Work is suffering because of POA

E

evapilotaz

En-Route
Joined
Feb 13, 2012
Messages
2,623
Location
Gilbert AZ. VFR All Year Baby
Display Name
Display name:
Drone airspace abuser
I get to work and the first thing I do is Go on POA. There is atleast an hour of productive work lost. :mad2:

Good thing I'm the IT director because I could always say I'm testing the bandwidth, Firewall, or some lame excuse.

A matter of fact I'm testing it now. :rofl:
 
It's contagious,being retired,no problem. I feel your pain.
 
Just make sure you disable any L7 filtering on the firewall. The logs could look rather weird with SixPapaCharlie and all his talk of penis and balls =X

-Brian
 
Imagine that automated report being sent to upper management!

"Hey, how come there are people looking at sites talking about small penises?? Wait, this is the hostname of our Director of IT! Wtf?"

haha

-Brian
 
evapilotaz said:
I get to work and the first thing I do is Go on POA. There is atleast an hour of productive work lost. :mad2:

Good thing I'm the IT director because I could always say I'm testing the bandwidth, Firewall, or some lame excuse.

A matter of fact I'm testing it now. :rofl:
Click to expand...

And doing that on company time does not make you feel guilty?:dunno:...
 
B17Rex said:
Imagine that automated report being sent to upper management!

"Hey, how come there are people looking at sites talking about small penises?? Wait, this is the hostname of our Director of IT! Wtf?"

haha

-Brian
Click to expand...

At a previous job, one of our Sr Managers was looking at tons of gay porn (We logged everything, filtered nothing). 95% of his browsing was gay porn. He was a really nice guy, we all liked him. Didn't seem the type to look at porn at work, much less gay porn. Wife, kids, no profanity about as straight as they come. So we debated for days on who was going to approach him about it if it didn't stop. It didn't stop. The sysadmin got the job of approaching him. He turned fire engine red. Immediately started denying everything. Well, we believed him and dug a little deeper. Turns out he had hired a new security guard. The guards needed computer access to check trucks in/out through the night. Instead of asking us to create a login for the guard, he'd just given the guy his credentials. :dunno: My bet is that's the last time he ever handed out his username/password to another human being.
 
bartmc said:
At a previous job, one of our Sr Managers was looking at tons of gay porn (We logged everything, filtered nothing). 95% of his browsing was gay porn. He was a really nice guy, we all liked him. Didn't seem the type to look at porn at work, much less gay porn. Wife, kids, no profanity about as straight as they come. So we debated for days on who was going to approach him about it if it didn't stop. It didn't stop. The sysadmin got the job of approaching him. He turned fire engine red. Immediately started denying everything. Well, we believed him and dug a little deeper. Turns out he had hired a new security guard. The guards needed computer access to check trucks in/out through the night. Instead of asking us to create a login for the guard, he'd just given the guy his credentials. :dunno: My bet is that's the last time he ever handed out his username/password to another human being.
Click to expand...


So did they get you your own name and pass after that or did he just change his?
 
bartmc said:
At a previous job, one of our Sr Managers was looking at tons of gay porn (We logged everything, filtered nothing). 95% of his browsing was gay porn. He was a really nice guy, we all liked him. Didn't seem the type to look at porn at work, much less gay porn. Wife, kids, no profanity about as straight as they come. So we debated for days on who was going to approach him about it if it didn't stop. It didn't stop. The sysadmin got the job of approaching him. He turned fire engine red. Immediately started denying everything. Well, we believed him and dug a little deeper. Turns out he had hired a new security guard. The guards needed computer access to check trucks in/out through the night. Instead of asking us to create a login for the guard, he'd just given the guy his credentials. :dunno: My bet is that's the last time he ever handed out his username/password to another human being.
Click to expand...

I was a DoD contractor in IT for almost 10 years. Giving out user credentials is just one of those things that makes me cringe and wants to slap people. I always lay it out in plain english to my users, "If you leave your computer unlocked, or give out your credentials, I can use that to do whatever I want and it will look like YOU did it. Remember that next time." Most of the time their eyes get all wide open and it hits them. Lesson learned.

-Brian
 
evapilotaz said:
A little but trust me I have plenty of unpaid hours I done work for the company. An IT job is not always a 40 hour work week.
Click to expand...

Not always? ****, I don't even remember the last time I worked a 40 hour work week. My normal is about 55. When a production system breaks, start calling in take out, not going home until its fixed.

My worst was when I was heading up a CouchBase upgrade. It did not go well at all, and ended up working 31 hours straight.

Props to anyone else that works in IT. Long hours and stressful career.

-Brian
 
evapilotaz said:
A little but trust me I have plenty of unpaid hours I done work for the company. An IT job is not always a 40 hour work week.
Click to expand...


I haven't seen a 40 hour work week in IT since the 80s. They pay well enough that I don't mind.

When I get tired of it, I'll find a time clock punching job (or become a CFI if I feel like additional drama in my life) and take the 50%+ pay hit.

But worry about "wasting" a half hour on a website? Meh.

I left the office at 9PM last night. Ethernet cables don't move themselves to different switches by themselves, and can't be moved while people are working.

Got back two and possibly three switches that are needed for the upcoming network redesign. We'll temporarily disable extra Ethernet ports in the building while we reconfigure them and then plan a bigger Saturday outage to recable the utter mess in the server room to something maintainable.

I inherited the messy kid's room with toys strewn about. Doesn't mean I have to live that way. ;)

Could have just thrown money at the problem and bought a pile of new switches, but I figure I prefer they throw money at me instead. I enjoy the challenge of saving them money where it's relatively easy and low risk to do so.

That's what I do. Set up stuff that makes or saves the company money. Anything else is overhead or administrivia. Good stead mins know this. Task oriented sysadmins miss the forest for the trees.

Thursday we jacked around with Amazon's website to order more monitors than they'd wanted a single buyer to buy. Maybe they'll cancel the order, maybe it'll fly under the radar, but it saved $500 and took an extra half hour. I'll know if it worked if they all arrive on Tuesday. If not, it'll still save $250 over ordering them locally and another $100 in taxes.

Still impressed the online companies haven't had that tax loophole slammed closed on them. Bezos bypasses the middle man and pays them directly. Smart.
 
evapilotaz said:
We got hit with a crypto locker virus on our network yesterday. My cushy 7am - 4pm wasn't so cushy yesterday. :no:
Click to expand...

Damn, that blows. That is a crap one. Did you have the files that were encrypted backed up?

I tend to spend my late nights doing maintenance on our Hadoop cluster. I only have very small windows to bring it down when I need to push out config changes. Can't bring it down during the day since the users need it up during business hours, then in the middle of the night is when all of our automated import and processing jobs run.

I think Hadoop is speeding up my balding process as well. :)

-Brian
 
evapilotaz said:
We got hit with a crypto locker virus on our network yesterday. My cushy 7am - 4pm wasn't so cushy yesterday. :no:
Click to expand...


Hmmm..

Interesting.. The one computer I use for Live ATC and for billing my jobs just got hit with something..... Live ATC works perfectly,,, but I cannot view any of my documents or pics... It all looks like gibberish......
 
B17Rex said:
Damn, that blows. That is a crap one. Did you have the files that were encrypted backed up?



I tend to spend my late nights doing maintenance on our Hadoop cluster. I only have very small windows to bring it down when I need to push out config changes. Can't bring it down during the day since the users need it up during business hours, then in the middle of the night is when all of our automated import and processing jobs run.



I think Hadoop is speeding up my balding process as well. :)



-Brian
Click to expand...


Oh man. I'm jealous. Hadoop is the next big thing in unholy amounts of money, poorly spent. You get in on that gravy train, you'll be golden for at least five years.

Case in point: your system. It's already so badly designed it can't be maintained with hot failover and replication. Let me guess, the data set is so massive no one could afford to double the size of the system... Yet.

Time to start pushing to install an HA hot failover environment! That'll keep an entire team busy for at least a year. If they can't afford one, cobble it together from whatever hardware you can beg borrow or steal and then put Hadoop HA on your resume.

That crap is going to be the SAP of the sysadmin world.

Your first mistake was agreeing to tiny maintenance windows. A couple of multi-hour outages outside the maintenance window should easily cost-justify fixing that.

They bought half the cow. Let the thing fall over dead and recommend a complete cow as a better business continuity plan. :)
 
denverpilot said:
Oh man. I'm jealous. Hadoop is the next big thing in unholy amounts of money, poorly spent. You get in on that gravy train, you'll be golden for at least five years.

Case in point: your system. It's already so badly designed it can't be maintained with hot failover and replication. Let me guess, the data set is so massive no one could afford to double the size of the system... Yet.

Time to start pushing to install an HA hot failover environment! That'll keep an entire team busy for at least a year. If they can't afford one, cobble it together from whatever hardware you can beg borrow or steal and then put Hadoop HA on your resume.

That crap is going to be the SAP of the sysadmin world.

Your first mistake was agreeing to tiny maintenance windows. A couple of multi-hour outages outside the maintenance window should easily cost-justify fixing that.

They bought half the cow. Let the thing fall over dead and recommend a complete cow as a better business continuity plan. :)
Click to expand...

Yeah, I have a love/hate relationship with Hadoop. I have been working with it for a couple years now, from when we were POCing it 2 years ago, to now having 4 clusters.

Our main production cluster ingests and processes about 600-650GB of data per day. That cluster has a capacity of just under 1PB. Aside from having a spare cluster with the data fully replicated, our cluster is about as redundant as you can get. Replication factor of 3, rack awareness, NN HA, Quorum based storage of NN metadata.

Unfortunately with the amount of data we process, a distributed processing platform such as Hadoop is needed for us to query that data. We tried a massive SQL server with striped FusionIO cards that had a combined throughput of about 250K IOPS, but some of our BI teams queries were taking several hours to run. That's when we started playing with Hadoop.

There was no agreeing to maintenance windows, unfortunately :) The business needs for the results of that data processing makes it so that I can only bring the cluster down at certain times, not to mention when I do I have to pause the import process and the upstream SQL servers start running out of space if I have the cluster offline for too long. One of the side effects of big data haha.

A bit of job security though :) I am the resident "expert" on Hadoop at my company.

-Brian
 
B17Rex said:
Yeah, I have a love/hate relationship with Hadoop. I have been working with it for a couple years now, from when we were POCing it 2 years ago, to now having 4 clusters.



Our main production cluster ingests and processes about 600-650GB of data per day. That cluster has a capacity of just under 1PB. Aside from having a spare cluster with the data fully replicated, our cluster is about as redundant as you can get. Replication factor of 3, rack awareness, NN HA, Quorum based storage of NN metadata.



Unfortunately with the amount of data we process, a distributed processing platform such as Hadoop is needed for us to query that data. We tried a massive SQL server with striped FusionIO cards that had a combined throughput of about 250K IOPS, but some of our BI teams queries were taking several hours to run. That's when we started playing with Hadoop.



There was no agreeing to maintenance windows, unfortunately :) The business needs for the results of that data processing makes it so that I can only bring the cluster down at certain times, not to mention when I do I have to pause the import process and the upstream SQL servers start running out of space if I have the cluster offline for too long. One of the side effects of big data haha.



A bit of job security though :) I am the resident "expert" on Hadoop at my company.



-Brian
Click to expand...


Sounds entertaining. I went down the food chain and up the pay scale and decided to play "Mr. Fixit" at a tiny company.

A friend went to the local big data place and is playing Hadoop. He's relating similar stories as you.

They're running on Investor money and have no business plan they leads to profitability yet, so they're doing the beer at the desk and foosball in the break room stuff of the Dot Bombs in the 90s.

BTDT. Not where my interests lie now. He's got the usual tiny equity with lots of zeros behind it they hand out at startups as toilet paper in quantities small enough he'd never dilute the founder's shares by more than $10K. Chump change. And that'll only pay off if they find someone who wants to buy them out to stop them from competing.

I think I'll stick with the multi-hat do-everything guy hat for a while. Just different. Not necessarily better. We do have a nifty patent on some stuff most local governments will want. That'll probably drive enough growth in 2016 that I'll be able to hire underling number two. And I hope to keep underling number one happy, he's a good guy and works hard. His cat is also famous and was on Ellen this week. LOL!

Unfortunately he's going to Dallas this weekend, and going to an event with hundreds of thousands of people, so maybe he'll bring some Ebola back with him and all our plans of world domination and ordering nice monitors to look at all day, will be destroyed. Hahaha.
 
evapilotaz said:
We got hit with a crypto locker virus on our network yesterday. My cushy 7am - 4pm wasn't so cushy yesterday. :no:
Click to expand...

We got hit with that 3 times already. Not fun.

Our normal full time is 37.5 hours a week. I would say about 3/4 of my weeks are about that, maybe a few extra hours for weekend updates. This last one? About 55 hours. I am the network admin for a financial company.
 
N801BH said:
Hmmm..

Interesting.. The one computer I use for Live ATC and for billing my jobs just got hit with something..... Live ATC works perfectly,,, but I cannot view any of my documents or pics... It all looks like gibberish......
Click to expand...

Sounds like you got hit, you get a ransom demand yet?
 
Henning said:
Yep, that's the MO. If you don't have the stuff backed up, you just lost it unless you pay.
Click to expand...


It is all backed up.. except for the 2 videos of taking the waitresses flying... And those are still on my SD card sitting on my deck....

I should play their game, just after I contact the feds and set up some kind of sting to beat them at this extortion crap...:yesnod:
 
N801BH said:
It is all backed up.. except for the 2 videos of taking the waitresses flying... And those are still on my SD card sitting on my deck....

I should play their game, just after I contact the feds and set up some kind of sting to beat them at this extortion crap...:yesnod:
Click to expand...

You think you can get a Fed interested?:dunno: I think you'd have better luck with Interpol.
 
N801BH said:
It is all backed up.. except for the 2 videos of taking the waitresses flying... And those are still on my SD card sitting on my deck....

I should play their game, just after I contact the feds and set up some kind of sting to beat them at this extortion crap...:yesnod:
Click to expand...

Good luck with that. The Feds have been chasing Cryptolocker since the day it hit and that was a long time ago. It's still happening. Damn hard to bust people that know what they're doing on the internet and hide in countries with authorities that aren't interested in cooperating with the United States. That said, I'd wager a good chunk of them are living in the U.S as it is and will never be caught.

Most people have no idea how "scary" the internet really is and what actually goes down on the internet much of which is hidden behind the Tor network and .onion websites.

There are countless operations pushing hundreds of millions of dollars around on the internet doing illegal activities that the feds don't have even the slightest hope of catching. It took many years for things to be built right, large bot nets to be assembled, etc but the "payoff" of all that work those sketch people did is paying back BIG TIME now.

Much of my day job now revolves around securing credit cards which mostly consists of following what is being done and always making sure you're not the best target. You want to be several fold stronger from a security perspective than any other company that holds similar assets to you. If you are a target, god help you, these people are persistent.

I have advised clients that have been hit with Cryptolocker and don't have backups to pay the damn bill before. It sucks giving money to the people but sometimes you just have to do it. The vast majority of the time they give you your files back when paid. It's a business model complete with a customer service department.
 
Last edited:
jesse said:
Good luck with that. The Feds have been chasing Cryptolocker since the day it hit and that was a long time ago. It's still happening. Damn hard to bust people that know what they're doing on the internet and hide in countries with authorities that aren't interested in cooperating with the United States. That said, I'd wager a good chunk of them are living in the U.S as it is and will never be caught.

Most people have no idea how "scary" the internet really is and what actually goes down on the internet much of which is hidden behind the Tor network and .onion websites.

There are countless operations pushing hundreds of millions of dollars around on the internet doing illegal activities that the feds don't have even the slightest hope of catching. It took many years for things to be built right, large bot nets to be assembled, etc but the "payoff" of all that work those sketch people did is paying back BIG TIME now.

Much of my day job now revolves around securing credit cards which mostly consists of following what is being done and always making sure you're not the best target. You want to be several fold stronger from a security perspective than any other company that holds similar assets to you. If you are a target, god help you, these people are persistent.

I have advised clients that have been hit with Cryptolocker and don't have backups to pay the damn bill before. It sucks giving money to the people but sometimes you just have to do it. The vast majority of the time they give you your files back when paid. It's a business model complete with a customer service department.
Click to expand...

So... If someone pays to get their files back... And that transaction consists of a transfer of funds electronically.... How can the bad guys escape the crime as those funds are traceable ???? :dunno:
 
N801BH said:
So... If someone pays to get their files back... And that transaction consists of a transfer of funds electronically.... How can the bad guys escape the crime as those funds are traceable ???? :dunno:
Click to expand...

That's an easy problem to avoid these days. They only accept payment via Bitcoin or Moneypak. I suspect they're converting the Moneypak transactions to Bitcoin.

If you pay with Bitcoin its up to you as the user to obtain your Bitcoin. There will be a link most likely that the feds could turn up with however you bought your Bitcoin linking back to you.

You then transfer your Bitcoin over the Bitcoin network to a randomly generated address crypto locker gives you. The Feds could track that transfer. But it doesn't tell them who the receiving party is, other than some randomly generated address that anyone in the world can generate with no personally identifiable information needed to create.

Once cryoptolocker has your Bitcoin they can't just spend it as that could link to them. The feds can watch the address that received the money. If they sent Bitcoin to someone like a U.S company for payment of services they would subpoena that U.S company to get the details of why someone sent them money.

So they have to be very careful to get rid of your Bitcoin in a way that doesn't map to them. There are a million ways to launder it these days that the Feds won't figure out. They can tumble it on a darknet Bitcoin tumbler that will make it nearly impossible to trace. Of course who the hell knows if the tumblers are safe. The Feds could easily be running them and recording everything. You never know WHO you're dealing with on the "darknet". The concept though, is that you give a tumbler Bitcoin and it gives you different Bitcoin back with no forensic link. Someone like Cryptolocker is pushing so much money there is no doubt that they have cryptocurrency experts on staff that know precisely how to launder the Bitcoin. I'm sure they have methods nobody even knows of.

Regardless of all that, you can always sell Bitcoin on the street to people for cash which is quite hard to trace.

Plus most of this money flows through very corrupted parts of the world where they won't be talking to the US Feds.

Someone will get hung over crypto locker some day. Most likely a small person in the organization will make a small operational security mistake that will get the Feds on their trail and then will take all the blame as the Feds try to show people they are catching them. Unlikely the leaders with all the money will ever be caught. I would imagine they're incredibly disconnected from the operation.
 
Last edited:
jesse said:
Much of my day job now revolves around securing credit cards which mostly consists of following what is being done and always making sure you're not the best target. You want to be several fold stronger from a security perspective than any other company that holds similar assets to you. If you are a target, god help you, these people are persistent.

I have advised clients that have been hit with Cryptolocker and don't have backups to pay the damn bill before. It sucks giving money to the people but sometimes you just have to do it. The vast majority of the time they give you your files back when paid. It's a business model complete with a customer service department.
Click to expand...

I definitely do NOT envy you there. Security is a never ending battle. Everytime you think you have it secured, there is some punk ass hacker that finds a way around it.

I spent several years as a DoD contractor working on projects that had to be audited by DISA for DIACAP purposes. We spent so many hours on running checklists and self auditing our systems. Felt like we could never do anything new and fun. Especially when there was a new vulnerability released and DISA had no mitigation steps, but required you to take care of it. :)

-Brian
 
Back to the topic. "sorta"

I work for a Health Care company where the business hours are 8am - 5pm. This helps with not having to work a bunch of overtime after hours work. I can pretty much bring down the System anytime after 7pm. There are always those stragglers that stay late at work so I have to make sure they are out of the system before doing any maintenance.
 
Last edited:
You must log in or register to reply here.
Back
Top