Feeds

BOFH: What do you mean the system's being audited?

Thrown to the wolves

  • alert
  • submit to reddit

High performance access to file storage

Episode 12

"So if we go to your website and build this software, download and deploy it through a group policy over our domain - the machines will all report on the OS, software and version information that they have installed?" the PFY asks.

"Yes," Sonya, our friendly root-of-all-evil sales rep says, with the Boss nodding happily in the background.

"And the information will be stashed in a database so that we can get pretty reports for our managers - and no one else?"

"No one," evil says.

"And you're not going to use it to just have a peek to see if we're violating our software licenses for your products?"

"Never!"

"Not even so that you can tell how many people are using someone else's software instead of yours?"

"No."

"Not even to tell which software you should be developing in the future?"

"Not even then."

"Not even to tell which companies you should be buying in the future?"

"No."

"Not even if it saved your company millions and millions - and millions - of dollars?"

"No, it's a client service," our rep says - in the same tone of voice the proctologist uses when he tells you that you'll hardly notice the maglite and tree felling wedges he'll be using in the next procedure.

"Not even if Beelzebub himself asks for it?"

"Still no," our rep says.

"...Liar, liar pants on fire!" the PFY responds.

"Look," the Boss snaps, wading into the argument. "This is a fantastic opportunity for you to offload some of your more onerous tasks. They're doing it to help you! You can install this program and then when we need information about what software we're running, what we should be buying, and what needs upgrading, we can just go to their website and look - and it's all up to date!!"

"It's a waste of time. And an invasion of our privacy," the PFY says defensively.

"I think you're just exaggerating - it's a wonderful opportunity for us, and I'd like you to at least trial it. If we don't like it we can just uninstall it later. We'll take a look at it and see if the information it provides us is worth the effort."

...half an hour later when Mission Control empties...

"This is bad!" the PFY mumbles, pacing about the place. "Really bad!"

"What do you mean bad?" I ask. "We'll deploy the app, it'll come back and tell us that we have about 600 machines and maybe we'll discover that we need to get a few licenses for stuff which shouldn't in theory be running."

"What about if it came back and told us that we had about 2,000 machines?"

"No, it doesn't look at license keys issued, it looks at actual machines."

"That's what I mean," the PFY says, looking around furtively.

"What do you mean?"

"Well, you know when that bloke from across the road needed some help in setting up their domain a couple of years ago?"

"I...vaguely."

"And you know how I did most of the donkey work for him..."

"Uhhmm, if you say so."

"You know, bought and installed the domain controllers, bought the client licenses, bought and installed the CALs for all their office prod..."

"You didn't!" I gasp.

"I...."

"You joined them to our domain with the site license."

"Yes."

"And DIDN'T SHARE THE CASH!?"

"I...think we have bigger problems."

"What do you bloody mean, WE? WE implies some form of partnership - consultation - profit sharing."

"Well if this is just about the money..." the PFY begins.

"That's right," I nod.

"And not about the harsh personal consequences that might befall you as the signatory of the site license documents and chief administrator of the systems concerned..."

"You bastard! You had this all worked out didn't you?"

"No, no, it was just luck that you were the one doing the signing this year. As opposed to the planning that went into ensuring that the ownership of the OU concerned was you - which will probably show up when I click the deploy button," the PFY says, finger hovering over his mouse.

"Okay, okay. Truce," I say. "It's a simple problem - deploy the app tonight, then drag a DC over to their building early tomorrow. Isolate them from the world and tell them there's been a network outage and they won't get the software or show up on the scan."

"That'll only buy us a couple of hours - we need at least four hours apparently."

"If you need an extra couple of hours, set a skip bin on fire and fan the smoke into the ventilation system - then break a stack of sprinkler heads inside after everyone evacuates," I say, recalling an old favourite.

"I suppose it's a plan."

...the next evening...

"Did you see the place across the road had a full blown evacuation today?" the Boss asks as the PFY enters Mission Control, pausing momentarily upon seeing Sonya back in the office.

"Really?" I say. "I was out collecting some gear from offsite."

"Bid scene," the Boss burbles. "Anyway back to the review - so we're pretty much A-OK for licenses and our software's mostly up to date. There was just the one problem."

"Problem?" the PFY asks.

"Yes, a bit of...well...piracy going on."

"Piracy? I thought the tool wasn't going to be used as a stick to beat us with?" then PFY snaps.

"It's not," the Boss says. "I called Sonya in because someone's installed a stack of games on a couple of machines and Simon suggested she could tell me if she could help me track them down."

"YOU suggested?" the PFY says, looking to me.

"Well yes," I say innocently. "Because of course piracy is everyone's problem."

"Piracy?"

"Yes," the Boss says. "Sonya was able to find out that the license keys used were ones available on a pirate website."

"But the good news is," I say. "That they're not work machines - they are personal machines, and shouldn't even be plugged into the network. These machines in fact."

I point to a box with a couple of portable gaming rigs which look as impressive now as they did when I stole them from the PFY's front room this morning.

"And we were just discussing that since the machines have no identifiable owners there's no one to be referred for prosecution."

"Oh," the PFY says, masking a measure of relief.

"And as there's no identifiable owner Simon felt that perhaps Sonya's company might want to clean the machines up and donate them and some software to a suitable charity..."

"Did he?" the PFY seethes.

"And he suggested that you might be able to donate some of your time to helping erase them..."

"I don't thi..."

"Hey - why don't we check with the hardware vendor to see if the warranty card was filled out?" I suggest.

"Oh I suppose I can do it now," the PFY says.

"Isn't it great when everybody wins?" I ask.

High performance access to file storage

More from The Register

next story
Seagate brings out 6TB HDD, did not need NO STEENKIN' SHINGLES
Or helium filling either, according to reports
European Court of Justice rips up Data Retention Directive
Rules 'interfering' measure to be 'invalid'
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
Bored with trading oil and gold? Why not flog some CLOUD servers?
Chicago Mercantile Exchange plans cloud spot exchange
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
IT bods: How long does it take YOU to train up on new tech?
I'll leave my arrays to do the hard work, if you don't mind
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.