Tuesday, 24 June 2008

tanstaafl

The weather was nice. I walked through Pretoriusstraat and saw that the Moroccan bazar still had hopes that the Netherlands would win the European Football Championship. The Moroccan tea houses were also still festooned with orange.


hup holland hup

On Linnaeusstraat the ETOS drugstore was being gutted. A guy was trying to drive his digger into the shop. When he tried to get the arm inside he couldn't stretch it enough. This caused the digger to balance on its tracks. I was just too late to capture the best part on photo, but you can still see some of the action.


a non-australian digger

Feeling adventurous, I walked into Linneausplantsoen for the first time in my life. I don't know why they called it Linnaeusplantsoen, it would have been better named 'Boring street'. There's absolutely nothing to do or see, but it did bring me to Muiderpoort Station.


linnaeusplantsoen

At Muiderpoort Station I liked the looks of the old signal shack above the station. I don't think it's in use anymore. It would make a nice office for a train spotter, though.


muiderpoort station

At work I continued the war with Typo3. I found out why it didn't work as expected. It wanted version 5.2 of PHP. Scientific Linux (which is based on Red Hat) only comes with PHP v 5.1. This meant I had to roll my own version of PHP and, while I was at it, also of the Apache webserver. That took most of the morning. Then, when I tried to reinstall Typo3 I noticed that the date and time of the Virtual Machine were not anywhere near real time. It turned out that the hardware clock of the box that runs the VMs is probably broken. Nobody had noticed anything wrong with the time/date on any of the other VMs before…


tanstaafl

We had a free lunch. In his book "The Moon is a Harsh Mistress" SF-writer Robert Heinlein coined the phrase TANSTAAFL, 'There Ain't No Such Thing As A Free Lunch'. He was right. In exchange for a few 'broodjes', bread buns, with cheese or ham and a piece of fruit we had to spend more than an hour listening to a manager giving an explanation of how our new 'secure' admission system would work. Basically they've put gates behind every entrance which will only open when you wave your electronic key at it.

When you're a manager with no IT or security background and you're trying to tell people (IT-pros, physicists, mathematicians, etc) how secure the system is, don't be surprised when inside of five minutes they will have found at least three different ways of going around the 'secure' system using the exceptions to the universal sign-in system. The managers replied that the exceptions had to be there. That makes the system totally non-secure and therefore security theatre.When I tell them it is just security theatre and they go into denial I get pissed off. When I explained how security ought to work and that their 'security' isn't secure I got applause from the audience and more denial from the managers. "It's not theatre!", they keep saying, but they fail to tell you why not. Further, they wouldn't tell us how part of the system worked: security through obscurity. That doesn't work either. For my colleagues who read the blog: the secret is 10 minutes. I just asked another manager: social engineering. At the end I walked out of the meeting, not wanting to listen to more nonsense.

The whole affair pissed me off so much that I got a fierce headache and went home. I later saw that a colleague had emailed the picture below to all at work with the title "overall impression of today's presentation".


security

I just noticed that I still had a T-shirt that I had bought a while ago and hadn't worn to work yet. I think I'll wear it on Thursday.


the truth will always out

2 comments:

Nicole said...

Everyone must feel so much safer at your office now.

danny said...

That security pic had me in stitches! Next episode's pics are excellent too.