Alan Hargreaves' Blog

Just cleaning up my email and I came across the following spam (some details deleted) sent to my @Sun.COM email address. It made my day for me.

Dear Alan,

My name is XXXXXXXX with YYYYYY. I thought that Sun Microsystems, Inc could benefit from a Microsoft Endorsed, affordable practical solution that will enhance your Microsoft DPM capabilities.

…

Over the last few days I’ve seen a lot in the news about newspapers (eg this one)looking for someone to blame for the fact that on receipt of an email of a story from what looked like one of their correspondents about what would have been a major scoop (Citigroup buying a controlling interest in the Australian Telco Telstra), only to find after they published that the From address was forged and the story a hoax.

For goodness sake people, email address forging has been around since email began. It’s really not rocket science. It’s certainly not sophisticated hacking as reported in some stories.

A line from the Dire Straits song “Solid Rock” comes to mind.

When you point your finger ’cause your plan fell through,
You’ve got three more fingers pointing back at you

One of the first lessons of email is to never trust the fields in the headers, they are simply text that any program (or even for that matter, someone at a keyboard in a telnet session to an open SMTP gateway) could initiate.

The real issue here is, why on earth are the papers and their correspondents communicating via email and not using some kind of encryption/authentication? It’s not like the technology is new, nor difficult. What we are looking at here is either ignorance of the technology (unlikely), or a risk management decision (conscious or unconscious) to not use it. As with all risk management decisions, each decision you make has a consequence and associated risk and probability. In this case the consequence of not using authenticated email has the risk of what we have seen just happen.

I find it laughable that having taken a decision to not use authenticated email that we now see the papers attempting to find a scapegoat other than the people who made that risk management decision.

The blame for the papers running with these stories lies fairly and squarely with the papers themselves. Any attempt to place it elsewhere is the result of people attempting to protect their own backsides. Then again, unfortunately our society has moved to the point where people (and companies, etc) are unwilling to accept the consequences of their own actions and decisions. It must be someone else’s fault.

A message to the newspapers, …. Grow up and accept responsibility for your own risk management decisions. The correct action here is not to find a scapegoat, but to learn from the event and act positively on it.

Many folks may have come across Dave Carroll because of his experience with United Airlines prompting the three “United Breaks Guitars” songs.

He’s also started a site titled The right side of right, which I would commend to you.

One of the entries in the blog from last November is titled “Statistical Insignificance“. There is a lot in here for anyone who is in customer service.

Getting it right most of the time may seem to be great from a statistical perspective, but when you start looking at what those small percentages multiply out to in terms of customer dissatisfaction, then to use his words:

“… seeing those kinds of numbers involving your company should leave you hunched in a corner in a cold sweat, rocking back and forth in the fetal position”.

Definitely worth a read!

Also worth a read for before you blow your stack at a customer service rep.

While I am relieved to find out that I will be offered a job in the new combined entity, it is with some sadness that I find myself today farewelling a number of folks that I have known for some time (some who have been with Sun locally for more than my almost eleven years).

To those departing I wish you all the very best in whatever you decide to do.

To those of us remaining, I look forward to sharing this exciting ride!

So you run and you run to catch up with the Sun but it’s sinking
Racing around to come up behind you again
The Sun is the same in a relative way but you’re older
Shorter of breath and one day closer to death

Every year is getting shorter never seem to find the time
Plans that either come to naught or half a page of scribbled lines
Hanging on in quiet desperation is the English way
The time is gone, the song is over,
Thought I’d something more to say.

– Pink Floyd

I just saw on Cnet an article titled Judge orders Microsoft to stop selling Word. OK it’s Microsoft you may say. I’m more concerned over the guts of this one. The lead paragraph is:

Judge Leonard Davis of the U.S. District Court for the Eastern District of Texas issued a permanent injunction that “prohibits Microsoft from selling or importing to the United States any Microsoft Word products that have the capability of opening .XML, .DOCX or DOCM files (XML files) containing custom XML,” according to a statement released by attorneys for the plantiff, i4i.

So if patent 5,787,449 has been used to stop Microsoft from selling such products, what (if anything) does it bode for things like OpenOffice.org?

This is really going back. I’ve been spending some time searching for where I first heard this comment made with regard to UNIX.

Memory is telling me that it was in the Edition VII days, back around 1979-84ish, and that it was perhaps one of (“Dennis Ritchie”, “Ken Thomson”, “Brian Kernighan”, “P.J. Plauger”), or maybe even Rob Pike or Steve Bourne. I have had no luck with google or any documentation I’ve got. The statement was in the context of the “UNIX Philosophy”.

If anyone can point me at a reference I’d certainly appreciate it.

Looks like I get to work just a little closer with some of my VOSJEC colleages (both past and present).

OK, I’ve been on holidays so I kind of have an excuse for not blogging this time.

Before I go on I have to acknowledge a man who quickly became a good friend in Second Life, who sadly passed on December 30. Chester Capalini was the monarch in the Tiny Empires kingdom (See Dana’s blog for more on Tiny Empires) that I was playing in. On the 29th (I think) he was admitted to hospital, very ill. I performed a song and dedicated it to him while performing in Second Life (Running on Faith) and 8 hours later he was gone. Chester had a great heart and lots of people miss him dearly.

I spent New Years Eve in Rockdale with some other Second Life friends who also happen to be musicians. Shan plays bass and Byron is a drummer. We had a great jam for New Years Eve. Had a message from Shan the other day that she managed to seriously jam her fingers in a door, requiring surgery. Fortunately the nerves are still there and the doctors expect her to be able to play again in about three months.

There has to be some lighter news here somewhere Oh yes, while this is the last work day that constitutes my holidays, it also happens to be my 44th birthday. Jake and Lucy prepared me some breakfast (A crumpet with promite, a nectarine and a chocolate milkshake) and brought it up to me along with their present. Mum and dad will be down later in the day to take us out to lunch, so there is something else to look forward to. If I can get my act together today, I might try to head out to Brackets and Jam South tonight, and if Dexter is playing at Iguana’s tomorrow that might also get a look in.

OK, I’ve been slack. Not only have I not blogged since September, I’ve been at CEC2008 since Saturday and also haven’t written anything.

The trip out

Caught a shuttle to the airport, grabbed some lunch after clearing customs and caught a United flight to Los Angeles. Unfortunately I was stuck in a window seat at the back of the aircraft for the 13 hours in the air which was less than comfortable, sigh.

As I was near the back of the aircraft I was one of the last off and at the rear of the line to clear US Immigration in Los Angeles. It was great to see the officers actually smiling and laughing with the passengers. Picked up my luggage, cleared customs and rechecked it. Walked out to terminal 7 to get the flight to Las Vegas. Cleared security ok, but unfortunately one of my colleagues was behind someone who they decided to thoroughly check the bags of, and as a result he missed the flight and had to catch another.

I arrived in Las Vegas and went looking for my checked luggage, …

This is the first time that this has happened to me. Apparently my luggage was still in LA, and might arrive on the next flight. As it turns out it wasn’t the next flight, they got it to the Casino after I was asleep about 11:30pm, so I got it the next morning.

Met up with Chris Gerhard on the bus and headed out to the Paris Casino. Quite a few of us joined up for a quiet drink in Napoleon’s Piano Bar.

Sunday

Didn’t wake up until around 10:30am and then spent the morning putting finishing touches on my presentation.

I noticed that the certification room was open, so I decided to give the Solaris 10 Security Administrator exam a go. This exam has a pass mark of 52% and the course notes and trial exams did not give me a lot of hope for getting through first go.

Imagine my surprise on scoring 71%! Wonderful I now posses the Admin, Nework and Security Certifications!

Attended the Welcome reception and hit the sack again. More later.