Category: Technology

The Forces of Insecurity

Bernard Lambert September 13, 2021

IT security is in a revolution via the present-day challenges and how they are overcome. Some idea of the future is the speculation that follows.

We are presently countering invasions of the communications systems, the destinations along their routes, the systems at any of those destinations, and theft of the information in those systems. It is a vigil. The most often mistake made toward guarding against these things is to “bolt-on” some device or system and let it do the work. The vigil is left to the robots to alert you when things go awry. A most recent hack even invaded the very systems used to do such monitoring.

We are reacting to such things and not being proactive. High grade, high paid help is not employed here. A NOC or SOC is set up where the labor is cheap and fingers crossed; things won’t go wrong. Because of specialization in applications, systems, and networking individuals seldom have the combined talents necessary and are willing to work for much less compensation. The worst I have seen it is for the 150 monitoring systems in a global enterprise dropping from sight without anyone knowing for a long time.

workThat instance was easily remedied with robots to watch the robots along with continuous visual feeds to the NOC and enterprise management personnel. The vigil was reintroduced and easily used. What can stump everyone after such systems begin a cascade of information coming your way, is the sheer volume of the info stream and the adverse effect it has upon the operators of the NOC or SOC. One cannot keep up with the avalanche of data. This is a self-induced attack.

In all cases, the staffing headcount requirement has been woefully inadequate once problems arose. The “averaging” done on personnel cost neglects the real need in a real crisis. Because these happen in an instant an organization cannot react in a timely fashion with such short staffing. Problems are not “headed off”. Some are postponed to a future project. The response is thus untimely.

My recommendation is to establish a broad-based knowledge team to install and operate this vigil in a distributed fashion. You can use a cloud, do a hybrid, or build a data center. The team you hire to do the systems, application, networking, virtualization, cloud security, and compliance issues must have integration experience and integration skills. Yes, pay the man or woman more than fifty-five an hour.

What is your experience??

About H1B

The email brought me this chart from Dice.Com. It is meant to show what H1B visa workers are making in big American corporations. Take a look:

Company# of H-1B FilingsAverage Salary
Microsoft32,735$135,535
Vmware4,910$139,299
Apple11,543$139,457
eBay4,635$143,313
Google24,896$144,285
GM Cruise330$145,243
Spotify468$145,800
Twitter1,794$149,188
Bloomberg2,914$149,863
Waymo591$157,591
Facebook13,471$159,597
Doordash274$160,444
Lyft1,174$167,650
Airbnb1,451$168,306
Dice extract of Labor Department Stats

Demand for code producers is high. The methods are myriad. Individuals that make timely, solid code are richly rewarded. The individuals that keep up with the ever-changing platforms for that code are also in high demand. They too reap rich rewards.

I’ll take you back to a time when Digital Equipment was in market favor and the language folks at Maynard were in high spirits. A young fellow from Redmond came and hired everyone at salaries unimagined up to that time. App and OS development stopped at Digital. The fellow from Redmond got the first iteration of Windows NT from the effort.

Paying performers in this IT business is de rigueur. It is also not as common as this chart indicates. Let’s dissect these stats a bit. Small and medium businesses cannot come close to this rate. The organizations hiring these workers charge the entire cost off as employee pay expense. That is the number you see above.

In the case of many H1B workers they actually get paid from the agency that brings them into the country as their sponsoring employer. Their employer bills the hiring corporation. Of course there is an employer’s/sponsor’s cut taken from that total billing. The aim of the sponsoring employer is to bring individuals that produce income for them. They also aim to just undercut what the “running cost” the client corporation is experiencing trying to acquire the same talent. It also allows for the quick “fire and hire” scenario when an individual does not pan out. That total cost is the big corporate “employment” cost shown above.

So does an imported worker enjoy those numbers shown above? No.

Your thoughts please???

Intel Optane in HP Desktop

I was using an HP Pavilion Desktop that had the Intel Optane SSD synched with a Toshiba SATA drive. The customer just bought it 4 weeks earlier and had gone through the Office 365 add and other data recovery jobs to get all the working files and Outlook going. The move was from an older slower Win 10 machine to this faster one.

It stopped booting and displayed the HP messages to try different function keys for Recovery, Setup and the like. Once HP was contacted and the standard tests done, the RMA was made to ship it back to them to fix. Great service, but what about the data.

The Optane SSD and the Toshiba HD normally synch so that often used data is cached in the much faster solid-state memory. There are complex software algorithms to keep the data safely on the disk or SSD. Then the power blinks.

At that point, the data on the spinning disk and the data in the SSD cache cannot release each other from a fatal embrace made by the synch keys no longer matching.

The faux RAID feature of the Optane is used to pipeline the data to each volume; be it spinning or SSD. Its driver must already be in the Windows 10 install media used to recover the machine. But there is one last impossible problem.

Your data cannot be accessed until Windows installs on the drive. It refuses to do so when the install process runs. It will also destroy the drive contents as it installs.

The machine must have a healthy Windows 10 environment running before the RSTSetup resetting software, which brings the drive back into volume and data synchronization, can be run.

There is no tool to do this prior to Windows 10 installation attempts. Failure is due to the Optane and hard disk refusal to be altered until their volumes are synchronized.

Data is lost. That is bad. The inability to save it somehow is even worse.

Bernard Lambert – November 25, 2020

At a Bad Time ….

The phrase “at a bad time” seems to be the sweeping assesment of where we are in time and place right now. Many are the troubles of the ordinary people of America. Job loss, no healthcare, no money, no shelter, brutality, all seem to press hard against the American dream.

I would suggest that we begin all assesment with:”Is this at a bad time?”

A Good Read For Techies

I got this download today about Apache Kafka from this URL: https://assets.confluent.io/m/1b509accf21490f0/original/20170707-EB-Confluent_Kafka_Definitive-Guide_Complete.pdf
It is the open source of Confluents work. The guide is free. Give it a read if you make or maintain sites on the net.

A Good Read On Facebook Use

I had this pop up on an index page:

A Two Year Study Of More Than 5000 People Shows This Activity Destroys Your Emotional And Physical Health

It seems UC San Diego and Yale researchers have identified how emotional health deteriorates with Facebook use. The nature of the virtual social environment creates an adverse emotional sense of well being.

It is probably better for you to talk to the person next to you in the coffee shop… BL

Core Competency…REALLY?

I was engaged recently in a project to identify the traffic on a global network to solve slowdowns in the work being performed by engineers on high performance workstations.

The most difficult part of the work was the total lack of tools. The second most difficult thing was the failure of the management to be concerned about that.

The mission was to gather requirements to be submitted to enterprise network plan, build, and run teams so that the slowdown problems could be remediated.

As I began the requests went in for basic information like a global network map, monitoring tools, and access to machines in order to place probes.

Network maps, either physical or logical, were non- existent.

The monitoring tool was a well known more than adequate management and performance monitoring system that I had used for many years. It was not set up properly, it could not retain much information for analysis, and custom reporting access was refused. It was installed in three regions without any joining together of the database backends.

Requests to get access to the machines to place probes was refused.

While this is going on I learn that the purchase of undersized, out of specification, equipment for a remediation of a site that was a decade overdue was being done so that a schedule was met and the money spent before the end of a fiscal cycle. The kind of work to be done on the site had no bearing on the decision.

One other interesting thing was that all datacenters were to be consolidated by collapsing them into fewer and fewer sites all colocated off-site from existing corporate sites.

Everyone in every technical discipline was concerned that the plan was inadequate and that given past practices the future was not going to be good.

The corporation was grown by acquisition. It was not grown by innovation. Decades old talent that had worked at the acquired organizations left in droves. Those that remained were waiting for their retirement.

When asked about why the organization would place their data centers into another organizations hands the reply was “It is not our core competency”.

Given the experience one wonders what is their core competency? I know! Pass the buck.

What My Cover Letter & Resume Should Say

The resume is too long. Yes the resume is long because I have worked for decades and all of it is relevant.

When using the Internet for collecting job offers one places resumes and cover letters on myriad sites. The fond hope is that carefully crafted work fits the requirements of the individual looking for talented people.
Unfortunately in this day and age the process is layered with several people or web forms prior to getting to the actual individuals that can judge one’s abilities.
This brings to mind thoughts of what I would rather have said when wordsmithing the erudite cover letter and resume.
What follows is a mixture of venting and fun at the expense of the reviewer of my submitted products. It is in the form of their response followed by my response.

1.  The resume is too long. Yes the resume is long because I have worked for decades and all of it is relevant.

2.  An inventory of skills is just a list of “buzzwords”? No you idiot they are the actual hands-on devices, applications, and systems used in my experience.

3.  The form of the resume is not in the correct “person”.  May I point out that the form is not in the correct person’s hand?

4.  There are too many jobs in a short time frame.  Yes consulting work runs a few months to a year or so; seldom longer unless hired into the organization.

5.  There needs to be more narrative.  Wait a minute. You just complained it was too long.

6.  The content is too technical.  Duh! Who is reading this?

7.  I do not see any relevant experience.  Could you if I gave it to you in any other form? A documentary maybe?

8.  There are only successes shown in the resume.  What?

9.  You should have a professional write you a resume.  Would you recommend your secretary?

10.  You should have a professional write you a resume.  You were right…….and the massage was fantastic!