Sunday, December 28, 2014

Patching policies

Network staff: patch early, patch often.  It's better to have a 1 day per year outage from a bad patch than to ever have a compromised server or defaced site, especially when policy is to assume everything in the same subnet is also compromised and needs to be cleaned with fire and holy water.  A compromised site also means risk to our reputation, which is worse than not meeting an SLA 1 day out of 365.

Products weenie:  patches risk unplanned outages, which means we risk not meeting SLA.  Customer-facing SLAs are our bread and butter, and must not be messed with.  They must be tested in non-prod environments like any other software rollout.

Change approval board: 1 week per SDLC environment, because we're ITIL compliant. That means 5 weeks from patch release to production.  We neither know nor care what you mean by "zero day threat", we're a proven process driven shop.

Sysadmin: whether it's hacked or breaks from bad patches, I get my arse kicked either way.  And my arse is pretty sore already, and I'm over it.  Someone just make up their goddamn mind one way or the other, and I'll keep the e-mail where I was told to do it that way.

Marketing: What's a patch?  I ate my crayon...

Me speakum Somalian

Saturday, December 27, 2014

Another observation of the day -

Do not use your wife's brand new white tea towel to dry your fermenter after washing it from a spirits run.  Especially when the spirits run had a carbon slurry in it.  Think liquid graphite here.

Pointing out that carbon is inert and sterile and is actually making the tea towel cleaner is NOT a solution.  Trust me on this.

Thursday, December 25, 2014

Christmas morning observations

A couple of observations of the day:

Ran across this little gem this morning.  It's cool, you should buy one.

These are brilliant.  You should also buy one immediately.  Buy reloads.

I also see that CCHQ in Britain are wailing that they now can't track criminals as easily, because the Snowden leaks have revealed many of their readily used tricks, the poor dears.

I'm kind of conflicted on this one.  I'm all in favour of criminals being busted via any legal method possible, and I also think the legal system all too often protects criminals in the name of being "fair" to a degree where obviously bad people get away with obviously bad stuff because the burden of proof is set too high.

At the same time, I'm outraged at the degree of violation of privacy that the Snowden leaks revealed.  That's not on, because it's none of their goddamn business.  I have a reasonable expectation of privacy unless I'm further reasonably suspected of doing bad stuff, and there should be a court order to allow my activities to be monitored to prove it if so.

One of my favourite sayings is that usually we don't need new laws - we need the laws we have actually enforced.  Examples are crap like gun and drug crime - they're invariably in breach of existing laws, we don't need new ones, because I doubt that Doug the Scumbag Drug Dealer is going to pay any more attention to law MCMLXXXVIII than he does now to the one before it.

In the case of surveillance and criminal activity, what we need to do is use the political system to reset the limits, laws and guidelines that legal system works under.  There shouldn't be a need to prove to an an almost impossible degree of proof that Doug is a shitbag who needs to be locked up, if we all goddamn well know it then let's just get on with it.

99% of criminals are morons, so let's not spend time on them.  Let's lock the pricks up for a while, and spend our law enforcement resource on chasing the 1% who need the time and effort spent on proving they're bad people to a reasonable degree of certainty.

Tuesday, December 16, 2014

Things that drive me nuts as a Justice of the Peace

For those who don't know, I'm a Justice of the Peace.

While that gives me the authority to do a whole bunch of things if and when required to, the reality is that the vast majority of the work is witnessing signatures on documents such as statements, declarations, contracts etc, or certifying copies of documents.

Should you ever require the services of a JP or similar person, here are some guidelines to make the process easier for both parties.  These are based on my real world experience and cover a few topics that people often don't seem to "get".

Witnessing signatures

The whole point of asking me to witness a signature is that you actually sign the document in front of me.  The sheer volume of people that don't appear to grasp this as a concept is quite astonishing.

Please bear in mind that if you're being asked to sign a statement, declaration or similar document, the point of doing so is not only to capture your assent to the truthfulness of the information presented, but also to obtain some measure of certainty that it was actually you presenting it!  This means that:

  • If you rock up with a pre-signed document, I will make you sign again so I can verify it is indeed your signature.
  • If I don't know you personally, I will require you to tender some form of photo ID so I can verify you are whom you say you are.  Why some people get offended by this, I really have no idea.
  • If you are a PA for some self important windbag manager and bring me a pre-signed document, I will tell you that the aforementioned windbag will need to present themselves to me - under no circumstances am I witnessing something I didn't witness.  No, it plays no part that aforementioned windbag is a really busy manager and it will be inconvenient for them.  And no, I will not come up to their office - they come to me.  I'm not their staff member.
  • The same applies for people who don't have access to my floor of the building.  I realise I work on a secure floor.  That means you'll either need to get someone who does have access to escort you, or see the nice security guards on the ground floor and ask for a guest pass to the floor - if they ring me I'll OK the pass.  I will not meet you on another floor of the building, because if I have to do it for one person, I have to do it for everyone.
  • Much the same applies for documents that need to be co-signed by multiple people.  All of these people will need to attend and sign the document in front of me if they want me to witness their signatures.  I appreciate this will most likely be inconvenient, but it is not a matter of discussion or negotiation.  May I suggest that not every signatory needs to have their signature witnessed at the same person at the same time?

Other points:

No, I will not witness a signature on a blank form, and "you'll fill it out later when you have a moment".  I am witnessing not only your signature, but you as a signatory to the statement made.  Have you ever heard of the Fitzgerald Inquiry?  This means I will also cross out and initial any blank or substantially blank sections on the document at the time of my witnessing.

No, I don't need to read the document, or know what it's for, other than understanding the requirements for it to be completed correctly.  I really have no interest in your personal details.  I would like to scan the document itself though (not particularly the contents), to ensure it has been completed fully and apparently correctly.  If you're horribly embarrassed or nervous about the contents I can witness your signature without sighting the document, but I will add a not to my signature stating such.  It's going to be your problem if the document is acceptable in such a format.

I am not trained in law.  I can't tell you how to fill out a document any more than reading it and understanding it the same as you can and should.  I also can't divine what the author of the document means or wants any more than you can.  If you don't understand the document, you need to clarify what is required with the intended recipient of it.  If you need legal advice, see a solicitor.

An example of this is someone who asked me to witness a signature on a change of name deed poll application.  She explained to me that:
  • Her marriage certificate was issued with a misspelling, although her husband's identity documents show the correct spelling.
  • She basically hasn't gone by her legal name since the age of approximately four, due to her mother changing partners with a frequency similar to that which most people change underwear, and registering her with the surname du jour at the time.
  • As a result of the above, she has assorted documentation, utility accounts, bank accounts and licences in a incredible mishmash of names, many of them simultaneously, and not one single one of them legally current.
What did I think she should do?  I witnessed her signature, suggested she pack the lot up and explain the situation in person to the appropriate public servant, and wished her luck.  I haven't seen her since, she's probably still there.

I have one co-irker who has several times asked me to witness a document for him.  The document is in Hindi, was signed by a member of his family (not him), and is to be tendered to the government in India.  I can't read the document to understand what it is, what's been completed, what the requirements are to witness it, and it will have zero legal standing whatsoever outside Australia.  As such, I'm pretty sure that I'm actually not permitted to sign it - the general rule of thumb is that anything specifically stated is OK, otherwise it is unwise to assume.  He produces a copy of this document every twelve months and asks me the same question, and I make the same response every time - I can't do that.  I don't know what he does a an alternative, but I do know it doesn't stop him trying again twelve months later.

Finally, please understand that it's not my role to judge or gauge the truthfulness, completeness, applicability or otherwise of the contents of a document you are signing.  You are the one signing it, that's up to you.  I'm just verifying that you did indeed sign it, and if I know damn well you're lying that makes no difference whatsoever to me.  You do realise you're making a legal declaration by the way, don't you?

Certifying copies of documents

This really should be a very simple concept.  You copy your document, present the copy accompanied by the original for provenance to me, and I certify the copy as a truthful duplicate of the original.

So why is it so hard?

Yes, I will absolutely, no alternative, need to see the original.  This is not a matter for discussion.  you apparently managed to get the original to a photocopier, get it to me.  No, it doesn't have to be your document/licence/whatever.  I am certifying the copy as an authentic duplicate, not that you own it.

Downloaded documents are a real problem.  This includes utility bills, e-mailed statements, downloaded and locally printed certificates and anything else where there isn't actually an original in a physical form.  Unfortunately, I am very limited by what I can do under those circumstances, and it really comes down to a single viable option - I need to see you log into the website from where the document originated and was printed, and verify the copy you are tendering against a source under the control of the issuer.

The above basically means that anything you ever printed from an e-mail attachment has no provenance and is useless to you, unless it can be verified online.  The same goes for documents no longer verifiable online.  If there's nothing to compare against then I can't certify the copy as an authentic duplicate, and that's another one of those "not going to be the subject of a discussion" situations, unfortunately.

I'm happy to certify a copy of a document for you pretty much any time I am free, it's a quick process.  Two or three documents is fine.  If you rock up with a sheave of the things, I will be less immediately accommodating, and will probably ask you to come back to collect them later, as I can't just take half an hour out of my working day to do you a personal favour.  I'd apologise for any inconvenience caused, but the fact that I'm not sorry prevents me from doing so - I can't be responsible for your personal matters.  Please be realistic, and organise yourself - I had someone present "a couple" of documents to me last week that she desperately needed on the day.  The final count was sixty-three individual documents, of which several had been photocopied sideways so half of the original was missing off the page, and around 30 originated as e-documents and needed online verification - the details of which she did not have with her.  Sorry (there's that word again), can't help here and now.

Finally, while this isn't the fault of the requester, I would just like to say that documents that have no place to affix a stamp are a complete pest.  White space, document creators.  Use it!

Monday, December 1, 2014


Karma - one of the reporters who felt the need to publish Officer Darren Wilson's home address is now constantly calling the police asking for protection because she is being harassed and is apparently the recipient of more pizza than she really needs.

This is a splendid demonstration that for every action, there is an equal and opposite reaction.  Hopefully it also teaches Julie that consequences aren't just for the little people.

This little gem is also doing the rounds:

Pity it's a spoof news site like The Onion, but the article is obviously fiction just from reading - it purports that a rioting thug who thinks it's reasonable the put a Molotov cocktail through the front window of a grocery store would actually own a house. 

Yeah, right.