Forgot your password?

Comment: Re:As a former government IT contractor... (Score 1) 682

by Junior J. Junior III (#47279297) Attached to: IRS Recycled Lerner Hard Drive

I have no idea of the particulars in the IRS case, so it's useless for me to speculate on that. I haven't heard that internal mails were retrievable while external mails were not. The loss of a single user's hard drive does not explain that very well. It might be possible that the internal messages could have been retrieved from other users systems within the IRS. Perhaps the user could have filtered external emails to a local .pst file that was lost when the hard drive died, while internal emails were contained in numerous other mailboxes within the agency? I have no idea, but it's an explanation that could be plausible.

Comment: As a former government IT contractor... (Score 3, Insightful) 682

by Junior J. Junior III (#47275269) Attached to: IRS Recycled Lerner Hard Drive

From 2001-2011, I worked for a series of contractors under NASA.

Most users who I supported were administrators and managers of various stripes, and a few users who were skilled with desktop publishing, web development, imagery, video, or 3d modeling/CAD. Most of them didn't understand how computers worked, and didn't care how they worked. They were just magic boxes that they used to do work with.

The idea of deleting email was frightening to most users. Email was a record that proved that you did work, and could be used for Cover Your Ass in the event of an inquiry. It could also prove a conversation happened, that an agreement was made, and so settle many disputes arising out of miscommunication. Most people whom I worked with hardly ever deleted messages, and because their local hard drive had plenty of capacity, they didn't have a real need to.

Until 2007, we used POP3 clients running on the local machine to download mail from a server. Messages were deleted from the server once downloaded, so only existed on the client machine at that point. Some users had decades of email stored in their client on their local hard drive, which typically was not backed up. I'm sure the servers had some redundancy and short backup, but to my knowledge we did not have a system that archived email. The closest thing resembling an archive was the aggregate collection of all mailboxes on the the client machines' hard drives.

Occasionally we did have users lose data due to a failed hard drive. Users who got bit by data loss tended to learn from this and implement safeguard such as backup to server, or to removable media. But incredibly, these lessons, once learned, were not applied at more than the individual level. People might talk to each other and departments might share knowledge for how to back up data, but it was never something that was codified in policy. People were on their own to implement their own backup and to make sure it worked. It was something that if anything, was encouraged, but not required or enforced. But very often it was not thought about until after the fact of a data loss incident.

In 2007, we moved to Outlook/Exchange for email. Many long time users were very put off by the change, and did not want to give up their Eudora, and could not deal with the fact that we were not going to migrate their old email into Exchange. Enough resistance was put up that IT ended up continuing to support the client side of the old email system indefinitely, so that users could still access their local archive of old email, and possibly also use automation features in their old client to continue to run processes that generated automated mail messages.

Exchange uses MAPI, so in the new system our messages were now always left on the server, until deleted. We had 1GB server quotas (around this time I believe Gmail was giving the world ~6GB for free). In theory, the 1GB server quota gave us security from data loss because the Exchange server's storage was backed up. In fact, the low quota size forced much more mail deletion than had ever happened in the old POP3 days of decentralized, distributed ad-hoc archive. But this was by design rather than by defect. And it was a lot easier to restore any retained data if it was lost.

All the same, users did not want to delete email, ever. Once they hit their quota on the server, they'd submit requests asking for an increase to their quota, which only would be granted if the volume of incoming mail that they had to deal with made a larger quota necessary in order to allow them to have a reasonable backlog of mail going back 6 months to a year, or they had a senior enough position that they could get whatever they demanded. Even then, when people hit their new quota, they still didn't want to delete old messages. The IT team supporting the new email refused to support this in any way, but didn't prevent users from creating local .pst files which they could use to store mail, once again on the local hard drive. Once again, this data was typically not in any way backed up. By this point, we had roaming profiles managed by active directory, so had we been able to use the user's My Documents folder to store the .pst, it would have been backed up over the network. But the roaming profile directories also had a minuscule disk quota of 1GB. Users still had access to C:\ so most of them used that as their .pst archive location, and enjoyed effectively unlimited archive space on their local hard drive, that was not backed up.

Users understood and accepted the risk, until they had a loss incident, at which point they no longer accepted or understood the consequences of their decisions. Then it became our (IT's) problem, and we had to do whatever ridiculous magic thing we could figure out, usually with no budget, but expending huge amounts of hours trying various things that we knew were unlikely to work, but would be compelled by management to try anyway, for "good customer service", to try to rescue the data.

I have no idea whether the IRS deliberately destroyed evidence, but it's entirely plausible to me that they simply lost the data due to a lack of competence and insufficient disaster recovery.

Comment: Re:Do you interview this guy every month? (Score -1) 224

by Rosco P. Coltrane (#47222919) Attached to: Interviews: Bruce Perens Answers Your Questions

Any article/interview from Bruce Perens can be summed up thusly:

"Bruce Perens, who loves Bruce Perens, thinks that Bruce Perens Bruce Perens Bruce Perens Bruce Perens, and also Bruce Perens. Of course, Bruce Perens also thinks Bruce Perens is so Bruce Perens that Bruce Perens Bruce Perens.

Signed: Bruce Perens"

To be fair, the guy is often interesting if you ignore his personality. But he's SO conceited and full of himself, I have a hard time divorcing the message and the messenger.

Comment: Re:Hardware sampling rates (Score 4, Funny) 121

by Rosco P. Coltrane (#47221389) Attached to: The Computer Security Threat From Ultrasonic Networks

The easiest way to eliminate this threat is to lock down hardware sampling rates such that ultrasonic frequencies cannot be reliably reproduced

Nope. The easiest way to eliminate this threat is to keep a pet bat next to your computer to scramble any ultrasonic transmission.

Genius is ten percent inspiration and fifty percent capital gains.