Psychotomy

two days ago i made the mistake of saying something about the poor coding and resultant insecurities of the site. new manager (oh yeah, my manager changed as of 1 august from the guy who hired me and knew my dad to someone else) went all apeshit (ok, admittedly, it needed to be fixed, i’d just never been allowed to fix it, b/c it might break something). we went and talked to rob, i got permission (shocking, with manager lady breathing fire?)

yesterday she came by to see if i’d finished (i’d told rob, and left her a vm, go figure) and this time rob asked about the admin interfaces and if they were ssl yet. which sent her batshit again. so i went and finished that up. one thing aboutt he new manager, i’m getting to do some of the fixes i’ve wanted to do for a while. downside, they all have to be done yesterday and i’m the one it keeps coming down on for not having done them. *sigh*

but during yesterday’s conversation, i found out a few things. (a) when one of the systems got hit last year (a system where i’m not the admin of record, and i have no sites), it gave the company a black eye (it was during a recompete). apparently ceo wanted to “bring the hammer down on you guys” (i’m not even sure who “you guys” are!), but old manager stood up and defended us. and new manager backed him up with “accidents happen” and our assurances that we’d gone through the code and it was ocked down much more. apparently she took this to mean “all code that runs on everything” rather than “all of HIS code/code on THAT system”.

then there was the veiled threat. which she said wasn’t a threat, but obviously was. the decision wouldn’t come from her. it’s not what she would want. but if i get hacked, i get fired. and she’ll throw me under the bus as a bad admin/programmer/whatever.

what’s impressive is this is after a weekend when (supposedly) “over 500 government systems were hacked” … did all those admins get whacked? (no; afaik no one’s been whacked).

she’s dangerous b/c she knows enough keywords that she’s annoying. SQL injection is a well known exploit and if we’re vulnerable to it that’d be really bad after all the publicity it’s gotten …

[b]SQL INJECTION is a [i]class[/i] of exploits lady!!!![/b]

so last night, my job search went active, b/c i don’t need this damoclesian sword crap.

Posted in: work by attriel /
No Comments

well, had my first new interview yesterday. c/c++ linux threading. sounded interesting. smal company (like, 18 people, and half a dozen of them are contract employees), theyd been in business 28 years or so …

“we’re funded by a trust, so there’s never an issue of running out of money or going under suddenly” “we’re like a startup, year to year”

don’t thnk i’d look on it like a permanent career option, but it was something i could see doing for a couple years. which i suppose they might have sensed, but i don’t think it showed. and they showed serious interest in some of my skills that aren’t necessarily directly related to what they wanted (my security training), which sounded like a bonus. oh, and they’re looking to hire two people, and i only saw 3 maybe 4 resumes on his desk.

when they asked salary, i told them. he pretty much choked on that and i kinda watched the op dry up and blow away ;o depends on how much they want my skills, and how much the other apps ask for, might come back to me thinking it wasn’t such an outrageous salary range.

—

On the current job, my manager (went to school with my dad in india, and was kinda the contact to get me in the door for my position) is apparently starting to siphon off his load, presumably in prep for retiring in a few years. and my job# is one of the ones being moved over. to someone i really don’t know.

so, while i was feeling kindof bad about bailing before … i don’t have the issue of bailing on an old family friend who got me in to begin with, at least, now.

now i just need an offer from someone at the prices i want ;)

Posted in: work by attriel /
No Comments

first, of puppies:

wednesday i was home (conference over, not working (a week of 13hr days, screw it !!!)) and got up ~8am. by 8:30am k had barked and whined enough to annoy me. so i dropped him at camp for the day. i wasn’t in the mood for puppy walks every couple hours (to wit, he’s been on 4 today in ~10 hours)

wednesday i go to pick him up, and i get called into the managers office. like being called to the principles office, but i’m the parent not the child :o “we had a little incident today, k-line bit someone” wtf? k ??? k never bites anyone! i mean, if he were defending himself ok, but just walked up and bit someone’s calf? no effing way! but they weren’t reporting it (“oh, so he didn’t break skin?” “he did” uh, then you policy dictates the hospital/dr’s, THEIR policy dictates reporting to the county … ?) Of course, I still havent’ gotten a call from the county, so i’m confused. but i’m counting thu-sun as 4 days for if they call on monday about the 10-day quarantine. anyway, further details come out slowly. apparently someone wasn’t following the procedures/rules. probably someone new, didn’t think it was important. See, K has this issue. he completely spazzes when somoene leaves the room. and if you take a dog with you? look out, he’s pissed now, you’re trying to run off and play with someone else!!!!

it seems like what happened was he was doing his barking nippingthing, and accidentally caught someone. small skin puncture. oh, did i mention the silver-dollar sized scab on my ankle or the 3″ scar on my wrist from leashes? and you’re flipped out b/c he accidentally nipped someone??? cmon!!!

of jobs: found a posting (well kiir did) on craigs that’s in columbia and C/C++ IPC/multiprocessing linux app (well, sounds like a device driver to me frankly; embedded raid controllers) so i’ve spent the last two days working out a cover letter and updating my resume a bit. not that the updates are really necessarily relevant to this company (my security training) but figure it can’t hurt to add them.

except i can’t get neooffice (os-x openoffice native) to play nice. actually i may have had this problem when i did the resume the first time. all i know, it royally sucks how much effort this is. i spend less time and attention writing whole chunks of VE/EO than i’m spending on this freakin’ resume. !

I also did a salary check on monster (monster.salary.com) and for a SWE V (which is approx what i am/would be) i’d be making 90k. that’s the bottom 25%, btw. 105 is median. this is in dc area. where i live, yeah. i’m grossly underpaid :o which is one reason i’m starting to look. i may not move, but having a competing offer, my company might (MIGHT) be willing to cough up some more :o

Posted in: k-line, work by attriel /
No Comments

oi

been at a security conference since last wednesday. 13 hour days (door to door), then having to work when i get home (somehtings been brok EVERY night!!!)

conference is nice. except the course i’m in? securing internet presence LAMP? yeah, apparently i already knew 90% of it, maybe more. so it’s a very expensive day without much learning, for me. getting some tips each day, but nothing earth shattering.

apparently i won an ipod yesterday. except i didn’t. so someone else got it :o (yesterday was php programming, and the instructor said that if we knew php we’d be bloody well bored :o so i didn’t go, so i didn’t know i won an ipod until i went today and like 4 people in my session (wtf? i wouldn’t've said i’d worn my nametag enough for anyone to freakin’ identify me!!!) told me that if i’d been there yesterday i won an ipod :o oh well)

tomorrow’s the last day, which i’m not sure i need either, but figure i’ll go anyway since the company paid for it an’ all.

‘course then i’m working from home/blowing off the rest of the week. b/c doing this is exhausting. and b/c i’ve been racking up bonus hours all over the place, so i feel vindicated :)

Posted in: work by attriel /
No Comments

talking to folks at the game day we had yesterday, i was reminded that i’m starting to near that line in my job. i had all that teaching experience and couldn’t get a job b/c i had the ivory-tower taint.

now, it’s been a little over 4 years at this job. government. after 5 there’s a government taint that’s hard to overcome, and i end up moving gov job to gov job as a contractor until (unless?) i get the break and snag a civi position. or i get the axe when my company loses a contract and has to toss people overboard.

so, if i’m gonna look for another job, i need to start now. but i LIKE my job (i just can’t stand the people i usually work with; but AFAIK that’s called “work”), good benefits and i’m working from home mon/fri now part days, so plenty of relaxation. but i’m at the top of my payscale, next step up is management, i think, and i have no one to manage nor any interest in managing. so i may kindof be stuck. and last years review discussion edged on the concept of raises, and my manager basically suggested that i go out, start doing extra work for other people/groups to get my foot in the door, so maybe they’ll ask for me. except, in the meantime, i’m supposed to do this extra work free. basically off the clock. and with my schedule, wtf do i do that?

may need to talk to him this summer about it so that i can start looking in september if i know i’m gonna bail. rather than waiting until i get my raise letter in mid january or something to find out “hey, anotehr 3%! that doesn’t even cover gas increases last year!” and start looking THEN.

i’m also starting to check craigs and guru for contractual gigs that i can like hammer out something and get paid in small chunks. everyone keeps telling me there’s all these great contracts “do this script for me” on craigs, bu all i ever find is “hey, i need someone to rebuild my whole site, looking to pay 15-20$ for the site” which if it’s /hr or /pg or something is one thing, but 20$ for a whole site? no

found a posting on craigs that looks interesting, php dev in columbia. payrate is DOE. I hate that nothing ever shows a payrate/range b/c if they’re offering 50k i’m not going, but if it’s 90, sure. but as i recall, pay never enters into it until late in the interview process, so i have to waste a lot of everyone’s time before i find out that they’re max is less than i’m making now, ok, later!

i hate looking for a job. i hate being broke. and i don’t think i much like getting pigeonholed and stuck in a specific track. but if i can get some good contract stuff that i can do on the side, that’d be great.

this has been another daily babbling

Posted in: work by attriel /
No Comments

Been working on cleaning up a bunch of entries I imported from another group for the visible earth, lately. where by lately i mean “a month working on before the import to try to minimize after import time” followed by (so far) “a month after the import cleaning up the bits from the automation scripts I wrote to make things ‘close’”

one week of that after was thrown away when i realized i was accidentally deleting relevant information (not actually deleting it, but it was no longer connected to where it had been connected to, making it meaningless and untraceable)

now i’m done the major portion, and doing a second round of cleanup. i could technically punt this round of cleanup and let it slide. And I’m thinking I might :o gonna finish up today’s roundabout and see where it leaves me and decide then. hopefully I’ll be able to push these updates live before we leave for NY this weekend

of course, when I get back, I need to open access to the administration tools, which shouldn’t be hard but I’m afraid of what these yahoos might do :o and THEN i get to start on the massive earth observatory suck and redesign. which redesign, of course, the graphics designer hasn’t even vaguely started working on yet. but i’m sure somehow it’ll become my fault.

somewhere i’m supposed to develop a big calendar kindof damned thing. showing my tasks and delivery-dates for segments and crap like that. which could take me a month to fill out on it’s own. or, might, if the webapp i downloaded for it worked :/

maybe i’ll write my own. could be fun for a day or two (i already know the basics of how to write a simple app of that nature; i could try to clean up my questionable old java knowledge :o or just hack it out in perl more likely)

and on top of all of this, I’M BORED. busy as heck. forbidden to work more than a 40hr week. but bored b/c i know HOW to do most of what i need, and implementation is not interesting as design/theory :/

anyway. back to “work”, where by work i mean “tediously and mindlessly doing more cleanup of these 7000 new entries and the 3000 relaed bits that i have to parse up”

maybe i’ll just punt it :o

Posted in: work by attriel /
No Comments

whee

earth observatory won the people’s voice. again.

by the third time, it’s just not exciting anymore :o

Posted in: work by attriel /
No Comments

Well, Earth Observtory is a top 5 nominee for a Webby Award (http://www.webbyawards.com/) again. didn’t get nominated last year, AFAIK. Two years ago we won, and 2 and 3 years ago we got people’s choice. So, it’s nice, but I’m not overly enthused.

OTOH, when I commented on the Visible Earth, I was told “oh, it’s not ready yet” which is news to me since I pushed the site LIVE over a YEAR ago. 13.5 months ago is when my stats start. Sure looks “ready” to me :o

So, I’ve decided I wanna try and get the VE a people’s voice webby. Write-ins are allowed on the People’s Voice voting, so I’d like folks to vote for:

Visible Earth

http://visibleearth.nasa.gov/

In the Best Navigation category, as well as Science and Government.

I’m against some well known sites, so please get other people to vote for VE too :)

http://peoplesvoice.webbyawards.com/login.mhtml is the Peoples Voice login/voting area. C’mon, help a guy out :) You know you want to :)

Posted in: work by attriel /
No Comments

well, GEE !

apparently the visibleearth got wormed for the day ;) wonder how THAT happened :o

http://visibleearth.nasa.gov/

Posted in: work by attriel /
No Comments

the head of my branch’s it security folks sent out a notice yesterday …

well, background, starting last week when it was discovered, until now, i’ve received a little undre a dozen emails at work about how dangerous the windows wmf flaw/exploit is and if you get infected it’ll be easier to rebuild the box yadda yadda

(incidentally i received more messages about the FCU phishing scam … and all 15 of those arrived in one day …)

yesterday a notice comes around about an unofficial patch on some site … and we’re being told we should install it. now, i presume that it’s been reviewed by people and determined that it’s non-trojan-ey an’ stuff. and i honestly haven’t looked at it.

but … recommending that we install an unofficial patch off the WEB?

come ON! at least commit so far as downloading it and hosting it locally on one of hte security divisions web servers. otherwise you’re just telling everyone that it’s OK to go out and download & install things they find on the web that say they’ll help!

and his reasoning for this when i aked??? b/c most of the users would just continue surfing and get hit by the bug, they’re not SMART ENOUGH to understand how not to get screwed. so we’re telling NOT SMART people to download and install thingsoff the net like they’re going to be able to make the distinction between good patch and bad patch on their own when we can’t trust them to surf websites?????

jesus.

Oh, and there’s a history of unofficial patches interacting poorly with official patches. and the sec guy acknowledged the possibility that everyone who applied this patch may get completely fucked on black tuesday …

and don’t get me started on black tuesday!

Posted in: work by attriel /
1 Comment