Punkie

Here’s the thing: Trump may has said he allowed it via executive order, and whatever. But you come after data I was sworn to protect? Come here with a judge-vetted legal warrant and court order. Oh, you’ll fire me? Then I did my job. I’ll be arrested for doing the right thing, not cowardly giving in “because they might yell at me.” Yeah, I did that once, and I got a big fat nothing out of it. I got out before the S&L crisis, but I saw it coming a mile away. I have no loyalty to some rando from South Africa. I have a loyalty and duty to my job and country and fellow citizens.

My hope, and it’s a thin hope, is that they really can’t fucking do anything with the data because they don’t understand it. Or lied they have it, and we let them believe this lie as part of the protection. They only have 200 copies of “WideWorldImporters Sample Database for SQL Server and Azure SQL Database” and think it’s real. Or whatever. Unlikely, but I gotta have hope somewhere. Part of this is because I know how PII is stored, and it’s not like one large file. It’s multiple systems with “just in time” joins and a horrible complex mess that’s a wonder it works at all. A bunch of 19 year olds and a rich liar are monkeys with baseball bats hitting a random laptop as a comparison. Millions are spent on contractors to work with it, and rarely does any single one person know how it ALL works. Just pieces of it. And some of it was in COBOL. What, one of those kids has a spare PDP/11 in their garage? But, maybe that’s thinking too hopefully.

Even if they suddenly stopped, it will take decades to undo the damage they have already done.

Side note: “the launch codes” are not like, two hex keys to launch nuclear missiles. It’s so much more complicated than that, that I used to fear in the 1980s that the Ruskies would bomb us flat before someone with the right laminated notebook was located. “What? The keys didn’t work? Didn’t anyone test if the keys fit? NO???” I’m not saying that’s an exact case, but an example of shit I have run into. I have to also hope for sheer incompetence saving us, like out of the movie Brazil or something. God damn, this is a bleak dystopia.

I had the same thing happen at a bank, my manager threatened to fire me if I didn’t hand over my login and password. After being trained to never give anyone, even your boss, the login and password. And why? Because she was doing illegal things under the teller’s logins. If she had gotten caught, I would be blamed. So I quit that job. And then the whole S&L scandal happened, and I was unsurprised. After that, I learned never to give anyone a login and password. I tell myself it’s a test. I’ll be fired for giving them the login and password. And if they fire me, well, get another job. I have skills to get another job these days.

And yeah, “well, your director will just give it to them.” That’s on my director. I will at least lose my damn job without a guilty conscience. I know I did my part for the right reasons.

This doesn’t anger me as much at the people just letting this happen at this point. Those of us who have taken the DISA training about PII and such are told never to share this info. But someone is allowing it. I mean, maybe if they have a gun to your head or jailed your family, maybe, but who the fuck is rolling over and just going “okay?” If these fuckers can do it, this data was never safe.

Also does anyone still port knock these days?

If they did, would we know?

Basic setup for me is scripted on a new system. In regards to ssh, I make sure:

• Root account is disabled, sudo only
• ssh only by keys
• sshd blocks all users but a few, via AllowUsers
• All ‘default usernames’ are removed, like ec2-user or ubuntu for AWS ec2 systems
• The default ssh port moved if ssh has to be exposed to the Internet. No, this doesn’t make it “more secure” but damn, it reduces the script denials in my system logs, fight me.
• Services are only allowed connections by an allow list of IPs or subnets. Internal, when possible.

My systems are not “unhackable” but not low-hanging fruit, either. I assume everything I have out there can be hacked by someone SUPER determined, and have a vector of protection to mitigate backwash in case they gain full access.

I have done a lot of personal study on this. There are “Christians” and there are “Team Christian.” Actual Christians usually practice what they preach, or try to. The “Team Christian” folks are like people who have a favorite football team: they wear the jerseys, watch the games, and claim the tribal aspect of “I am good, they are bad.” But know nothing of the philosophy or inner workings any more than the average football fan plays professional football, or runs the corporation end that manages the team.

Also, like most bullies, they love saying the opposite just to make you mad. “If Jesus were alive today, he would have shot all the immigrants with a machine gun,” so you go “NO HE WOULDN’T HAVE YOU EVEN READ A BIBLE YOU HYPOCRITE GRRRR!!!” and they laugh at how mad you got. Like a bully saying “nice hair!” because they know it will make you angry, and they’ll act all innocent.

Saw this coming from a mile away. I was wondering when this ax would drop. What a shame; I grew up to PBS/NPR.

So many people on the Internet say “Ugh, Starbucks is shit,” like they are proud about it. Truth is, a LOT of people drink at Starbucks. The one near my house had a drive through line so long, they redid part of the shopping center parking lot to accommodate it. It’s been renovated twice in ten years. Starbucks sells more than just “coffee that is shit,” they sell a service that few can compensate without having to set up something in your own house. Frankl;y, half of the stuff out of there is caffeinated milkshakes of varying consistency. Starbucks is a service that sells coffee, and that convenience is what draw so many people.

The average person doesn’t care about unions, good coffee, or any of that. They want to get a nummy candy treat packed with caffeine to drive to work. That’s it. It’s really just that simple. And until it gives people instant massive diarrhea or some other personally-affecting scandal, they will just keep doing it out of habit. habit is a strong motivator, especially when you’re fucking tired and just want to get to work that you hate anyway.

This right here. I have worked with a dozen PMs in 30 years, only two were any damn good. One managed an IT team, and she didn’t know tech worth squat, but God damn, did she keep the flow going and know how to get shit done without being an ass about it.

On the other hand, I faught with a PM once because he didn’t understand the concept of priorities or how to manage a crisis. “You want me to fix the outage or attend a meeting about it?” “Both.” “Pick one. You have a choice. I can fix the issue in the data center, or join a blame session in the meeting room. Which one?” “BOTH!” I got to the meeting room, and he demanded we put down our laptops and pay attention. He invited EVERYBODY regardless of whether they were needed or not. Twenty seven people all bitching about the outage and not a single person fixing it. No meeting moderation. Just chaos until he had a panic attack. Just useless.