I don't think you're out to get me. I think you're reciting the archetypal brogrammer whistle-in-the-dark litany of tragedy-befalls-the-incompetent. And I think you honestly have no idea why it's pissing me off, and I think that's what's wrong with the IT industry. Are you ready? Those of us who can't just whip out a "filesystem-level snapshotting system" (or worse: those of us who have one, have been forced to recover one multiple times and know how peril-fraught that endeavor tends to be) know we're incompetent. We know that tragedy will befall us. But when you live by this mantra of "those who are prepared suffer no slings and arrows" you are A) accusing us of being unprepared B) insinuating that the misfortune we know is just around the corner is something we DESERVE. Here's what I know: for every needlessly open port in a corporate firewall, there's a pointy-haired boss whose golf buddy told him he could run a Minecraft server on DSM. That's the problem with insisting that proper hygiene will save the day: you have to enroll THE ENTIRE COMPANY in either (1) understanding and conscientiously practicing IT pro-level hygiene or (2) locking all your shit down to the point that nobody can accidentally let in the monster. (1) is bullshit. You're arguing that strenuously. I keep pointing out that I shouldn't have to know this shit and you keep pointing out that there, there, I don't have to, this is a monster with bigger teeth than I need to worry about. So clearly, the idea that all of us need to be 100% on the IT tip is ludicrous. But (2) is bullshit, too. Your users are going to make mistakes. Nerf up their world to the point where they can't and they'll resent the access control. They'll evade it. They'll defeat it. And then there'll be that pointy-haired boss, who needs you to blow a hole in the firewall so that he can install something tedious like a whatsapp desktop client so he can liason with his overseas paramour without his wife scanning his Facebook Messenger. And you have no power over that guy. He'll fire you. So now your perfect hygiene has been blown to shit. And now the port is open. And now the network is exposed. How compartmentalized is it? Compartmentalized enough? How deep can they get? Worked with a guy. Not a bad drafter. Goofball. This was at a company, back in the early '00s, and our IT guy/AV consultant/My Boss determined that in order to avoid viruses, we wouldn't be allowed to use the Internet from our desktops. Draconian? Sure. Effective? Well... "Bob" managed to look up on his lunch break how to poke a hole in the Windows firewall so he could stream internet radio from this one station. And we all knew it. My boss knew it. But we let it go. Until we got a virus that ate half our work product and of course we were on LTO that didn't come back from the dead. Bob got fired. Not because he was bad at CAD but because he'd poked a hole in the firewall. Two months later we figured out that Bob had fuckall to do with the virus; the head of the company had opened a .exe attachment (see, we were forced to run Pegasus Mail because it's invulnerable to AciveX... right? riiiight). Had the head of the company been told not to open .exe attachments? Yer damn skippy. Was our data still gone? Hell to the yes. You think we hired "Bob" back? And see, you don't even know what you're talking about. I've said more than a few times that it's my wife's medical office I care about. I've said more than a few times that ransomware fucked up a few hospitals because they were running DSM. I've pointed out that I'm running Synology at home. Know what advice we got when Synolocker hit? "Turn off your Diskstations." Let's hear it for high availability. So here I am - in the medical field, providing IT, attempting to keep our noses HIPAA-clean, and being told - BY YOU - that you don't need to worry about ransomware because it only fucks with the unprepared and those of us small fry who are facing the exact same problems on the exact same scale as Sony shouldn't be offended when you excoriate companies for wanting a non-technical solution to a truly intractable problem. How big do you think Home Depot's network is? What does the topology look like? How many points of access are there? How many weaknesses, cloned across a million stores? And does any of that even matter? Every.Single.Phone.Hack has been the result of social engineering. 'nuther story. My father built the first network the Department of Energy ever had. Literally soldered comparators onto the Nixie sockets. And for all my memory he's always been arrogant about security. It's not like he's got the launch codes but he's got some shit. He's got monitors that still run CPM and he's got them on the network - there's a dual dialup setup with a ciphered timetable that pokes a hole in the firewall for 15 seconds at some point during the day and squirts his data in. It's as close to airgapped as you can get. Some shit from his division got out anyway. How? One of his physicists had TS:SCI on a laptop at home and meth-heads broke in and stole it. They found it in a trailer park 30 miles away. I'm escalating things into personal attacks because you don't get it. Your attitude is why, as a profession, nobody likes IT professionals. On the one hand, you insist that we need not be competent. On the other hand, you insist that competence is the only ward against tragedy. It's patronizing at best and delusional at worst. For every massive hack there's an employee who thought he was doing the right thing... and an IT professional exasperated by the idiot lesser minions he's forced to interact with.
You never once said that. Twice you claimed it was a blacksmith office, and other times you said it was an "office". You continuously put words and arguments into my mouth. Every argument you've ever had against IT including the ones you just stated I've had myself against other IT workers and I've tried to explain that. The only thing you've gotten right is that I think that if you have sensitive data, you should protect it. Because sensitive data is like a loaded gun. If you have a loaded gun, you should be trained to use it properly without killing people accidentally. That's not a controversial statement even to gun nuts. I've witnessed what improperly used sensitive data causes. It turns people living in houses into people living in the streets. Personal attacks are not what a place for civil discussions are for, which is what this place is supposed to be about. You paint me into a corner that I don't really occupy, and then you attack me relentlessly and I have to defend myself with equal force. Even if I were to say something that were disagreeable, it's not a proper way to have a debate. You and other people keep turning "debates" into these venting sprees where you group whatever select group of people you once had a bad experience with and say it's the whole group's problem. Muslims, black people, white people, police, whatever. Our civilization has completely lost it's mind, and the diagnosed insane people are sitting on the sidelines thinking, "why are we called insane again?" I'm done with this, and I'm done with you. You can say it's because it's my attitude or I'm an elitist asshole I don't care. You can turn all of Hubski against me, I don't care about that either, because Hubski isn't the place for civilized debate that it claims to be. It's Reddit and Twitter with a different skin. Welcome to my hush, filter, and mute lists. Because that's what it's for: trolls. I'm done feeding the troll. And I'm done being bullied around.I've said more than a few times that it's my wife's medical office I care about.
I'm escalating things into personal attacks because you don't get it. Your attitude is why, as a profession, nobody likes IT professionals. On the one hand, you insist that we need not be competent. On the other hand, you insist that competence is the only ward against tragedy. It's patronizing at best and delusional at worst.