Mon, 13 Dec 2004
Be Nice to your Manager
Because if you have a good one you won't realise how good they are until
you get a complete doozy. A while ago i had the luck to work for a very
insightful manager, lets call him Mike (his parents did). It took him about an hour to figure
me out and from then on he played me masterfully, always the right amount
of trust to ensure i was confident about my work but with enough challenge
to both make me think about what i was doing and push me into giving more
than the pay rate warranted. At the time i never even considered myself
managed, thats how good he was.
I only made a single mistake while working at that job, i ran an ls over a deeper directory, answered a question and then without rechecking my location on the system ran a recursive permission change. I went white and made a little choking sound that can't really be described as cute. I'd nuked the permissions on our backup HPUX server.
I expected to be shouted at or dragged off in to a dressing down, instead i got a pleasant surprise (although it wasn't until later i understood it was the best possible thing for a manager to do). "Can you fix whatever you just did?" "Yes, it'll take about half-an-hour." "I'm going for a coffee, we'll talk when i get back." I spent the next half an hour working with our QA guy as my spotter and put the settings back based upon the live box. Forty five minutes later my boss came back and asked if all was well. I sheepishly nodded yes and the only mention of the fact I'd screwed up was: "You know what you did. Learn and see it doesn't happen again." That was pretty much three years ago and i've never failed to double check my location again.
A big mistake or failure needs to be acknowledged, looked at and learned from. The important part is how the issue is dealt with, if you spend an hour having the same thing gone over and over all that the employee brings away from the meeting is a destroyed morale, diminished confidence in both their own ability and the managers trust in them. Be a smart manager, know what needs to be said and what doesn't; if the worker is a professional he'll be beating himself up about it.
As for me, next time i get an understanding manager like Eric Sink or Mike I'll be a little nicer, a lot more appreciative and a bit slower running chmod.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2004/12/13 23:12 | /career | Permanent link to this entry | This entry + same date
This is a Local Service for Local People...
In a previous post about
blacklisting IP ranges used by China I stated why I feel it's a valid
approach. I think I should clarify my own actions when it comes to things
like this.
Any servers that are owned and admined by me alone (Bytemark Virtual machines, friends servers etc) have a number of deny rules in place to drop connections to a number of important ports (SSH, SSL etc) to reduce the attack vectors provided by the servers. These rules block connections from any IP addresses no in the UK, Brussels and a couple of other countries, if I'm going to a tech conference I'll open the range slightly to allow remote access but I'll turn on stupid amounts of login for the duration of the trip.
For work machines the rules have to be a little different, most companies fit into one of two categories, those that have geographically dispersed teams and those that don't. It's worth noting that for the purpose of this post I'm only discussing admin and other important services, SSH, SSL to certain servers etc, not web and email traffic. For those I do layer 7 filtering.
The only real difference between the two is how many allow rules you have to add. It should not be possible for Joe Random Stranger in the land of the script kiddies to even probe those services unless they are located in the same country as your admins. By adding simple, logical rules like these you reduce your exposure dramatically and increase your networks security at pretty much no loss of functionality.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2004/12/13 20:19 | /security | Permanent link to this entry | This entry + same date
One Writer, Multiple Readers
Heres my feature request for Gmail, a service I'm mostly happy
with.
It'd be nice if you could set up read only access to your inbox, or even designated 'labels' that you could limit by either assigning a password or allowing full (read) access to everyone.
I pipe quite a few mailing lists into my GMail account and I'd like the ability to give certain people read access to anything labled as security. RedHat Cluster or any other label I choose to set; but without the risk of them deleting things.
This would allow both easy book-marking and sharing of links to content you've received by email and allow an easy way to do small, semi-private, but multiple participant mailing-lists.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2004/12/13 20:07 | /tools/online | Permanent link to this entry | This entry + same date
Blocking IP Addresses, Nation By Nation
Quite soon the Chinese government won't have to try to censor the
net. The western world will just filter off all the traffic coming from
China, doing the job much more efficiently.
The above quote came from a Slashdot article on China and its Relation With Spam. I don't normally read the comments on Slashdot articles but I had a hunch some of the posts to this one would be quite extreme; SPAM is one thing that drives most geeks nuts.
The thing that surprised me the most if that there seems to be two main camps. People who run networks and who block and refuse to accept connections from China, Korea and similar dens of useless computer laws and the people that claim this is a violation of rights / free speech etc. To the people in this second group I have one thing to say. Bollocks.
I can block who I want on my servers and as long as I mention it nice and clearly to my users I can block these ranges for them too. If you don't like it, then tough. Let the local legitimate users lobby for changes to the law, tidy up their own act and then, after this has been done, I'll let them talk to my networks again. In the mean time I hope you enjoy the "Connection Refused" messages.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2004/12/13 20:00 | /geekstuff | Permanent link to this entry | This entry + same date
Copyright © 2000-2005 Dean Wilson
