Your Typography Does Not Constitute My Interest

There is a site I follow on RSS that prefixes the following to posts:

> I spent lots of time on typography, so you should read this article in its original form at …

Nope. I shouldn’t. No one should.

I could be wrong, but there is no style over substance argument outside of certain political and artistic circles.

If your site or blog or content or whatnot relies on typography and you’re not first and foremost an artist, you’re doing it wrong.

Also on:

Bad Consultant!

I’ve committed two cardinal sins of consulting: I was, for all intents and purposes, unreachable for several days and I have long lingering outstanding expenses.

I’ll save you, Dear Reader, from any details or explanations or excuses. Instead, I’ll use it as a launching point for composing a list of Consulting Sins.

  1. Discussing the client in public
  2. Posting on-line about the client, especially during client meetings.
  3. Leaving one client’s name & references in a document or presentation for another client.
  4. Abusing expense account and billable hours.
  5. Not being reachable.
  6. Letting expenses accumulate.
  7. Failing to submit billable hours on-time.
  8. Over promising and under delivering.
  9. Booking yourself in two places at once.
  10. Lack of preparation.
  11. Don’t proof read, peer review, spell check, and grammar check things going in front of the client.
  12. Overestimate the amount of time you have to deliver anything – you never have enough time.

I’m sure there are more. One colleague of mine would definitely include failing to carry a stain remover. Add your recommended cardinal consulting sins in the comments.

Also on:

Full Disclosure vs Cover Up vs Sneaking

http://orig06.deviantart.net/c107/f/2013/364/3/5/pizap_com10_60045816423371431388423668218_by_mikamilacat-d70116x.jpg
Netflix hasn’t had a good Public Relations (PR) week.

The company admitted to throttling the bandwidth of users coming from Verizon and AT&T mobile in the US. Netflix claimed it was for the good of those users so they would less likely exceed their data allotment. Netflix also said they were doing such throttling for years.

I get why Netflix did what they did. As a former network manager I made similar decisions.

I did not, however, do so without the informed consent of my customer. Netflix seems to have missed that part.

There’s a saying in the US: The coverup is often worse than the crime.

As far as I know, Netflix didn’t retroactively try to bury references to what they were doing.

They did perpetrate perhaps a more egregious sin – sneaking it in without telling anyone.

By failing to “get in front” and “come clean”, Netflix engendered ill will from users. They got bad press.

It was easily avoidable, and Netflix probably would’ve received kudos for their actions.

Had Netflix simply let users on those networks know that throttling was taking place, either for performance or to save user’s data allotments, I doubt any concern would be raised.

By not coming out, being clear, and informing users of their practices, Netflix will live under a shadow of doubt for years.

As security professionals, if we want the Business and users to take us seriously, we need “upfront and transparent” as our mantra as much as possible. Take the lesson here and apply it in your environment.

What are your thoughts?

Also on:

Lotus Notes & the Hidden Outbox

Big Blue’s mail standard is Lotus (now IBM) Notes. My work machine runs version 9.

My client engagement Associate Partner asked me to send him documents. I sent them via email as one does. Later he pinged me to the tune of “where are they?” and “I don’t have them”. He closed with a rousing chorus of “Get them to me now”.

Puzzled, I checked my mail replication. Sure enough my outbox showed a seemingly perpetual 86% complete. I found the message to the AP in my Sent folder. My error was obvious: the files in total size would choke a rhino. I failed to notice one file with a modest page count had several other files embedded.

I sent the AP the lot via a more conscientious method, then I turned my attention back to my clogged outbox where multiple other emails waited patiently for their turn behind my choked rhino.

I knew Notes has an outbox. I couldn’t find it because the interface hides it. After a multitude of DuckDuckGo searches I found the solution.

Solution

  1. In Notes, type [CTRL-O] to open the “Open Database” dialog.
  2. In the File field, type ’mail.box’ (no quotes).
  3. Change the File type to All Files. mail.box will be in the list.
  4. Select it and click Open.
  5. Find the file blocking the others, select it, and hit Delete.
  6. If the file doesn’t delete, try hitting [F5].

If you’re on a Mac and this doesn’t work for you, replace CTRL with CMD in step 1 above. Your outbox will clear on the next sync.

Notes

You can add a bookmark in your Notes client for the outbox to make it easy to find again.

References

Subject: Pending mails in outbox

Hi Ranjit, On your workspace – press ctrl+O – that would bring up the open DB window. Now in the file field, type ‘mail.box’ and click open. That would open up your local mail.box file. Delete the emails if they are not required.

Dev

Feedback response number WEBB86RE2W created by Nimda Onimod on 06/25/2010

Also on:

For Security Pros, Maintaining Credibility Means Walking A Fine Line

In the old fable, the Boy Who Cried Wolf was capricious and stupid. He cried “wolf” the first two times because he wanted to see who would come. The third time, when the wolf actually appeared, he cried out and no one came. He became wolf chow.

But what if the Boy Who Cried Wolf had actually seen a wolf the first two times? Would help still have come the third time? What would have happened, in that wolf-infested forest, if he had cried five, six, seven times?

This is a question that IT security professionals face every day. And there isn’t always a clear answer.

via For Security Pros, Maintaining Credibility Means Walking A Fine Line | Dark Reading.

This is always a concern for InfoSec professionals. Another piece that goes with is a measured response. Running around claiming the sky is falling at the first blush of a security issue only to later learn it’s not as bad as the headlines made things out to be can also poison the audience to real threats.

I like this quote from the same article:

A security warning is only as good as the credibility of the professional who delivers it.