×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Bone-Headed IT Mistakes

CmdrTaco posted more than 4 years ago | from the throw-yours-into-the-mix dept.

It's funny.  Laugh. 259

snydeq writes "PCs preconfigured with stone-age malware, backups without recovery, Social Security numbers stored in plain view of high school students — Andy Brandt gives InfoWorld's Stupid Users series a new IT admin twist. Call it fratricide if you will, but getting paid to know better is no guarantee against IT idiocy, as these stories attest."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

259 comments

Printer Friendly Version (5, Informative)

Adradis (1160201) | more than 4 years ago | (#23814711)

Re:Printer Friendly Version (2, Informative)

Applekid (993327) | more than 4 years ago | (#23814751)

Even the printer friendly version has text ads sliming it up, and they were practically more distracting than regular ads since they look identical to heading nodes within the article.

Eh, is it time to just hosts out infoworld.com so I don't frustrate myself trying to read anything they product?

Re:Printer Friendly Version (1)

chimpo13 (471212) | more than 4 years ago | (#23815401)

Firefox with adblock keeps that to a minimum. I used to not use adblock because I want to see the ads marketed on what pages I visit, but it slowed down the page load times so much.

It was visiting my local paper (Sac Bee) that pushed me over the edge to install ABP.

Re:Printer Friendly Version (2, Insightful)

mollymoo (202721) | more than 4 years ago | (#23815905)

Even the printer friendly version has text ads sliming it up [...]

Those evil, evil bastards. Imagine wanting to get paid for your work. They should be like you and work for free. You do your day job for free, yes? I mean, you don't mind people taking your work without paying, even if the price is as mind-bogglingly low as a fraction of a second of mindshare, do you?

Re:Printer Friendly Version (1)

street struttin' (1249972) | more than 4 years ago | (#23815097)

Yuck, even the print version has pop-ups and other ads. I know a good web browser can block that sort of thing, it just seems silly that a print version has popups. I'm imagining a newspaper with pop-ups like a child's pop-up book. :)

Re:Printer Friendly Version (0)

Anonymous Coward | more than 4 years ago | (#23815309)


s/then/than/g. Thanks for the link though....

How About... (5, Funny)

ferrellcat (691126) | more than 4 years ago | (#23814733)

Deleting hundreds of thousands of White House emails, and not having a backup?

Re:How About... (5, Insightful)

pcguru19 (33878) | more than 4 years ago | (#23814767)

I wouldn't call that boneheaded. That probably kept a bunch of folks in their jobs.

Re:How About... (4, Informative)

Rakishi (759894) | more than 4 years ago | (#23814789)

That wasn't an IT mistake, that was IT following their client's request perfectly. Mistake implies something did not have the desired result.

This article is about "stupid" not "malicious". (1)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#23814813)

I'm guessing that that one was caused by something other than stupidity. Now, they may well have hired somebody from the incompetent crony bin(see also: FEMA, NASA, DoJ, DoD, CIA, DHS, etc.) to handle losing the emails; but it was operating as designed all the way.

Re:How About... (4, Insightful)

Gnavpot (708731) | more than 4 years ago | (#23814845)

Deleting hundreds of thousands of White House emails, and not having a backup?

And already 3 people took your bait without getting the joke.

Talk about a collective whoosh...

Re:How About... (2, Insightful)

NeoManyon (953080) | more than 4 years ago | (#23815707)

why is this comment modded as a troll?

Talk about a collective whoosh... from the moderators

sheesh, i'd say it was insightful

Bone-Headed IT Mistakes (-1, Troll)

Anonymous Coward | more than 4 years ago | (#23814759)

Is "recommending Microsoft Windows" #1 on the list? Because if it's not, the list isn't being truthful.

Re:Bone-Headed IT Mistakes (0)

Anonymous Coward | more than 4 years ago | (#23815067)

Is "recommending Microsoft Windows" #1 on the list? Because if it's not, the list isn't being truthful.
No, but "recommending Windows Vista" is.

The number 1 story is almost what you want. (-1, Troll)

twitter (104583) | more than 4 years ago | (#23815143)

They say, "don't use DOS":

One, don't let the guy running an old copy of DOS on his computer build your drive images. And two, if you're going to deliberately infect thousands of computers, pick malware that's actually going to do something.

This is something I can agree with. The machine making images should run free software to prevent these kinds of mistakes. They should load something other than Vista if they want to sell them

Re:The number 1 story is almost what you want. (0)

Anonymous Coward | more than 4 years ago | (#23815201)

I think I speak for most of Slashdot when I say please stop [slashdot.org].

GODs don't make mistakes.... (1)

3seas (184403) | more than 4 years ago | (#23814801)

... they do features....

Re:GODs don't make mistakes.... (3, Interesting)

cashman73 (855518) | more than 4 years ago | (#23815009)

I agree. Most true, seasoned, and well-educated IT guys generally know what they're doing, and don't make mistakes. What should be discussed here are the most common mistakes by guys like Bob in the fifth cubicle on the right that was promoted to "head IT guy" because either (a) he was screwing the office manager who put in a good word to the head boss for him or (b) somebody heard him talking about "computers" around the water cooler and the company needed somebody to babysit their systems (most likely, it's (b), because he's probably more of a nerd than a true geek, and therefore won't be screwing anybody, except the users under him).

Either that, or we should be discussing the boneheaded shiat done by lusers that IT guys have to clean up after. But that's probably already been done before around here, ad nauseum,...

the Daily WTF (5, Interesting)

El_Muerte_TDS (592157) | more than 4 years ago | (#23814811)

http://www.thedailywtf.com/ [thedailywtf.com]

pretty much a new bone head story every day

Re:the Daily WTF (2, Insightful)

Tweenk (1274968) | more than 4 years ago | (#23815385)

The Daily WTF is not the best place for open sourcerers, RMS worshippers and other idealists, and sometimes smells of Visual Basic and other vile secretions of a certain company, but is very fun nonetheless.

Be sure to first look up the fundamental memes: picture of a printout on a wooden table, The Real WTF is..., brillant (sic), and Oracle NULL=''.

Funstuff, and on topic too... (4, Funny)

Lonewolf666 (259450) | more than 4 years ago | (#23814835)

http://thedailywtf.com/ [thedailywtf.com]. Even if some of the stories are probably made up.

Re:Funstuff, and on topic too... (5, Funny)

eln (21727) | more than 4 years ago | (#23815135)

Ah yes, the Daily WTF: the Penthouse Forum of the IT world.

Re:Funstuff, and on topic too... (4, Funny)

PitaBred (632671) | more than 4 years ago | (#23815679)

"Made up"? It's so refreshing seeing an optimist in this day and age ;)

Re:Funstuff, and on topic too... (1)

Lonewolf666 (259450) | more than 4 years ago | (#23815771)

Well, some of them. A few of the stories sound a little constructed. But I guess that maybe 80% are real. Which is bad enough ;-)

If you can't secure it, don't store it (5, Insightful)

zehnra (1076641) | more than 4 years ago | (#23814847)

Information Security isn't going to get better without a major shift in how people work. As a society, we need to examine who really needs what data and then truly limit everyone to what they need. Until we can define these roles/access levels in black and white terms and permanently adhere to the controls put in place, there will always be IT blunders.

The problem is that these changes are rarely permanent, but more of a pendulum that swings back and forth as events like this occur. If Bob is taking home Social Security numbers on his laptop and someone steals it, controls may be put in place to prevent people from saving files to their laptops (and Bob is let go). Six months later, Suzie complains that she needs to be able to copy a proposal she's working on so that she can work on her flight to Japan. An exception is made. This typically snowballs until we're back to where Joe can copy the accounting records with SSNs.

Ease of access and efficiency nearly always trump security when these breaches aren't fresh in everyone's minds.

Re:If you can't secure it, don't store it (0)

Anonymous Coward | more than 4 years ago | (#23814973)

*sigh*

truly limit everyone to what they need
Ah the old "technical solution to a social problem" response...

See any of the Spam form responses on /. for the list of reasons why this won't work. Bonus points for posting it here.

Re:If you can't secure it, don't store it (1)

compro01 (777531) | more than 4 years ago | (#23815483)

We're not talking about spam. We're talking about compartmentalization of information and privileges. It's a social solution to a social problem extended to technology.

Sing with me (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#23814863)

She's my little booper chooper
Little booper chooper
My little oompapa
Itta-gitta-gitta
She's my little booper
She's my little booper choo!

Is this some new trend? (0, Offtopic)

FSWKU (551325) | more than 4 years ago | (#23814865)

Is InfoWorld trying to start a new trend of making the printer-friendly version so damned annoying to read that people are more likely to choose the regular one? With AdBlock installed, I see just the article, but the article becomes all of one paragraph per page, for 10 pages or so. I switch to the printer-friendly version, and everything just seems to run together; text ads crammed in and looking like section headers, section headers not clearly defined from the previous, using the same spacing between different sections as between headers and the content... Forget boneheaded IT mistakes, whatabout being a clownshoes webmaster?

Re:Is this some new trend? (1)

Spazztastic (814296) | more than 4 years ago | (#23815397)

Aparrently they also don't welcome WinMobile readers. I get redirected to their mobile portal, rather then the article I can manage reading just as I do with any other site.

Don't forget the all too common: Giving yourself (4, Interesting)

DRAGONWEEZEL (125809) | more than 4 years ago | (#23814871)

more privileges than you need mistake! This one plagues IT guys day in and out.
Whoops, I mis-clicked and deleted a domain. Sorry Doc, I accidentally selected all your patients then declared them to have a clean bill of health. Oops I deleted a block of user accounts.

And a few I really did do....
Double "oh sh!t":
                                        I just accidentally removed all my own rights... (I'll never forget the time I made that mistake... )
                                        Setting a block of users to the wrong group, giving them Admin rights.
                                        Clicking on a link that my trusted IT friend sent me...

Re:Don't forget the all too common: Giving yoursel (5, Funny)

Broken scope (973885) | more than 4 years ago | (#23814923)

See your mistake was believing that you actually had a "trusted IT friend".

Re:Don't forget the all too common: Giving yoursel (4, Funny)

bsDaemon (87307) | more than 4 years ago | (#23815149)

Clicking on a link that my trusted IT friend sent me...
Would that one be directly responsible for your current career as "posting on slashdot in the middle of the day?"

Re:Don't forget the all too common: Giving yoursel (0, Offtopic)

DRAGONWEEZEL (125809) | more than 4 years ago | (#23815237)

Haha...Yeah.

Aparrently my boss didn't have the same fetishs I do. (I think he might be gay...)

Oh well, work is plentiful these days.

WTF? (1)

morgan_greywolf (835522) | more than 4 years ago | (#23814881)

They took down the firewall to transfer sensitive data from one server to another?

To transfer data from one server to another, the admins disabled the firewall, then left it disabled, potentially exposing the personal financial details of more than 91,000 patients of at least five hospitals nationwide to anyone who happened by.
And then, they never put it back up! What were these admins smoking? Must've been great!

For Business Managers: (5, Interesting)

COMON$ (806135) | more than 4 years ago | (#23814895)

1. Hire competent IT people, don't promote mailroom boy to Admin because he can fix spyware.

2. Continuing education for your IT people.

3. Just because someone looks old, doesn't make them a competent 'seasoned' IT guy.

4. Respect your IT pro's opinions.

We all have a plethora of stories of users, but even more of fellow co-workers in over their heads causing massive damage. Sometimes it goes unseen, other times it can desecrate a business. Make sure your IT people are educated, have a passion for what they do. Not just a paycheck monkey draining your resources.

A good test here, if your IT head is an ex-HR manager, mailroom clerk, secretary, or other far removed profession and have yet to get any certifications or degrees to prove their competence after 10 years then you probably are in trouble. Not in every case, but enough to make you worry.

Im not saying that a cert or degree proves that you are competent, but it at least shows that you try to be.

Re:For Business Managers: (3, Interesting)

Mordok-DestroyerOfWo (1000167) | more than 4 years ago | (#23815053)

I cannot stress your point #4 enough. Sometimes it seems like every decision that I and our IT staff make gets voted down by management because they'd have to remember another password, or encryption is just to darn difficult to use on the road. Just because you're paranoid does not mean that everybody is not out to get you.

Re:For Business Managers: (2, Insightful)

CompMD (522020) | more than 4 years ago | (#23815133)

"4. Respect your IT pro's opinions."

That has always been my most sincere wish. However, I'm young, not as highly educated as the chief engineer/company president, and so that doesn't happen.

Never mind the fact that all the workstations and servers work, all the strange high-end scientific and engineering software works, and the network never goes down.

Re:For Business Managers: (1)

Culture20 (968837) | more than 4 years ago | (#23815491)

Catch-22. Your boss will not respect your position until there is a major problem with the systems. Once there is a major problem with the systems, you will be fired, and the new guy who fixes the problems will be seen a savior.
Solution? Try and outline all the things that can possibly be going wrong; all the script kiddies hitting the firewall for naught, all the times the servers might have been brought down by bugs you patched, etc. Problem? Now you've spent a lot of time and resources twiddling your thumbs (from a management point of view). Catch-22.

Slightly O.T. (1)

element-o.p. (939033) | more than 4 years ago | (#23815463)

This is slightly off topic, but...

 

Respect your IT pro's opinions.


Dude, if you can figure out how to make that happen, you will become an IT hero.

I had a client who called me to help build a network for her new business. I interviewed the client to determine her needs, asked a lot of follow-up questions to make sure I really understood what she wanted and expected from her network, then started drafting up a design to meet these goals. She then became the Client from Hell.

It wasn't bad enought that she ignored most of what I said she needed. Oh, no. She bought unbelievably sub-standard equipment --most of it used or donated. I kid you not, this was two years ago, and three of her computers were running *Windows 95*. She found a pretty, $5000 software product that is the core of her business, but didn't listen when I pointed out the (many) design flaws in the program. For example, who uses DHCP to assign an address to a standalone host when the client software that talks to that host has to have the IP address (not FQDN of the host, the IP address!) statically set in the configuration file?!?! Of course, she then whined when things broke and I couldn't fix them right away.

I would have just walked away from that job, but it's kinda hard to do when the client is a family member :/

Re:Slightly O.T. (0)

Anonymous Coward | more than 4 years ago | (#23815543)

Respect your IT pro's opinions.
For example, who uses DHCP to assign an address to a standalone host when the client software that talks to that host has to have the IP address (not FQDN of the host, the IP address!) statically set in the configuration file?!?! Of course, she then whined when things broke and I couldn't fix them right away.
uh, dude, perhaps it's because of it "pro's" like you that other it pros' opinions don't get respected- it's ok to use a dhcp server in this case- just have a specific address assigned to the mac address of the host. just about every dhcp server i've ever seen has had this option.

Re:For Business Managers: (4, Insightful)

Belial6 (794905) | more than 4 years ago | (#23815507)

A good test here, if your IT head is an ex-HR manager, mailroom clerk, secretary, or other far removed profession and have yet to get any certifications or degrees to prove their competence after 10 years then you probably are in trouble. Not in every case, but enough to make you worry. Im not saying that a cert or degree proves that you are competent, but it at least shows that you try to be.
I would say the opposite. If after 10 years in the industry, your IT guys are still chasing the meaningless certifications, then you are probably in trouble.

My bigest boneheaded move (5, Funny)

Anonymous Coward | more than 4 years ago | (#23814913)

I was new to the whole *nix thing but had been let loose as root on all the boxes at work. Someone suggested I could/should create a script to customise my environment so that I could run it when I logged on. Problem was I named the script "df" (my initials) and then promptly decided that it needed to go in to the /usr/bin/ directory. Yeah - now you know why I posted anonymously. :-D

Re:My bigest boneheaded move (0)

bigstrat2003 (1058574) | more than 4 years ago | (#23815367)

What does that do? A cursory google search got me nothing of any use in explaining what that does.

Re:My bigest boneheaded move (1)

Falstius (963333) | more than 4 years ago | (#23815447)

df == disk free. The command tells you how much free space is free on each mounted partition. Aside from some poor user getting a weird command prompt when they try to check the space left, this is a pretty trivial thing and easy to fix.

Re:My bigest boneheaded move (5, Informative)

Anonymous Coward | more than 4 years ago | (#23815487)

By copying his script to "/usr/bin", he over-wrote the system command of the same name. On unix and unix-like systems, "df" is a command that reports disk usage [ed.ac.uk].

So this probably had two nasty side-effects:
1. Whenever any other user typed "df" to determine how much disk space was left, their shell environment would get suddenly "re-customized" to the settings that Mr. D.F. liked. Depending on what was in the script, this could have been merely annoying ("Why did my shell colors suddenly change?") to downright crippling (causing people's preferences to be stored in the wrong place, thereby breaking all kinds of software).
2. Most utilities in *nix end up being used in a wide variety of other utilities, scripts, and system processes. As a result, a whole slew of standard operations probably broke as a result of "df" returning garbage data. This may have broken some system loggers, or disk caps, or maybe it triggered emergency "disk nearly full!" emails being sent to all the admin staff.

Moral of the story: wield root wisely.

Re:My bigest boneheaded move (4, Informative)

pclminion (145572) | more than 4 years ago | (#23815643)

What does that do? A cursory google search got me nothing of any use in explaining what that does.

When Googling UNIX-specific stuff, especially with terms as generic as something like "df", it often helps to insert the word "man" as an additional search term: "man df" Little tip'o'the day.

Re:My bigest boneheaded move (4, Funny)

Cro Magnon (467622) | more than 4 years ago | (#23815579)

Could have been worse. At least your name wasn't "Richard Morton". Imagine the havok a script with those initials would do!

Why blame the student? (1)

sbluen (1307489) | more than 4 years ago | (#23814931)

Whereas the student was charged with three felonies and one misdemeanor computer crime for copying information left nearly in plain view, the admin is considered guilty of nothing more than a brain-dead IT gaffe.
I don't understand why they would even try to accuse him for information that he was practically given. But fortunately, as the article says later on, the student won't face any prison time.

Important papers on desk, you copy them, you (-1, Troll)

Anonymous Coward | more than 4 years ago | (#23815041)

Important papers on desk, you copy them, you think you're not doing anything wrong? Get a reality check, punk !! You are a fucking used low-life scum-filled douche-bag that needs to be taken out back and limbs removed, slowly, starting with the smallest.

Re:Why blame the student? (3, Insightful)

pclminion (145572) | more than 4 years ago | (#23815273)

He stepped over the line the moment he gave the information to another classmate. He HAD to know there was something wrong with that. I can understand perhaps not telling the school staff about it, due to the "shoot the messenger" phenomenon, but anybody with a shred of morality would have destroyed the information, not given it to another KID.

I agree that jail time would have been a pretty harsh penalty, considering the real parties at fault were not facing anything even close to that.

Tedious (1)

InvisblePinkUnicorn (1126837) | more than 4 years ago | (#23814935)

Did anyone else give up on the tedious page clicking and entirely unfunny "IT Geek Quiz" that was clearly thrown together by the same sort of folks these people are mocking?

School boneheadedness (5, Interesting)

Anonymous Coward | more than 4 years ago | (#23814991)

At my middle school, there was a policy to give every student an ID card. That's fine. They decided that the best number to use for their ID is their Social Security Card. That's bad. They printed out a sheet every day listing the absent students for the day, with their names and their school id's. That is worse. Teachers threw these into their trashcans when they were done. Yes, the train wreck isn't over yet. The spreadsheet containing all of these numbers was on a public share. It was also accessible from the school website.

Or how about 3 years later, in my high school. All of the teachers user names and default passwords were on a spreadsheet on a network share. A publicly accessible network share. If a teacher didn't change their default password (a 4 digit number), A student would have full reign over their data.

Worse off, the grade book program was accessible from any networked machine (thanks Novell)
Thank god this was nearly a decade ago... So, one could pick a random terminal in the school and make subtle changes to their own (or perhaps someone elses) grades.

I used to think "I wish that I was alive during the 80's so that I could have been part of the cracking scene there". In hindsight, I could have done such bad things during the 90's, when I grew up.

Re:School boneheadedness (1)

DriedClexler (814907) | more than 4 years ago | (#23815429)

The handling of students' SSNs is truly appalling. What bothers me most about it is hearing, so often in the news about how "omg, organization X did Y with SSN records!! What a horrible violation of these (adult) people's privacy!" and then realizing: "Wait ... that's exactly what my school does with our SSNs, and no one gives a damn!"

Y would be:

-requiring students to publicly turn stuff in with their ID (equal to SSN) on the cover (still going on as of '04)
-having a list somewhere in the classroom where students' names would be listed with their SSNs
-other stuff I didn't even notice until some editorialist moaned about how outrageous that is

Re:School boneheadedness (0)

Anonymous Coward | more than 4 years ago | (#23816043)

My highschool also did this, almost exactly. Not only that, but a friend of mine found that the list of every student was on a public share. He opened up the list and was then expelled for "hacking into the list."

The 90s were a hilarious time for computer security practices.

"The tool and the toolbar" (5, Insightful)

Phroggy (441) | more than 4 years ago | (#23815023)

Hold on a minute here.

The IT guy blames his boss for installing the Alexa toolbar, which lead to the deletion of all dynamic content on the company's web site.

No it didn't.

Yes, the Alexa toolbar isn't something anybody needs to run, and yes, Alexa should respect robots.txt, but whoever set up their web site is clearly incompetent:

1) Never rely on robots.txt for security.
2) The article says the Alexa spider captured usernames and passwords? What the hell were usernames and passwords doing unprotected on the web site?
3) The Alexa spider clicked all the Delete links. Never ever use links to delete things! Always use a submit button with POST, not GET. Generally, most spiders won't submit POST forms.

Security through obscurity is even less effective when the obscurity is poor.

Re:"The tool and the toolbar" (5, Informative)

bluej100 (1039080) | more than 4 years ago | (#23815121)

That story is almost word-for-word the same as an Alexa deleted my pages rant [slashdot.org] on a previous anti-Alexa Slashdot article [slashdot.org]. Apparently whoever compiled this article didn't read the reply to that post.

Re:"The tool and the toolbar" (1)

Cheesey (70139) | more than 4 years ago | (#23815835)

Yeah, I thought that was ironic. The article compiler blamed the boss instead of the IT guy, making his own bone-headed IT mistake in the process.

Lot of stores sound like stupid PHB driven ones an (1)

Joe The Dragon (967727) | more than 4 years ago | (#23815029)

Lot of stores sound like stupid PHB driven ones and the tech are just along for the ride.

My favorite (5, Funny)

hal9000(jr) (316943) | more than 4 years ago | (#23815063)

Not as major is the Infoworld examples, but I still to this day sometimes forget to set-up a virtual interface when configuring a cisco router. This little command me more often than I care to admit:

telnet 192.168.1.1
cisco-router$ en
cisco-router$ config t
cisco-router(config)# int g0/1
cisco-router(config-if)# ip address 10.1.1.1 mask 255.255.255.0
Connection Closed

Gaaaaaaaaaaaaaaaaaaaaaaaah!

This one is funny because (0)

Anonymous Coward | more than 4 years ago | (#23815245)

It's funny because no one who knows what you mean thinks it's funny, and those who don't have an inkling what that nonsense was think it is.

Re:My favorite (1)

element-o.p. (939033) | more than 4 years ago | (#23815523)

Easy fix:

telnet 192.168.1.1
cisco-router$ en
cisco-router$ reload in 15
isco-router$ config t
cisco-router(config)# int g0/1
cisco-router(config-if)# ip address 10.1.1.1 mask 255.255.255.0
Connection Closed

IT Admin: Gah...Now I have to wait 15 minutes for the router to reload. Oh, well...time to get a soda.

Re:My favorite (2, Insightful)

youngerpants (255314) | more than 4 years ago | (#23815971)

Easier solution.

Turn it off, turn it on. Nothing was written to running-config.

Now wait the same 15 minutes, only 15 seconds earlier.

Re:My favorite (1)

funkboy (71672) | more than 4 years ago | (#23816135)

...except that the command to change the IP doesn't have the word "mask" in it, so it wouldn't take.

nitpicking? Yes :-). force of habit, since I spend a lot of my time proofreading others' configs...

A similar gotcha that's a lot less obvious is trying to change the management vlan on an older stackable Catalyst switch running IOS (3500XL, etc). The damn thing only supports one vlan interface being up at a time, so you pretty much have to do it from the console or you're dead in the water.

My experiences (4, Interesting)

HappySmileMan (1088123) | more than 4 years ago | (#23815071)

My school once had a folder called "Vice-Principal" in the network folders, what did it contain? Why, the C: drive of the vice-principal's computer of course, they didn't let you access "Program Files\" or "Windows\" of course, but what WAS accessible, was a Microsoft Access database containing every student in the school, their PPN number (equivalent of Social Security in Ireland I think), their home phone number, medical conditions, exam results etc. Of course this year they got new computers and completely re-setup the network, this time it seems substantially more secure.

What to do... (5, Funny)

thatskinnyguy (1129515) | more than 4 years ago | (#23815079)

Database take a dump? No backup of the transaction log? Fear not! With just two easy steps, your life will be back on track:

1. Update Resume`
2. Leave Town!

used to work with a guy (5, Funny)

gEvil (beta) (945888) | more than 4 years ago | (#23815081)

I used to work with a guy who did the "useless backup" thing. He set up an automated backup system that encrypted the files to tape. It ran fine for a long while. But when we had a server failure and needed to recover from the backup tapes, he couldn't remember what the decryption password was. All he could do was sit there saying "I remember that it was a good one." I just wanted to smack him...

You're just as bad, sorry (1, Troll)

pandrijeczko (588093) | more than 4 years ago | (#23815197)

So if you're so clever, how come you didn't warn the guy that might happen at the time?

It took me to reach my mid-30s (about 10 years ago) to realise that you can't go through life being an arrogant jerk and revelling in the mistakes of others - we ALL started knowing nothing and making far more mistakes than we do now.

Take my advice. Help people avoid mistakes, give them your advice respectfully and nicely, give them a chance to listen to you. In the long run, it will pay dividends - people respect you and occasionally thank you for bailing them out.

Re:You're just as bad, sorry (2, Insightful)

gEvil (beta) (945888) | more than 4 years ago | (#23815241)

Because I wasn't his boss at the time (I became it later). At the time I asked both him and our boss if we had a decent recovery plan in place. I was assured by both that there was. That's really all I could do. If you want to think otherwise, by all means, do. But don't tell me that I'm "being an arrogant jerk and revelling in the mistakes of others." I was one of the ones who got my ass reamed over that mistake even though I had nothing to do with it.

Re:You're just as bad, sorry (1)

pandrijeczko (588093) | more than 4 years ago | (#23815459)

Because I wasn't his boss at the time (I became it later).

Maybe I'm missing something here but I don't see what that has to do with it.

So you tell the guy he's setting himself up for a fall, tell him why and he refuses to listen? Then tell his boss.

I was one of the ones who got my ass reamed over that mistake even though I had nothing to do with it.

My point exactly - had you behaved "my way", the problem would not have happened and you wouldn't have got the blame for it.

Re:You're just as bad, sorry (0)

Anonymous Coward | more than 4 years ago | (#23816109)

(This entire thread has gone OT and argumentative, so posting AC.)

Errr, the guy said that both his co-worker AND boss thought the recovery plan was decent, which implies he did go to the boss about it. You're assuming a boss will always listen, but that just doesn't happen sometimes. What was he supposed to do; trudge up the line until he *maybe* gets someone who DOES listen, and a reputation as a time-wasting busybody? And then that someone asks the boss, and gets told it's OK, same as he did?

He told the guy, he told his boss. At that point, he'd done his duty; if no-one listened, that's the company's problem. Getting partial blame for it sucked, but happens sometimes. Personally, the only thing I would've done differently was to make it quite explicit ahead of time that you warned them, and if something goes wrong you take no responsibility.

Re:You're just as bad, sorry (4, Insightful)

pclminion (145572) | more than 4 years ago | (#23815329)

So if you're so clever, how come you didn't warn the guy that might happen at the time?

Maybe because wandering around the office continually reminding professionals how to do their own jobs (assuming they are competent), makes you an arrogant asshole?

"Hey Ted, I know we hired you because you're all pro and stuff, but don't forget [some mind-numbingly obvious thing]. Seriously, I'm just trying to help, not implying that you're dumb as a rock."

Re:You're just as bad, sorry (1)

pandrijeczko (588093) | more than 4 years ago | (#23815427)

Maybe because wandering around the office continually reminding professionals how to do their own jobs (assuming they are competent), makes you an arrogant asshole?

No, it just makes me right.

And as for doing it "continually", because I take the time to make sure my target person or audience understands what I am telling them the first time, I don't need to repeat it.

Sorry, but I've done with my BOFH days - as far as I am concerned, all the technical knowledge in my head is pretty much open source. If someone asks me something and they're interested in hearing my solution, that's good enough for me to tell them.

Re:You're just as bad, sorry (1)

pclminion (145572) | more than 4 years ago | (#23815599)

Sorry, but I've done with my BOFH days - as far as I am concerned, all the technical knowledge in my head is pretty much open source. If someone asks me something and they're interested in hearing my solution, that's good enough for me to tell them.

But that's not even the same thing. Offering help when asked is commendable. This is a far cry from, for example, walking into a senior developer's office and randomly saying "Hey, make sure you do an update before committing, or you'll waste somebody else's change." At a certain point you assume people know how to do their jobs. If you had reason to believe the person is not capable of performing the task, you educate them -- if you suspect that they won't learn even when told, maybe you should hire someone else.

Re:You're just as bad, sorry (1)

pandrijeczko (588093) | more than 4 years ago | (#23815695)

I don't make it a point of wanting to know everyone else's business - in your scenario, if someone is doing a job then I give them the benefit of the doubt as being the best person to do that job. But if they tell me how they've done something, I'll commend them if it's a great idea and advise them if they've made a mistake - the same would be true if they didn't tell me but I came across something they'd done myself and it need to be corrected.

Likewise, if I don't understand what they're telling me then I'll ask them to explain it better so I do understand it, if what they're saying is interesting.

No, I'm no saint by any means - but life is too short to gloat over someone making a mistake.

Re:used to work with a guy (1)

element-o.p. (939033) | more than 4 years ago | (#23815645)

I did something just as bad at the beginning of my IT career:

We had a horrendous Clipper-based database that contained all of our company's purchase orders, sales orders, customer invoices, etc. It was about 900MB back when the original Pentium was still new and the biggest consumer grade hard drive you could buy was just over a gig. The database used to have a lot of corruption problems, and it was my job to fix it when that happened. Once in a while, the tools I had to fix the corruption wouldn't work, and I'd have to restore from the previous day's backup. So far, no problem...until the database got so large that it wouldn't fit on the network share that we were backing up to. Unfortunately, the backup script didn't detect the failure.

You guessed it. One day I had to restore from backup, but the database hadn't actually been backed up for quite a while -- about six months, in fact. Problem was, the only way to restore was to erase the data first, then run the restore script because our hard drives weren't big enough to hold both a copy of the (broken) database and the restored version.

I have been a vocal supporter of "backup and verify" ever since.

admin/admin (1)

oldspewey (1303305) | more than 4 years ago | (#23815177)

How about this one: building a web content management system for a public utility using an open source WCM package, then setting the main administrative account with the username admin and the password admin .

Took about ten days for some script kiddie to find the admin portal and begin wreaking havoc. Fortunately he seemed more bent on puerile defacement rather than outright malice.

Anonymously :) (5, Interesting)

Anonymous Coward | more than 4 years ago | (#23815265)

A company decides to run an internal check to see how many people will respond to a phishing scam. They send out an email to a group looking like the intranet page, "reminding" everyone to submit their username and password for the upcoming upgrade this weeken.

The email is actually an HTML form, but users being users, some of course hit reply instead of filling out the form and hitting submit. Worse yet, some hit "Reply All". Worse yet, some had HTML turned off, so the password wasn't even hidden in HTML source, it was in plain text for all on the list to see.

Yes, testing internally to see how many people are susceptible to phishing attacks is a good thing. However, send it via bcc, so group replies won't have passwords spreading around the company like a bad joke.

Next up, inform some people you are running your test. We have two different security groups, corporate, and the one I'm in. We didn't know about it, and all but shut down corporate security's access to the network. We traced the originating IP to their network, as well as the form submission IP. Since they weren't answering their phones, we didn't have much choice.

I found out because a supposedly "technical" engineer called me saying he had responded to it, and realized some people were replying and he could see other people's passwords. He didn't think there was anything wrong with submitting it, because it looked so real it couldn't be fake.

Daily WTF: "I'm Sure You Can Deal" (2, Funny)

steveha (103154) | more than 4 years ago | (#23815379)

This one really wasn't the IT staff's fault, so this is slightly off topic, but this is my all time favorite Daily WTF story.

http://thedailywtf.com/Articles/Im-Sure-You-Can-Deal.aspx [thedailywtf.com]

steveha

Re:Daily WTF: "I'm Sure You Can Deal" (1)

Illbay (700081) | more than 4 years ago | (#23815715)

On the bright side, think of the reduction in the carbon footprint for that weekend! They oughta have Algore give him a medal.

Schools (0)

Anonymous Coward | more than 4 years ago | (#23815387)

While I've had the misfortune of being subject to incompetent IT people throughout my academic life, I'd have to say my the ones at my (boarding) highschool were the worse.

My freshman year they happened to have a text file containing the names of all students, their student ID numbers, network passwords, and SSNs. This file was located on a network drive anyone could access.

The next year all students were issued laptops. The laptops were imaged from a common ghost file, and subsequently had the same administrator password. It also had each student setup as a "Power User", which would have been smart except for the fact that Power Users can't install printers (even the ones the bookstore sold). So the common admin password was made public. In later years students were admins on the laptop, but each still had the administrator account with a common password (stored with a lanman hash no less).

For anyone who doesn't know, by default Windows 2000 will share all drives and registry (IIRC) to your local network if your administrator account has a password. The effect of this was that if you cracked the admin password on your local machine, you could use that same password to completely control any other laptop on the network.

Fortunately, AFAIK there were only about three or four students in any given year who knew enough to exploit this. Said students also tended to be fairly mature about it. Personally, I just used it as an anti-cheat mechanism on my half-life server. Anyone who cheated had their desktop wallpaper changed and locked to an image of my choosing, and their half-life registry settings erased/locked as well. =)

My personal fav (2, Funny)

hedley (8715) | more than 4 years ago | (#23815527)

I could not access my mbox, the file was gone. Soon a co-worker stopped by... same... mbox gone. 2+2 together a quick visit to IT. "Hello, did you do anything to the company mbox's?", IT: "Oh yes, I observed they took up a lot of space on the disk so I *removed* them all"!

H.

From memories past (5, Interesting)

Macka (9388) | more than 4 years ago | (#23815605)

I used to work in Unix Support for a large multi-national. Had loads of customers ring in with cock ups over the years. Some of them were silly, like a developer with root access typing rogue spaces where they shouldn't be. e.g: "chmod -R me / foobar". Conversations always started like "OMG I own the whole system, HELP!". Others were more obtuse, like a world renowned news reporting organisation who allowed one of their developers to install a very important database in his own account. System management got outsourced to Singapore, he then left the company, so Singapore deleted his account. We were left trying to reconstruct was was left from a dd image copy of the disk.

Another one I remember (about 20 years ago) was where one customer had systems that would crash at about 10am every monday morning. After a very long trouble shooting experience (i.e. months) the cause was found to be a delivery lorry that arrived every monday morning. He would back up to the loading bay, where some rubber bumpers (fenders) had been installed. He had the habit of stopping the lorry when he banged into the bumpers. Unfortunately this sent a shock wave through the building sufficient to cause some of the disks in the computer room throw a hissy fit and park their heads in the middle of whatever I/O they were doing.

In the early 90's I found myself having to pick up SCO Unix support for my sin's. Thankfully it only lasted 4 years. Two specific customer incidents I remember from that time. One was a call from a hospital who's system seemed in a right state. The guy was panicing, so I cut short my usual trouble shooting routine, got in the car and drove down there. Took one look at the system, typed ^D and then left after it'd finished booting to multi-user. Taught me a lesson; embarrassed the hell out of the customer and I never heard from him again.

The second was more interesting. I had a customer in the MoD at HMS Dolphin in Gosport. A number of their systems would crash simultaneously at certain times during the week. There was no real pattern to when, but when one of them went, they all did. I couldn't find the problem. No common denominators. Power monitors didn't show anything. Nothing. That was until one day the customer was staring out the window when the systems crashed. He remembered seeing one of the warships leaving the harbor and sailing right past his window. He also remembered seeing the ship starting its RADAR as it went past; and as the beam swept the computer room, all the systems crashed. The fix: a snotty email dictating that captains don't start their radar until they've cleared the harbor and made it out to sea.

I could go on typing for another hour straight with stories like this that either I've seen, or have happened to friends/colleagues :-)

Re:From memories past (2, Insightful)

pclminion (145572) | more than 4 years ago | (#23815735)

System management got outsourced to Singapore, he then left the company, so Singapore deleted his account. We were left trying to reconstruct was was left from a dd image copy of the disk.

This one drives me CRAZY. Yes, it's downright stupid to have critical things running under employee accounts. But the worse failing, I think, is this silly idea that once somebody has left all traces of them must be eradicated from the universe, as if the ghost of their keypresses will arise from the ashes of their workstation and take over the entire company. So there's a user account called "jshmoe." Just because it's called "jshmoe" doesn't mean it's Joe Shmoe's account! Who gives a crap what the name on the account is? There could be, and often is, VITALLY important stuff in there. In a perfect world, all critical data would immediately be placed into a company-wide repository, but we don't live in Perfectland. Slow the hell down, look at what you're deleting, and get over your DAMN IMMATURITY AND PARANOIA.

Paid to know better or paid to make it happen (1)

GoodNicksAreTaken (1140859) | more than 4 years ago | (#23815609)

getting paid to know better is no guarantee against IT idiocy
When the head of your IT department types with two fingers, is responsible for over seeing database related work but admittedly doesn't know what an integer is*, the ones that are "paid to know better" are the ones paid to just get the job done.
*"I'm a techie and even I don't know what an integer is." - J. Seekatz, IT Director and PHB

Bank data centre (0)

Anonymous Coward | more than 4 years ago | (#23815797)

An ex-colleague of mine was doing some work in a major national bank. He had to go through layers of physical security, going many floors underground to get to the computer room.

Said computer room was, by all accounts, pretty impressive. A raised floor, and the air conditioning and rows and rows of servers were giving our a constant WHIIIRRRRRRR.

My ex-colleague found the computer he had to work on, and was busy doing his task when he realised he needed to check something with the office. So he took out his mobile phone, dialled the number, and got through to whomever he needed to speak to. During this conversation, he leaned against the side of a computer cabinet and . . .

*click* WHIIIIRRRRRrrrrrrrrr..... *silence*

He had leaned against an emergency cutoff switch. The bank was now without it's most important data centre!

Within seconds, he was being rapidly approached on all sides by bank officials and technicians, wondering what had happened. He ended up sitting in reception, wondering if he should skip the country. In the end, he didn't - and he kept his job until the company went bust at the end of the dot-com bubble.

At my school (0)

Anonymous Coward | more than 4 years ago | (#23815817)

At my high school us kids went through the system and found all the school admins information, grades and everything. Then we found a certain .txt with every students SSN. We got into some trouble when another kid ratted us out. They said we "hacked", we said their IT was shit.

Misuse of http (0)

nog_lorp (896553) | more than 4 years ago | (#23815963)

No. 4, where Alexa follows links to delete content, is due to bad use of http (as well as horrid behavior on Alexa's part). I've read about similar cases. GET requests (links, forms unless specified otherwise) are not meant for modifying data, they are meant for GETting it, POST requests are intended for everything else. Make buttons that submit forms with type="hidden" form elements, and use POST method, and you will have no problems with bad crawlers.

Names/Addresses for all to see (2, Interesting)

digitalhermit (113459) | more than 4 years ago | (#23815973)

I once got called to help another technician with a system restore. Over the weekend a server had crashed and we had to rebuild it. First thing we do is to re-install the server. This took a few hours. Then we had to restore the data. No problem. We pull in the tapes but for some reason, it cannot find any files. The tech says that he's sure the backups were successful. Even the previous days and weeks had the same problem.

Figuring we had a busted tape drive, we drive 60 miles to pick up a tape drive from another location. Plug it up and bleah, same results. I ask for the backup log. Sure enough, everything is successful. Only problem is that nothing is configured to be backed up. So every hour, every day, every week, every month the job would complete successfully. Successfully backed up nothing.

The worst I've ever done personally was to install a CIFS module on AIX. This inadvertently updated a TCPIP package. This package had an obscure bug that was only triggered with long running sessions. It tooks hours to determine that the failure wasn't related to another patch that had gone in, and wasn't related to a very similar issue related to the connector...

This is good! Job security for the competent! (1)

$criptah (467422) | more than 4 years ago | (#23816019)

I have been bashing people who tell me that all IT jobs will be in India and China and Russia. This is not going to happen to every freaking job because each field depends on people who are competent. You may have a Ph.D. in Comp. Sci. or Mathematics, but you're completely useless if you cannot perform job related functions in a competent manner. That is why the number of jobs is always greater than the number of candidates who can do those jobs well. This applies to every country, not just the United States.

If I were to describe my job duties, I would say that I am a janitor because I get paid to resolve other people's messes. In most case I deal with IT people who cannot backup a production system or read the manual or at least be smart enough to call the support line before attempting to release the latest version of the software that relies on the components produced by our company. The number of well paid and "highly qualified" individuals who are in charge of extremely expensive systems is beyond your imagination. That is why these daily bloopers are really great for people like me who get paid to resolve them in a very efficient manner. No backup and have to go production in 3 hours with all the mess? Not a fucking problem. My hourly rate will be XXX.XXUSD per hour.

As bad as it sounds, stupid users can be a great source of revenue. However, I can't promise that you'll like them in a long run.

is email down? (2, Funny)

jdinkel (1028708) | more than 4 years ago | (#23816041)

It's ironic that just this morning I received an email from a user with just this line:

"are we able to get email right now?"

I resisted the urge to reply back with "no."

uh (1)

B3ryllium (571199) | more than 4 years ago | (#23816085)

I thought that "boot.ini" didn't arrive on Windows until NT4.0, 2000, and XP? (The article says "windows 3.1" - I call shenanigans)
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...