After watching a segment on Sixty Minutes tonight about a computer virus designed to infect a computer at the BIOS level, I was reminded about the ever present and growing cyber threat. Especially during this time of year, one has to be alert and extra vigilant to avoid falling prey to one of the many tricks used to gain personal information you didn't want to share.
The story was about a foiled plot to spread malware to computers at the level of the BIOS, the very heart of every personal computer. This is the code that sits between the operating system like Microsoft Windows and the physical hardware such as the memory and hard drives. Worse than stealing or destroying the data on the machine, controlling this layer could render the machine totally useless. Imagine the impact of massive computer failures in major financial institutions, banks or utility companies. What if a massive amount of government computers suddenly all stopped working and could not be restored?
Malware is usually spread through some form of social engineering. Clever tricks are used to fool people into allowing the bad code to gain access to their computer. Email disguised as a legitimate message from a friend in need, a bank, retail store or web-based company arrives in your inbox. It invites you in some way to click on a button or a link where the malware resides. You don't realize it but when you click you allow that program to run on your machine with all the rights and access you have.
During the holiday season when we receive so many electronic greeting cards, photos and other messages
from relatives and friends, the challenge is to be sure we do not click before we think long and hard about what may happen.
We receive a message that looks as if it came from our bank warning of an overdraft, our favorite retail store with a special discount or the delivery service (Fed Ex, UPS, USPS) advising of a delivery. They are each brilliant recreations of the formats actually used by these companies including actual logos. It is hard not to be taken in.
Before clicking examine the links carefully. Browsers will show you where you are about to go if you hover over the link or hotspot without actually clicking on it. Look very hard at the address. Note when it does not end with the company domain. Visit the company site directly to see if the message is legitimate, or if warnings of fraudulent messages have been posted there.
A great way to protect yourself is to create an account with limited privilege for every day use. Use a different, special account to administer your computer. That way, malware will not have deep privilege and you can limit the amount of damage it can do. Change passwords regularly and don't use the same one for every account you have.
When all else fails, be sure you have good solid backup for that long, hard road to recovery.
Captain Joe
Follow me on Twitter @JPuglisiLLC
Sunday, December 15, 2013
Sunday, December 8, 2013
I Fail to Understand
After enjoying a delicious meal at a local Chinese restaurant this weekend, I cracked open my fortune cookie to be amused by the content as is usually the case. But rather than the typical nonsense, my little white strip had words on it that made an awful lot of sense. It said something we have heard or read many times before.
Good people learn from their mistakes.
Whether great inventors like Thomas Edison, famous sports figures like Wayne Gretzky, US Presidents and their wives, or the granddaddy of all fortune cookie sayings, Confucius, you can find an endless variety of quotes that inspire people to try and espouse the value of failing.
All too often as leaders, managers, coaches or parents, we only focus on the negative, condemning the actions of an individual who may have tried but did not succeed. This will dampen excitement, diminish enthusiasm and eventually reduce the motivation to take any risk at all..
Of course, we cannot reward stupidity, nor should we tolerate laziness. But allowing people to experiment, try new things and find the one in a hundred that actually works will lead to more innovation, creativity and ultimately a wiser person.
Captain Joe
Follow me on Twitter @JPuglisiLLC
Good people learn from their mistakes.
Whether great inventors like Thomas Edison, famous sports figures like Wayne Gretzky, US Presidents and their wives, or the granddaddy of all fortune cookie sayings, Confucius, you can find an endless variety of quotes that inspire people to try and espouse the value of failing.
All too often as leaders, managers, coaches or parents, we only focus on the negative, condemning the actions of an individual who may have tried but did not succeed. This will dampen excitement, diminish enthusiasm and eventually reduce the motivation to take any risk at all..
Of course, we cannot reward stupidity, nor should we tolerate laziness. But allowing people to experiment, try new things and find the one in a hundred that actually works will lead to more innovation, creativity and ultimately a wiser person.
Captain Joe
Follow me on Twitter @JPuglisiLLC
Sunday, December 1, 2013
Waste Not, Want Not
An interesting question came up in conversation the other day. If you could give one piece of advice to a vendor what would it be? Think of your favorite (or least favorite) sales rep, account manager or supplier. What would you suggest they do differently to make them be more successful and to provide more value to their customers? What exactly would you say to them?
Now I am sure a fair number of you are thinking "don't call me I'll call you" or perhaps your advice would be to suggest they take up another line of work altogether. But let's be both practical and realistic here. How can you help them be better salespeople; be less bothersome and more useful to you and everyone else?
Reflecting on what disturbs me most about a sales call, my advice would be simple. Don't waste my time or yours.
Perhaps the single most annoying call is what I label the "fishing expedition." This is where you get a call that consists of a series of questions designed to teach the caller about you and your company. They are thoroughly convinced you need their solution and they just need you to help them understand why.
They jabber on about the features and how well it will work in your environment. Then they say how it will add efficiency and quality to your operation. You know, they go on, it is extremely cost effective and will generate a huge ROI. Of course, they have no clue what our company does or if we have any such need. Occasionally, they can't even articulate what they are selling.
My simple advice is this. Before you call and launch into a hard core pitch, know a little something about the company you are trying to sell. Don't push your delivery route optimizer to an audit consulting firm. No matter how cheap or good it may be, they are never going to need it.
Countless times over the years I have listened patiently, for at least a few minutes, as some hot shot tries to persuade me I need his service or product. More than once I have asked, "Do you even know what we do?" and almost every time this has evoked a rather feeble reply.
So, my advice is this. Please know your product and how it fits in my world before you ever dial my number. If you can't figure it out, then please call someone else.
Captain Joe
Follow me on Twitter @JPuglisiLLC
Now I am sure a fair number of you are thinking "don't call me I'll call you" or perhaps your advice would be to suggest they take up another line of work altogether. But let's be both practical and realistic here. How can you help them be better salespeople; be less bothersome and more useful to you and everyone else?
Reflecting on what disturbs me most about a sales call, my advice would be simple. Don't waste my time or yours.
Perhaps the single most annoying call is what I label the "fishing expedition." This is where you get a call that consists of a series of questions designed to teach the caller about you and your company. They are thoroughly convinced you need their solution and they just need you to help them understand why.
They jabber on about the features and how well it will work in your environment. Then they say how it will add efficiency and quality to your operation. You know, they go on, it is extremely cost effective and will generate a huge ROI. Of course, they have no clue what our company does or if we have any such need. Occasionally, they can't even articulate what they are selling.
My simple advice is this. Before you call and launch into a hard core pitch, know a little something about the company you are trying to sell. Don't push your delivery route optimizer to an audit consulting firm. No matter how cheap or good it may be, they are never going to need it.
Countless times over the years I have listened patiently, for at least a few minutes, as some hot shot tries to persuade me I need his service or product. More than once I have asked, "Do you even know what we do?" and almost every time this has evoked a rather feeble reply.
So, my advice is this. Please know your product and how it fits in my world before you ever dial my number. If you can't figure it out, then please call someone else.
Captain Joe
Follow me on Twitter @JPuglisiLLC
Sunday, May 12, 2013
Auto Mechanics Syndrome
Having been in the technology game for many years, I must have heard people ask why can't you just fix it more than a million times. It was working fine, they will say, and then it just didn't work any more. They want you to tell them why this happened, how they can fix it or how long it will take for you to fix it.
Seems like these things go one of two ways.
Often you get the call or the message and when you go to investigate the trouble report you simply can't make the problem happen. The screen was blank a minute ago. Not sure what you did but it seems to be okay now, the customer will say. There was some kind of message but I am not sure what it said and I cleared it. Can you tell me what you were doing, you ask, but they can't recall exactly. We often ask what changed only to get the standard "nothing" reply.
I once worked with a young woman who was convinced that the computes only worked when I was within 10 feet of them. She always had problems and yet the minute I came near her desk her problems would miraculously vanish. It was as if I had some mystical aura or perhaps I was a biological key fob that unlocked them.
While that was annoying, far worse is the trouble ticket which tells little to nothing about the problem you are supposed to solve. My computer stopped working could really mean anything from a complete hard drive failure and inability to boot, to an error due to a bad formula in a spreadsheet cell. Its like the poor mechanic who draws the short straw, getting the customer who only says there is a funny noise and the engine wouldn't start the other morning. Can you fix it, please, and can I have the car back by lunch? The car starts every time and you don't hear any noise.
Technology has become incredibly complex. Moreover, much of the technology use is remote. Expecting any technician to simply know what is wrong and talk you through fixing it would be similar to expecting an auto mechanic to talk you through repairing your car, or your doctor talking you through surgery over the phone.
So when you report a problem, please try to include as much detailed information as possible. Computer repair 101 suggests the first step is always to reboot the machine and see if the problem goes away. This holds for mobile devices as well. Turn them off and back on again. Check wires and make sure all the devices, particularly the ones with apparent problems, are plugged in and turned on. Is the little green LED on your monitor lit, and is the network cable plugged in all the way?
If none of that helps and you have reproduced the problem, make some notes about the messages, the conditions and the activities that seem to lead up to the problem. If you know how to take a screen shot and send it that can be very helpful. Of course if the system is truly "dead" you won't be able to do any of this, but then your technician may not be able to help either.
Remember, the person at the other end of the phone call can't see what's in front of you. Be patient and assist in the resolution by providing information instead of just demanding a quick fix. Follow instructions, repeating them and indicating the results as best you can. Don't get ahead of the technician.
Cooperation will get you back on the road again a lot sooner.
Captain Joe
Follow me on Twitter @JPuglisiLLC
Seems like these things go one of two ways.
Often you get the call or the message and when you go to investigate the trouble report you simply can't make the problem happen. The screen was blank a minute ago. Not sure what you did but it seems to be okay now, the customer will say. There was some kind of message but I am not sure what it said and I cleared it. Can you tell me what you were doing, you ask, but they can't recall exactly. We often ask what changed only to get the standard "nothing" reply.
I once worked with a young woman who was convinced that the computes only worked when I was within 10 feet of them. She always had problems and yet the minute I came near her desk her problems would miraculously vanish. It was as if I had some mystical aura or perhaps I was a biological key fob that unlocked them.
While that was annoying, far worse is the trouble ticket which tells little to nothing about the problem you are supposed to solve. My computer stopped working could really mean anything from a complete hard drive failure and inability to boot, to an error due to a bad formula in a spreadsheet cell. Its like the poor mechanic who draws the short straw, getting the customer who only says there is a funny noise and the engine wouldn't start the other morning. Can you fix it, please, and can I have the car back by lunch? The car starts every time and you don't hear any noise.
Technology has become incredibly complex. Moreover, much of the technology use is remote. Expecting any technician to simply know what is wrong and talk you through fixing it would be similar to expecting an auto mechanic to talk you through repairing your car, or your doctor talking you through surgery over the phone.
So when you report a problem, please try to include as much detailed information as possible. Computer repair 101 suggests the first step is always to reboot the machine and see if the problem goes away. This holds for mobile devices as well. Turn them off and back on again. Check wires and make sure all the devices, particularly the ones with apparent problems, are plugged in and turned on. Is the little green LED on your monitor lit, and is the network cable plugged in all the way?
If none of that helps and you have reproduced the problem, make some notes about the messages, the conditions and the activities that seem to lead up to the problem. If you know how to take a screen shot and send it that can be very helpful. Of course if the system is truly "dead" you won't be able to do any of this, but then your technician may not be able to help either.
Remember, the person at the other end of the phone call can't see what's in front of you. Be patient and assist in the resolution by providing information instead of just demanding a quick fix. Follow instructions, repeating them and indicating the results as best you can. Don't get ahead of the technician.
Cooperation will get you back on the road again a lot sooner.
Captain Joe
Follow me on Twitter @JPuglisiLLC
Saturday, April 20, 2013
Many Happy Returns
Last weekend, like many US citizens, I spend a good deal of time completing and submitting my tax returns. I use a very popular software product and it does a terrific job of telling me how much I have to pay at the end of the year.
But this is not about tax preparation software, or a complaint that I owe a bunch of money. In fact, I carefully structure my taxes each year to ensure that I do owe money at the end of the year. Not so much that I will have to pay a penalty, but enough so I get the use of some cash all year instead of lending it, interest free, to the government.
No, this is about understanding the totality of a problem and not focusing exclusively on one piece or part. Its about thinking in context and not in a vacuum. Don't miss the forest for the trees. Make sure you see the big picture.
Okay, enough platitudes. What the heck am I talking about?
Every year at this time we hear lots of discussions about tax returns. People carry on about how much money they got back or gripe about the ridiculous amount they had to pay. Friends, neighbors, coworkers and family members all compare notes. There is glee in the voices of those who expect to receive a check. They revel in the victory of getting money back, while "losers" like me, who must write a check, are supposed to feel bad. They hang their head in shame and disgust.
But the only thing that really matters is how much tax did you pay in total. What was your effective tax rate. Everyone knows you have taxes taken out of your pay and held throughout the year. Depending on how well these have been estimated, you may have too much or too little taken out, resulting in a difference between what you owe and what was withheld for the whole year.
Oh, I understand that some people see the refund as a forced savings program, and it can be a pretty effective one. Others, like me, prefer to retain the use of the cash until we are forced to hand it over to Uncle Sam.
But there are those who fail to see that only your total income and tax liability should be used as a basis for comparison. Two people making about the same amount of money but having very different tax situations might pay very different amounts. How much they get back or pay in April is irrelevant, merely a function of how much was withheld. The question should be how much did you pay in total.
The ability to put things into context, and to grasp the larger picture is important in every situation. All too often, business and technology professionals will focus on one aspect of a problem and lose sight of how that fits into the whole enterprise. The customer satisfaction scores become the goal instead of satisfied customers. Adding more fields to the data base becomes the solution, instead of understanding the data and calculations needed to answer the real question.
As senior management, we see all aspects of the business, both inside and outside of the company. It is incumbent on us to keep an eye out for the people in our organizations who are only comparing the size of their refunds and miss the larger issues.
It is up to us to make sure they have a better, more complete view from the bridge.
Captain Joe
Follow me on Twitter @JPuglisiLLC
But this is not about tax preparation software, or a complaint that I owe a bunch of money. In fact, I carefully structure my taxes each year to ensure that I do owe money at the end of the year. Not so much that I will have to pay a penalty, but enough so I get the use of some cash all year instead of lending it, interest free, to the government.
No, this is about understanding the totality of a problem and not focusing exclusively on one piece or part. Its about thinking in context and not in a vacuum. Don't miss the forest for the trees. Make sure you see the big picture.
Okay, enough platitudes. What the heck am I talking about?
Every year at this time we hear lots of discussions about tax returns. People carry on about how much money they got back or gripe about the ridiculous amount they had to pay. Friends, neighbors, coworkers and family members all compare notes. There is glee in the voices of those who expect to receive a check. They revel in the victory of getting money back, while "losers" like me, who must write a check, are supposed to feel bad. They hang their head in shame and disgust.
But the only thing that really matters is how much tax did you pay in total. What was your effective tax rate. Everyone knows you have taxes taken out of your pay and held throughout the year. Depending on how well these have been estimated, you may have too much or too little taken out, resulting in a difference between what you owe and what was withheld for the whole year.
Oh, I understand that some people see the refund as a forced savings program, and it can be a pretty effective one. Others, like me, prefer to retain the use of the cash until we are forced to hand it over to Uncle Sam.
But there are those who fail to see that only your total income and tax liability should be used as a basis for comparison. Two people making about the same amount of money but having very different tax situations might pay very different amounts. How much they get back or pay in April is irrelevant, merely a function of how much was withheld. The question should be how much did you pay in total.
The ability to put things into context, and to grasp the larger picture is important in every situation. All too often, business and technology professionals will focus on one aspect of a problem and lose sight of how that fits into the whole enterprise. The customer satisfaction scores become the goal instead of satisfied customers. Adding more fields to the data base becomes the solution, instead of understanding the data and calculations needed to answer the real question.
As senior management, we see all aspects of the business, both inside and outside of the company. It is incumbent on us to keep an eye out for the people in our organizations who are only comparing the size of their refunds and miss the larger issues.
It is up to us to make sure they have a better, more complete view from the bridge.
Captain Joe
Follow me on Twitter @JPuglisiLLC
Saturday, March 16, 2013
Don't Blame It On The Tool
Ever smash your thumb with a hammer? Have the screwdriver slip and poke a hole in your skin? Seems like human nature is to react by throwing the tool and yelling at it as if it did it to you on purpose, as if the tool had any means of doing anything on its own!
As a society, we work hard to find excuses for all the problems of the world caused by people. Children are protected from over-demanding teachers and coaches, and criminals defended from prosecution under the law. Sadly, many of our role models are stars and athletes with a lifestyle of self indulgence.
We have become a nation of "not my fault". There is always some reason why we were unable to fulfill some obligation, keep a promise, make a due date or just behave properly.
When John Belushi is finally cornered by Carrie Fisher in the original Blues Brothers movie, he drops to his knees and strings a series of excuses together; "I ran out of gas! I--I had a flat tire! I didn't have enough money for cab fare! My tux didn't come back from the cleaners! An old friend came in from out of town! Someone stole my car! There was an earthquake! A terrible flood! Locusts! IT WASN'T MY FAULT!"
We encounter this very same mindset in the workplace. It was the "system" that failed, not me.
One of my favorite uncles once asked me about a problem with his gas bill. Seems the utility sent an invoice for thousands of dollars which was clearly an error. When he called the company he was told the 'computer' made an error. He asked me, since I was in technology, how computers could make mistakes like this? Of course, computers don't make mistakes, people do. Perhaps the meter reader transposed digits, or a data entry clerk entered the wrong amount. But someone, some human did something which ultimately caused my uncle's bill to be wrong. We all know the acronym GIGO (garbage in, garbage out.)
It's easy to miss a deadline because email was down, or the phones were not working. My PC had a virus, my laptop ran out of battery and I didn't have a charger, my cell phone fell in the toilet and the dog ate my spreadsheet. We sound a little like John Belushi.
Where there is a will, there is a way. First, accept responsibility for your own actions. Don't blame the tool. Don't blame others. Get creative and find ways of overcoming obstacles. Hold to your commitments. Go the extra distance. Strive to reach your goals no matter what may stand in the way.
"It's a hundred and six miles to Chicago, we've got a full tank of gas, half a pack of cigarettes, it's dark, and we're wearing sunglasses."
Despite untold numbers of police cars, these boys managed to deliver the money. So "Hit It !!"
Captain Joe
Follow me on Twitter @JPuglisiLLC
As a society, we work hard to find excuses for all the problems of the world caused by people. Children are protected from over-demanding teachers and coaches, and criminals defended from prosecution under the law. Sadly, many of our role models are stars and athletes with a lifestyle of self indulgence.
We have become a nation of "not my fault". There is always some reason why we were unable to fulfill some obligation, keep a promise, make a due date or just behave properly.
When John Belushi is finally cornered by Carrie Fisher in the original Blues Brothers movie, he drops to his knees and strings a series of excuses together; "I ran out of gas! I--I had a flat tire! I didn't have enough money for cab fare! My tux didn't come back from the cleaners! An old friend came in from out of town! Someone stole my car! There was an earthquake! A terrible flood! Locusts! IT WASN'T MY FAULT!"
We encounter this very same mindset in the workplace. It was the "system" that failed, not me.
One of my favorite uncles once asked me about a problem with his gas bill. Seems the utility sent an invoice for thousands of dollars which was clearly an error. When he called the company he was told the 'computer' made an error. He asked me, since I was in technology, how computers could make mistakes like this? Of course, computers don't make mistakes, people do. Perhaps the meter reader transposed digits, or a data entry clerk entered the wrong amount. But someone, some human did something which ultimately caused my uncle's bill to be wrong. We all know the acronym GIGO (garbage in, garbage out.)
It's easy to miss a deadline because email was down, or the phones were not working. My PC had a virus, my laptop ran out of battery and I didn't have a charger, my cell phone fell in the toilet and the dog ate my spreadsheet. We sound a little like John Belushi.
Where there is a will, there is a way. First, accept responsibility for your own actions. Don't blame the tool. Don't blame others. Get creative and find ways of overcoming obstacles. Hold to your commitments. Go the extra distance. Strive to reach your goals no matter what may stand in the way.
"It's a hundred and six miles to Chicago, we've got a full tank of gas, half a pack of cigarettes, it's dark, and we're wearing sunglasses."
Despite untold numbers of police cars, these boys managed to deliver the money. So "Hit It !!"
Captain Joe
Follow me on Twitter @JPuglisiLLC
Saturday, February 16, 2013
Covey, tea or milk?
Quite often system projects are launched with a lengthy discussion of some data set that is needed, or a set of exciting new tools or techniques that could be used for reporting. There is debate over how and where to store specific fields of data, record layouts and structures. Sometimes there is a plan for who will gather and maintain these data. But all of this without any clarity on the ultimate purpose for the exercise. What problem are we solving? What question are we answering?
The great author Steven Covey, in his Seven Habits, had us embrace the notion to start with the end in mind. Know what the goal is before you set out to achieve it. It is often said when you don't know where you are going, any road will get you there.
In system design the objective is not to have a cool system design but rather to meet a specific need or answer a specific question. Before we can identify the information or calculations we need we must fully understand the problem being addressed.
This morning I read a request for assistance with a technology to locate trailers. The parameters of the problem were well articulated. The trailers are stored at several hundred locations and can be at rest for long periods of time. Facts like battery life and fuel efficiency were included. Several popular location technologies such as RFID and GPS were mentioned and discounted for various reasons. The author asked for help with a solution.
But after reading this, it struck me, we still don't know the problem being solved. Surely the company wants to know where the trailers are for a reason. There is a problem being solved and it is not merely knowing where the trailers are. Are we trying to optimize the size and locations of storage yards or monitor fuel use or equipment life? Perhaps it is an attempt to optimize the schedule by locating the closest available trailer.
In any event, unless we know the question we may spend considerable time finding or creating some new methodology for locating the trailers without ever solving the actual problem.
My favorite tactic is to disrupt any meeting by magically producing with pencil and paper the system output exactly as requested and pushing it across the table to the requester. Once they have it I ask what they will do with it. Their response will lead to more refinement of the report or analysis, or will answer their question and, importantly, should lead to some action.
If they cannot answer the question, there is no point in going any further.
Captain Joe
Follow me on Twitter @JPuglisiLLC
The great author Steven Covey, in his Seven Habits, had us embrace the notion to start with the end in mind. Know what the goal is before you set out to achieve it. It is often said when you don't know where you are going, any road will get you there.
In system design the objective is not to have a cool system design but rather to meet a specific need or answer a specific question. Before we can identify the information or calculations we need we must fully understand the problem being addressed.
This morning I read a request for assistance with a technology to locate trailers. The parameters of the problem were well articulated. The trailers are stored at several hundred locations and can be at rest for long periods of time. Facts like battery life and fuel efficiency were included. Several popular location technologies such as RFID and GPS were mentioned and discounted for various reasons. The author asked for help with a solution.
But after reading this, it struck me, we still don't know the problem being solved. Surely the company wants to know where the trailers are for a reason. There is a problem being solved and it is not merely knowing where the trailers are. Are we trying to optimize the size and locations of storage yards or monitor fuel use or equipment life? Perhaps it is an attempt to optimize the schedule by locating the closest available trailer.
In any event, unless we know the question we may spend considerable time finding or creating some new methodology for locating the trailers without ever solving the actual problem.
My favorite tactic is to disrupt any meeting by magically producing with pencil and paper the system output exactly as requested and pushing it across the table to the requester. Once they have it I ask what they will do with it. Their response will lead to more refinement of the report or analysis, or will answer their question and, importantly, should lead to some action.
If they cannot answer the question, there is no point in going any further.
Captain Joe
Follow me on Twitter @JPuglisiLLC
Sunday, January 27, 2013
Do You Know How To Avoid Catching A Bug?
As some of you who follow me on Facebook, Twitter or Google Plus know, I frequently share articles on cyber security and the potential threat of infection. Malware of all kinds are appearing and they run rampant on the internet. Authors predict cyber attacks will result in everything from identity theft to the annihilation of mankind.
On any given day you can read about new threats discovered, a variant of an older piece of code modified to be even more clever and evade detection. These programs hide in the background of computers, poking and prodding, collecting information and even delivering the electronic goods to the bad guys.
Companies and governments are very concerned that cyberspace is the new battleground and increasingly sophisticated malware is the new weaponry. Corporations are afraid of losing trade secrets and governments are afraid of losing control.
Programs like the now famous Stuxnet have been devised and successfully targeted to another country where it caused weapons related manufacturing equipment to self-destruct.
Companies spend millions of dollars to erect solid defenses including firewalls and various intrusion detection systems. Every computer is outfitted with malware detection updated regularly to ward off the most recent threats. Government networks are even more secure with no physical connections to the outside.
But the chain is only as strong as its weakest link, and the weak link will always be the people using the computers.
I am continually amazed at the level of investment in hardware, software and the cost of remediation, as compared to the paltry amount of education delivered to employees and the public. We're frequently warned about diet and exercise, smoking, drinking and drugs. Yet, have you ever seen a public service announcement about the latest zero day exploit? A breakout of the flu or a bad batch of canned peaches will be plastered all over television news.
Perhaps we need an "amber" alert for computing systems. How about a couple of corny slogans such as "if you see something behaving oddly on your computer, say something," or perhaps "always make sure your memory stick is virus free before inserting it in another person's computer."
If there are as many serious threats out there as one would be lead to believe, it is going to be incumbent on each and every computer user to be fully versed in how to avoid threats, how to spot potential problems and what to do to quickly alert others when they are discovered.
Computer security should be addressed in the same way as public health. Teach everyone how to engage in safe computing, how to obtain safe and effective remedies, and how to avoid spreading the disease once they have it.
Captain Joe
Follow me on Twitter @JPuglisiLLC
On any given day you can read about new threats discovered, a variant of an older piece of code modified to be even more clever and evade detection. These programs hide in the background of computers, poking and prodding, collecting information and even delivering the electronic goods to the bad guys.
Companies and governments are very concerned that cyberspace is the new battleground and increasingly sophisticated malware is the new weaponry. Corporations are afraid of losing trade secrets and governments are afraid of losing control.
Programs like the now famous Stuxnet have been devised and successfully targeted to another country where it caused weapons related manufacturing equipment to self-destruct.
Companies spend millions of dollars to erect solid defenses including firewalls and various intrusion detection systems. Every computer is outfitted with malware detection updated regularly to ward off the most recent threats. Government networks are even more secure with no physical connections to the outside.
But the chain is only as strong as its weakest link, and the weak link will always be the people using the computers.
I am continually amazed at the level of investment in hardware, software and the cost of remediation, as compared to the paltry amount of education delivered to employees and the public. We're frequently warned about diet and exercise, smoking, drinking and drugs. Yet, have you ever seen a public service announcement about the latest zero day exploit? A breakout of the flu or a bad batch of canned peaches will be plastered all over television news.
Perhaps we need an "amber" alert for computing systems. How about a couple of corny slogans such as "if you see something behaving oddly on your computer, say something," or perhaps "always make sure your memory stick is virus free before inserting it in another person's computer."
If there are as many serious threats out there as one would be lead to believe, it is going to be incumbent on each and every computer user to be fully versed in how to avoid threats, how to spot potential problems and what to do to quickly alert others when they are discovered.
Computer security should be addressed in the same way as public health. Teach everyone how to engage in safe computing, how to obtain safe and effective remedies, and how to avoid spreading the disease once they have it.
Captain Joe
Follow me on Twitter @JPuglisiLLC
Sunday, January 6, 2013
An Ounce of Prevention
In my many years as a technology professional, one of the worst trends I have observed is the preference for the quick fix. This is the patch, the work-around, the extra step or two that compensates for an otherwise flawed process.
There is an old adage that suggests there is never enough time to do it right, but there is always enough time to do it over. This is clearly now the order of the day.
How many times does a road crew have to fill the same pothole before realizing the street has to be repaved? We have become so adept at creating ways of avoiding problems, we forget to back and fix their root cause. One of my favorite road signs is the one that says BUMP ahead. If you know there is a bump, don't hang a sign, fix it!
This mindset carries over into technology. Apparently it is easier to dump raw data into a spreadsheet and massage it until all the missing or incorrect values have been resolved. But do we ever take the time to track back to the source of the bad data and put new processes in place to avoid storing them in the first place? No, instead we dump the same flawed data month after month into a spreadsheet. In fact, we build macros to automate the correction process.
I've observed in some of the new programming tools we have lost the ability to check a return code. Those of you who may have written programs will recall these special variables set to specific values after an operation. A return code of zero (0) usually meant success, while other values would indicate a reason for the failure. Looking at these codes would enable you to take the appropriate action to recover from the failure or warn of bad results.
Even if error codes are available, often it appears they are not being used. It makes me wonder if error checking gone the way of memory optimization. Now it only matters that the process ends, whether it did what it was supposed to or not.
An employee of mine many years ago reported that he had completed his assignment to write a piece of code. He had entered and compiled it successfully, loaded and executed it. It ran, he told me, so he was done. He then went on to mention it produced the wrong results, but he still considered his assignment complete. You can't make this stuff up.
We have to return to the discipline of getting it right the first time, or addressing the source of problems. Let's not continue to focus on mitigating the symptoms, let's instead get in there and cure the underlying disease.
Captain Joe
Follow me on Twitter @JPuglisiLLC
There is an old adage that suggests there is never enough time to do it right, but there is always enough time to do it over. This is clearly now the order of the day.
How many times does a road crew have to fill the same pothole before realizing the street has to be repaved? We have become so adept at creating ways of avoiding problems, we forget to back and fix their root cause. One of my favorite road signs is the one that says BUMP ahead. If you know there is a bump, don't hang a sign, fix it!
This mindset carries over into technology. Apparently it is easier to dump raw data into a spreadsheet and massage it until all the missing or incorrect values have been resolved. But do we ever take the time to track back to the source of the bad data and put new processes in place to avoid storing them in the first place? No, instead we dump the same flawed data month after month into a spreadsheet. In fact, we build macros to automate the correction process.
I've observed in some of the new programming tools we have lost the ability to check a return code. Those of you who may have written programs will recall these special variables set to specific values after an operation. A return code of zero (0) usually meant success, while other values would indicate a reason for the failure. Looking at these codes would enable you to take the appropriate action to recover from the failure or warn of bad results.
Even if error codes are available, often it appears they are not being used. It makes me wonder if error checking gone the way of memory optimization. Now it only matters that the process ends, whether it did what it was supposed to or not.
An employee of mine many years ago reported that he had completed his assignment to write a piece of code. He had entered and compiled it successfully, loaded and executed it. It ran, he told me, so he was done. He then went on to mention it produced the wrong results, but he still considered his assignment complete. You can't make this stuff up.
We have to return to the discipline of getting it right the first time, or addressing the source of problems. Let's not continue to focus on mitigating the symptoms, let's instead get in there and cure the underlying disease.
Captain Joe
Follow me on Twitter @JPuglisiLLC
Subscribe to:
Posts (Atom)