Psychotomy

So, I was going to take my MySQL exams part II, having passed Part I’s in April or so.  I finished reading the book and the practicum questions from the book  late July, so I was good to go.

Turns out at the end of July they changed test providers.  Turns out the new one put the MySQL exams in a completely non-intuitive place.  Go to the Sun area.  Select Sun trainig.  Select Sun.  Then select Sun Certification Sun MySQL Developer II or whtever.  I had only clicked through the first two levels of selecting Sun, b/c that seemed deep enough for some distinguishing marks.

Anyway, they raised the price.  They made the testing centers significantly less common and convenient.  But I’m trying to figure out where I can take the time to finish up.  And we’re thinking I may take a morning from vacation while they’re at Disney, to do one of them :o

Posted in: work by attriel /
No Comments

So, the review team came to let me know that thye’d be done reviewing some material of mine by tomorrow …

Then the guy tells me that if there’s no errors it can publish, but if there are errors I’ll have to look them up in their error reporting system.

THEN he goes on to say “I mean, he HAS to find something wrong” …

Thanks for the vote of confidence, man!

Posted in: general, work by attriel /
No Comments

So, I have a slightly overactive mind. In that I can’t focus on a single thing at a time, I almost HAVE to do multiple things at once. (For instance, right now I’m writing up this post, thinking about what we need to pack, bring back, etc, and at underlaying levels I’m still thinking about stuff for work and video games)

In fact, if I try to “eliminate all distractions,” like all the college into study stuff tells you to do so you can learn how to do things right in uni? Yeah, I get distracted within minutes and end up off on some complete tangent.

If what I’m working on is interesting enough to engross me reasonably, I can get by with some kind of music. But a lot of times I was doing my homework while watching Highlander and Zorro at 1am because I needed that level of background where I could flick my eyes and have them catch something easily to go back.

And I’ve continued doing this for years at my jobs. Until a few weeks ago I got caught by one of the older generation who is still freaked out by us not wearing suits to the office :o He got all red in the face when I tried to tell him the video was background noise, but apparently he walked up while I had stopped typing to think about something. So he saw me sitting there watching a vid.

Which is going to be a nuisance for everyone, because I’m certainly not the only person to do it :o But he sure does seem to be the only one that cares so far. Unfortunately, he’s up the chain a few levels, so I have to lay low for a while. Which means my productivity is going through the cellar since I’m going to get distracted and tangentified a LOT.

But, hey, at least the company can know that I’m sucking by following the rules rather than excelling by ignoring the ones that no one cares about :o

Posted in: work by attriel /
No Comments

So, all day at work it was running around trying to do all sorts of things. I got asked to do a security scan. this evening. luckily I was staying late since Friday is DK’s day at Dadi & dada’s … but then I had to get the password to the scanning machine, then to the app I’m supposed to scan, plus setting up the scan. Oh, then there was a pair of meetings about the DoS last week and whether we (the developers) had any more information (like packet captures and tcpdump logs and … wait, isn’t that what we asked security about last week???).

In between all of that, I tried to do my job some. Didn’t get very far, honestly, since I kept getting pulled away for something else. Eeeesh.

This weekend we’re going to be running around, I imagine, starting to collect bits for the India trip. Ordered a new suitcase yesterday, since we need at least a second large one (only one of our big ones still functions properly ; we’ve ended up throwing the others away AFAICR .. I should check and throw them away if we haven’t already). Oi.

Posted in: general, work by attriel /
No Comments

So … One of the tasks I’ve been looking at is a password server at the office. The major driving goal is that, after 5 years or so of succesfully NOT changing the password every 90-days, someone at the top of the Oracle group got a bug up their ass (actually, I think it’s a new head guy) and they’re declaring that they WILL change them now.

They’ve also said that they can’t be bothered to figure out who uses what accounts or to tell them that the passwords are changing. So one solution being tossed around is some dual account strategy where everything has two complete access points on offset cycles and some kind of SSL authenticated session managing so that we don’t have to worry about the passwords anymore because they won’t be used we’ll have the SSL certs. Without passwords? NOOO! There’ll still be passwords, we just won’t be using them, so it won’t matter if they change. But the certs, will they have passwords? NO!!! that’s the whole point! that way it’s secure! because now the connection is encrypted!

But … uh … if I can just swipe the cert, now, instead of the password … what has this gained us? other than that now we can eliminate that pesky security precaution of changing the password, because presumably we’re not talking about cycling the certs every whenever … “Well, if it’s compromised, we can just change the SSL cert and it won’t matter!” … uh, we can do that now. It’s called changing the PASSWORD. And it’s about 90x simpler than creating a cert. Oh, and self-signed non-authenticated certs area PITA, and I wouldn’t garauntee Oracle would even accept them for connections, lets be honest. OH! AND the guy proposing it has no idea if it’s even feasible! functional! possible!

My idea was to set up a database that has all the user/server/password combos that are used and the apps that use them. then a web service. and then App A connects to SERVICE, says “I am A, tell me what I need to know” and gets back all the relevant password/connection information. The passwords can be stored encrypted (I’m looking at mysql’s builtin AES, since I need to get it back out). The service can be HTTPS, so it’s not listenable. Then the service gets the password out, and passes it to the app that asked. If I look up client certs (same problems as their plan, but I’m not trying to use them to avoid the password, see?) and set it up, now I can use the cert to authenticate the app (I can also use the request IP for furtherance probably). We can set up however many accounts for any system. We can set up multiple different types of accounts. One app can have 3 databases to talk to on 3 different types of database and 2 or 3 account logins apiece

And the biggest danger? Well, the app can get it’s data. See, technically, if the SSL Cert is swiped and used in a forged request, well, then that forged request would get the credentials for use that app had. But you know what? If they’re swiping the cert, they could just swipe the password file, Because if the system can use it, the system can access it. And if the system can access it, then a sufficiently wide hole will allow the attacker to access it. And if they’re in for a penny, they’re in for a pound.

So, thus, the question. How do you secure it? Because, really, you need to secure the password(s) in such a way that the app can’t access them. That way it can’t divulge them. But, obviously, it then also can’t USE them. Catch-22!

Of course, the other thing to do would be to set up a series of READ ONLY accounts for the query systems (ie — apps), and then SEPARATE accounts that have privs (for the administrative features, etc). But THAT would require giving someone who knew what they were doing control. and that can’t be allowed to happen. We won’t discuss why, because that’d be wrong ;)

Posted in: work by attriel /
No Comments

So, during a meeting today, there was a huge long discussion that went on. About how this or that would be easier for group A if group B did X differently.

Now, in and of itself, it’s not that bad. Except that Group A keeps harping on it. And spent half an hour hammering at it today again. And it really boils down to the fact that Group B doesn’t have the resources to implement the scale of changes needed.

And so A kept going on and on and on about how this would allow such and such to happen that someone else wants. How this would solve a problem with catastrophic failover. Etc etc.

And what they didn’t seem to be understanding was that it doesn’t matter how good the RoI is if you can’t do it. I will gladly give you 10$ tomorrow for 5$ today. But if I don’t HAVE 5$, this 200% RoI doesn’t matter.

If B can’t put forth the investment, then the improvements and enhancements it allows simply don’t matter.

A then went on to suggest “well, do this workaround Y, if you don’t want to do X.” And Y is, really, since I understood everything involved, a poor-man’s version of X. It’s what people did when X wasn’t available. Or when X won’t work, now, for whatever reason. And it takes more effort to set it up, more space to house it, and more manpower to maintain. And it’s more complicated for less return.

Why A thought B had the opportunity to do Y when they couldn’t do the lesser X … But damn did they keep harping on it.

Why do groups always do this, making their own lives difficult by antagonizing the groups they work with???

*sigh*

Posted in: work by attriel /
No Comments

So, it’s been ~15 months since I left my old comfortable job. I’m on my third employer since then (i LOVE contracting, it’s so stable!), fourth health insurance (wtf) … and i’m not sure about the whole thing.

Don’t get me wrong. I don’t think staying would have been a good plan. I wasn’t going anywhere in that job, and no one had any interest in my advancing. I was a useful commodity, but if I got more prominence or more money, the company wouldn’t've been able to get as much markup on me. And the pay change was certainly nice.

But my new job? I’m not really getting anywhere there, either. First off, the job & title I was hired to? the job belongs to someone else (which I knew) and that doens’t appear to be changing (which it was supposed to change). So I’ve been doing oddball “other tasks as assigned” jobs. I have one project that i’ve been working on for over a year b/c it takes an average of 3 months to get a response to any question. time from initial question to as-meaningful-as-it-gets response, that is.

then i started getting in with security to do scans and shit. except most of their operation appears to be FISMA-esque, in that they do a lot of paperwork and boilerplating and very little actual scanning. To Wit: I did a scan in november. I did the report in two days. It’s been waiting a month now for the “team lead” to approve it before I can give it to the people to fix whatever is on it. he “hasn’t gotten a chance to look at it yet”, he says, as he left for two weeks. I’m not allowed to change the process or scan style or anything b/c it’s not how it’s done and we’d need a crapload of authorizations. I need half a dozen signatures on a justification for a piece of FREE software. And I’m not allowed to mess around and try it out first, b/c I need the approve before i can do anything with it. WHEEEE

when we changed ownership, there were basically three branches. design, code, and db. i was (am?) db and did probably 30-50% of code under code lead. after the transfer, I don’t know if we have design anymore, db kinda got dropped (since i didn’t have any dbs i suppose it makes sense) and we got a new code lead. i like him, generally, but in terms of level I’ve been dropped down to “general monkey” . I spend almost more of my time covering for someone else on the team (who has needed to be out/home/whatever half a dozen times int he last month? i have a baby boy and i’m not home that much lady!) than i do on any coding.

I’m not real sure I like my new job, after 15months. Hopefully it’ll change up some, get better. Otherwise, I may be looking again, a year from now. Because whilst we need income, I need to be having fun at my job or I’m going to go nuts. And not in a good way :/

Posted in: work by attriel /
No Comments

What is it around here with people wanting to fix things that aren’t broken? Solutions to problems that don’t exist, and we’ll ignore the ones that do b/c they don’t fit our plan!

Been working with VMWare, trying to clone live servers so we can do proper (read: destructive) and accurate (read: where the same environment is ACTUALLY the same environment instead of an environment that shares similiar letters) testing on development products. It’s not actually on my “job duties list,” but since THAT list includes “MySQL Database Administrator” and I have access to user accounts b/c someone else gave me a list of passwords and i’m not ALLOWED to have admin access to the database (let alone any say in their administration), I decided to spend some time on my Security processes.

And between security and development testing, meaningful environments seemed a good overlap :o So, this week I managed to clone my desktop into a virtual machine running on my desktop (it’s the only system I have available to me for massive abuse at the office). Haven’t tested the networking, but I managed to get it to boot finally, and since I really don’t care about my desktop being virtualized onto my desktop (ow), I’m done with that thought experiment.

From there, I’m moving on to trying to clone a server. Security boss comes by (boss may be the wrong term, but he’s the guy what calls the meeting so whatever) to let me know that he wanted to meet with me in the next few weeks to try to bring me up to speed on some things. I mention that i’m working on the VMWare thing and I’ve managed to clone my desktop. “we’re not going to do desktops” … right, anyway? i’m going to work on getting a server cloned next … “we dont’ do that on desktop” yes, but it’s what i have …

“we want a system that’s got the approved configuration and has been hardened …blah blah” uh, i was CLONING a server into a virtual. with the exception of a few driver changes to work with the virtual hardware, and an IP change to work wit hthe virtual network … it should be as approved and hardened as the real one, dude! c’mon! then he tells me there are programs that can be used to make those clones (rather than my poormans mechanisms) … then he talks about how they let you swap OS’s something something … i think he’s talking about a virtual boot loader now

these? THESE ARE NOT PROBLEMS I HAVE! oi. *sigh*

Posted in: work by attriel /
No Comments

Admittedly it’s the most exercise I get most weeks, but not the point.

So, there’s a process that runs monthly. Person A does a bunch of manual data manipulation and sends the results to person B who goes through a long detailed checklist of actions that summate as “load into database using load button”

I was given the task to automate what Person B does. Right. B. Not A. And I was given the work that someone else had started before me. And that’s when I found out exactly what B does (nothing) and how much it would take to automate (it IS automated, she just clicks ‘load’ fer cryin out loud after uploading the files!!!)

Turns out C (my predecessor on the task) had started work on automating what person A does. Which is great, since apparently thats what was really wanted, despite what I was told. And C was nearly done. When I looked at the scripts, they didn’t do anything.

One of them went through ~200 lines of setup and then just printed “file processed”. There was no actual work done. Just a lot of code to get ready to do work. There was no file ever referenced. It was kindof majikal! Thats when we decided that C had somewhat misrepresented how much he had done when he left. But I worked with D and we got everything lined up, we now read the same files that A gets to begin with, we process them, and we spit out the answers. But we put it directly into the database, finishing the automation of B.

I’ve been testing this process once a month when A/B do their run, so we can make sure it all works. There’s been a few kinks. This month was supposed to be the final test b/c I finally got a meeting I’d been asking for ~6 months to happen. And got the answers I needed. And now things appeared to line up, with one exception because I didn’t have access to the unrestricted files that A had. So we got those, and then we were gonna do the Oct test. B/c the data files get overwritten daily, so I couldn’t go back and retry Sep.

I run the test Monday. And it doesn’t line up. Oh, he must have activated that new bit he was talking about (and that I found out by pure accident since i happened to get that meeting). I fix that, re-run. Same # of entries, same IDs, great. Further checking, and a bunch of column X doesn’t match. WTF? do some back digging. back some more. my datafile doesn’t have the data needed to get the answers (it has 0 instead of a useful number)

I came to that conclusion tuesday, around lunch. I have since run the process a dozen more times, I have gotten four alternative files (I now copy the entire distribution directory, and have access to most of it, so i have a few files to try, plus i got a file from A, although he does data manipulation on the original before throwing it away, so i could only work from his modified file, which didn’t match my original and had good data rather than my junk data) (all my alternative files had the same junk data)

Thursday’s solution was to quit using the datafiles and hook directly into a database that I can look the answer to X up. Which is great, except the logical piece to look up the answer for X with is X. Which is garbage. So I have to use W, which I could have used locally, except it doesn’t come up with reliable answers b/c the data format for W is non-absolute. Which means the database lookup won’t help, really.

So, basically, I’ve spent a week now trying to debug, defuse, and dodge around a data corruption error. In code. I’m trying to use code to get answers that I can’t get b/c the data is corrupted.

It’s a data corruption error! it is unreasonable to expect any amount of sane reasonable code to ‘work around’ the problem Especially since any code that gets past it will, by definition, work badly for non-garbled data. B/c the garbage is what I SHOULD use to get my answers.

And who’s to say the part I use instead isn’t going to be garbaged in 3 months instead? eesh. It’s not like it’s even that VITAL, IMO. It’s not like I’m crashing a rocket. It’s more like putting an undyed fruit loop in the box. Call it a special promomtion and get over it!

Posted in: work by attriel /
No Comments

I work in government contracting. I did at my old job too. My dad did it for 25 years. So you could say I have some experience and familiarity with the precepts and issues involved.

The contract I’m at now, went up for a recompete in June. What that means, to those outside the Government Contracting circles, is that the government went out to look at who was interested in doing this job for the next 5 years (3, 5, 7, 2, I don’t know the actual term on this contract), and had them all put together presentations and make their cases for why they should be paid to do it. Who is the best for the least, a balancing act.

We’ve won this contract for the last half dozen times or something. So no one was worried, happens every few years, and we always get picked. But gov’t regulations say they have to give 60 days notice of end of contract and what the company plans to do with the employees. So end of June we get notices. “Come end of August, you’re all fired! Come back in two weeks, see if we meant it” b/c two weeks was when the winner would be decided.

Meanwhile 4 weeks later, they haven’t decided, but that’s OK. If they were changing they wouldn’t be dragging their feet.

Except, apparently, without that being true. B/c we lost that contract :o and now everyone’s scrambling. The new company had interviews (ad offers) the week after the decision. My company? still saying they’ll see what they can do, there’s interest, blah blah blah. But no garauntees. Nothing, except a severance package if they don’t OFFER you a position. within certain guidelines to make it “equivalent” but …

from what I understand (and the lady explaining it wasn’t sure of the details) it’s like 25 or 50 miles from current place of employment (it’s already 25-50 mi from my freakin’ house people!) and no more than 15% less $$$.

Wait. You want me to turn down an offer (with a 10% raise :o my dad was floored when he found out i had the hutzpah to ask for more money) in order to WAIT for the POSSIBILITY of an offer (hell, interview) that will be even LESS convenient (and more costly) to get to, and you want me to do this with a 10% pay cut and a smile?

Yeah. Eff that. I took the offer at the new contractor. So, whilst I may not think my job is the bestest bestest ever, I’m signing up to keep doing it!

And even better, with that 30 years of contractor history? I’d never heard of the company, and my dad had heard of it in passing during one of the mega bids (where a couple big players and a bunch of smaller contractors make teams and compete rather than one-on-one). Turns out their medium-sized , which is why I hadn’t heard of them (I know most of the big ones and some of the mediums). But at least their not small, like my last company. And they’re fortune 100 best places to work or whatever. So apparently the employees are happy. Or silenced before they can speak out :o

Posted in: work by attriel /
No Comments