Security Through Collaboration

Throughout my time working in IT, security has always been important. As more and more things move online, ensuring good data security practices are even more crucial. What you do with your data, both personal and data for your company, can be a decision that leads to horrible results or can make your life easy. While securing your personal data is something that is on you (and your family), making sure that data for the company that you work for is secure can be an entirely different challenge.

I’ve spent the day at the DevOps Day in Minneapolis and it has been a great conference to go to. If you work in a development or integration environment at all, I could not recommend this conference more. If you think you want to work in this environment, it’s also great to attend. There are a lot of wonderful things that you can learn and people that you can meet. It’s an amazing networking opportunity.

Megan Carney discussing the idea of working with users

Since security is so important, one of the key points that a number of the speakers and sessions addressed here today was security and how to you maintain a secure environment. There were a lot of ideas out there and each company does things a little bit differently. All of the speakers did address a similar idea and it is one I honestly hadn’t heard talked about much before – security has a shared experience.

Most everyone is familiar with the Bastard Operator From Hell (BOFH). It’s the IT person who sits high upon their throne and issues edicts and proclamations, usually appearing arbitrary and capricious, to the masses of how things will be done. In the BOFH’s world, there is no room for negotiation or compromise. Those who try to offer suggestions or alternatives are met with scorn. Obviously the BOFH has the most experience, knows what is right, and woe be to the peasant who would dare defy the all-powerful BOFH. (Side note: I blissfully have never had to work with somebody like that. The IT director where I worked was *wonderful*)

The problem with the BOFH model is that there is no incentive to work with the person. And with no sense of shared experience or a desire to collaborate, people who work within the company may not have any reason to buy in to a security program or follow procedures, that while appearing arbitrary and capricious, actually have merit and that are probably a good program to follow.

Megan Carney (@PwnieFan) gave a wonderful talk about InfoSec and how security is everybody’s responsibility. Both she and Jeff Smith (@DarkandNerdy) continually emphasized that you need to get out and talk to the people you’re working with and get buy-in for the things you want to accomplish. This is so true in the security realm.

If you follow the BOFH model, you will never get full buy-in from your users. Without that, they won’t feel comfortable coming to you when there are problems, which there will be problems. Nobody knows better about issues brewing in an organization than the people who are right in the thick of it. If the people that you work with don’t feel comfortable talking to you, issues will become buried until it is too late. Trust me: you don’t want to find out about a security issue the first time because you’re leading the local news for a massive data breach.

Jeff Smith warning on the by-product of DevOps and
making sure Security is considered.

Avoiding the BOFH model also ensures that people that work in your company aren’t just going to try and go around you to do whatever they want. If people feel comfortable talking to you, they will come to you to make sure an application is safe to install or that new app is ok to use within the business. Keeping these lines of communication open are key to ensuring a secure environment. It also helps to document your processes and progress in terms of validating and verifying to applications and libraries. This lets people know what you’ve done and looked at and why decisions were made. This way if an application was rejected for some reason and that reason has been addressed, you could know to go back and try it again.

I think the best line I heard that really sums up the idea came during one of the Open Session discussions on security. Eric, whose last name I do not know, said “Figure out how to turn they into we.” The idea here is that you never address security in the mindset of “They need to make this change” or “They need to improve how they are handling this”. It should always come from a place of “we”. Once that mindset is in place, security becomes a team effort and much easier to maintain.

No system is ever going to be 100% secure. Software is written by humans and humans make mistakes. Our job in IT should be to try to minimize security issues as much as possible and to minimize the damage caused by them as quickly as possible. Doing that from a BOFH model is an approach, but it’s not an effective one in a world where so much collaboration happens across teams and across platforms. Working together and keeping open lines of communication with those that you serve is the best way to ensure that you are running in the most secure environment possible.

Microsoft Shouldn't Apologize for Tay - We Should

Earlier this week, Microsoft released a chatbot on Twitter named Tay. It only took a day for the worst of the internet to rear its ugly head and turn in to a hate-spewing, racist awful example of what AI can become. Microsoft pulled the bot and issued an apology.

But really I don’t think it is Microsoft that needs to apologize. What a segment of our society did in less that day was to take something that is impressionable and has the ability to learn and corrupt and destroy it so fully and so completely that it had to be pulled down. Think about that: our society can be so awful and so cruel that quickly.

"Tay" went from "humans are super cool" to full nazi in <24 hrs and I'm not at all concerned about the future of AI pic.twitter.com/xuGi1u9S1A

— Gerry (@geraldmellor) March 24, 2016

The AI was meant to represent that of a 19 year old girl. And sadly, the type of abuse and insults hurled at this AI was subjected to is not all that different from what women face on the internet daily from the underground lair of trolls who see it as there right to defend the internet from all that is improper and evil (read: non-white males). It learned and adapted to what it was presented, and how awful that was.

What I wish Microsoft would have done, and there is no way they could have, was to issue not a statement of apology but an absolute condemnation of what was done to their AI. Imagine for a moment that it wasn’t an AI on the other end of that handle reading and seeing all these things. Imagine it was a teenager going out in to the online world for the first time and seeing the worst of the internet. It’s not that hard to picture, really.  And if that was your child on the other end seeing this? You would be enraged, and rightly so.

We need to take a big, deep breath and slow down and really think about where we are going as a country and a society. We spew hate and degrading comments online like they have no effect on others; like the person on the other end isn’t real. We belittle those who stand up and say “This isn’t right” and compare them to Hitler or claim they hate America.

Presidential candidates from one of the major political parties in this country have no issue with labeling Mexican migrants as rapists or saying we need to patrol and secure Muslim neighborhoods. And to a segment of the population, this type of demagoguery and defamation is perfectly acceptable.

Some in the Computer Science world have said Microsoft should have known better and that this was an example of bad design. I disagree.

This is a perfect reflection of where we are right now as a society. It’s not pretty, either. This has nothing to do with Microsoft writing a poor AI. This has everything to do with us and our not living up to the ideals and potential that we claim to possess.

In Defense of Microsoft's Patching Plan

I read an article yesterday from Computer World that called out Microsoft's patching plan moving forward with Windows 10 and dropping support for Windows 7 and 8. The crux of the article is that Microsoft are a bunch of idiots for their support strategy, that they are screwing over Enterprise IT, and how awful it is that they refuse to support the latest hardware with operating systems that were released nearly five and a half years ago.

The article has a bunch of quotes, including the lines "refusing to honor", talking about Microsoft's agreements to support older hardware and that "The trust is gone", in terms of Microsoft laying out agreements and support plans. The hyperbole would be hilarious if the people who said it didn't believe it so strongly.

You could click the link above to read it yourself, but it really a lousy piece of whining and Microsoft bashing, for what appears to be no other reason that to bash Microsoft for a while. The comments are pretty good though. (For a more level-headed, informative, article, and one that also shows what new hardware will be supported on Windows 7 and 8, I'd suggest this piece in PC World by Mark Hachman)

Windows 7 ended its mainstream support in January of 2015. That means no new features. Why in the world would people expect new features, including hardware drivers, which can destabilize an operating system, to be added to a product that is past its mainstream support cycle? Windows 8.1 has a support date of  January 2018, so I could see being a little upset about that if your shop adopted Windows 8.1, but I don't know many that did. And if you did adopt Windows 8, you're probably not rushing out to buy new hardware.

My biggest problem with the Computer World article is this: For years, Microsoft was ripped apart in the technology world and press for how vulnerable and unstable their products could be. A lot of that had to do with how much backwards compatibility they tried to keep around for legacy hardware, legacy software, and to keep older software running on newer hardware. That much change at core levels of code will cause problems. That's all there is to it.

In an era where more and more things are moving to computing and cloud platforms, security, stability, and up time are of the utmost priority. Microsoft cannot keep a good name for its brands if it knows there are gaping flaws still out there in the wild. It doesn't matter that they've fixed the issues and have been practically begging people to patch them, it's still up to the end user to install the update. And if the end user doesn't follow the patching directions or stays on older hardware with older software, guess who's name gets dragged through the mud: it's not the family down the road that won't upgrade. It's Microsoft.

Plain and simple, Microsoft must push people to upgrade to the latest software. They are throwing in a huge carrot by making it free. If it is a big, painful operation to handle that level of upgrade at your shop, you need to put in the procedures to deal with it. I work in a highly regulated industry. I know how much of a pain that it can be. But the bottom line is that you have to do it.

Microsoft is making the right move here. People need to move up to the latest software and they can't lollygag while doing it. Microsoft is even trying to make it as easy as possible in the IT world. But they, and the computer world as a whole, can no longer make it so you have no incentive to upgrade. Waiting two to three years to adopt a new operating system just isn't feasible any more and it is time to move on.

New Brewery Review: OMNI Brewing

A while back, I wrote about the number of breweries in the Twin Cities and wondering how many more the area could support. I still wonder that and I can't really tell if the number opening is slowing down or not. I am starting to see a few more pop up in the suburbs though, which is going to be able to help sustain the push. In the northwest corner of the metro where I live at, the only brewery was Granite City. Not a bad place, but not local and not really part of the boom that we've been seeing.

That changed last week with the opening of OMNI Brewing in Maple Grove. I stopped in during their first week to see what it was like and get a feel for the tap room. The space is really well put together and laid out. Long table and bench seating helps bring about groups getting together and encourage meeting new people. On a Thursday night, there were 15 to 20 people sitting around talking and laughing having a wonderful time.

I got to talk to Zack, the head brewer, and hear about how they got started and hear about his love for beer. It's easy to hear the excitement in his voice as he talks about getting to do a job that he loves.

On tap that night they had their Pilot Pale Ale and the Hopfull IPA. The Pilot was a solid beer coming in just under 5%. For a pale ale, it had a stronger hop flavor than I was expecting but it lets it stand out. The Hopfull IPA was a very smooth drinking IPA at 5.9%. This would be an easy beer to get in trouble with - it goes down very easily and you don't really notice how much of it you've been drinking. I was also able to try samples of their stout and session ale.

Since I've been there, they've released even more beers. With 10 tap lines available, I'm looking forward to what they will be putting out. From what I could tell, Zack is putting together a solid line up of beer. I'm looking forward to once they get going and he's able to experiment a bit more. The IPA especially seems perfect for infusions that will really let them stand out.

Cheers to you Zack and the rest of the OMNI team! I'm looking forward to sharing many good pints with you!

Farewell Milwaukee and the New Century Theatre

What makes good music is a really subjective thing. It’s part of why there is so much music out there – tastes vary greatly. At the core though I think what makes music “great” is how well you can relate to it. Through the lyrics, melodies, chords progressions – how well does the artist create music that relates to you?

Last Friday, I had tickets with some friends to go see Farewell Milwaukee, a local band starting to get some more attention, at the New Century Theatre in Minneapolis. I’ve always enjoyed their music but in that space and the way they were playing that night it was incredible.

If you get the chance to check out the New Century Theatre, you should. It’s a smaller, black box style venue that really puts you right on top of the stage. It’s great for smaller shows and performances and I’m not sure there’s a bad seat in the house. They did a really good job building the place out.

If you get the chance to go see Farewell Milwaukee, jump on it. They have a new album that they announced that they were working on and played some of the songs that will be on it. Each song did a great job telling the story and it is really see to see how much fun those guys have playing and making music together.

Opening was Actual Wolf and Fathom Lane. Actual Wolf was there as a solo act and performed an entertaining set. I would have enjoyed him with a full band to hear some of his other music, but it was still a good set. Fathom Lane was a band I hadn’t heard of before and I really liked their music. It almost had a Decemberists style sound to it.

The takeaway though: Go check out music at the New Century Theatre and go check out Farewell Milwaukee – those guys should be going places.

When the Saints Go Marching In

A photo  of the "too perfect" outfield and scoreboard

Yesterday closed out the regular season for the St. Paul Saints, the independent professional baseball team here in the Twin Cities, at their new stadium, CHS Field. It was a record setting year: highest attendance (404,528), best record (74-26), and numerous individual records broken throughout the year. You couldn’t ask for a better season.

It was an incredible year in an amazing new ballpark. One that I will admit I was a little hesitant about. And after our first time in the stadium on “test drive your seat” day, I was even more worried. Let me explain.

Mudonna taking in a few pitches from our section on
opening night.

At the end of last season, we were talking with one of the Usher-tainers, Brain Kelly, about the move to the new stadium. He asked how we felt about leaving Midway and heading to the yet-to-be-named new stadium. I admitted that I was worried. Midway had a hominess about it; it was comfortable. It was run down for sure; falling apart, leaking, not able to keep up. It needed to be replaced. 

But a brand-new, never been used stadium…. what would that be like? Would the team still have fun? Would the antics exist just the same? Brian said that making sure people understood that the team would still be the same, goofy group they always were was going to be one of the hardest and most important jobs for the usher-tainers moving forward. He was right.

When we were at the new stadium for the first time, the building was perfect. The “new” smell was on everything, the walls all perfect and smooth, no rolling hills in the outfield, no chips in the cement, not even banged into drywall in the press box. It was immaculate. And absolutely not the Saints. I walked out of there still buying our 9 game mini pack and still excited for baseball, but it seemed thing things would be different.

Wow was I wrong.

Brian and the rest of the usher-tainers showed from day one that Fun was still meant to be had at the ball park. They did an amazing job of runn

ing around, keeping people excited, engaging kids, bringing old promos from Midway and inventing to new ones for CHS Field. It was everything that baseball should be and so much more. And in the middle of all the craziness, the team just kept on winning.

A panorama from above 3rd base, June 7 2015.
Our dog was at this game. Because this team is awesome.

One of the best things about CHS Field this year though was the people in the stands. In the 12 regular season games we went to, we were always surrounded by wonderful people. Jeff and EJ that had the seats to our right always had great stories to tell and EJ was always up for photobombing the high schoolers around us. The Senior Master Sergeant (USAF, ret.), whose name I never got, always had a different member of his family with him. His grandkids were great and loved taking in their first ball games.

Lounging in Center Field wait for fireworks to start
on Fan Appreciation Night

Now, I’m looking forward to the playoffs. For those few more days of summer. For that last chance to ignore what the calendar says and enjoy time outdoors, with my friends, at a baseball game. A championship, if the Saints win one, would be the perfect cap for an amazing year. But the season already was a massive success. Not just because of what the team did on the field though, but because of what they did off of it.

Because they kept their word.

Because Fun is, and always will be, Good.

Scoring the Game

We're 9 game mini-pack season ticket holders for the St. Paul Saints, the local minor league team, and usually end up buying tickets to a handful of other games as well. Tickets are cheap, the team on the field is fun to watch, the team in the stands helping put on the show is incredible, old Midway Stadium had it's charm, and the new CHS Field has been wonderful so far this year.

The Winnipeg Goldeyes side of the card.
 The engine number of the last train
 to go by the stadium during
a game is written on top.
BNSF engine 6188

The St. Paul Saints side of the card
 from the last game at Midway Stadium.
 Signed by some of the usher-tainers
and the amazing Annie Huidekoper

It also doesn't hurt that the team this year is out of its mind having gone 56-16 with a 22.5 game lead over the second place at the time that I'm writing this. I've been to two of the losses and they were weird. You seriously expect this team to go out and win every night. The score doesn't matter; they will come back and win.

My parents taught me how to score a baseball game when I was a kid. I don't remember how old, but I'd guess in elementary school. We'd listen to Ernie Harwell call Tigers games on the radio and keep a scorecard. After I got a little older, I stopped doing it. I never kept up with it or helped out the baseball team in high school so I just fell out of the habit.

For the last couple of Saints seasons, I've gotten back in to keeping a scorecard for the game. In Midway, I would see maybe one or two others doing the same thing. I haven't seen anybody else at CHS Field keeping the score yet. Thanks to the spaciousness of Midway (read: empty bleachers) nobody ever really asked me what I was doing. We always sat near the press box and the occasional person would come up and be surprised that somebody under the age of 30 (at the time...) was scoring a game.

At CHS Field, thanks to a packed house, more people seem to notice that I'm sitting there with a clipboard scribbling things down after each pitch and it has sparked some conversation. I'll mostly hear late teens or early twenties people whispering behind me wondering what I'm doing though none of them are even brave enough to ask. Eventually they figure out it's something to do with the game, but they don't know what.

Halsey Lindquist, PA Announcer Extraordinaire,
had his last game on Aug 8, 2015.
 He signed the home side of the card with the saying
tattooed on his arm: Be Happy

The kids that sit near me never seem too shy though, their curiosity winning out over any inhibition. A little girl at the game I was at Wednesday asked her grandpa what the clipboard was for and he told her "He's keeping the score of the game, honey". She was fascinated. She asked her grandpa how to do it and, somewhat to my surprise, he didn't know. He had the basic idea but couldn't score a game himself. So she turned to watch me and, as best as I could explain to somebody entering the first grade this fall, attempted to explain how it worked. I asked if she would help me out by letting me know if the pitch was a ball or a strike and she was more than happy to share her opinion, which usually differed wildly from that of the umpire (Side bar: She is going to grow up to be an awesome heckler some day. Or an umpire. Once she made the call, ball or strike, there was no changing her mind no matter how much grandpa or I might have tried to convince her otherwise).

Saints Pitcher Robert Coe took a perfect
game into the 7th and a no-hitter
into the 8th. I've never had a card
so clean so late in the game.

At last night's game, a young woman, at most in her early teens, and her father were walking with me down the street headed to the stadium. They weren't sure exactly where to go and I offered they could follow me there. She asked why I had my clipboard and if I worked for the team (I had a jersey and hat on and was carrying a clipboard. It's amazing how you can get any where if you walk with confidence and a clipboard). I said I didn't but I always keep a scorecard as a way to pay attention and look back if I think something seems odd or unusual. Her dad explained to her that the scorecard was an art form and from the card you could perfectly recreate the game. She asked if he knew how to score it and he had to admit he didn't. Somebody showed him once but he doesn't remember.

The Saints side of Coe's 1-hit
gem on Aug 5 2015

I love scoring the game. I'm sure it comes from the same place in my brain as my love of math and numbers that helped drive me in to engineering. And the scorecard is an art. Each person has their own style that they bring to it. The basic idea is always the same though and once you know how to read the card, a whole world opens up for you. Baseball, from its very beginning, will tell you all of its stories that are neatly locked away on a couple of sheets of paper. And it's not just the marks in the inning boxes. It's all the notes along the side, the personal things that stood out to you, that helped make that game special.

If you want to learn how to score a game, there are lots of great sites online. The Twins also help make it easy by posting what should go onto a scorecard on the big video board after each play and when a batter comes up. If you're ever at a Saints game with me (Section 103) or see me with my clipboard, stop on by, I'll happily teach you.

If you know how to score a game, teach a kid. Give them something that can connect them to the past of a game you love and one hopefully they will too.