Bone-Headed IT Mistakes 259
snydeq writes "PCs preconfigured with stone-age malware, backups without recovery, Social Security numbers stored in plain view of high school students — Andy Brandt gives InfoWorld's Stupid Users series a new IT admin twist. Call it fratricide if you will, but getting paid to know better is no guarantee against IT idiocy, as these stories attest."
the Daily WTF (Score:5, Interesting)
pretty much a new bone head story every day
Don't forget the all too common: Giving yourself (Score:5, Interesting)
Whoops, I mis-clicked and deleted a domain. Sorry Doc, I accidentally selected all your patients then declared them to have a clean bill of health. Oops I deleted a block of user accounts.
And a few I really did do....
Double "oh sh!t":
I just accidentally removed all my own rights... (I'll never forget the time I made that mistake... )
Setting a block of users to the wrong group, giving them Admin rights.
Clicking on a link that my trusted IT friend sent me...
For Business Managers: (Score:5, Interesting)
2. Continuing education for your IT people.
3. Just because someone looks old, doesn't make them a competent 'seasoned' IT guy.
4. Respect your IT pro's opinions.
We all have a plethora of stories of users, but even more of fellow co-workers in over their heads causing massive damage. Sometimes it goes unseen, other times it can desecrate a business. Make sure your IT people are educated, have a passion for what they do. Not just a paycheck monkey draining your resources.
A good test here, if your IT head is an ex-HR manager, mailroom clerk, secretary, or other far removed profession and have yet to get any certifications or degrees to prove their competence after 10 years then you probably are in trouble. Not in every case, but enough to make you worry.
Im not saying that a cert or degree proves that you are competent, but it at least shows that you try to be.
School boneheadedness (Score:5, Interesting)
Or how about 3 years later, in my high school. All of the teachers user names and default passwords were on a spreadsheet on a network share. A publicly accessible network share. If a teacher didn't change their default password (a 4 digit number), A student would have full reign over their data.
Worse off, the grade book program was accessible from any networked machine (thanks Novell)
Thank god this was nearly a decade ago... So, one could pick a random terminal in the school and make subtle changes to their own (or perhaps someone elses) grades.
I used to think "I wish that I was alive during the 80's so that I could have been part of the cracking scene there". In hindsight, I could have done such bad things during the 90's, when I grew up.
Re:GODs don't make mistakes.... (Score:4, Interesting)
Either that, or we should be discussing the boneheaded shiat done by lusers that IT guys have to clean up after. But that's probably already been done before around here, ad nauseum,...
Re:For Business Managers: (Score:4, Interesting)
My experiences (Score:5, Interesting)
Anonymously :) (Score:5, Interesting)
A company decides to run an internal check to see how many people will respond to a phishing scam. They send out an email to a group looking like the intranet page, "reminding" everyone to submit their username and password for the upcoming upgrade this weeken.
The email is actually an HTML form, but users being users, some of course hit reply instead of filling out the form and hitting submit. Worse yet, some hit "Reply All". Worse yet, some had HTML turned off, so the password wasn't even hidden in HTML source, it was in plain text for all on the list to see.
Yes, testing internally to see how many people are susceptible to phishing attacks is a good thing. However, send it via bcc, so group replies won't have passwords spreading around the company like a bad joke.
Next up, inform some people you are running your test. We have two different security groups, corporate, and the one I'm in. We didn't know about it, and all but shut down corporate security's access to the network. We traced the originating IP to their network, as well as the form submission IP. Since they weren't answering their phones, we didn't have much choice.
I found out because a supposedly "technical" engineer called me saying he had responded to it, and realized some people were replying and he could see other people's passwords. He didn't think there was anything wrong with submitting it, because it looked so real it couldn't be fake.
From memories past (Score:5, Interesting)
Another one I remember (about 20 years ago) was where one customer had systems that would crash at about 10am every monday morning. After a very long trouble shooting experience (i.e. months) the cause was found to be a delivery lorry that arrived every monday morning. He would back up to the loading bay, where some rubber bumpers (fenders) had been installed. He had the habit of stopping the lorry when he banged into the bumpers. Unfortunately this sent a shock wave through the building sufficient to cause some of the disks in the computer room throw a hissy fit and park their heads in the middle of whatever I/O they were doing.
In the early 90's I found myself having to pick up SCO Unix support for my sin's. Thankfully it only lasted 4 years. Two specific customer incidents I remember from that time. One was a call from a hospital who's system seemed in a right state. The guy was panicing, so I cut short my usual trouble shooting routine, got in the car and drove down there. Took one look at the system, typed ^D and then left after it'd finished booting to multi-user. Taught me a lesson; embarrassed the hell out of the customer and I never heard from him again.
The second was more interesting. I had a customer in the MoD at HMS Dolphin in Gosport. A number of their systems would crash simultaneously at certain times during the week. There was no real pattern to when, but when one of them went, they all did. I couldn't find the problem. No common denominators. Power monitors didn't show anything. Nothing. That was until one day the customer was staring out the window when the systems crashed. He remembered seeing one of the warships leaving the harbor and sailing right past his window. He also remembered seeing the ship starting its RADAR as it went past; and as the beam swept the computer room, all the systems crashed. The fix: a snotty email dictating that captains don't start their radar until they've cleared the harbor and made it out to sea.
I could go on typing for another hour straight with stories like this that either I've seen, or have happened to friends/colleagues
Names/Addresses for all to see (Score:3, Interesting)
Figuring we had a busted tape drive, we drive 60 miles to pick up a tape drive from another location. Plug it up and bleah, same results. I ask for the backup log. Sure enough, everything is successful. Only problem is that nothing is configured to be backed up. So every hour, every day, every week, every month the job would complete successfully. Successfully backed up nothing.
The worst I've ever done personally was to install a CIFS module on AIX. This inadvertently updated a TCPIP package. This package had an obscure bug that was only triggered with long running sessions. It tooks hours to determine that the failure wasn't related to another patch that had gone in, and wasn't related to a very similar issue related to the connector...
Re:Printer Friendly Version (Score:4, Interesting)
Re:Funstuff, and on topic too... (Score:5, Interesting)
There are people who simply don't know even the basic syntax out there, much less the basic CS notions, and still got hired because they were the cheapest. Sadder still, only a minority of them get fired for gross incompetence.
Seriously, I've seen people who didn't even know what quotes do in Java, pretend they're Java gurus. Literally. One needed an explanation of why Java complains when he writes something like getUserData(John Smith), Java gives him a syntax error.
Another one needed some explaining as to why if he declares a variable in the constructor, it's not visible in another method. Seemed to essentially assume that since the constructor has the same name as the class, that's where you declare class members. Right? Mind you, the whole concept of scope seemed a bit fuzzy to him.
One particularly promising young padawan tried to "fix" a bug by changing every single if in the program from to Actually insisted that the bug was now fixed. 'Cause Java generates different code when you write "== true." Ookaayy.
An inventive guy tried to get around some data objects being invariant (you know, all getters and no setters) by writing basically a method like this: Was genuinely surprised that calling "nuller(someDataObject.getName())" didn't actually set the name to null. Took some explaining to understand that it's not some Java bug, but, really, how it's supposed to work.
An _architect_ made a whole team use the boxed objects (Integer, Character, Boolean) instead of the primitive types (int, char, boolean) in all method calls, as a speed optimization. See, if you have an Integer parameter, Java only copies a pointer, not the whole int. (That was before Java 5 and its automatic boxing and unboxing, too, btw.) Sadder even, nobody in that team had any objections.
And that's just the simple ones, the ones that can be told in one paragraph. There are more, but let's not write a whole tome.
So, really, there are some truly monumentally clueless people out there. And they do random clueless things, until by sheer brute force they arrive at something which survives their testing with a couple of clicks in the GUI. Yay, they solved the problem. (Not.) Give them enough time and lack of interest to actually get a book and learn, and it'll grow into an "experience" of such witch-doctor tricks that worked once, and cargo cult code that tries to look like something they saw once, but they never understood why.
So, well, if you see some code sample that looks like it _must_ be a fabricated story... well, it is at least _possible_ that it's true. And know that someone somewhere probably wrote an even bigger abomination.
Re:My bigest boneheaded move (Score:2, Interesting)
Anonymous Coward, I am (Score:2, Interesting)
Anyhow, with the decimation of our "permanent" workforce and the movement of most of our labs to other, "low cost" centers, the time came to move out of our 300,000 square foot lab and factory facility into a smaller, 100,000 square-foot office-only space. This included moving the data-center.
When doing the budget for the move, the question came up as to how much power would be required in the datacenter in the new building. Of course, the answer was: "as much as we have now," two complete 30-amp 3-phase 208V circuits (180 amps at 208V total - about 40kW). Of course, with that much power being dissipated as heat in the data center, enough cooling would be required to keep the place from being an inferno.
Anyway, wiring two phases was going to cost a lot more money at union labor rates, and when the cost of the move start to overrun the budget, a certain PHB, trying to retain his bonus, decided to arbitrarily start cutting the budget for the move. ALso, the contractors installing the HVAC had already ignored the cooling requirements for the room, and said it would cost extra for them to fix their mistake. Well, let's just say that this certain, anonymous PHB decided that there would be no money in the budget for the extra three-phase circuits or to re-do the cooling.. Also, the cost to fix it then would be X, but the cost of fixing it later was going to be 5X at LEAST.
The result: A 600 square foot data center with about 25kW worth of equipment, 6 standard 15-amp office circuits, and 1.5 tons of cooling capacity. But. since the move was occurring at the end of a fiscal quarter, the PHB decided to spend 5X next quarter instead of 1X this quarter in order to make his bonus numbers.
The fallout: 4 complete 3-phase circuits instead of 2, 2 for the data center, and 2 for the leased portable air conditioners they had to roll in there as a "temporary" (we all know what that means) measure. Also, OSHA issues because since the air conditioners are only supposed to be temporary, they still create an auditory hazard due to their noise level - and you bet your behind that someone reports them to OSHA on a quarterly basis.
Fallout for the PHB? Absolutely NONE, of course.
*sigh*
Re:The number 1 story is almost what you want. (Score:3, Interesting)
I understand what you are saying, but this twitter guy is really starting to get annoying. So I think the anti-twitters are doing a service to us all.
I disagree. I do not even notice twitter's posts. There's a lot of bullshit posted to slashdot, and I guess over the years I've just learned to filter it out without even thinking about it.
Anti-twitters, however, seem unignoreable. They post not about the article nor about anything related to the article, they point their fingers and stomp their feet and whinge and carry on like a gradeschool tattle-tale. Why is it I notice them but not twitter? I can think of two reasons: first, twitter's particular brand of bullshit fits in and is easily dismissable. second: the anti-twitter posts are jarring and do nothing but promote themselves. I don't even think twitter's posts do that; they just spread BS.
Perhaps slashdot needs another filter category: twitter wankfest. That's really what it is: who can spot the twitter post fast enough and piss and moan about it the loudest. I'd happily filter it all out in an instant, and as I said I am starting to filter out the anti-twitter self-righteous asshats as I encounter them. Twitter's no friend of mine, but at least he isn't interrupting the thread.