Quick Update

Remember when I said in my last post 'If I find out who tripped the alarm, they're dead.' ??

Well, they are. Seems the door control system is working well.

I warned the guards not to borrow eachother's keycards...

And There She Was...

So things had been going well, the first servers are online in the new datacenter, the upgraded door security systems are working, and I find myself sitting in on roundtable meetings with the boss and other top-levels. I think I am hitting my stride around here.

So this morning I am sitting in a roundtable meeting when the boss introduces our new head of security. In walk what I swear has to be the hottest woman I have ever met, Katiana Kalashnikov. She's tall, dark-haired, and drop-dead gorgeous. From the boss's description of her credentials, she's made many drop dead.

So we go around the table, doing our introductions, and man does she have a great accent going, works well with the black leather that she wears like a glove. Anyway it looks like we'll have some great eye-candy at the meetings, even if there is no way you'd ever hit on a infamous assassin who can kill you five ways to Wednesday if you cross her.

Now here's where it gets interesting: after the meeting she walks up to me.

'You are geek boy, no?' Oh man I love the accent.

'I suppose I am...'

'You play the shooting games? Is it true they teach you to be crazed killer?'

Now I almost start into a knee-jerk rant on how the media blows these things totally out of proportion, how the examples they cite involve subjects who were already unstable and how in reality such games are great stress relievers and can hardly be called damaging to a responsible person. I say almost because before I started ranting I noticed that she didn't seem to think it was a bad thing.

'Well, there are those who think so, yes.'

'Good, you show me these games?' Oh thank you gaming gods.

'Sure, I... I have a big screen TV and an Xbox360 up in my suite...'

And then the gaming gods proved they have a wicked sense of humor as alarm bells went off. The display nearby showed an intrusion detected in sector six, and before I would finish my sentence Katiana was off.

If I find out who tripped the alarm, they're dead.

Server Room Progress

Work continues on the new server room. The vent holes leading out of the room are ideal, with one vent hole leading to the outer surface of the volcano for heat venting, and with a bit of drilling other vents were usable for routing network to the rest of the facility.

Power is in place, concrete has been poured to level the floor, and I have the shock troops out securing server racks. I was originally going to send them to Utah to steal some from SCO HQ as punishment for the ridiculous SCAMP-stack business, but being so evil I'm not allowed (the whole honor among thieves thing). Instead I just tracked down someone on eBay selling the ones I wanted and sent the shock troops to their office.

All that's left is to get the rest of the infrastructure in place and start installing servers.

An Evil Workplace?

I've been asked by friends if an evil organization is a bad (or perhaps evil) place to work, what with the threats of instant death for poor passwords or passwords on post-it notes.

It is best to think of such organizations as being similar to working at Disneyland: anyone who has been to Disneyland knows that Disneyland is staffed by a lot of teenagers and others who you would imagine can't possibly have the best job in the world loading people onto rides and wrangling kids, but what many don't realize is that these parks also have a ton of professional workers just out of sight. Take a look at this list of IT positions for Disney Parks as an example.

Those guys make good wages with good benefits while staying out of the general mess of things 90% of the time. I would guess that being a professional working at Disneyland or Disneyworld is a lot better than being a front-line grunt employee.

Working in the volcano is pretty much the same: grunts and low-level staff don't have good benefits and have to deal with a lot of problems such as threats of death, getting knocked out by intruders, shot by practically anyone, etc. etc. Professional staff, on the other hand, is treated well, paid well, and exempt from most of the trouble faced by the grunts.

You do have to feel bad for the grunts, as there is very little in the way of promotions. Even a particularly talented grunt would have to move on to an outside position and eventually hire back in at a more professional level. I've seen this happen with shock troopers who left for greener pastures eventually came back as assassins.

Is it fair? No. Is it evil? Certainly. I'm just glad to be one of the professional employees.

Evil Memo: Passwords and Filenames

To: All Staff
From: The Evil System Administrator

Re: Password and Filename Security

Hi Everyone:

First of all, thanks everyone for using the new central document repository, it makes it much easier to backup and protect key documents than when the files are scattered across all our machines.

One thing: although the permissions system of the Central Document Repository (CD-R) is effective at keeping users from seeing sensitive documents, it would help is certain parties would refrain from saving documents in the top-level directory with names like 'Central reactor core diagrams and weakness summary' or 'Plan for world domination part 5 - achilles heels'. Such filenames just beg for prying eyes. All such documents are now located in /recipes/baking/fruitcake where they will hopefully remain ignored. While I am not in charge of physical document security, I would also recommend that said individuals stop leaving such documents just laying around on their desks when out of the office.

On to passwords: I know some of you were intimidated by the policy regarding instant death for anyone caught writing their password down on a post-it note under their desk, and I do appreciate that everyone has now set a password on their login account, but we need to cover how to produce strong passwords.

You need to make sure the password is not a dictionary word. I recently did a check of passwords and found passwords such as evil, malevolent, doom, and torture in use. Folks, these can be guessed far too easily.

Passwords should ideally be a combination of letters and numbers. Numbers should be non-sequential and 12345 is *not* an effective password as I am sure we all learned from the incident where the main blast door was opened by invaders last week. Ideally we want mixed-case letters, numbers and symbols.

Here's a suggestion: use a mnemonic -- think of a phrase, then take the first letter from each work, substitute numbers where possible, and keep the punctuation. For example:

I love to torture, maim and destroy!

becomes

Il2t,mad!

See? That is a nice strong password that you will always remember because it is also a favorite phrase.

Finally, I have talked to management and we are appending the death for post-it passwords policy with a death for weak passwords policy, so please change your passwords ASAP.

Regards,
The Evil SysAdmin

Gathering DataCenter Ideas

I've been gathering ideas for improving the security of the new datacenter and found a wealth of information today in a Digg post. Here's a few examples:

http://www.thebunker.net/our-facilities/data.htm
http://www.havenco.com/
http://www.cyberbunker.com/
http://www.infobunker.com/

Interesting reading, and most of the benefits of these places are already in place here, we have thick stone walls, generators, more guards than you can shake a stick at, and we even have the advantages of Havenco: operations in an area unencumbered by government (of course we have government agents constantly trying to infiltrate our base of operations, but at least we answer to nobody).

On my breaks I have been doing some walking and have found a nice candidate for the new server room, a 100 square metre hollow at the end of a tunnel that comes off of the lower break room in section 7. It looks like it was being used to store old building supplies.

I have a crew working on tracking the paths of some vent holes leading out from the chamber, with some luck we should see one head outside for heat venting while the others can be used to get some power and network out to the rest of the place without running it down the tunnel. If all else fails some drilling should provide what we need.

Getting a raised floor working in such an oddly shaped room should also be interesting, I may just run cable in tracks suspended from the ceiling and get concrete poured in to level the floor.