Category Archives: Uncategorized

Dropbox: The saga continues

Dropbox was not hacked.  At least, that is according to them.  And in truth it wasn’t… at least, not in the strict definition of the word hacked.  With that being said, it was compromised.  It could in fact be that another service was hacked, but the hackers then cross-referenced those passwords to Dropbox and found hundreds (if not thousands) of them worked.

The bottom line is you have to change your passwords – all of them – often.  I don’t have a recommendation of how often, but more often than twice a year for sure.  Also here’s a good rule: if you join a site and they e-mail your password to you, assume that the password you used is not secure.  If you enter a password on a site they should be able to send you a link to reset it, but they should not actually know what it is.

For more information, see the following article from my archives: http://garvis.ca/2012/11/21/pass-the-word/

Are you embarrassed?

Originally posted on The World According to Mitch:

We have all done things that we are ashamed of, embarrassed by, or simply regret.  If anyone tells me that they have not then I will say they are probably lying.  The thing is, the world has changed over the past few years, and there are two factors that we all have to be concerned by:

  • Everyone has a camera (and video camera) in their pocket; and
  • The Internet is forever.

When I say we have all done things that are embarrassing I do not mean simply tripping over an untied shoelace while all eyes are on you.  That sort of thing happens to everyone.  As my friend Bill Sparks used to say ‘just say ‘Tadaah!’ as if that was what you meant to do.  I am talking about the sort of thing that ten years down the road can come back to bite you.

Over the last twenty years…

View original 1,967 more words

Bypassing IT: A REALLY bad idea.

Wow. I just read an e-mail that made me lose a lot of respect for one of the most respected publications in the world of journalism: The Wall Street Journal (www.wsj.com).

The article, Ten Things Your IT Department Won’t Tell You, outlines several (would you believe 10) issues that employees encounter with corporate systems, and how to get around them.  I encourage you to read the article, but here is the list:

  1. How to send giant files
  2. How to use software that your company won’t let you download
  3. How to visit the web sites your company blocks
  4. How to clear your tracks on your work laptop
  5. How to search for your work documents from home
  6. How to store work files online
  7. How to keep your privacy when using web email
  8. How to access your work email remotely when your company won’t spring for a Blackberry
  9. How to access your personal email on your Blackberry
  10. How to look like you’re working

This article was shared by one of my LinkedIn contacts recently, and if you are looking for proof that the article is outdated, all you have to do is look at the items that list Blackberry and not mobile devices – since very few companies are still on the BB platform.  As a System Administrator and self-proclaimed IT Fascist (there are two ways to do IT – my way, and the wrong way) I nearly fell off my chair when I read the list, as well as the mitigations and risks that are outlined therein.

Let me be honest… as an IT Pro I don’t care if you ‘look like you are working’ when you are not. While there may be consequences for the company, they do not generally affect my bailiwick.  I also don’t care if you try to cover your tracks on your work laptop.  Frankly I think it is a good idea to keep your system as clean as possible, and anything that I need to track should be tracked at the server (cloud) level, which the end user is not able to touch.

Now that I have cleared two of the listed items, let me say this clearly and for everyone: When you came to work for the company, or sometime thereafter (when I or an equivalent me came to implement policies and procedures for the company) you signed a document that is called IT Usage Policies, or something else with the equivalent meaning. It is a document that your HR department has on file somewhere, and it is a legally binding document with your signature on it.

I don’t know what your company’s policies are… they can be as vague or as detailed as your company’s legal department felt necessary, often based on various certifications (ISO, FISP, Sarbanes Oxley, etc…) that your company tries to comply with. It might say something as vague as ‘All systems provided to you by the company are the property of the company, and are only to be used in accordance with the company’s IT policies,’ or it may be as complex as a twenty page document written in legalese with bullet points and sub points and sub-sub points.  Whichever it is, there is a very good chance that anywhere from five to eight of these points are fireable offenses… and at least a couple of them could actually be criminal offenses that could land you in jail.

Yes, that sounds pretty severe… but if you send confidential corporate documents outside of the firewall so that you can access them remotely there is a case to be made (and it’s not a stretch) that you are involved in corporate espionage. If your company does not want you to access your e-mail (or any other corporate information source) remotely it is often not because they are too cheap to spring for a mobile device, but because they want to ensure that any sensitive corporate information does not leave the relative security of the corporate systems.

As a Systems Administrator I have designed the company’s infrastructure to be as secure as the company is willing to make it. Sure, there are some websites that I do not want you to visit because the content is inappropriate, but there are others that inject Trojans and other malware into your system that infect my systems, and can destroy the integrity of our systems.  In most companies the systems are like an egg… we have hardened the outer wall with firewalls and intrusion detection systems, but because you have asked us to make them as useable and friendly as possible the inside is more like the insides… soft, and vulnerable.  So if a particular website is blocked by my systems don’t try to bypass my systems!

Unless we have a specific policy guideline for it (and you have a valid reason for it) there is no reason you should bring your own personal device in, and if we have a policy that you can only use sanctioned and licensed software we have a reason for that too… one of those reasons is that if you bring unsanctioned software in we are responsible for the license (and therefore the license violation).  We would also be responsible for keeping it properly patched, which we cannot do if we don’t know it is there.  We don’t let you install software on your own not because we don’t trust that you know how to press <NEXT> <NEXT><NEXT><FINISH>… we don’t let you do it because there is more to installing software to that.

If you have a giant file to send, ask me for help. There is a good chance that I have implemented a sanctioned way to do it.  Any other way… remember that corporate espionage thing?  Same thing… in or out, I need to be able to see what is going out and coming in.  Out, because you may inadvertently use a system that is not secure and compromised, In because if you want to bring a file into the company I need to make sure it is not compromised, not a virus or malware or anything else.  I don’t want to take your word for it, I want to scan it.  Don’t take it personal, it is not that I don’t trust you… it is that I do not trust anyone, and for that reason I don’t bypass the systems that I don’t want you to bypass because I don’t trust myself either.

When you joined the company (or sometime thereafter) we may have issued you a mobile device. If we did not, and if we did not give you a talk about BYOD (Bring Your Own Device) then there is a very good chance that you do not need to access your data or e-mail during off-hours.  Because of that do not try to check your e-mail on your own device.

I don’t know what your job is. You may work in HR or Sales or Marketing or in Widget Production, I don’t know.  It is not that I don’t respect what you do – I really do.  However I need for you to respect what I do too.  My job is not only to provide you with the IT tools you need to do your job – that is certainly part of it.  However the other part is protecting the company from hackers, data loss, and all sorts of other things that you probably don’t need to consider… but please know that I cannot do my job properly if you go out of your way to circumvent my systems, and I grant you that there are workarounds for a lot of my procedures.

You might get away with it… you might even do it safely. However if I do discover that you are doing this expect to be called into your manager’s office for a good talking to… and depending on several factors know that you may be joined by a security guard who will be tasked with taking your credentials away and escorting you from the building.

zone-perfect-chocolate-mint-1024x764

The Evils of Offices…

I have really been enjoying working at Yakidoo.  The people are really nice, I am enjoying the work, it’s all good.  However they are out to get me, the lot of them…

As I have mentioned in the recent past I have been losing weight.  It is, as anyone who has gone before me knows, not an easy journey.  So when the culture of an office is ‘Hey, I want to be nice to everyone, and since I am going to Tim Hortons anyways I might as well pick up a box of doughnuts for the gang.’ the need to maintain discipline is more important than usual.

chocolate_chip_cookieYou see, at home I have been good.  I don’t keep the fattening foods that I love in the house, so if I am in the mood for something it is more than just ‘go to the fridge and get some.’  I actually have to get up, go out, and either walk or drive to the store.

Last week I was very proud of myself for ignoring the doughnuts.  Today I was not as good when Lorena (she looks so sweet and innocent, but I am about to prove she has her diabolical side) came in from lunch with a box of chocolate chip cookies.  I had just gone downstairs to pour myself a cup of coffee and there they were… I decided that since I had been so good yesterday (aside from burning over 2000 calories walking, I also didn’t come close to hitting my calorie limit for the day) I was going to indulge.  I opened the box and grabbed a couple.

The first bite was already in my mouth when I realized that even when indulging (or especially when…) I have to track what I eat.  I pulled out my iPhone, opened the MyFitnessPal app, and scanned the barcode on the box.  I learned two things… the cookies were from Whole Foods, and they are more calories than I wanted to waste on a cookie… or at least on two of them.  I would have put the second cookie back in the box, but since I have been coughing all week I played it safe and threw it out.  The one cookie (at 160 calories) was very good, and complimented my coffee well.

Truth be told, it was a good cookie to be sure, but not much better than the nutrition bars I keep in my desk for mid-morning and mid-afternoon snacks… the whole bar (1.76 oz of minty chocolate) has 210 calories (60 from fat), but it also has 14g of protein, nearly zero cholesterol (the cookie has 30g).  The carbohydrates are the same, but aside from that the cookie has no nutritional value.

In the end the single nutrition bar is more satisfying than a single cookie (although two would have been tough)… I’ll stick to them.

And as for the Diabolical Lorena… I’ll get you! :)

Losing a Part of Me… What I would like to share.

Last week I posted on Facebook that I have lost 25lbs in the past three months, and a lot of people offered words of congratulations and encouragement. I want to thank them for that.

The truth is, I have struggled with my weight for the past twenty years. Since before I got out of the army I have been gaining weight, and have not had the willpower to really reign it in.

When I was engaged to my first wife I started at Weight Watchers, and had some pretty good success with that. I was also jogging – a lot – and that helped too.  However after she left me, I was in a terrible funk; I went to a Weight Watchers meeting and they told me I had gained a couple of pounds, and I said something like ‘screw this.’ I dropped my tracking card into the trash bin and walked out.  I remember that nobody tried to come after me, nobody tried to call me and see if I was okay, and I was done losing weight.  It wasn’t their fault, it was mine.

Early in my relationship with Theresa she and I tried to lose weight together. We joined Weight Watchers, but she and I were not cut from the same weight loss cloth, and it just didn’t work out.  I think the truth is that I need things to be a lot more structured and regimented with regard to weight loss, and she was more fluid with it.  Especially when I was traveling as much as I was, dieting was just not something I was good at.

I joined Master Kim’s Oriental Martial Arts College.

While my joining OMAC did not do anything in the immediate, over the years it would be extremely important to my weight loss and overall health status.

In April, 2010 Master Beis and I decided that I should train to achieve my Black Belt in June. I told him I was going to work my ass off (which I did), and that I was going to lose weight (which I did).  For seven weeks I did not eat meat, I deprived myself of a lot of the foods I love, and only under his careful supervision did I cheat a little.  I lost 35lbs in that time frame, and when I tested for my belt I was feeling great.  The problem was I was depriving myself… it was a temporary solution.  That night I went out with some friends to a pub in Oakville, and for the first time in nearly two months I ate (beef) ribs, chicken wings, and drank beer.  It was only supposed to be a one night splurge… it did not work out that way, and over the next eighteen months I gained all the weight back… and more.

In January, 2012 Master Beis and I decided I should train to achieve my Second Dan Black Belt that June. He told me that I needed to lose a lot of weight, and I dedicated myself to doing so.  Unfortunately I fell in with a bad crowd – I knew that any diet that involved meal replacement powders and that crap would ultimately fail, but she sold me on it, and Theresa tried it too.  I actually did pretty well on the program – it was easy to do while I was on the road because I took all of those packets and supplements with me – but as Master Beis warned me I was doomed to fail because the minute I stopped following that program I would gain back all of the weight.  As is usually the case, Master Beis was right.  I lost nearly fifty pounds using that program, and when I tested in June I was the slimmest I had been in five years.  Six months later I had gained back twenty pounds, and after a car accident in December I gained back the rest… and more.

In August, 2013 I made the decision to speak with my doctor. Although he was and continues to be a great support, the most important thing he did was to refer me to a weight management clinic.  I started going that month, and with the exception of the time I was in Japan, have gone every few weeks ever since.

I lost some weight when I was in Japan, and I was feeling great. It wasn`t that I was following the program that I had learned from the WMC; it is just that living in Japan (as long as you like Japanese food) it is very easy to eat properly, and because I loved to walk around it just was easier.

Unfortunately (for many reasons) when I came back to Canada my marriage came to an end. The life that I had grown accustomed to and comfortable in ended quite abruptly.  I became very depressed, and (as we discovered when my first wife left me) when I am depressed I tend to eat.  I started to gain the weight back, and by the middle of May I was within 8lbs of where I had started (I weighed more than I ever have in August, 2013).  I was still going to the appointments at the WMC, but I was slipping backwards.

In May the doctor at the WMC suggested I consider bariatric surgery. Someone close to me had very good results with it, and swore by it.  I told them I would consider it.  I sat down and had a very long, hard think.  I looked at myself in the mirror and hated what I saw (both physically and otherwise).  I made a few decisions that I hope will affect the rest of my life.

  1. I started following the weight management plan. It is not a diet; it is an alteration of my eating habits that should stay with me for the rest of my life. This involves tracking the food that I eat, so if you ever eat with me you will likely notice that I track everything in my smartphone (using an app called My Fitness Pal).
  2. I returned to Taekwondo. The sedentary lifestyle I had been leading was not conducive to losing weight, nor living healthily. I told Master Beis that I wanted to work toward my Third Dan Black Belt, but not in November (which was certainly doable) but for next June. I was going to tell him that I wanted to lose at least 75lbs and hopefully more before I tested, but he beat me to it – he told me that he would not let me test unless I lost a lot of weight.
  3. I have once again begun to live my life remembering that I am a Black Belt, and there are serious discipline implications to that. I believe there is a difference between people who have a Black Belt and people who ARE Black Belts. The discipline that I need can be found in that, as can the will power.
  4. When I was asked by Master Anthony Godoy if I was interested in teaching, I jumped at the chance. I was apprehensive at first for a number of reasons, not the least of which is that at my weight then (and still) I do not LOOK like a Taekwondo instructor. I suspect there were a few students and parents who looked at me with a very hesitant eye, and I have worked hard every class to make sure I can not only allay their fears, but surpass their expectations of what they expect in an Instructor.

I am sure that anyone who has ever been severely overweight knows that there will be people who give them no end of grief about their weight. In my experience those people, who are trying to help, are doing anything but helping.  I have told my parents (and several other people) that I do not want their input on my weight, even as I am losing weight.  Honestly, the people who stressed me out with their grief as I was gaining weight, will continue to stress me out even with their encouragement.  So there are fewer than five people who have the right to open a conversation about my weight with me, and trust me reader, you are not on that list.  In most cases it is nothing personal.  In some cases it is.  However let me be clear: my being fat is personal, so live with it.

So what does it feel like to lose the first 25lbs? It feels good, yes… but for everyone who asks, it is probably not something I want to talk to you about. When I comment on Facebook that I am wearing pants that I have not been able to wear for eighteen months please feel free to offer words of encouragement.  However it does not mean you can talk to me about how I am dodging a bullet, and lecture me on all of the negative health effects of being overweight.  I think most of you know I am a pretty smart guy, and I know what the health implications are.  You are not helping, and I would sooner not have the conversation with you.

For those of you who have been encouraging, I thank you. But think back since you have known me: if you have ever said to me anything along the lines of ‘you should lose weight’ then kindly refrain from saying anything more than ‘keep up the good work!’… I don’t want to hear it.

Along the same lines, please don’t ask me how much I have lost, what my goal weight is, how I did it, do I ever get tempted, or anything like that. Don’t ask me how much I weigh or how much I weighed when I started.  Unless I decide to share any of that with you, it is none of your business, and yes it will bother me when you ask.

If you see me eating something I shouldn’t (and yes, occasionally I indulge) don’t say it. If you are going to temper it by starting your sentence with ‘You know, I probably shouldn’t say, but…’ THEN DON’T! Anything you might say after that will piss me off, and if I respond either loudly or snidely then you deserve it… If you know you shouldn’t (as you said) then don’t. Period.

I am not looking to be an inspiration to anyone… I just want to be a better person, and a better martial artist. If you want to encourage me, and I am still on the right path by then, ask if you can come watch me achieve my Third Dan Black Belt.  If you’ve never watched a Black Belt testing, you don’t know what you are missing!

(And yes, you can buy me a drink afterward!)