I never stated anything about your wife's cellphone. I'm talking about server administration. We're talking about data of 9.3 million records of healthcare records, and if that data is on your phone you are a fucking moron. I take everything back. You are not a 3, you are a 4. You are actively against knowledge and learning new things in an industry where change happens every 5 minutes. We are beyond loggerheads, you need to be permanently fired and excommunicated from the data security industry if you currently are working in it. Wade through my experience? What do you think doctors do? They read a book and start cutting people open? They learn, they constantly learn, and they SHADOW OTHER DOCTORS WHO TEACH THEM THE WAYS OF THE BUSINESS. EVERY other industry operates this way. EVERY SINGLE ONE. Even McDonald's workers shadow other McDonald's workers to get experience. I went to Taco Bell once and had a confusing conversation with the drive in attendant saying I ordered "A burrito" when I actually ordered a specific type of burrito and was confused if they had placed the order incorrectly. When I got to the drive up he was in training and the guy was telling him he should have told me that I ordered a "burrito grande whateverthefuck" because it confuses the customers. It's a simple mistake to make, but the worker was willing to learn, and learned it right there. I doubt he confused another patron again. That's a good employee. I'm the type of person that is tolerant to lack of knowledge, because I remember when I was that way myself and wished I had more guidance. So I provide it to those who want it. But those who don't want it and want to just sit around and collect a paycheck while fucking the rest of us over because they aren't willing to listen to the (REASONABLE, not elitist pricks) intelligent people who are trying to help are a significant problem. But everybody else? They plug the fucking radio into the PBX and call it a day. Because we don't have time for that shit, and we shouldn't be required to. It isn't about blame. It's about a reasonable effort for a reasonable return, and you're advocating a strenuously unreasonable effort for a truly minuscule return. This example has nothing to do with what we are talking about. I'm not talking about phone systems, I'm talking about data protection. Phone systems aren't going to cause 9.3 million records of data being stolen. And you're right, that sounds like a dumb law. When did I support that law? My strenously unreasonable effort is something that takes about 5 minutes to enable on a SAN or a filesystem level snapshotting system to protect the identities of millions of people. In ANY environment in the healthcare industry where you are now responsible for backups, they would immediately tell you to do so and explain how. I thought you were arguing in favor of the end-user, but really you are just arguing that all IT workers are bad because of your bad experiences with tech people. I'm simply pointing out that in the healthcare industry not only is it highly regulated and wouldn't have these issues. I don't set policies, and I don't enforce policies. I don't advocate policies. I'm simply informing people that because of current regulations, this wouldn't be an issue. Probably ever. It's like having a lawyer trying to explain to you how the NSA justifies their surveillance through the legal system and then you kneeing the guy in the balls. All the while him thinking, "Not one law I just described do I think we should have on the books, but if we can't explain what laws are on the books we can't revoke them." You are being entirely counterproductive here. These conversations with you exemplify everything that is wrong with Reddit. Not Hubski, Reddit. This is supposed to be a simple discussion place, and not a flame war over god knows what anymore.I have turned many 3s into 1s with a few months of experience, teaching, and priming with proper ways to find, locate, and read through reference documents.
Dude, fuck that shit. Fuck it in the neck. Fuck everything about it, fuck it sideways, fuck it upside down, fuck it raw. You're saing that "a few months" of wading through YOUR world is necessary for me to connect my wife's cell phone to my wife's office phone without breaking the fucking law.
Had a coworker. He used to be a license enforcement dick for Muzak. Means he'd wander around to restaurants and shake down people who were playing the radio instead of paying Muzak for their shitty $25/mo mechanical royalty service. So when the office we worked at wanted to put music-on-hold on our phone system, the asshole made the receptionist get a written letter of permission signed by a lawyer in order to use her fucking string quartet on our phone system. And he was technically correct - the worst kind of correct.
Bitch, I am the end user. I am the client. I am the IT department because the company has one employee at the moment. When it's firing on all cylinders it'll have four. But the liability is the same. The problems are the same. The issues are the same. I don't work in IT, don't want to work in IT, don't want to touch IT. But I'm the IT department 'cuz if it isn't me, it's my wife. So I am talking about bouncing between the office phone and the cell phone because HIPAA doesn't care and VoIP, Skype, EHR, it's all HIPAA, it's all on CAT5, and it's all my problem. So talk dismissively about filesystem level snapshotting system and know that me, Mr. I am not good with computer, can successfully recover from the fact that Synology wiped my network stores due to a bug... but that I'm 100% entitled to resent IT workers that get all up in my business for feeling guilty for not wanting to devote my life to learning how to recover data from errant Synology NAS boxes. Because THAT is the issue: I just wanna run my fucking blacksmith shop, but you want me to be prepared for the Inquisition.I never stated anything about your wife's cellphone. I'm talking about server administration.
Unless your blacksmith shop deals in 9.3 million SSNs, none of what I'm talking about nor what I've argued about applies to your business. If your blacksmith shops deals with 9.3 million SSNs, then you should hire tech staff. I'm talking about major corporations who give no shits. I'm talking about Dell, who have repeatedly shown they don't care (internally). I'm talking about Sony, Target, and I'm talking about Home Depot, and I'm talking about all of these breaches that are occurring. These organizations need to be held accountable. You are not a target to hackers, so I don't care what happens to your data. Going back to my rollercoaster/theme park example, your organization is a 10ft waterslide. Unless you built it out of jello I can't imagine a scenario that it matters. This whole article is about healthcare, not blacksmithing, and I focused on the article's field, not yours. I stated that the healthcare industry, IE: Health Insurance Providers who are large organizations, likely have no need to worry about ransomware on their servers because they are large organizations who would be doing many forms of backups anyway. Small businesses absolutely have to worry about ransomware, and I'm not preparing you for the inquisition. If you have to abide by HIPAA because you indirectly provide health insurance to your employees, you are not going to be affected by ransomware either because you are going to be paying another organization to provide the health insurance. They have copies of that data as well. That being said, I don't think the large portions of HIPAA would require much out of your because it's more about the health insurance providers and the health care providers, they are the ones that have the sensitive information like what illnesses people have. IF the law states otherwise, that you have to lock down systems like crazy, I think that's as stupid as you do. What I'm against isn't people who get roped in because they have to, like you. I am against people who intentionally choose IT as their career path, get a degree in IT, get certifications, etc, and then land in a position in a large corporation or government where they get paid some ridiculous salary and then coast to retirement. Everything in your statement made me think that you were in large scale data security operations. When you said blacksmith the first time, I had no idea that was meant literally. My point is working for an organization where you are handling 9.3 million SSNs and falling back on "insurance" and saying "screw technology, we'll just insulate each other legally" is fucking over the consumer harder than anything else. That's why I said I agree with and would recommend data breach insurance, too, just wanted to point out the issues with large corporations falling back on these massive safety nets without looking at or caring about the consequences. Again, I think for the most part we agree with most things in this discussion, it's just constantly that you keep escalating things into personal attacks very quickly, then I fall into the role of defending my positions or attacking you further. It's a toxic mindset to think everyone is out to get you, believe me, I'm the one that has been repeatedly treated for it.
I don't think you're out to get me. I think you're reciting the archetypal brogrammer whistle-in-the-dark litany of tragedy-befalls-the-incompetent. And I think you honestly have no idea why it's pissing me off, and I think that's what's wrong with the IT industry. Are you ready? Those of us who can't just whip out a "filesystem-level snapshotting system" (or worse: those of us who have one, have been forced to recover one multiple times and know how peril-fraught that endeavor tends to be) know we're incompetent. We know that tragedy will befall us. But when you live by this mantra of "those who are prepared suffer no slings and arrows" you are A) accusing us of being unprepared B) insinuating that the misfortune we know is just around the corner is something we DESERVE. Here's what I know: for every needlessly open port in a corporate firewall, there's a pointy-haired boss whose golf buddy told him he could run a Minecraft server on DSM. That's the problem with insisting that proper hygiene will save the day: you have to enroll THE ENTIRE COMPANY in either (1) understanding and conscientiously practicing IT pro-level hygiene or (2) locking all your shit down to the point that nobody can accidentally let in the monster. (1) is bullshit. You're arguing that strenuously. I keep pointing out that I shouldn't have to know this shit and you keep pointing out that there, there, I don't have to, this is a monster with bigger teeth than I need to worry about. So clearly, the idea that all of us need to be 100% on the IT tip is ludicrous. But (2) is bullshit, too. Your users are going to make mistakes. Nerf up their world to the point where they can't and they'll resent the access control. They'll evade it. They'll defeat it. And then there'll be that pointy-haired boss, who needs you to blow a hole in the firewall so that he can install something tedious like a whatsapp desktop client so he can liason with his overseas paramour without his wife scanning his Facebook Messenger. And you have no power over that guy. He'll fire you. So now your perfect hygiene has been blown to shit. And now the port is open. And now the network is exposed. How compartmentalized is it? Compartmentalized enough? How deep can they get? Worked with a guy. Not a bad drafter. Goofball. This was at a company, back in the early '00s, and our IT guy/AV consultant/My Boss determined that in order to avoid viruses, we wouldn't be allowed to use the Internet from our desktops. Draconian? Sure. Effective? Well... "Bob" managed to look up on his lunch break how to poke a hole in the Windows firewall so he could stream internet radio from this one station. And we all knew it. My boss knew it. But we let it go. Until we got a virus that ate half our work product and of course we were on LTO that didn't come back from the dead. Bob got fired. Not because he was bad at CAD but because he'd poked a hole in the firewall. Two months later we figured out that Bob had fuckall to do with the virus; the head of the company had opened a .exe attachment (see, we were forced to run Pegasus Mail because it's invulnerable to AciveX... right? riiiight). Had the head of the company been told not to open .exe attachments? Yer damn skippy. Was our data still gone? Hell to the yes. You think we hired "Bob" back? And see, you don't even know what you're talking about. I've said more than a few times that it's my wife's medical office I care about. I've said more than a few times that ransomware fucked up a few hospitals because they were running DSM. I've pointed out that I'm running Synology at home. Know what advice we got when Synolocker hit? "Turn off your Diskstations." Let's hear it for high availability. So here I am - in the medical field, providing IT, attempting to keep our noses HIPAA-clean, and being told - BY YOU - that you don't need to worry about ransomware because it only fucks with the unprepared and those of us small fry who are facing the exact same problems on the exact same scale as Sony shouldn't be offended when you excoriate companies for wanting a non-technical solution to a truly intractable problem. How big do you think Home Depot's network is? What does the topology look like? How many points of access are there? How many weaknesses, cloned across a million stores? And does any of that even matter? Every.Single.Phone.Hack has been the result of social engineering. 'nuther story. My father built the first network the Department of Energy ever had. Literally soldered comparators onto the Nixie sockets. And for all my memory he's always been arrogant about security. It's not like he's got the launch codes but he's got some shit. He's got monitors that still run CPM and he's got them on the network - there's a dual dialup setup with a ciphered timetable that pokes a hole in the firewall for 15 seconds at some point during the day and squirts his data in. It's as close to airgapped as you can get. Some shit from his division got out anyway. How? One of his physicists had TS:SCI on a laptop at home and meth-heads broke in and stole it. They found it in a trailer park 30 miles away. I'm escalating things into personal attacks because you don't get it. Your attitude is why, as a profession, nobody likes IT professionals. On the one hand, you insist that we need not be competent. On the other hand, you insist that competence is the only ward against tragedy. It's patronizing at best and delusional at worst. For every massive hack there's an employee who thought he was doing the right thing... and an IT professional exasperated by the idiot lesser minions he's forced to interact with.
You never once said that. Twice you claimed it was a blacksmith office, and other times you said it was an "office". You continuously put words and arguments into my mouth. Every argument you've ever had against IT including the ones you just stated I've had myself against other IT workers and I've tried to explain that. The only thing you've gotten right is that I think that if you have sensitive data, you should protect it. Because sensitive data is like a loaded gun. If you have a loaded gun, you should be trained to use it properly without killing people accidentally. That's not a controversial statement even to gun nuts. I've witnessed what improperly used sensitive data causes. It turns people living in houses into people living in the streets. Personal attacks are not what a place for civil discussions are for, which is what this place is supposed to be about. You paint me into a corner that I don't really occupy, and then you attack me relentlessly and I have to defend myself with equal force. Even if I were to say something that were disagreeable, it's not a proper way to have a debate. You and other people keep turning "debates" into these venting sprees where you group whatever select group of people you once had a bad experience with and say it's the whole group's problem. Muslims, black people, white people, police, whatever. Our civilization has completely lost it's mind, and the diagnosed insane people are sitting on the sidelines thinking, "why are we called insane again?" I'm done with this, and I'm done with you. You can say it's because it's my attitude or I'm an elitist asshole I don't care. You can turn all of Hubski against me, I don't care about that either, because Hubski isn't the place for civilized debate that it claims to be. It's Reddit and Twitter with a different skin. Welcome to my hush, filter, and mute lists. Because that's what it's for: trolls. I'm done feeding the troll. And I'm done being bullied around.I've said more than a few times that it's my wife's medical office I care about.
I'm escalating things into personal attacks because you don't get it. Your attitude is why, as a profession, nobody likes IT professionals. On the one hand, you insist that we need not be competent. On the other hand, you insist that competence is the only ward against tragedy. It's patronizing at best and delusional at worst.