Grumpy Coworker

Author: Grumpy105

  • The Insecurity of Your Secure Password Policy

    Let’s say you have a password policy that mandates passwords change every 90 days. Also imagine it takes 1-2 days for the user to get everything back in sync. They have their password manager, different web applications, maybe their iOS keychain…  You start warning people 10 days in advance. Also, you have systems that only allow passwords of certain lengths, and…  where was I?

    What percentage of users do you think are using a password manager that randomly generates that password?  Don’t forget there are systems that people need to log into that don’t have anyway to directly insert from a password manager app.

    Instead, you’re going to get a password progression like:

    • Puppies1!
    • Puppies2?
    • Puppies3!
    • Puppies4.

    So if you have one set of compromised passwords, it is pretty likely that a WHOLE PASSWORD GENERATING METHOD is compromised for many users. The existence of a single digit and a single punctuation mark as above is a tell-tale sign of this. All an attacker needs to do is take those password patterns and increment or decrement the digit that comes with the password to try on other sites.

    The extra burden of trying to come up with memorable but unique passwords so often is forcing users to dumb down their passwords.

  • How Long Will This Simple Concept Take to Build?

    How long does the business person asking for it think it will take? Double that.

    Is there a model system that it is being compared to? Double your estimate again. Double your estimate again if it’s being compared to more than one system.

    Is it the design going to undergo audits for standards or compliance? Add 50% for each.

    Does Agile mean “work before requirements are figured out in a process that’s really Waterfall”? Add all the effort up until your last new specification to the end of the project timeline.

    Is “concept” or “pilot” being used in the place of “live production product that will be expected to scale and configure from day 1”? Double your estimate again.

    Congratulations! You now have a very conservative estimate for how much effort things will take.

  • One Reason Why a Programmer Falls Behind

    IMG_4045.JPG

  • #operationfreefood Day 2

    Brought leftover rations from our trip into town this weekend. Hoping not to have to use them, but still waiting on word from Leftover Intelligence that food is available. Our late morning drills were fairly light, and we’ve actually had time for ample coffee drinking, so I may be able to reserve my rations for tougher times.

    One thing about the coffee: I know that it is better than the standard issue coffee, but, it’s just that… I’ve been drinking it every day, and it just tastes awful now. Is it a product of the resentment of these conditions I find myself in, or is the coffee really that awful?

    Update:

    I tried to hold out but couldn’t. My rations had to be eaten.

  • Embrace Your Inner Lackey

    Have you been given a crappy assignment?

    Is your job your field’s equivalent of disassembling the drainage pipes in the building and cleaning them?  Is it beneath your skill set?

    Pride goeth before the fall.

    News flash: No one’s hiring people with PhDs in operating an abacus anymore. The same may go for your skill set, too.

    The key thing to remember about crappy assignments is that very few people embrace them well enough to get good at them.  Yes, it’s true that if you get really good at a job that nobody else wants, you might be assigned to that job for a very long time. Unfortunately, if you do a mediocre or bad job at it, you may not have any job for very long.

    Maybe you’ve been assigned this crappy job because people believe that you can turn things around. Do you want to prove people who believe in you wrong?

    Maybe you’ve been assigned this crappy job because people expect you to fail. Do you want to prove those people right?

    Embrace your inner lackey.

    Find the angle that you can own and attack it.

  • Be Sure That Customer Service Doesn’t Cause the Process to Suffer

    Look, I know you want to be helpful and productive.  It’s just that we have a process here.

    We can’t have you helping customers out if it comes at the expense of the “5-step process to Serve the Customer Better.”

    The customer can wait.

    Also, make sure to ask the customer who to bill your time to so that we can make sure that you get paid.

    Be sure to get the proper accounting id and record your billing as the proper work type code number.

    Thanks.

  • The double-sided copy initiative

    I have doubts about this concept of using double-sided copy as the default on copying. I realize that I don’t do 50-copy jobs or copy stacks of 100 sheets of paper, but I seem to always throw away twice as much paper as I originally planned on using. Judging by the recycling bin next to the copier, I’m not alone.

    The larger problem for the environment is the possibility that most of probably don’t need to be making copies of most of this stuff in the first place.  There are much better ways of sharing 10-50 copies of a document in this century than making printed copies–even if they are double-sided.

    I have a better idea for a green initiative: Put the copying machines in one place in the building, and not next to every 50 cubicles. Cut the number of available machines in half [or less].  If someone truly needs to do a large copy job, they’ll make the trip to the copy room. For the rest of us, we’ll think twice about making the copies in the first place.

  • What is this “merit increase” thing?

    Have you worked in a job at a time when people with your skill set was so in demand that people would throw you bags of money?  Did you notice that, come raise time, the barely competent among your peers received increases nearly twice the rate of inflation? At the same time, the superstars would receive about 1-2% more.

    Meanwhile, in less exuberant times, the superstars have to claw and scratch to keep pace with inflation.

    Sometimes, these pay raises are termed “merit increases”.  Many times, they’re not even cost-of-living adjustments.  In any case, if money was to be a motivating factor and effort required a demotivating factor, the employee who is doing barely enough to earn a “merit increase” is coming out ahead.

    If money isn’t supposed to be motivating, what’s the point of expending the effort to determine who should get what increase?  Just give a flat percentage or amount increase.  After all, all these calculations for who gets what result in a very small difference between employees, and can easily be seen by your superstars as a slight against them any way.

    Back to the “merit increase” terminology.  Can we just can call it a “random crap shoot budget allocation” increase, or maybe if you work for a less coddling organization, a “you’re lucky you have a job” increase?

  • Stop sending powerpoint slides exported to bitmaps via email.

    Whack-a-mole
    (Amazon affiliate link)


    I feel like I’m playing a game of digital whack-a-mole with my email.  My inbox keeps bumping up against its quota.

    I then spend X amount of time weeding out my inbox, archiving folders, etc., to get the email that is on the server down to 40% of my quota.  I then leave for lunch, only to find another 5% of my quota eaten up by 3 broadcast messages.

    Did you know you can export a PowerPoint slide to a bitmap image?  Did you know you can copy and paste that same image into an email?  Did you know you can paste the same stuff into a calendar invite that you can put into an email?

    Well, just because you can, doesn’t mean you should.  Sure, my inbox quota is tiny by modern computing standards, but this is all the more reason not to attach large images in an email.

    Of course, a picture is worth a thousand words.  Unless it’s a picture of 50 words on a PowerPoint slide.  And 50 words in light green on a white background is probably worth less than 50 words.

    One more thing: If you send important things like agenda updates or such which are embedded in this exported PowerPoint slide, Outlook will not find them.  It doesn’t know how to read the text in an image.

  • My name is as my business card or LinkedIn profile states.

    Those who have worked with me, went to school with me, or are friends or family have leeway in how they address me.  They’ve earned it by going through things with me or just by putting up with me.

    If you are a vendor making a cold or warm contact via e-mail, you can either use a formal address using my last name, or you may be bold and use my first name as on my business card, LinkedIn profile, or as spelled out in my e-mail address.  Note that a difference between the two may indicate specific preferences about how I prefer to be addressed.

    If you use a nickname that is never used in any of my contact information, you’re making some big assumptions about the familiarity of our relationship.  They’re also called “incorrect assumptions”.