I'm back in the archive 240 posts and only to May! Hi, I'm new here, and thought I'd introduce myself. I have too many tech horror stories to even list, but I'm sure that I'll get around to them. For background, I've been playing with computers for 19 years, and been employed in the computer industry almost continuously since I turned 18. I currently work for a security company that specializes in security assessments for banks, credit unions, etc.
My biggest pet peeve is stupidity. Now, when I tell stupid non-tech people this, their reply is usually, "well, not everyone knows as much as you about computers." Yes, I understand this... my complaint is not about
IGNORANCE, but rather
STUPIDITY. I am ignorant of a great many things... economics, plumbing, programming, etc. But I am not stupid.
I have the greatest patience in the world for people ignorant of computers. I once spent 45 minutes on the phone with the CEO of credit union consisting of 6 employees, explaining to her how to find the IP address information we needed to successfully scan her network and test her outsourced IT company.
In contrast, I went on-site for a client credit union where the head of IT was an idiot. This was the credit union for a company so large, I guarantee you've seen their commercials and know their name. i.e., deep pockets for their credit union. She had displayed some slowness before my visit, so instead of the usual 45-minute wrap-up (review, training, tools), I blocked out a full 1.5 hours. The first step: reviewing the results of our testing.
I mentioned finding SomeDevice (I use Ruby, not $Perl ;-) on SomeIPAddress. She asked how I found it. I explained that when I scanned it using
nmap, it told me what it was. She said no, she wanted to know how I got the IP address. I told her I ennumerated it. She asked how. I told her that I based it off my own IP address. She again asked how I got SomeDevice's IP address using mine. It took me a while, but I was finally able to explain to her that, given 192.168.1.20, I could just start trying 192.168.1.1,2,3,4,5... 254.
She then asked if there was a way for her to prevent her users from doing that. I explained that locking down software, as they had done, was the best way to go. She said no, she wanted to know how to prevent her users from getting THAT (pointing to my IP address in the command window on my laptop screen). I ask, "you want to keep your users from getting to the command line?" No, she wants to prevent them from learning the IP address of their own machines, to keep it secret. Again, I had to explain that knowing IP addresses was the cost of doing business on a TCP/IP network, and that there was no real way to keep them secret.
Flash forward 60 minutes, and we're still on the review. I'm explaining that I grabbed a password using
Cain & Abel to do
ARP Poision Routing (APR).
Me: APR is a little complicated, so we'll just skip it, but suffice it to say it means that...
Idiot: Do you mean to imply that *I* wouldn't understand it?
My thoughts: Considering you couldn't grasp the concept of counting 1 - 254, and want to keep IP addresses secret, no... I doubt you'd understand the concept of Layer2/Layer3 resolution, and how to subvert it.
Me: ... (uncharacteristicly quick reply) No, it's just pretty complicated, and while I can use it, I still have a tough time explaining it. *jumps right into an explanation before she can think I was blowing her off*
*intentionally flubs the explanation* Uhhh, yeah, this is where I get lost. But you get the idea.
Idiot: *blank look, drool*
Me: *moves on to next issue*
The review was like this the whole way through, explaining Network 101, Server 101, and Desktop 101 concepts to someone who supposedly knew this stuff. We got through that, and were halfway through the training when she had to go catch a plane. She had told me she had *all day* for me, and had *nothing* else to do this day. Apparently she forgot her plane ride out of one of the nation's busiest and most security-conscious airports, flying through some of the most secure airspace in the world. Nah, not something I would remember about, either.
I've been in tech shops before where the name of one particular user/customer elicits a groan from every tech. But this client's name elicits a groan from three different tech groups, along with management.
![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png){kind=small}
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
calriddia.livejournal.com
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}