Sep 12
ErinGarbage, Work
Welcome to the new home of the boredom of ramfree17. Who would have thought that this incarnation of this blog will reach 100 pages and would survive the transfer to another host. I have spent a week trying to get this site up and running. I switched provider to Web.com because my previous provider killed of the starter package (1000 pesos per year which includes 100mb hosting and domain registration) and Web.com is only 100 pesos more expensive than my original one.
I also switched the domain name because the old domain registration is already blocked by the irritating big W implementation in the home office. Too bad I cant repoint the old domain to this one but those are the sacrifices I have to make.
This is also my first month on this offshore assignment. Well technically I have already been 34 days here in Denmark but it still feels like yesterday since I still do not have a hang of the things. I have already been to the Tivoli amusement park wherein we have conquered most of the adrenaline pumping rides. The only reason we were not able to conquer the dragon was because it broke down while we were on it. I have also been in the Little Mermaid park but I still don’t get it what is exactly great on this tourist hot spot.
Hopefully more posts about my assignment here in the land of the Danes. 🙂
ciao!
Apr 16
ErinRubbish, Work office politics, rant, Work
I have just came out from a long OTy[1] weekend, and when I said long I meant a 19-hour rally with 3 hours of sleep. All because the project I am with has once again been selected for a security audit and an internal audit will be conducted today.
The unplanned rally is caused by the short notice given to the project and the not-so-good state of our security documentation. Before somebody starts that it is our fault for not updating the security docs as we go along then please give us a charge number for that kind of work before you start pointing fingers. In typical corporate wheedling and cajoling, they (meaning the powers that be, or the power trippers as i call them) say that these should be part of the “continuous improvement” (CI) budget of the project. REALITY CHECK: WHAT CI BUDGET? We are on a fixed time arrangement with the client and just trying telling the client that “we would allocate a portion of the time you bought to spend on security work that is not part of the contract you signed, and thank you for understanding.”. Couple this with the fact that we are running overbudget for the things that the client actually paid for! It doesn’t take a super sleuth to figure out that we are between a hard rock and a PHB.
To make matters worse, I am not satisfied with the output because we are tasked to churn out security documentations “aligned” with the corporate “version”. No thank you because
- I don’t believe the return of investment on those documentations is significant.
- The template documents provided are either not enough or an overkill.
- The person who created those template documents should stop using PCP. Reformatting them to look professional entails too much work.I reserve the right to save my co-team members from the atrocities of using too much colors in a document, and loud ones at that.
- If I am going to churn out security measures, then I will at least have the decency of believing those are practical and not just for show.
Why did I go through it? Because of pressure to pass the audit since the whole office accreditation can go up in smoke for failing the external auditors, and I don’t have the heart to add more stress on my manager. She already has enough problems on her plate regarding the project going over-budget and CMMi (yes, that effectively makes it a four-letter word) demands for full compliance.
19 hours and we aren’t even halfway the 100% completion mark. I know I told my manager that what we are targeting now is just damage control but it is really disheartening whenever I see the completion ratio for the project. And after that I also need to consider going back to reality that I am also over-budget on the client deliverable that they want me to submit by end of this month. 🙁
End of rant for now. I need to check what else I can finish before the internal audit today.
[1] OTy, n., Short for O-Thank you, the free version of overtime.
ciao!
Feb 12
ErinGarbage, Work
And employees are rotten. This is the reason why companies need to institute proxy filtering technologies to ensure that productivity is enforced. You won’t find any arguments from me regarding this matter. The company is paying me my salary thus I am expected to render 8 productive hours each day (I don’t have overtime pay benefits).
What I am fussing about is if the company would put such mechanism in place then they should create a fast exception mechanism since there are still good sites in the Internet. This has been a gripe I had with the Websense mechanism that have been installed since last year. The company opted for the “Filter everything except…” route which means that they are religiously applying the WebSense filter updates that trickles down daily. WebSense is actually good in the sense that they have about 90% accuracy in classifying sites if we are talking about generic rule sets. However since we are in the IT development business then the rules need to be customized which WebSense is actually recommending.
Now here is the fuzzy part. Imagine you are working in the migration of a technology used by a client to a fairly new technology. What would be your primary resource for the troubles you are encountering? If you are fairly tech savvy then the answer would be Internet, right? What would you do if you suddenly found out that the sites that may have the answer to the problem causing you to have hair loss has been blocked by your company’s proxy filter? My answer would be to file for an exemption. What if I then told you that you would receive a reply within 45 days for a resolution to a problem blocking you from completing your 7-day task? What I actually did was raise hell about it but I do not have the flair of a seasoned statesman, or a Dilbert manager. My attempts to have a fast-reacting exemption system is met with standard “those sites have information that could impact our security” type of explanations.
The problem I think is that those actually doing the security doesn’t realize that we are working on a broad fields of technology. What is wasteful in say manufacturing might not be in software development teams. They say that they are aware on the complexities of having a diverse development clients but I don’t think they understand it at all. Awareness doesn’t guarantee understanding.
Before you judge me as being idealistic, know that I have pointed out alternative ways such as creating a separate team whose task is to validate site exemption request submitted to an internal site. I even volunteered my free time for that endeavour. But apparently it will cost too much time and it is far easier to block all message boards and mailing list archives. Usenet archives? Blocked. All blogs and virtual hosted sites? Blocked. Sourceforge development utilities? Blocked. JUnit for ensuring correct code modification? Hah, dream on. They even went so far as block IBM and Eclipse information sites. DAMN IT, WHAT ELSE REMAINS?
//waiting for google.com to be blocked
ciao!
Newer Entries
RSS