even used regularly?
Earlier in the week, we were talking about older systems, and I was trying to remember the first real Windows server I ran - I'm sure it was a 286 processor, but the details are very hazy. What is surprising is that the rate of change seems to have slowed down a bit now, Moore's Law notwithstanding. We are looking after three-year old systems that you could probably still purchase today - I can't remember that being the case any time in the last dozen years or so. Yes, there are newer boxes around, but the jump much beyond 3 GHz processors seems be taking a good long run-up.
At the same time, however, software requirements don't seem to have diminished, and ever-increasing memory allocations seem to be the order of the day. While I'd accept that the functionality is way beyond what we thought was state-of-the-art when I started in this game, the pursuit of optimised code seems have been ignored. How many of the new generation of programmers have ever had to handcraft machine code? We accept bloated software all in the name of enhanced functionality, but what percentage of those Unique Selling Point features are really necessary or even used regularly?
20060314
Omniture
I got a brief email from someone today which included a link to a site ....112.2O7.net. A brief bit of research showed this belongs to a company known as Omniture, and further research revealed some possibly unsavoury characteristics. The company appears to be a market research/web metrics provider, which is allied with a number of other major online services. One Google hit talks about a link with iTunes, where the URL used to return data looks like 192.168.112.2o7.net, a bit of obfuscation that must be deliberately designed to appear like a private IP.
It's practices like these that make me suspicious of the company's intent. Why try to hide the fact that the data is being collected, unless they have something to be ashamed of?
It's practices like these that make me suspicious of the company's intent. Why try to hide the fact that the data is being collected, unless they have something to be ashamed of?
20060313
How NOT to do it
The recent problems with McAfee antivirus (a DAT release identified genuine executables as malware) got me to thinking about my approach to file protection. Previously, I've always set the default action on finding a compromised file to be 'delete' on the basis that anything mistakenly destroyed can be recovered later. However, the scope of this problem and the panic reaction of some people in running full scans on the basis of a single false positive(and hence deleting even more files) has made me rethink this.
I've now switched to a default action of 'quarantine', possibly meaning more work in keeping the quarantine server clean, but definitely avoiding the issues of losing files forever when this kind of thing happens again. And it will - maybe not for a while, but the tendency to be safe rather than sorry will inevitably mean someone, somewhere will make a rash decision and either release or run something that they shouldn't.
I've now switched to a default action of 'quarantine', possibly meaning more work in keeping the quarantine server clean, but definitely avoiding the issues of losing files forever when this kind of thing happens again. And it will - maybe not for a while, but the tendency to be safe rather than sorry will inevitably mean someone, somewhere will make a rash decision and either release or run something that they shouldn't.
20060312
Devices and desires
Looking back at that last post of last year (it seems such a long time ago, almost like last year...), I can't quite recapture the excitement about the Nokia 770. It all fell a bit flat.
So it's with some trepidation that I've been perusing the Origami reports recently - again, it looks great in theory but I'm going to wait and see what the practical results are.
Already I can see one great big glaring omission - no serial port. It's with great regret that I note the demise of this once mighty I/O facility. Having spent a good deal of time recently using my archaic laptop simply because it has a serial port to connect to various network goodies in CLI mode, I'm very concerned that in future I'm going to be very constrained in the kit I can use.
A portable system, with all the usability of either Windows or Linux (the Live CD distro's are very good in this regard), is an invaluable and irreplaceable tool in looking after network kit. Being able to get a serial connection, hard-wired ethernet and wireless links running simultaneously makes light work of many problems. However, it looks increasingly as though the serial port is in serious danger of becoming extinct. And what will a poor network engineer do then?
So it's with some trepidation that I've been perusing the Origami reports recently - again, it looks great in theory but I'm going to wait and see what the practical results are.
Already I can see one great big glaring omission - no serial port. It's with great regret that I note the demise of this once mighty I/O facility. Having spent a good deal of time recently using my archaic laptop simply because it has a serial port to connect to various network goodies in CLI mode, I'm very concerned that in future I'm going to be very constrained in the kit I can use.
A portable system, with all the usability of either Windows or Linux (the Live CD distro's are very good in this regard), is an invaluable and irreplaceable tool in looking after network kit. Being able to get a serial connection, hard-wired ethernet and wireless links running simultaneously makes light work of many problems. However, it looks increasingly as though the serial port is in serious danger of becoming extinct. And what will a poor network engineer do then?
Back to the grindstone
I thought the older entries here had all got wiped when I changed the web hosting contract - glad to see that isn't the case. However, it does show up my continual disregard of this site, something that I shall endeavour to put right henceforth. The road to hell, good intentions and all that.
Some of the last year's issues and ideas have already receded into the fog of memory, so don't expect updates on those. One of the basic problems for the last few months has been a distinct lack of two-wheel miles: this is not due to the Scottish weather (though I can remember very few days when I would have looked forward to going out there), but mainly because I lost the use of my left hand as a result of my own inattention. Let this be a warning to everyone - don't leave loose wires lying around, and don't rush to answer the phone. Tripped, fell and smashed the hand against a door, resulting in a broken metacarpal that refuses to knit properly after three months.
Now that I've decided that the hand is ok to pull a clutch lever in without breaking into too much of a sweat, the weather decides to really get stuck in - snow. More snow. Wet snow.
They tell me that Summer is coming. It can't get here quick enough.
Some of the last year's issues and ideas have already receded into the fog of memory, so don't expect updates on those. One of the basic problems for the last few months has been a distinct lack of two-wheel miles: this is not due to the Scottish weather (though I can remember very few days when I would have looked forward to going out there), but mainly because I lost the use of my left hand as a result of my own inattention. Let this be a warning to everyone - don't leave loose wires lying around, and don't rush to answer the phone. Tripped, fell and smashed the hand against a door, resulting in a broken metacarpal that refuses to knit properly after three months.
Now that I've decided that the hand is ok to pull a clutch lever in without breaking into too much of a sweat, the weather decides to really get stuck in - snow. More snow. Wet snow.
They tell me that Summer is coming. It can't get here quick enough.
Subscribe to:
Posts (Atom)