Let’s not Demonise Complexity

April 3, 2012 Mackie is a Geek No comments

When I first saw this image I smiled a little and thought wow they are trying to say complexity is BAD.

To many organisations complexity is bad mostly because they want to have a lower skilled workforce… Well it seems that way at least.

Metaphor for complexity

I was talking with someone the other day who was lamenting that “FIM was ridiculously hard, kind of like SCCM”.

I don’t want to rant about IT Generalists expecting to be able to just pick up the DVD and go with many Microsoft Technologies but will say I’m coming up on my third attempt at passing the FIM 2010 Technology Specialist Exam and it is NOT an easy product BUT I didn’t expect it would be …

I want to spend some time talking about complex products that make the Business of IT and the Business of Business easier or Complexity can be your friend.

So I’m keen to relearn my FIM 2010 mojo by building a solution but also because I’m an Infrastructure guy not an application developer, I’m keen to build it code free except for some PowerShell.

Password Creation Key Material

October 5, 2011 Random things that got my attention, Security No comments

I was reading my RSS Feeds today and saw a post from Wayne Small over at SBS FAQ talking about Passwords and how people store them.
He spoke about a Password Card from Savernova which gives you the beginning of a secure password system. It won’t protect you from a KeyLogger but it might protect a password to a password, which is what I might use it for…
I already use KeyPass for storing and generating my high value credentials so I can just copy and paste into Application and Web Dialogs well ones I don’t already have Single Sign on for (but that is another post)
KeyPass allows me to use a Password to open the Encrypted Password Safe AND I’m Pretty PARANOID (They still might be out to get me) so I store the App and Data on an IronKey that is pretty much always with me. Oh yeah the IronKey is Decrypted with a Password Sad smile
Now at work I use a Smartcard to login and our user Attributes are set to Require Smartcard so there is no worries about a Password or is there? My SmartCard Pin is an 8 Character Password DAMN
So to login to my Internet Banking I need a 24 Character Password I stored in KeyPass so here goes…
I am tempted to make lots of the passwords the same to make them easy to remember but I work in an Identity Management, Authentication and Security Team hmmm maybe not. Now If I did maybe they might be @BettyisPretty after someone I follow on Twitter (Because that Twitter ID makes me Smile)
Today I looked at Wayne’s Card and thought NOT Strong Enough and set about making my own
Here is how I did it:

  • Create a Constant in Excel and call it Characters
  • Insert the Characters in your Password Policy: 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*[]{}-+
  • Create a Matrix of Cells I used the same one as the Card from Wayne’s post and added some I didn’t think I needed to miss
  • Copy the Random Selection Formula to each Cell: =MID(Characters,INT(RAND()*LEN(Characters))+1,1)
  • Put a Border around it like Map Co-ordinates and you are good to go
  • Print
  • Laminate and
  • Insert into your Smart Card Holder

image
This is not the Matrix I’m using Smile and it changes with each open anyway so make sure you print a spare and save it SECURELY (against Loss not Compromise)
In my Scenario I might use the following to Comply with the ISM (Govt Security Guidance) Complexity Recommendations
Smartcard Pin – I5 Diagonal Down 7 Chars = iR5p7xh
IronKey Password – D9 Horizontal 8 Chars = “&0yfmgk
KeyPass Password – L3 Vertical 8 Chars = V-deJp#3

Open Source Procurement Policy – Reverse Discrimination??

September 5, 2011 My bizzaro world, Twitter Distraction One comment

I was an interested observer when AGIMO published their Open Source Software Policy Principles and recently I asked why are they in my view so one sided… Oh and on Twitter

I do think the Idea is solid but just like so many other things where we try to level the playing field we go to far the other way can’t we just require a detailed evaluation report be produced for all evaluations … Oh Wait Smile

Let me explain

There was a time when I was a bit of a hater when it came to use of Open Source Software and was often heard to say “Open Source is free if your time has no value”. These days I use quite a bit of software not produced by the closed source dynamos.

The Document that I’m wanting to discuss is

Australian Government Information Management Office
(AGIMO) Circular
 
Subject: Open Source Software Policy 
 
Approved by the Secretaries’ ICT Governance Board on 21 December 2010
 
Circular No:  2010/004

Now I think the intent is to level a playing field but I’d like to demonstrate how it really is reverse discriminatory.

Principle 1:  Australian Government ICT procurement processes must actively
and fairly consider all types of available software.

Australian Government agencies must actively and fairly consider all types of
available software (including but not limited to open source software and proprietary
software) through their ICT procurement processes. It is recognised there may be
areas where open source software is not yet available for consideration. 

Can we pretend that I am a Public Servant with a project that includes software? I like that all software types are actively and fairly considered that is great.

Not all requirements will have an Open Source option but how do I determine that?? There will always be someone who has better Bing err Google Foo than I. Am I responsible for an exhaustive search or is an ATM in ausTender the end of my responsibility?

Closed Source Vendors either respond or not this should apply to Open Source Vendors too in my view.

Principle 2: Suppliers must consider all types of available software when
dealing with Australian Government agencies.

Australian Government agencies will require suppliers to consider all types of
available software (including but not limited to open source software and proprietary
software) when responding to agencies‟ procurement requests.  
 
Agencies are required to insert this requirement into their tender documentation. 
Suppliers will need to provide justification outlining their consideration and/or
exclusion of open source software in their response to the tender.  Agencies will
determine compliance with this requirement when assessing tender responses.  

I have enormous problems with this Principle…

We provide solutions we are expert in implementing and supporting we do not pretend to be all things to all people.

This Principle forces two outcomes:

  • Justification of consideration and/or exclusion of open source software. This forces a bidder to say something negative in order to be compliant either:
    • We are not able to provide breadth of services or (not great about the bidder)
    • All other options but the one we are pitching are inferior AND BTW we have checked them all (arrogant and maybe actionable)

I’d much prefer to talk about benefits of our solution and not even talk about things that don’t enhance the evaluation teams understanding of our capabilities.

  • An evaluation team needs to decide about non compliance based on this requirement. What if a bidder says “we did not consider ANY open source options because we believe our closed source partner fits the requirement” is this a non compliant bid? Should IBM be required to explain why they did not pitch Exchange in place of Domino? or Vice Versa

Principle 3:  Australian Government agencies will actively participate in open
source software communities and contribute back where appropriate.

The Australian Government, through AGIMO, will actively seek to keep up-to-date
with international best practice in the open source software arena, through engaging
with other countries and organisations. Australian Government agencies should also
actively participate in open source software communities and contribute back where
appropriate.  

I have no problem with Principle 3

The Key points I think are fantastic except Point 4. I think it needs work and hopefully I will have explained my position adequately enough to help someone smarter than me to redraft something a little better.

Key Point 4.  Agencies should consider re-using existing software assets before acquiring either open source or proprietary software.

I think the decision to reuse existing assets is often not taken due to fear of being accused of not being open to the market, particularly when software licencing bundles include features where there are vendors of niche software now commonly included in most operating systems.

This usually makes Departments go to tender to seem impartial and then something unexpected happens, nobody bids the product / feature that is bundled because you can’t sell someone something they already own.

This is a shame because the bundled product often needs to be disabled at risk to the solution and expense, all because the evaluation team has no option but to say if the vendor wanted us to use their product they would have bid it.

This really is a big issue not strictly related to OSS but I’m sure a frustration for IT Teams who if they could, would in house bid the product they have and can manage best.

Of course they shouldn’t have to.

Are you coming to InfraSat in BrisLantis? I am

September 3, 2011 Cool things I get to do, Networking (NOT Computers), Out and About No comments

Last year I had the opportunity to attend Infrastructure Saturday in Brisbane and remember having a fantastic day.

There is a call for topics coming soon and not certain I won’t want to talk, maybe format and something interesting to say will be my limiting factors.

Perhaps I should talk to Shane and Alan about a session where folk get to pitch an idea or a project they would like to get off the ground and would want some help collaborating on, kind of the 2-5 minutes pitches at the end of Bar Camp

Any way if I were to talk about anything it would be Identity and Access Management or Run Book Automation or maybe BOTH how about System Center FIMhestrator ????

I’ll be having a think about what I could do and maybe you should too. Last Year I saw the first Public Presentation by the Molk and I hope not the last by any stretch.

ANYWAY it all starts with registration and ends with Beer on Saturday Night so are you interested …

UPDATE:-

With the Quick Pitch Session idea I was meaning …

Something like Teachmeet sessions

  • Micro-presentations – lasting 7 minutes
  • Nano-presentations – lasting 2 minutes

Micro Presentations could be a Quick Tip / Idea / Best Practice and a few Minutes Q&A

Nano Presentations might be I have been thinking about how we might build Blah here are the beginnings of the requirements… Can we collaborate on Documentation, Automation, Design. Who’s with me?

Thanks GFI and Jinx

July 5, 2011 Mackie is a Geek No comments

I entered a draw for a free T-Shirt some weeks ago and I buy tons of Jinx T-Shirts too. Today I got an I’m a Tech Blogger T-Shirt from GFI and a Sticker Pack from Jinx so to express my Gratitude and Joy I have made this my Photo 365 Project snap for today.
Had they not come it would have been something else.

I'm a Tech Blogger and a Geek
I am really glad to have been selected by GFI for the T-Shirt and Best get back to blogging more on my Tech Blog

Of course as I have said before I love Jinx and almost exclusively wear their T-Shirts so if you click the Banner Below when you order I’ll get a small amount of Jinx Gold for my very expensive habit Smile

#BCC2011 How to Handle Difficult Clients

March 22, 2011 Mackie is a Geek No comments

imageOne of the best sessions I went to at Bar Camp Canberra 2011 was “How to Handle Difficult Clients” by Danni (@daniib) and Jason (@jhando).

I found them both to be engaging speakers although it was mostly a conversation. Which gave me some insight into what it might be like to be a client ish.

I took quite a few notes and rather than retype and reimagine these are the notes as I took them

BTW I thought the session was great and some other folk spoke to me about it later and Lurved it too

imageimage

Andy Clarke’s Killer Contract

Andy Clarke 24 Ways

Merlin Project Method

The Tyranny of Email Standards

March 11, 2011 Mackie is a Geek No comments

Funny this happened mostly due to poor email addressing standards

In order to do get uniqueness some environments create standards which make it hard for users to find each other. In this case I am Mojo_moj180.Jojo@smemanaged.com for example but there is a mojo.jojo@smemanaged.com neither are real BTW

So when people search for mojo they just get one hit and it is not me because nobody has a first name of mojo_moj180 Sad smile 

So you can imagine how I lost it when I saw this today…

 

Fw: Amen!

Buttercup_bum215 Utonium

to:

Mojo_moj180 Jojo

11/03/2011 11:09 AM

#fail
With thanks,
Buttercup Utionium

Crime Fighter Prior to bedtime

—– Forwarded by Buttercup_bum215 Utonium on 11/03/2011 11:08 AM —–

From:

Mojo Jojo

To:

Buttercup_bum215 Utonium

Date:

11/03/2011 11:00 AM

Subject:

Re: Amen!

Hi Buttercup
Wrong Mojo Jojo – but I like your goals for today.
thanks
Mojo Jojo

 

From:

Buttercup_bum215 Utonium

To:

Bubbles Utonium, Blossom Utonium, Rowdy Rough Boy, Mojo Jojo

Date:

11/03/2011 09:50 AM

Subject:

Amen!

clip_image001[4]

With thanks,
Buttercup Utionium

Crime Fighter Prior to bedtime
Have a great day!

Small Agency Mentoring Program #AGIMO

December 12, 2010 Networking (NOT Computers), Random things that got my attention, Twitter Distraction No comments

I recently began following John Sheridan from AGIMO and since I’ve not followed much of what he has been doing since I was in Defence, I took a peek back through his Twitter Feed in as non stalkerish way as possible (BTW Days NOT Years) came across a link to the Small Agency Mentoring Program (SAM).

Mentoring programs like SAM are important because they help to build the capability of the APS by strengthening cross-agency relationships and developing future ICT leaders. For more information on mentoring programs supported by the Department of Finance and Deregulation please take a look at the website:

I’m an IT Contractor and have been for many years and the thing I find all over is Infrastructure People in Agencies both big and small have very little clue who their peers are, let alone what they can share with each other.

I notice Mentoring Programs for SES and Women in IT both of which I’m very supportive.

I wonder if Agencies are to do more with less how do Technical Leaders (Contractors too) get to network and share with each other.

I use Facebook, LinkedIn and even Twitter to extend my contacts in my field and locally try to connect widely with my peers. I am aware that there is some nervousness from Agency Security Advisors about public social networks and I understand why they think they should be nervous however are we not talking about professionals.

I guess I’m proposing Public Social Networking for an Essentially Closed Population. Not seeking to provide an answer but wonder how to discuss this sensibly.

What I’m saying is good job going as far as you do. How do we grow that???

Comments OPEN

Small Agency Mentoring Program | AGIMO Blog

Games Meh but XBox Kinect in every Board Room #messaging

November 20, 2010 How I work, Random things that got my attention, Thinking about my Business No comments

I’m no big gamer I just don’t have the time so when I do set aside enough time it tends to be something like a retro game of Age of Empires or Diablo so XBOX has not been a big focus for me.Well except for the version 1.0 I have with XBMC loaded.
I have been focusing on how my customers might get value from messaging systems that extend what they already do and the Tandberg Systems they have been putting in are kind of sweet. Well not really the Tandberg kit more the 60” plasmas (3D, SD & USB plus divx)
Imagine my surprise when I saw …

In a move that surprised practically everyone, though, Microsoft also said that users of Lync (and Office 365) will be able to videoconference with home users of XBox game machines through Kinect, a new camera peripheral that tracks users’ movements in a room using infrared (IR) wireless.

Now I wonder if we need to gateway this through XBox Live or if we can directly integrate with an in house Lync 2010 System?

Microsoft will also add the shared videoconferencing capabilities for Kinect through a software update.
Corporate Lync customers can ditch their old PBX and phone systems to run Lync entirely on one or more servers. Alternatively, they can hold on to these legacy systems and interface them to Lync through gateways

Here’s to hoping that the firmware updates allow us to point to our own system if they do I can see big potential.
Plus so interesting XMAS parties in future.

Source Betanews.com

Privacy Options that don’t protect my privacy

September 19, 2010 Community Events, Random things that got my attention, Small Business Specialist Community No comments

I was signing up for a Microsoft Regional Business Building Event and part of the sign up form included…


   
info-32-32Privacy:
  
  
  A response for this question is required.

I do want Microsoft to contact me because we are a partner so I can’t tick that button.

I do not want Microsoft Partners to contact me because I am that trusted partner and won’t want SPAM from my competitors.

I am not concerned about the mail because I have a delete key, but I also don’t want to give explicit permission to these other companies to send me offers. I guess creating an Outlook rule for “Competitive Intelligence” is my only option.

Just saying

« Older Entries