- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Since not only one "company" is doing this, it must be some sort of financial scam. Like, hire some people, prevent them from working, get the money from their salaries for several months and then fire them because of a low productivity. It stinks from across the ocean.
Admin
^_^
Admin
In my last job, I found that access to various servers and systems is most easily received if you walk up to the responsible persons and socially interact with them (i.e. invite them for a beer or two) in a way that convinces them that you are one of the "good guys" and deserve what you ask for. In my case this required driving to another city.
Since then, whenever I have problems with a defunct password, I just call them up and they reset it while on the phone. Very friendly people, once they know you in person. Need local admin rights? There you go. Just call me up when you're done installing that tool you need. Any problem with the database? My DBA will help me within a few moments.
The issue in many companies seems to be trust. Once you get to know people, and people know that you are working on "important project X", they stop giving you trouble.
Addendum (2007-08-31 06:29): In my last job, I found that access to various servers and systems is most easily received if you walk up to the responsible persons and socially interact with them (i.e. invite them for a beer or two) in a way that convinces them that you are one of the "good guys" and deserve what you ask for. In my case this required driving to another city.
Since then, whenever I have problems with a defunct password, I just call them up and they reset it while on the phone. Very friendly people, once they know you in person. Need local admin rights? There you go. Just call me up when you're done installing that tool you need. Any problem with the database? My DBA will help me within a few moments.
The issue in many companies seems to be trust. Once you get to know people, and people know that you are working on "important project X", they stop giving you trouble.
I am talking about a 500+ employees company here.
Addendum (2007-08-31 06:33): funny thing this 5 minutes editing limit. I only wanted to append one sentence, not add the whole post once more. Sorry guys :(
Admin
I work at a corporation that supplies the paper industry. Since our HQ is in the Staes, we've got all these paranoid American laws to think about, too. Poor European us. It so happened that we have had to hire a few consultants for the financial dept in Europe, since the people running the European finances were all braindead idiots. (This was not the reason stated on the expenditure approval).
Five people were hired and would work for ten weeks out of a plant in Germany and visit the other European plants. To cut a long story short, the security policies strictly imposed by upper management prevented all but one of them from accessing the financial system and seeing any actual figured. It also prevented them from getting more then a broad impression of what it is we do here... since one of the sub companies is a supplier to the US army, nobody who's not a Yank or hasn't got a greencard is allowed into a system containing data from that subcompany. And since upper management isn't smart enough to realise that data resides on a specially seperated server in the US, the only one who got access happened to be an American working for a consulting firm in England.
Of course, the conclusions from the nine page report were taken and implemented to the letter...
Admin
Because he was hired as a programmer and not network administrator ... And as far as I know, there are no standalone versions of VS ...
What he did (write code in Notepad) is IMHO the only thing he could do at the time ...
Why do you do that ?
Admin
Seriously, is this for real or did I just enter the fantasy world of some Neal Stephenson novel by accident.
Admin
Admin
Seriously, this is for real and not just at this one poster's place of employment.
Admin
Admin
Seriously, I got my "interim secret" clearance in about a week, and that was all I needed to begin my work. Plus I didn't get transferred from my previous project to the classified one until I had it, so at no point did I not have valid work to do. Eventually I got the real clearance, but "interim" was good enough.
I suspect Alex's security staff and IT staff were just inept and/or dragging their feet. Security blamed the government for being slow, IT blamed security for not giving them approval, and in reality neither even tried to do their jobs. And management? Management did what management does: instinctively blame the most expendable targets in sight without bothering to investigate the real problem or even listen to reasonable counsel.
Admin
Imho, so that he can get fired as soon as he can.
Admin
Hmmm.
Sorry folks but the real WTF is a CTO, Chief Technology Officer, that has not a single clue as to what his IT dept is doing/not doing.
Problem: contractors not getting anything done because of foot dragging in the IT dept.
Solution: Fire the CTO and hire someone who'll rip through the IT dept and kick ass.
Frankly the last CTO that I worked for that I actually liked had a sign on his wall that was immediately visible as soon as you went through his door:
"Demonstrate why I shouldn't fire you today."
Admin
Now sit-down and give me some more money for this project.
Damn WTF. There should be a configured PC the desk when someone starts, with the majority of required software already installed. Anything less is poor management by HR (for not requesting the equipment for a new hirs) or poor IT (for not installing the equipment). Either way the employee/contractor should have nothing to do with it.
Admin
"Demonstrate why I shouldn't fire you today"
LOL. They cry of the crap manager. He should have a system of hiring people that are valuable. If he doesn't, he needs to fire himself.
Admin
Wow! Yet another blowhard who runs on and on about something he obviously doesn't know squat about!
Just FYI, idiot, security clearance background investigations are not contracted out, but are done by government employees (often, especially for higher level clearances, by the FBI). They aren't conducted in bars or by guessing "gee, he looks OK; I'll pass him"; they're done by actually going and physically speaking to former employers, neighbors, acquaintances, and family members.
How do I know this? Because I used to hold a Top Secret SIOP/ESI clearance when I was in the military. I underwent the background investigation, and got several phone calls from my mother. "Ken? Remember John, your best friend in high school that you haven't seen in 5 years? Have you talked to him lately? He called, and wanted you to know that there was an FBI agent today asking him questions about you." Righhht. Another "contractor" doing a by-rote background investigation in a bar. Not.
So know something about what you're going to talk about before you open your mouth.
Admin
God damn it! You don't need "Admin" rights to debug code! You just need an account with the seDebug privilege turned on! Probably the load and unload drivers privilege too. It's not that complicated.
Personally, I think that 90% of the world's Windows Security Problems are CAUSED by developers thinking they NEED to develop with "Admin" rights.
(Just got through a LONG argument with my professor on this. I taught his class this very basic piece of information. 100 students going into the world better informed, despite his efforts to misinform them - guess I did my good deed. No good deed goes unpunished.)
Admin
Some companies do clearances right; and interims can be had within 2 weeks in most cases. (though there was a six-month freeze last year for budgetary reasons - across the board!).
Other contractors use the delays as an excuse to commit fraud. (among many other mechanisms)
Those companies - go out of business, the founders sock away their profits in the caymans, come up with a new name, and start a new company, because the value they have, are the pentagon or agency contacts, or lawmakers who can apply leverage.
The companies that do this right, the Boeings, the Lockheeds, the Northrops, they'll work you on an unclassified contract until your clearance comes through. And once you HAVE a clearance - these guys will PAY THROUGH THE NOSE to keep you. No matter what kind of work you do. Oh, they'll move you all over the fucking place, all over the WORLD, to work. Don't screw up. You're secret? Your golden.
Admin
When I was in the USAF I was posted to a unit at Langley AFB. The part of the unit I worked for was in a secure area. The unit commander didn't have a high-enough clearance to get into the secured area without an escort and the project my part of the unit was supposed to work on was about three years late in being delivered. Suffice it to say that morale, good order, and discipline all suffered.
When I arrived, the people in that part of the unit had been doing little more than playing backgammon for well-nigh three years. They were so good at backgammon, they'd started writing rules to make it a more difficult game. They'd invented a three-dimensional version of the game. It was amazing!
Fortunately for my sanity, the system got delivered shortly after I arrived. I never learned ho to play backgammon
Admin
You generally need local admin to install the software, though.
Admin
Never seen it this bad but classic tale.
Admin
Actually, that's pretty easy. The problem with thermite is not melting stuff...
Mmmm... Thermite... That would be a fun job...
Admin
Maybe I'm spoiled by living somewhere with other opportunities, but if I got jobs like either of these and wasn't doing anything of any substance in the first couple weeks, I'd start smelling a rat and look around some more. I can't believe that during the interview process either of these companies looked GREAT. The first few weeks would have simply confirmed what that little voice was already telling you. At least, when you got canned, you would already have resumes in the pipeline. One thing nice about jobs like this: if you get laid off, it's almost a relief.
Admin
You can, but it's a bit of a pain. Typically you have to write into the contract some method of "trusted downloading" which is a way for someone to look at what you're taking out and say: "that's not classified or confidential".
And you gotta get the sponsor to sign off on it, and they have to trust the person who's point on that issue.
This usually applies to things like burned CDs and printed stuff that needs to come out.
Depending on who you talk to at DISA, flash memory is okay to downgrade after a wipe/re-write, but some others don't think so. OTH all of them say you can't downgrade harddrives or any magnetic media to a lower classification level, necessitating destruction (but you can always re-use them on a different project after a wipe).
Admin
Possibly, it's I'm fairly drunk, I laugh out loud.
Admin
I learned a ho to play backgammon. For the next 2 year, that dam ho called me up all hours o de night askin me to splain again how do you set up backgammon mens to start de game.
Admin
Admin
All this talk of properly handling classified media reminds me of a WTF'y story my dad told me:
Some thoughtful fellow who worked under my dad took it upon himself to gather, bag, and BURN all the chads left over from entering classified data into punch cards. Of course my dad asked him why he was doing that, and the response was that the chads were classified and had to be disposed of according to regulations. My dad started to argue, but he quickly caught himself and instead told the subordinate to "be my guest, burn all the chads you want."
Admin
Whats a chad?
Admin
That's what system administrators are for. That they weren't doing it in this case is a sign of where the layoffs ought to have started.
Admin
Admin
Ah well, I doubt anyone is going to see these, but here it goes anyway:
Destroying a harddrive with Thermite: http://www.youtube.com/watch?v=4PKB5nnHGAk
(Thus proving my original point).
And, this is just pure awesomeness (three reactions with a @#$Q@ of a lot of thermite each time... Can't go wrong there...):
http://www.youtube.com/watch?v=WrCWLpRc1yM
In fact, I'm going to watch that one again, and figure out a way I can try this at home. It really is more impressive in person.
Admin
I heard a tale... the incinerator for highly classified stuff at a certain military facility broke down.
Luckily, to save everybody drowning in unburnt classified documents, a backup contract was in place with the local council to use their rubbish incinerator. A truck full of dodgy paperwork and several armed guards was duly dispatched.
They pushed out all but the vital council employees then started loading bag after bag into the incinerator. Unfortunately (you knew there'd be an 'unfortunately', right?) the incinerator was designed for a wide mix of shredded slimy rubbish, not large quantities of nice dry flat unshredded paper.
Pretty soon the bags burned through and many many sheets started riding thermals out of the chimney... largely untouched.
Truckloads of squaddies were then sent into the local area to round up as much of this stuff as they could. Ouch.
(After that the procedures were rewritten so you had to shred papers whenever you had to use the backup incinerator...)
Admin
Absolutely wrong. If you are hired for a classified project, you will wait in a cubicle until your clearance comes in. You can do training, surf the web, etc., but definitely no programming. If you are lucky, there will be others in the same boat and you will have someone to talk to for 2-4 months. This is for high-level access and is as good as it gets.
If, on the other hand, you need "just" a DoD SECRET, you can get an interim clearance in a few weeks. You can then go into the closed areas as long as you have someone with you and you don't touch anything. Finally, after a year or so, your clearance will come it - unless it gets lost, which happens quite frequently, or unless there is a huge backlog, light right now, or unless they switch investigation agencies and/or contractors, which happens every two years.
Do they pay well? Yes, very well. Is the work interesting? Sometimes, it is very interesting. Will you be so bored after a year of nothing to do that the idea of building requirements use-cases or maintaining 20 year-old ADA code sounds exciting? Quite possibly.
Admin
It says on my CV that I will not work for any company that employs graphology, polygraphy, or random drugs testing ....
... for less that twice the industry-standard scale for my experience and responsibilities.
Admin
You sure the company being mentioned was not L-3? I have heard multiple people who have had problems with L-3 doing stuff like the first story or telling you to quit your old job only for L-3 not the have the complete paperwork.
To answer some other questions...
Depending on the security clearance they are good for 2-5 years, if you leave a job with clearance or even go to a job with lower clearance and come back before it expires you really have no problem, come back after it has expired and it is a simple update but if it is a high clearance you have to start from the start. The time for clearance to get clearance depending on the time and type of clearance needed; years ago high level clearance were taking a year and low level were done quickly, once 9/11 happened and the government started to require lower level clearance for everything that got flooded with people so it was actually quicker to get the higher level clearances; different people do different clearances. Depending on the clearance and need they can get you an interim clearance where you get access based on a quick review while they work on the full check; government does like giving these out.
BTW they do have contractors working on clearance they do the paperwork and question the person getting the clearance.
The polygraph clearance levels are a pain as mentioned. If you do the one for the DoD, depending on the type of polygraph needed they will even give you the questions before the examination.
To move material from high to low the general procedure is to put the file on some media, now a days a CD. Check the file/media out on the high side for extra info,extra files and hidden meta data,etc. Get someone else to do the check list and approve. Move and copy the file on the lower side, destroy the media. There are also approved hardware black boxes that scan and approve files and interact between the two systems.
Just had my yearly security renewal and flash drives are not accepted media because there is currently to way to verify what is on the drive and if data is actually deleted.
If you are interested going the military contractor route there a few ways of getting clearance.
Admin
Or you can assume that your developers aren't morons and that waiting three days to have some essential software installed isn't a good idea. Many times three days was longer than the deadline for whatever minor thing I needed to do, not having that software would have meant I wasted time. Especially since good developers would quickly find ways (inefficient ones probably) around your restrictions so in the end you'd just be wasting everyones time.
Also it helps to have admin access when your company mandated software firewall turns your machine (and your download speed) into molasses when you try to download videos off the company website. It also shows the inefficiency of restrictions, sure I can't turn the firewall software off directly but I can easily kill the service it runs as.
Admin
In some ways I had the opposite experience. I went to work for a small company who built all sorts of training aids, exhibition displays, simulators, etc. My job was designing all the gubbins that made each thing work, so was a mix of hardware and software. No two projects were alike so it was a pretty cool job - and as long as the thing worked you were rarely called upon to justify your design or even maintain it down the track.
First job I had was to design a working control room for a nuclear submarine. This was for the British Navy - the control room was to be used to train crew for the then new Trident-class submarines, and was a complete simulator - nuclear powerplant, power systems, control binnacle and helm and all comms. The Navy couldn't give us schematics or anything for the real thing, since that was ultra top-secret, but they could give us a complete spec of what every gauge, dial and light did in response to what and what each meter (there were about 70 of them) annotation was. And of course drawings for the complete layout of the control room. My job was to engineer the working simulator from the specs, oversee the build and test.
Naturally with such a sensitive project you'd think that security would be of the highest order. Errr.. no. The drawings and docs supplied by the Navy were kept in a safe in the boss's office, but we were allowed to make photocopies as needed to get the job done. There were left on our desks every night. The building was basically a steel shed on the outskirts of town in a typical British indusrial estate. There was an alarm but I don't recall it ever being armed, because some people tended to work on in the evening and it was always a case of "last to leave pulls the door shut behind them". None of us employees had any security clearance or had 'signed the official secrets act'. State secrets were basically there for the taking!
Contrast this to the naval college where the finished simulator was installed deep inside in a secure room requiring top level clearance to enter. Seemed pretty absurd that we'd been working on this thing in "plain sight" for months.
Admin
This can be a management WTF as well. I can personally related several times where an individual or even a whole project team idled for over a week waiting for some critical software to be installed by IT because the bean-counters had downgraded us to the "Bronze" service level, because it's cheaper. I sure hope it saved them more than 5 people's salaries for a week...
Admin
Neither will you jokers use secure os's where you dont need root access to write mere code nor will you do much else. Welcome to starvation. Maybe the reason you choose contract employment is that you are unemployable eleswhere. Harsh but true. Die and go away.
Admin
Sounds like last summer to me when I interning at a brokerage firm and supposed to be writing code. I pestered IT group to get me access to certain databases, so I would be able to do some work. Well a month and a half later, about two weeks before my internship ended, and me writing tons of psuedo-code and manuals in notepad, I finally got access. Unfortunately, I wasn't able to finish the project.
The sad part is that I sat right next to IT and they still couldn't get me access.
Admin
I always laugh at this sort of thing. IBM puts all sorts of ridiculous security restrictions on their contractors; so much that often the amount of effort required by the 'regulars' to keep things going almost undoubtedly offsets whatever cost savings they get. It's pretty much convinced me that the larger an organization becomes, the more idiotic it becomes.
Admin
I still remember this question from my initial Secret clearance about 18 years ago:
"Have you ever purchased or used any of the following: Heroin, Cocaine, Marijuana, opium or glue."
I answered the way I thought they wanted me to, and I passed. I still feel guilty when buying glue, I always have it concealed in a paper bag while in public, and I only use it late at night with the lights out so the neighbors won't see!
Admin
Oh god, that is amusing. And by the way: CyberCorp totally sounds like where I'm working right now!
Admin
Holy Christ! If I saw that job going the way that one was, on day 3 I would be out looking and probably quit anyway before getting a new gig.
Take pride in your work. Don't work for a place that you KNOW will not allow you to do your job.
Why would you take a govt job anyway? I'd rather dip my sack in a deep fryer.
Admin
The real WTF here is that everyone thinks that the CTO was incompetent. Not so! He achieved exactly what he wanted: the contractors were all fired, and so his little empire became that much greater.
A total asshat, yes; but not incompetent.
Admin
If Steven B. were at a certain employer I know, he would also be waiting to be put on the payroll system until the day he left, locked out of the building before he could submit a timesheet, and be forced to leave without a penny for his time.
The sad thing is, that when you examine the security measures in detail, they are often empty processes with massive holes - a sense that something is being done and money is being spent so "we must be secure", without actually being secure.
Admin
"Neither will you jokers use secure os's where you dont need root access to write mere code nor will you do much else. Welcome to starvation. Maybe the reason you choose contract employment is that you are unemployable eleswhere. Harsh but true. Die and go away."
Actually, in many places you are forced to be a contractor if you are well qualified and have a high IQ. You are more likely to be a permanent hire if you are a drongo, like yourself...
Admin
I was at outscored tech at an IRS office for about 1 mouth before the overall contract got downsized and I was not really able to do much work at all as the background checks / paper work has not fully done Even the first day they asked something like did you get your fingerprinting done? The site thinned that part was done already
I was like no one scheduled it yet and when I called the outsourcing firm they where like we will get back to you week after week till they downsized and layed me off.