My dad always taught me information is on a “need to know’ basis. I think he did that so he didn’t have to tell my mom all non-essential things. It wasn’t that he was keeping things from her, but just omitting information until she needed to know. This worked and backfired on him all the time. Fortunately or unfortunately (depending on how you look at it) that mentality has rubbed off on me. For personal or professional reasons I have had to selectively give out information. My friends call it being a security minded individual. I guess that is true.
Security
Disk Erasing Is Boring
I have a stack of older (and not so old) hard drives sitting in my apartment. I have wanted to sell them or just get rid of them for a while. My problem is I have data on them, or had data on them. I am crazy about security. Sometimes not crazy enough, but when dealing with selling drives that once held my personal data on them, I am crazy. So what to do?
I know the multiple ways of removing data from disks. None of them include just formating the drive and selling it. I have wanted to invest in an electromagnet that degausses stuff. But that just screams Geek! it is also costly. I could do what Jay did and just copy lots of stuff onto the disks before formatting them and selling them.
I settled for a free program that will overwrite disks with random data. It is called eraser. it is a free open source product from Sourceforge.net. It is not a fast solution. Of course I selected the department of defense standard scheme for overwriting data. I don’t have state secrets on those drives, but I figured if it is good enough for the CIA to overwrite disks in this way, it is good enough for me. To be honest I selected the lowest DOD spec, but I figured that would be enough. Now I just wait while these drives get written over.
The biggest security hole in the world
Do you know what the biggest security whole in any company is? It is not intricate file permissions. It is not flaws in firewall’s or in IIS web servers that have not been patched. The biggest security flaw is people. Gus showed me someone else’s blog that ranted about that. His quote was perfect. It boils down to people are lazy. People generally say “security is good, and important”, but when you say don’t tell anyone your password they do. You tell people to make difficult passwords, they find the craziest ways around your restrictions. My own dad who I consider a smart guy doesn’t even have good passwords. I consider him the typical user. If he needs to reinstall AOL he needs me to give him his password. Who am I kidding if he needs to reinstall AOL I do it for him, but you get the idea.
How do we fix this problem? Smarter minds than mine have pondered this for a long time. My answer is you don’t. You just cant. You can try and try, but in the end it is plugging a whole in a dam with duck tape. Even good biometric security has flaws today. Maybe one day it will be good enough to use. Then 3 years after that day when it is cheap enough to deploy I will sign up for it.
OK, enough about security. WOW, I actually said that. Last night we had to do some last minute fix’s on one of our websites when an image server died. It was actually weird. I told Keith Monday morning that something was wrong with that server and he needed to fix it. So he waited till late in the day and ended up at our colo at 6pm. I was at dinner with my sister after that, so he actually took care of the restore and reconfiguration of the backup box. It was kind of nice not having to do everything. Of course it took him 8 hours to do what I asked, but hey I can’t ask for everything.
We are looking at resume’s for the helpdesk guy we are going to hire for our new office. Man people cannot read. We post a job for Kingston, NY (it is about 2 hours north of NYC, 1 hour south of albany so you know the distance) and I get applicants from long island, California, and anywhere else you could think of. The crazier thing is I get applicants asking for more money than I make. It is crazy. Gus got a laugh out of it, but in reality it is not funny because we need to find someone quick. I have about 4-5 people I want to call and see if they are worth a face to face interview.