De Vita Principia #1: Never order food that is delivered through a window. ​

So I don’t remember where I heard this, but I definitely think it is a good life rule.

#1: Never order food that is delivered through a window.

Today, things move at a fast pace and we expect our food at an even faster pace. This is why places like McFastFood and Burger Royalty are so popular. We believe that we are so busy that we cannot spare a few extra moments to wait for food that is not trying to kill us.

Keep in mind, I don’t believe that fast food joints are maliciously trying to kill us, no. That would kill their bottom line (pun intended). Instead, I believe that they are not concerned about long-term ramifications of what we are ordering. A gallon of soda, a side of oil-saturated potatoes and something that may or may not be beef between bread that never molds*. Chalk it up to answering to shareholders or gaining the instant gratification that they serve to their billions of customers. McFastFood-like joints are in the business of serving an impatient society, and they are killing it at what they do. (Still, pun intended)

Based on this and the innate, human logic that if you can order, pay for and receive your food in the amount of time it takes to pull your car to the next window, it probably isn’t the best thing to be putting into your body. If things continue, it’s just a matter of time before we have a delivery system that will inject the food directly into you while you drive through. No stopping involved.

* Disclaimer: I love the taste of McFastFood but try to stay away from them when I can.

IT Support Should be Treated as a Hospitality Role

Traditionally, IT Support has been just that, a support role. As such, many IT Support organizations have self-withdrawn into their own world. They may only mildly consider the people they support because they know that the organization depends on them. It is because of their actions that things on the technology front run smooth.

This is entirely the wrong way to think about this role.

Image result for IT Support

Treat IT Support as a Hospitality Role

First and foremost, we should consider IT Support as a hospitality role. Most notably, support specialist should treat the individual or individuals as an esteemed guest and not as a support client. I do not say this to demand better treatment, special care or consideration for when I put in a support ticket. As a former Systems Support professional, I understand and sympathize with their responsibility and understand how hard that job can be. But when a Support Specialist behaves as if you are an inconvenience and not their primary responsibility, the client feels that impression from IT Support and are turned off by it.

Related imageAsk yourself this question: in your last encounter with an IT Support Staff member, did you feel special, like you were the only thing the Support specialist was concerned with at the time? Or did you feel bitter, bad like you were an interruption and didn’t really get what you needed from your support staff?

If IT Support were a hotel or a restaurant, would you go back again? Unfortunately, in many organizations, the answer to this last question is a disappointing ‘No!’

Too many IT Support Team members know

they have a monopoly on the IT infrastructure. If they desire, they can cause massive amounts of damage. Damage that, depending on the organization, could cause monetary loss greater than most terrorist attacks that have occurred since 9/11.

The San Francisco Example

Take, for example, Terry Childs. Childs, a 43-year-old computer network administrator, who, in 2008, locked San Francisco officials out of their new FiberWAN network. This network houses important government documents, including PII information. Did he do this for money? Probably not. His base salary was north of $120k and he did not even live in America’s most expensive city. Did he do it as a statement, maybe. Most likely, this was probably an insurance policy protecting him against being fired for performance. He knew that IT Support has a monopoly in any organization, he bet that he could at least make a statement (which he did) if not get what he really wanted, notoriety and job security.

Organization can try to pay their way out of this threat but trying to pay IT Support Professionals more money only because of their special monopoly is only kicking the can down the road. It covers the symptoms but does not treat the disease.

Treating the Disease

Image result for edward snowden

All the Edward Snowdens and Bradley (Chelsea) Mannings of the world are a testament that Computer Systems Support need to change the way they operate. It is time for a change. That change is to transform IT Support departments into a hospitality role and not a support role.

All the IT Support professionals reading this are probably cringing and wondered to themselves, “Why should I change, you need me!” This is true, we do need IT Support professionals, but we also need hospitality professionals when we travel. We need computer updates and we need clean bed sheets. We need new computers and software installed just and we need food and beverages when we are out travelling. The big difference is that there is a monopoly, for good reason, within the organization for IT Support.

Fight or Flight

Image result for password post-it under keyboardWhen IT Support is run like a monopoly it leaves bad experiences for the people they support. Bad experiences mean that employees will circumvent IT Support in the future. Avoiding IT because of bad experiences is a security risk for your organization at the technology level. That employee who can’t remember a complex password that IT has set and prevents her from changing? She will write it on a post-it and, if the organization is lucky, put it in a locked drawer. More likely, it will be found under her keyboard or sticking right on her monitor.

People tend to avoid things that they are uncomfortable with. This is the fight or flight response at work and it happens in the IT world. Circumventing IT Security policies or beating frustrating computer equipment, fight or flight is real in the corporate world. PC Load Letter, anyone?

A Radical Solution

A radical solution to this, in my opinion, is to first of all, have professionals from the hospitality industry retrain IT Support professionals. Train IT professionals on how they can be more hospitable towards the staff they support.

Second, organizations should outsource what they can. Outsourcing will add a level of personal separation between the support staff and the people they support. This separation is a level closer to IT as a hospitality industry. This also has the added benefit of saving an organization money in the long run.

Next, eliminate the special perks that IT has that are not necessary to their job such as special access and abuse of work hours. People see this abuse and are turned off by the apparent abuse of power that IT Support professionals have.

Last but certainly not least, enforce the Golden Rule for the IT Support Staff; treat the people who are their support guests as they would like to be treated. That will go a long way in eliminating the appearance of an IT Support monopoly and the dirty laundry that comes with it.

Mass Shootings and Social Media Reaction

[Blurb]

Originally posted on Facebook on 2/17/2018

The shooting that happened in Florida is a sad affair as is any shooting. What’s even more sad is people’s polarized reactions to what happened on Facebook and other social media outlets.

Blindly sharing memes in support and against gun control and other contributing factors is not helping anything. These memes (often times oversimplifying the reasons for the shooting such as “God is not allowed in schools anymore” “More people are killed by falling down their stairs than byintruders in their homes” just to name a few) do not help and in fact, inflame or enrage people on both sides; and so the cycle continues.

If you are for gun control, do something about it. Call your congressman, push for legislation.

If you are against gun control, do something about it. Call your congressman, push for legislation.

If you want God in the schools, organize a group at your church, temple, mosque, or other religious institution to form an outreach committee to see how they can help the schools, teachers, staff, parents and students cope and understand.

The bottom line is, don’t be rude without knowing it and post meme’s or posts with questionable validity and think you’ve done your part. You haven’t. Sometimes the truth is hard to hear, but if you want change, make change happen.

Facebook Memory from One Year Ago Today

Originally posted on Facebook on 12/24/2016:

I’ve been thinking a lot about this day. In a lot of ways I have been looking forward to it, yet in other ways I have been fearing the memories of this date one year ago. I am choosing to embrace this day as the day that I was given a second chance. I will not ruin it.

One year ago, I got really sick; I had been sick for a few weeks, but it got really bad a year ago. Piper and I went to the doctor’s office before they closed. It was there that the doctor told me I had acute pancreatitis and needed to be admitted to the hospital.

For brevity sake, I will say that three days later I was in UNMC in Omaha for what would end up being almost a month.

The doctors took great care of me during this time and it is only recently that I have really come to understand the seriousness of my illness. Sepsis took hold as memories faded; there was a very real chance that I might not have made it.

Thanks to the care of the doctors and the nursing staff as well as a strong will to survive, I fought off my illness and about 6 to 9 months later, was back to full strength. I feel better now than I have in years. I have embraced a healthier lifestyle which includes giving up alcohol, eating healthier and exercising. The stress I put myself through has vanished as I picked up a healthier mental health lifestyle.

I would like to thank all of you who were thinking of me, praying for me or visited me. Without all this support, I don’t think I would be here now. It was not just my doctors, nurses nor myself alone that was responsible for my recovery but instead, all of you who gave me the strength to carry on and fight.

As most of you know, I love quotes so as I close, I want to leave you with this one that I try to remember every time I have flashbacks to that time in the hospital or have fears that I am going to get sick again. Thank you once again one and all.

“Fear doesn’t prevent death. It prevents life.”
― Naguib Mahfouz

On Hate

[DRAFT RELEASE]

Simply put, hate is so much more than an emotion or a reaction. To me, hate is a contract one makes with something, be it a situation or a person or something else, in which they will do absolutely anything immoral, unethical or illegal to eliminate that something from not only their own existence but from existence in general.

From a Christian point of view, hate violates almost every commandment laid out in the book of Exodus in the Bible. I won’t specifically lay out violations here as that would make this rather quick post so much longer than it needs to be.

Lately, hate has seemed to grow in America. The Southern Poverty Law Center has reported that hate groups in America have grown to more than 900 in the year 2017, an increase of over 100 from the previous year. Again, this is not a post about hate crime, it is more about my perception of hate.

The word “hate” is greatly overused by people who are unaware of the weight and meaning that it carries. You hear people all the time say, “I hate these jeans.” or “I hate this person” when they don’t really mean hate. They don’t care for a piece of apparel or a person, but they would generally not go so far as to take measures to destroy these things they claim they hate. One of the things I try to avoid in my life as much as possible is the use of the word “hate”; in fact, I cannot remember using it in recent history because of my interpretation of the word.

Friday the 13th… A Real Life Story For Halloween

Friday the 13th has struck

First of all, I am alright, just some bumps and bruises. Now for the story.

Setting the Scene

It was a dark and dreary Friday the 13th, not really, but it sets the mood, and I was on my way to work at a little after 7 travelling a well traveled street in my hometown. The street is a four lane with no center turning lanes. Traffic was heavy on account of parents ferrying their clones and clonettes to one of the local middle schools that bounds this street. Occupying the inside lane was little ole’ me in my nice (read: nice to me) Chevy Cobalt, proudly flying my new geek stickers in the back windshield. Minutes away from work, I was cruising along the flow of traffic, an SUV to the right of me began to slow and turn onto a side street that leads to the previously mentioned middle school. That’s when it happened.

The Accident

The second SUV, the bringer of curses (note: I am not saying the driver was a bringer of curses and I am neither accusing nor abdicating the driver of any responsibility outside of the fact that they were cited for the incident while I was not. I am not going to air my grievances here, that is what Festivus is for. Continuing…)

Yeah Ha!
Not the SUV of Curses

The SUV of curses decided it would be a good time to turn left in front of me while I was going straight. Adreneline coursed through my veins as I went into superhero mode. Time slowed, threats became real and a quick, instinctual evaluation told me that my best course of action was to slam on the breaks and veer left towards the oncoming traffic lane (there was no traffic oncoming at the time).

Microseconds before the impact, a few things ran through my mind not necessarily in the following order:

  • I really liked this car!
  • I don’t want to buy a new Ubuntu Euro Style sticker!
  • At least I don’t have to worry about my appointment tomorrow to get the slow leak in the tire taken care of and the oil changed.

Some of those were probably post factual thoughts well after the accident, but the first one definitely did run through my mind at the moment of impact.

The impact was nothing like I expected; I was not jolted and jarred the way I thought I would be, the airbag did not hit my face or chest like I thought it would and I appeared relatively unscathed. I got out of the car and I was in shock.

The Aftermath

Adrenaline was receding from my body and refusing to work anymore. In my dazed state people asked me if I was ok and I told them I was. The driver of the Bringer of Curses came up to me to make sure I was alright and apologized admitting fault. I was trying to remain calm about the situation and told the driver that I was but I had no desire to talk to them at this point, maybe later after all of this is settled, but I was understandably upset about the situation. I called 911

I must have still been in shock because I don’t remember much of the conversation with 911 except for the fact I told them that I was in an accident, gave them the location a description of the vehicles, and the fact that my airbags deployed; for some reason, this detail seemed extremely important to tell them but I don’t know why.

The Waiting is the Hardest Part… Thanks Tom Petty

Actually an old relative of mine who was a photographer in Kearney
Possibly the Same Car that Responded to the Accident

I stood on the sidewalk for a short while until the police arrived. It was not until after they arrived on scene that I began coming out of my shock. Details are a

little more clear after that point. Itried to call my wife but there was no answer so I left a message. I asked the officer if any of this was my fault to which he told me that they don’t determine fault, but that the other driver, the driver of the Bringer of Curses had been cited for failure to yield. I watched as they measured the distance of my skid marks (the ones on the street, not in my underwear). It was then that I noticed that mine were the only skid marks, the Bringer of Curses had apparently hit me at full acceleration. Perhaps it was distraction, perhaps the last remnants of shock, I did not mention this to any of the officers.

I watched as they towed my favorite car away, that is when my wife called. She was understandably upset but I assured her that I was ok and that the officer was going to give me a ride home. It took a little bit of convincing but eventually she seemed to agree.

On the way home, I talked with the officer for a while, he was a really nice guy, been with KPD for five years. I told him of the time in a previous life when I was dispatcher and 911 operator and that my bachelor’s degree was actually in Criminal Justice. He spoke of his internship with the Omaha Police Department and the air unit which he described as a blast. Side note: I was accepted to do an internship with OPD but had to turn it down and write a thesis instead because of my previously mentioned job as a dispatcher/911 operator.

Recovery

Airbag Volcanic Exhaust Port
Airbag Volcanic Exhaust Port

Once the officer dropped me off, my wife thanked him for bringing me home in a tone that sounded like a mother thanking an officer for bringing home her drunk son. (No, I was not drunk at the time of the crash, I know some of you may think that after the previous sentence). We shook hands, that’s when I noticed the burn on my left wrist and my brand new Xpanxion fleece jacket (note to self: Look into getting a new one). The officer said that that was common after an airbag deployment because it is deployed via an explosion and the vent in the bag opens on the left side of the bag.

My wife gave me a hug in the drive and we walked into the house. The bruises began to hurt and I took a nap.

RIP Chevy Cobalt 0 – 133354

RIP Chevy Cobalt 0 - 133354
RIP Chevy Cobalt 0 – 133354

The next morning, we went to retrieve my belongings from the car and really noticed the damage. The SUV hit me hard, we couldn’t even open the passenger side door and somehow, the back of the hood on the passenger side was bent up at a 90 degree angle, who knows what kind of devilry caused that.

The current status of things as of now is that I am waiting for a rental vehicle until the insurance is all settled and I am in a new ride. Until them, I am chilling and resting my weary, bruised and burned bones.

I don’t really believe in curses and Friday the 13th is just one of 365.25 days out of the year that this could have happened. I am going to make the best of this and not dwell on the negative, for a while now I have come to the conclusion that things happen for reasons and I would not be where I am at now if things haven’t aligned in certain ways throughout my life. I just need to sit back, relax and wait to see how this will positively impact my life.

Never Trust User Input for Generic Fields

Never trust user inputNever Trust User Input for Generic Fields

Disclaimer: I am not a professional developer or database designer, this is a hobby for me.

I’ve written in the past about php unit testing and why you should always use example.com for your testing efforts. Now, in the wake of the Equifax data breach, I am taking a stab at expressing a thought of mine with regards to safe guarding PII (Personal Identifiable Information) in a data application.

Anyone whose ever worked with data driven web applications will already know that user input is to never be trusted. Sanitizing data is always necessary before working with it in a data driven web application. There are many different ways to sanitize user input such as escaping special characters on input and using prepared statements. I am not going to get into the nuts and bolts of that right now. This article is an argument for treating input into generic fields as untrusted in the fact that it could potentially contain PII.

The Problem

For the purposes of this article, generic fields is a term that I am using for any field that is not for a specific type of information. Fields labeled as “Notes”, “Additional Information”, “Descriptions”, etc. fall under this term.

Many times development organizations will not encrypt these generic fields and instead trust that training will be provided for the end user to not input PII information into such fields. We should never trust user input. Handling PII through policy instead of technically is equivalent to trying to stop a leak with a screen. Some of the water will stop, but it only takes one hole for a data leak. Relating this to the issue at hand, it only takes one person forgetting what a policy is. This can cause catastrophic PII issues for your application. This should be handled at the development level.

Example Scenario

An HR organization has a database of employees. They need to make a note that Jon Doe has a peanut allergy and that there is an epi-pen in the first-aid kit for emergencies. There is no specific field to denote medical conditions so they place it in the “Additional Details” field. Furthermore, the person making the entry adds another emergency contact (name, phone, etc) into the same field for this particular allergy case. Due to a security issue with the SQL server, hackers capture a dump of the database. Almost all the data containing PII is secure except for the generic fields. Now the hackers know Jon’s medical condition without having to decrypt the database. Not only is this a privacy violation, but also a potential HIPAA violation. Again, we should never trust user input.

The recent data breach at Equifax reminds us of what can happen with PII information once released to the world. While the Equifax breach is probably related to a hacker or group of hackers gaining access to an account that has legitimate access to this information and (hopefully) not one in which they had direct access to unencrypted data in the databases at Equifax, my argument for protecting generic fields still applies.

The Solution

In this case, the solution to storing data in these generic fields should be simply to encrypt these fields. Through good database practices, such as the holding the PII data fields is in their own table and using primary and foreign keys, then encrypting them should have a minimal impact on performance.

What I’m Reading – The Nerdist Way

For the last week or so, I have been reading “The Nerdist Way” by Chris Hardwick. I was happy to add it to my library. So far, it has made a positive impression with me. It speaks to me as a nerdist, a productive, working professional and from a personal point of view. Though I am not finished with the book yet, I believe that this book will be getting at least a four star rating on Goodreads. This will definitely be a book that is pulled from the library shelf to read again.

Nerdist Chris Hardwick
Chris Hardwick by Gage Skidmore

About Chris – The Original Nerdist

Incase you don’t know, Chris Hardwick is the brains behind the Nerdist web empire. In the words of the website, “Nerdist was started by CHRIS HARDWICK and has grown to be A MANY HEADED BEAST”. In addition to being a comedian, he currently hosts no less than six different shows on television. He is one of the hardest working people in the entertainment industry.

About the Book

Reading “The Nerdist Way” has revealed to me that, in many ways, Chris’s life experience is very similar to mine. I can relate to the stress and anxiety he lives with and how he coped with it in the past to how he copes with it now. He decided on his own that quitting drinking was the best thing for his life while I had to come to the same conclusion after a bout of pancreatitis. Both Chris and myself are now sober although he has a few years on me.

On Stress and Anxiety

His account of experiencing stress and anxiety was almost exactly what I experienced; it was like he was crawling around in my head, that is rather unsettling if you think about it. One of my favorite parts of book with respect to this was his account of looking up medical symptoms on the internet”

THE WEB: A HYPOCHONDRIAC’S LIFEBLOOD Please do me a favor. We’re friends now, right? OK, good. NEVER go online to self-diagnose. EVER. Don’t fucking do it. You might as well just ask Dwayne “The Rock” Johnson to kick you in the solar plexus. Sites like WebMD should just change their name to Enjoy YourCancer.com

YES! Finally someone came out and said what I have been saying for years! I feel vindicated!

The Ever Working Brain

As a fellow nerdist, I understand the way he described the head always working, always thinking and always making connections to things that may not necessarily be correct or even healthy. Whether it be worrying about that strange ache on the back of your right earlobe or worrying about where you are going professionally, the voices in your head (not literal voices, that’s just crazy) whisper the worst case scenario; that only helps make things worse.

In a lot of ways, I think this contributes to the reason why many of us have chosen to quiet the voices in our heads (again, we’re not crazy) with alcohol. When there is nothing telling you that you are dying of some horrible ear lobe fungus, you are actually a much happier person in the short term but not in the long term.

The Professional Nerdist

As productive, working professional, I appreciate Chris’s work ethic. Once your mind is free of the voice-muting alcohol, it needs to turn to other outlet avenues. For both Chris and myself, that seems to be work. I am not saying that I am as hard of a worker, as productive or as successful as Chris, I am just relating my experience compared to his and the similarities. Take this quote from the book for example:

The fortunate or unfortunate occurrences that befall you most of the time are the direct result of attitudes you employ and the choices you make.

This expresses almost the same set sentiment as one of my favorite quotes by Khalil Gibran. Chris is constantly reenforcing the formula for success in that there is no simple formula. Success is made from hard work, not something lucky you find by chance.

Strive for excellence in something you love.

New Resolutions – Week 4

Paqui Haunted Ghost Pepper | resolutions seriesAs I write about resolutions for this week, my mouth is on fire! These puppies are HOT! And that was after only three. That being said, this weeks new resolution are the Paqui Haunted Ghost Pepper Nachos. I love hot things. Hot buffalo wings, hot chips, hot sausages, etc. I used to devour the Lay’s Flamin’ Hot chips all the time, now they are too hard to find. My order of Chinese food would always include the terms “extra spicy”. This is not me being braggadocios here, I am simply laying the foundation for the scale as to exactly how hot these nachos are.

Some people can’t handle spicy food and that is ok. For me, I think it is the endorphins released when I eat spicy food; it makes me all warm and fuzzy inside. I can feel the fire dragon tickling my stomach when I eat spicy food and that makes me happy.

Of course, it is not just the spice for me, it is the flavor as well. I don’t really care for something that is spicy just to be spicy. If that were the case, I would just pour myself a glass of Sriracha or other hot pepper sauce and drink it straight. That is neither appetizing nor is it smart.

The flavor of the nachos is like that of other chili peppers. Behind the heat, there is a hint of sweetness. Overall, the flavor is enjoyable. This is a flavor that I would chose even if there was no heat to it.

Recap from last week’s resolutions

Last week, as part of the resolutions series, I tried Kame Rice Crackers. I went two weeks in a row of something that I did not care for. The crackers were just the opposite of the nacho chips above. There was no flavor at all; they reminded me of Rice Cakes, remember those? I believe the phrase “Eating packing peanuts” came to mind. I would not eat these again, but hey, if eating paper is your thing, go for it.

Example.com: Always Use It for Testing

Testing with example.comBackground

I was looking over some software tests today and they had different testing addresses such as test.com or test@test.com. This got me to thinking, isn’t there a standard site or address that we should use for testing? It didn’t take me long to find my answer; example.com. More on that in a bit.

Security Concerns

A couple of thoughts that came up while thinking about this; where is my information going while testing with made up sites and what kind of data am I sending? From a security standpoint, using unknown sites for testing may reveal flaws, sensitive data or PII to parties that may not have the best intentions in mind. Let me throw a hypothetical out there. Suppose I am a party that sees an opportunity to purchase the domain name tester.com. My reason for purchasing such a domain is not for legitimate reasons but rather as a honey pot. With that honey pot, I harvest the information by pulling in emails that come to that domain. Once that information is in hand, they could sell it on the dark web. Thankfully, my honor is paramount to me so I will not do such a thing.

Real Life Examples

A quick search on whois found the following: test.com has a private registration in the United States. We don’t know who owns this site. The question here is what are their intentions for the data they gather? Registration for somewhere.com is private in Panama. Nowhere.com redirects to a media outlet in Germany that looks like a simple front site. The last update for this site? 2012. I’m not saying that this one is, but its suspicious in the very least. A web advertising agency owns the site Test-site.com. There is a potential that the owner of test@test-site.com may add emails gleaned from tests to spam lists. How would your clients feel about a sudden influx of spam?

Other Concerns

A less evil, but realistic concern using random sites is that some of these sites could be real and legit. Take, for example a company named Pinacle Associates; I have no idea if such a company exists and please don’t bombard them with emails. Tes Thompson is an SVP for Public Relations for this company. For emails, this company decided on the naming scheme of first name last initial. In this case, Tes’s email would be test@pinacle-associates.com; again, I don’t know if this exists, so please be kind and don’t spam it. Imagine the amount of mail she must get if a test team decided to use her email address for testing?

The Solution: Example Domains

So what is the solution then? Set aside for the very purposes of testing and documentation are Example.com, example.net, example.org and example.edu. The Internet Corporation for Assigned Names and Numbers or ICANN owns and manages these domains. These are the folks that give out and manage domain names.

Conclusion

So the moral of the story here is that you should always use one of the example domains. Using a domain such as example.com when testing software will help prevent inadvertently leaking PII data. Your company or client values their data and wants it kept secure.