Two words about employment

by Dmitry Kirsanov 27. November 2011 19:12

It appears like in some things Chinese have more sense than the rest of the world. According to the article, they are going to cancel majors (i.e. higher education programs) which don’t lead to employment. They are going to analyze the stats of employment for those, who finished their majors and how lucky they are to land a job. So, if you are teaching Turbo Pascal and call it “Computer Science”, your days are numbered. If you teach it in China, of course.

I wish the same would be implemented in EU. During my career I found out one thing – an IT specialist with higher education is less preferable than the one without it. The reason is simple – higher education in Eastern Europe works just like in “Profession” – novel by Isaac Asimov. Dumb memorizing of irrelevant data which won’t do any good for business. They are not taught creativity and open-mind behavior.

Besides, the situation with employment becomes so interesting for those mentally challenged IT administrators, that some of them become very… I almost said “creative”… In finding a new job opportunity.

According to Security Week, a 26 year-old Hungarian male called Attila Nemeth hacked into the network of American hotel network Marriot through some dumb social engineering technique, and then… Tried to extort the employment opportunity at that company, at his terms. And as if it wasn’t stupid enough, he sent them a copy of his passport, and used plane ticket paid by Marriot to come for his job interview. After he was “interviewed” by Secret Service “HR personnel”, he’s about to be employed by one of American prisons for next 15 years and during that time he will have to pay up to $ 1 million to Marriot.

This makes me think, that Hungary has problems with two things, and one of them is employment.

Talking about employment and HR, a new research shows, that there is a direct relation between intellect and the sense of humor. Apparently, the sense of mirth is a reward given by brain when you discover the logical error in statement. According to my own experience and opinion, research results looks valid and natural. Bad news for people with undeveloped sense of humor.

And one ring to rule them all

by Dmitry Kirsanov 27. November 2011 05:08

As discussed previously, there is a noticeable trend in casual IT these days – cut spending on IT infrastructure management as much as possible. Companies are using all chances to eliminate the “human factor” from systems administration, and while it’s scary for incompetent administrators, it adds to the innovation factor of modern IT management offering.

So it’s quite controversial trend. But trends of that kind are very natural for innovation. Let’s see what it’s all about.

There are two questions, depending from who you are – either CEO or IT professional. If you manage the company, any company, then the question is – how much your IT infrastructure costs, and how much – the IT department?

By IT infrastructure I mean all the computer devices you are using in your business, your internet connection and costs of ownership. The IT department, on the other hands, are people and servers used to make the rest of the company operational.

Depending from your personal qualities, chances are that as CEO you dream about getting rid of all the IT guys, as usually keeping own system administrator looks like having own telecommunications specialist just because you own a bunch of phones.

The trend these days is to fulfil that dream. To create service which would substitute your entire IT department without your employees noticing any change. Imagine, that you give up all your expensive servers, all your expensive IT administrators and their rooms, by simply signing up for online service for a fraction of previous monthly expenses of your IT department.

If you are system administrator, on the other hands, then perhaps you think that it’s hard to replace you and your knowledge, so the question for you is simple – what do you know?

What if that service will care about antivirus, updates, backups, software deployment, license management, asset management, various policies and would provide users with answers to all their questions and arrange local company to fix hardware problems at the best price and speed? What would you do against the power of totally automated workflow system, backed up by top IT professionals somewhere in the middle of nowhere?

One of the first birds of the trend is system called Microsoft Intune. You probably know their Windows Small Business Server (SBS) – the Windows Server for poor, available since 2003 and now it’s Small Business Server 2008. The difference between normal Windows Server and SBS is that you don’t have to be a professional Windows System Administrator to operate it. Wizards replaced the command line tools (literally, replaced – some tools are simply not available), you can do anything using your mouse. Also, it comes together with Exchange, which is installed and managed automatically. If you have a decent server hardware – it will everything you need to power a company with up to 500 workstations. Still, you would need to have an IT guy who would take care about stuff.

Well, the reason why I mentioned SBS is that Microsoft Intune is a natural enhancement to SBS offer, but now you can go to the web page and manage your environment without all that Computer Science – everything through one nice looking Silverlight powered web page. And it allows you to do most of the stuff I mentioned before, allowing your CEO to fire half of your IT department.

But you know how it works – someone should provide a platform, and others will build their offers on it. That’s true for just about every product of Microsoft – the network of partners doesn’t fail. So expect Intune to become a platform to something more dramatic, as well as inspiration for copycats. Most likely we’ll see similar solutions from Citrix, VMWare or whoever else. And this will end the system administrator career as we know it.

So, CEOs should enjoy the new offering and take a waiting stance, while still employed system administrators should plan their training – if what you do can be covered by some cloud offering, your next and last assignment will be to implement it in your company.

I will publish video presentation of Windows Intune soon, so you will see what I am talking about.

Security through obscurity

by Dmitry Kirsanov 8. November 2011 11:46

Rather short note for pen-testers.

Sometimes you have software which is contacting some web services – especially interesting when it’s about transferring files.

Sometimes some software packages, especially custom ones, made for a small number of customers, may have web services open for consuming by that software.

Pay attention to it. Sometimes there are exposed functions which could be exploited in a way that developers were not able to imagine.

For example, during my most recent pen-test, I was able to put files, delete and execute on server using only functions of exposed web service. Needless to say, I wouldn’t need any hacking tools or social engineering to penetrate networks of their customers as well.

This topic is rather omitted in CEH and similar courses, but with some base knowledge of programming you could kill the whole family of rabbits with one shot.

Also, as a side note about pen-testing. I noticed that even when you’re using simplest technique, a “no-brainer” one, customer will call you “hacker” or “genius” just to not call their developer or system administrator an idiot.

See the forest behind the trees

by Dmitry Kirsanov 8. November 2011 11:29

Today I was walking by the city and suddenly seen the car of one of our local IT companies. The motto on the side of the car said – “we see further”. Yeah, right.

For years it was a dream of each and every CEO to look one step further than others. To be what they call “visionary” or even “strategist”. To keep the hand on the pulse of technology, you know. To use possibilities before others react.

However, funny thing is that most of them don’t see the forest behind the trees. They fail not only to predict, which is more or less ok, as sales guy is not necessarily an analyst. They fail to see the trend in their own niche, living processes inside their own organization. So what you can read in LinkedIn and similar resources is mostly chewing out the same “enlightening” gum .

The biggest and most consumed chewing gum these days is the cloud. Cloud computing that is. Without understanding of what cloud is, usually CEOs think about the same features of it:

  • No more server room, we can place everything in the cloud, so this will save us money.
  • All of our clients will use our solution which is placed in the cloud, so we won’t funk up with servers and this will save us money.
  • We will save money on IT staff – less nerds in staff is always good.

Et cetera.

Recently I met a solution plan which was designed with pink glasses of SAAS (Software As A Service). That is a currently successful corporate application which is about to “go cloud” so all customers will use one web site and won’t need to install the application locally. The (rather hidden) problem is – this application will require administrative privileges on customer’s Active Directory, which means – all computers of the company. And all customers will use the same instance of that application. And there are nuclear power plant operators among the customers.

I would say – “one ring to rule them all”, but you remember the story, right?

Corporate PR specialists run into social networks without insight. They don’t understand the consequences, they are just playing poker. They don’t understand, for instance, that what they are doing is less effective than using a computer program to do the same thing. And when they are starting to use that program, they themselves become useless, as creativity (the only genuine thing that computers don’t have, but can imitate) can be borrowed through outsourcing or simply dismissed.

The same is with HR and some other specialties – it becomes more automated, then it will become a “cloud” application and then it will become part of someone else’s responsibilities to operate that application. Which will always be more effective than most human specialists.

These days, creativity, speed and precision alone are not enough. You need the knowledge, which is always neglected and seems like always will be. ‘Enlightened CEO’ was the core of the dot-com bubble problem and is the same with any technology-related  hype. Because technology is based on knowledge and decision-makers just lack it.

Look at the top players in IT business. The most successful ones are the ones founded and led by scientists, not by entrepreneurs. Talking about software companies, Apple and Google were found by scientists. Microsoft as well. When CEOs were not scientists, like in Google, they didn’t make any technological decisions, like what their product will look like and how it will work.

However, most other IT companies are led by entrepreneurs, sometimes with insignificant experience in IT, who make key decisions. And fail.

So, the morale of the story. You can’t just use someone else’s knowledge and experience, mainly because you won’t have complete access to it, but only to public portion of it. You must have your own. And prove to yourself that you have it.

 

The devil, as you know, is in details. There was a  time when you could just copy what others did and chances are – you would be fine (remember IBM PC?). These days, with the cloud and SAAS and other buzz terms that may come to your mind, the frontier is much wider and you should be a great analyst in order to understand why someone else’s solution works this way with such success – because there are many details which are hidden from view, hiding somewhere in the cloud and won’t apply to your case.

Think what you’re doing, don’t look at others.

Browser Wars, 09/2011

by Dmitry Kirsanov 8. September 2011 23:06

As a web developer, I do care about browsers performance a bit less than typical web surfers do. I care more about the supported functionality. Whether my website can be viewed on this browser or another and how it will behave.

However, typical web surfers care more about speed and resources of their computers, so when I hear that people prefer Chrome to Firefox, this means my website should look well in that browser as well.

So here is a relative chart of today’s most popular web browsers after testing on my notebook. All numbers are totally relative, but tests included both graphics and data manipulations, the same for each test.

BrowserPerformance08092011

I don’t want to comment on it, as I find these results quite reasonable, but would like to look at the difference between MSIE 9.0 and MSIE 10.0. As you may notice, the Internet Explorer 10’s performance is promising.

So what did I understand from this graph? First of all, I will continue measuring performance of my applications using MSIE 9. And will make sure they are compatible with Chrome 13. And if that’s worth the effort, I will display demos using either MSIE 10 or Chrome. You can keep tracking the performance of browsers on your own equipment using PeaceKeeper website.


Month List