Digital Choke Daynotes

"Daynotes" are popularized by a Internet Web site called the "Daynotes Gang" (www.daynotes.com or www.daynotes.org), a collection of the daily technical and personal observations from the famous and others. That group started on September 29, 1999, and has grown to an interesting collection of individuals. Readers are invited and encouraged to visit those sites for other interesting daily journals. You can send your comments by clicking on the mailbox icon.

A quiet Sunday. Sunny and clear outside, a slight breeze, temperatures in the 60's (F).

So, as a true computer geek, I spent the day inside doing a bit of updating of this site. How does it look so far? Use the mailbox icon to send a note.

I also added a 'who am I' page with just a bit of information about me, in case anyone really wants to know. And I've been playing with the style sheet, which is why that link uses a different font. There is a reason for that. This site is a companion to the "Digital Choke" story (also available on-line). And the font used in the title of those pages (and these) is Courier, so that's the font that is used for links. Not sure if I really like it yet, so you and I will have to live with it for a while.

Just noticed that the 'current' anchor (it gets you to the latest posting) was on every day's banner. That would be OK for the first day, but confusing for subsequent days. So I fixed it.

Found a great little web page link checking program, called "Xenu", available here, among other pages. It's free, and seems to work quite fast. You can use it to check any web site, and it reports back on all sorts of information about broken links, etc. Has some nice reports with links directly to problem pages, which makes it easy to check out the results. I used it on a couple of sites that I have, including this one. Recommended.

Interesting meeting today. One of the company's departments wants to put in a class reservation program, complete with credit card processing. The company doesn't have a e-commerce process yet, so this will be an interesting project for them. Lots of issues involved (along with lots of departments). You need to decide how to accept credit cards, the infrastructure involved, security considerations, how to process credit cards, keeping information private, interfacing with your bank to get payments, interfacing with the financial system to get the revenue posted to the right spot, and probably a lot more issues.

And you need to make sure that the credit card processing you use will be compatible with other department's needs for their products. It can't be a closed system; you don't want to have many different applications, each with their own link to banks and financial systems.

But, the department seems to be starting on the right path. This meeting involved people from several affected departments, including the finance guys, network services, security (that's me), financial systems, and even the legal eagles to watch out for any legal issues. So, it should be interesting.

Final preparations for implementing the email spam blocking process. Spent some time documenting the rules, information for users (like a spam FAQ, and messages sent to users when they try to send (or get) inappropriate content. All the while, looking at all the soon-to-be-blocked messages for false positives. Most of it is not too exciting, but there are some inter-office (and extra-office) relationships that get a bit (sometimes a lot) adult in nature. Some of those messages are not something they would want their mother (or their boss) to see. But I have to look at all of them, which I immediately delete and purge the trash. Over the weekend, there were over 2400 messages to wade through. About 20-30% were duplicates, which made that process a bit faster.

Looking for an implementation date of Friday (or perhaps Tuesday next week, since it's a three-day weekend). No matter when the start date, I expect I'll get a lot of phone calls about it until people get used to things. But, it looks like it will cut about 35% of our email load.

Who's watching the store at your place? How careful do you need to be with the people you hire to watch your network? And how careful should you be when they have to 'go away' for any reason?

For those of you that didn't read the story, it can be summarized in "trusted employee doesn't go willingly into the night".

A company places a lot of trust in the people that run the network. They need to be responsible. They have access to the 'keys to the kingdom'. If they have to go, you have to be very careful about how it happens.

When the decision is made for any employee to leave a company (especially a network administrator type), the employee's rights to the network need to be immediately removed. His computer needs to be turned off, and physically disconnected from the network and any phone lines. Any phone lines connected to servers need to be removed (or at the minimum, carefully checked for remote control programs). All administrator passwords on all network equipment (not just the server, but routers and switches) need to be changed. His user id on the network needs to be disabled. You need to look for any administrative equivalent users on the network. The employee needs to immediately turn in all notebook computers, cell phones, etc. He is allowed to gather his personal belongings only, and only under the watchful eye of a guard, and is to be escorted from the building. The rest of your employees need to be told he is gone, and to not give the employee any access to the company information or network. The employee should not be given access to any computer on your network. You can give him severance pay, help him find a job (if appropriate), but don't let him near your network.

All of this might require that you get an outside computer security consultant into your company to ensure the safety of your network. And it may seem like a bit of overkill. But look at this quote from the story:

That company has lost $100,000 (US) because they didn't properly secure the network from a once-trusted network administrator gone bad. A computer consultant that charged $1,000 a day for a week or two would have been a bargain.

So, how is your company protected from this type of problem? Something to think about.

And, even companies that ought to know better sometimes lose sight of the importance of security -- witness this article from MSNBC (link here):

The article (and you can probably find other similar articles on other news sites) said that Kevin was 'amused'. But, there are lessons to learn from both of the above stories. Class is now dismissed; please go apply your newly acquired knowlege.

It would seem prudent to prepare for all possibilities. There has been much talk of personal preparation (have you got your supply of duct tape and plastic?). One should be prepared for various possibilities, however remote, while not getting paranoid about the whole thing.

And it is important to be able to defend yourself. That doesn't mean barricading inside your house, but you should take reasonable precautions. For instance, a supply of food and water at home is useful for all types of situations. Winter storms can prevent you from getting out of the house. A blanket and water in your car trunk can be useful if you are stranded. A whistle, mirror, water, garbage bag, and food in your backpack when you are hiking. A cell phone with a fully charged battery. A car that always has at least 1/3 of a tank of gas. A flashlight in key rooms in your house, and one in your car. Spare batteries for the flashlight and the radio. Some spare cash in a safe place. A list of important phone numbers. Checking up on your neighbors, making sure they are prepared.

And, given the electronic nature of our lives, good protection on your computer, whether at home or at work. Backup your data. Strengthen your firewall. Be on the defensive. Prepare for the worst, and take comfort in that preparation.

But, don't go on the offensive, unless in an extreme situation. For instance, the FBI is warning against so-called "patriot hacking" (see this story from MSNBC, among others). It can backfire.

And, because my family knows I am somewhat goofy, there are these greeting card sentiments that you won't find at your local Hallmark store:

Found this over on "The Register" (a British-based technology electronic newspaper): it seems that Kevin Mitnick is trying to get back into the Information Security field, which is reasonable, since he is quite knowledgeable about it. Some people at the Los Angeles chapter of the Information Systems Security Association, one of the largest not-for-profit security organizations, took exception to his application for membership. It was initially approved, then rescinded. They apparently don't think that an convicted hacker should be part of their group. I think that's a bit short-sighted. Full story here: http://www.theregister.co.uk/content/55/29311.html

The Register is one place I visit daily. There are usually several interesting articles there, and they have an interesting style. Since they are based in England, their take on things sometimes has a different slant than what you see here in the "Colonies". You may want to take a look there.

Microsoft is starting a new email newsletter on security. While many like to bash Microsoft for their weekly vulnerability fixes, I would rather see them send out those types of notices. Like it or not, they are a major force in the real world. Our company has many servers running Windows OS's, and lots of workstations. Any help they can give to help secure my systems is appreciated, even if it means the work of constantly applying patches.

I believe they are making a great effort to provide a more secure product line. It's a very complex thing, and they are bound to make mistakes. But they should get some credit for trying.

Anyway, here's a link to the subscription page for their new consumer-oriented security newsletter. As The Register says (link here), "You can sign up for the service here. It's worth noting that it just asks for your email address - no other data, and it's one of the few things that you can get from Microsoft that doesn't require a Passport". I signed up today by just entering my email address. I got a quick mail back from them asking to verify my request, again without asking for any additional information. Haven't gotten a newsletter yet, so will report on it after I read a couple of their releases.

Started out rainy today, then cleared up. Hoping for some non-rainy time this upcoming long weekend, so I can make some progress on cleaning up the outside. May even clean out a corner of the garage.

Before I write each day's entry, I usually make the rounds of my favorites from the "Daynotes Gang". So, that's what I did tonight.

Got a lot accomplished today, and I have the sore muscles to prove it. You see, during the week I drive a desk. Not much physical activity. Well, I do get up from my desk and walk over to the printer a bit. And I also take a walk into the server room to do something at one of the server consoles. So I am not in a physically demanding job, and my shape proves it ("round is a shape").

On weekends, though, there is yard work to do. Today was another burn day, so I was able to get rid of a lot of tree limbs, including most of the big one (about 12" in diameter) that fell off of the willow tree during a big storm last December. That involved getting out the gas chain saw.

Which has a broken pull handle. I spent some time taking it apart, and trying to re-wind the pull rope, but that didn't work. Took it apart once more, and the spring sprung out. If that has ever happened to you, you know that once the spring comes out, you might as well give it up, you are never going to get the spring wound back up again.

So, I switched to the electric chain saw. After tightening up the chain so it wasn't too loose, I used it to saw up the big branch into smaller pieces. Of course, the chain wasn't as sharp as it could be, so it took a bit longer to cut through the big branches. Then I had to drag the pieces over to the burn pile. That took most of the day.

While the pile was burning (and keeping a close watch on it), I decided to get out the gas weed whacker. Of course, it's not working right either. The spool is worn down enough that it took the two of us to get it apart with the channel-lock pliers, but it will have to be replaced. So, no weed-eating today.

And I was going to do a bit of mowing, but the riding lawn mower died last week (weak battery). And the battery charger is at my son's friend's house, and he hasn't gotten that back yet. (I don't mind doing the work, but it's a bit frustrating when things don't work. You spend time trying to fix things, and then you get behind on the actual chores.)

But, the tree limbs are gone (except for two large ones that were too heavy to move). And it was a nice day outside: mostly cloudy, a slight breeze, and temps in the low 60's. So, it was much more pleasant outside than at other Daynoter's houses. Brian Bilbrey reports that he is shoveling snow, as is John Dominik. And Tom Syroid up in Canada -- well, you gotta think that it was cold there. And Dan Seto's over in Hawaii, where the weather is always nice.

But here in Northern California (USA), it was nice. Although right now (just before midnight), it's raining a bit outside. Just a light rain. Not snow here, although a good two feet are expected in the Sierra Nevada mountains just up the road a bit. But, we need a couple of good storms for a good snow pack this winter, and good water supplies for spring and summer.

Tomorrow is Sunday (of course). Church in the morning, a quiet early afternoon, then the grandkids will be over in the late afternoon for dinner. My wife decided to grab a turkey at the store (no, a frozen one, not the slowpoke in front of you at the checkout line), so dinner will be good. And that means that turkey sandwiches (sliced turkey, a bit of mayonnaise, and some cranberry jelly) are on tap for lunches this week.

Daynotes	a daily journal of our activity
Digital Choke	an action that is sometimes needed for your computer; also a short techno-story available here.