Zero Sum

In my prior job, I was a web developer for the company’s internal website.  Specifically, this website’s purpose was to consolidate process and procedural information for the agents on the phone, presumably so that they could quickly research what to do for any given scenario, because remember: time is of the essence!

Now I’ve noticed something about big companies.  An individual job will gradually acquire additional responsibilities until it reaches critical mass.  Then, like a plant’s bulb, the job splits, creating a separate position, related to the parent position.  That’s when the transition is mild.  Sometimes it’s like a star going critical, then exploding into a supernova.

Then something interesting happens, where the plant analogy breaks down: these satellite positions as I’ll call them, remain vaguely defined for a time.  Work is dispersed among them, and they gradually form solidly defined purposes.  But then, a management change occurs.  The new manager, eager to stand out as the new vanguard to change, decides to promote efficiency.  Efficiency is the oft correlate to cost reduction (though I find that debatable), and therefore the new manager combines positions and their duties, eliminating needless processes and jobs along the way.  The remnants of the supernova, having floated in their nebulous form, gradually coalescing from gravity into new celestial bodies, now collapses back into a new star–a facsimile of the original.

This new star remains as such until it again reaches critical mass, but by then the manager who created it has benefited from the transition sufficiently as to receive promotion.  The manager’s replacement sees this star and, eager to stand out as the new vanguard to change, breaks it up into satellite positions.  Attentive readers might be having a “Wait a minute…” moment right now.

escher
Life sure is an ant race

Yes, it’s cyclic.  I’ve experienced having my job redefined so many times that I now expect it as an inevitability.  As a result of this dynamic, my job only consisted of developing the Collections website.  Operations and Fraud had their own team of developers.  Whether or not this was more efficient is an argument left to history, and only a transitory state as defined by those in charge.

Yet, to me it seemed counter-intuitive to have no communication between the teams.  After all, we were doing the same thing, and using the same software.  It was only expected that each of us had differing levels of knowledge which, if combined, could benefit everyone, right?  Not waiting for any management sign-off, as is my way, I initiated dialogs with the other team members.  We began sharing knowledge, with limited success, but eventually my own manager saw the value and started some more formal cross-team discussions.

And all I was after was the sharing of knowledge and information, and to physically sit near each other.  My request for a desk near the Operations team was immediately denied.  Then, as the discussions began to involve higher levels of management, they died.  Some of the changes were minor, like upgrading to HTML5, or implementing RSS update feeds.  But ultimately, sensing stagnation and seeing opportunity elsewhere, I took a promotion and transferred to Marketing.

Two months later, one of the publishers from the Operations team ran into me as I was taking a walk outside.  She confirmed that all movement on the collective ideas had been paused indefinitely, much to her dismay.  Shortly thereafter, I received a group email from higher management confirming this.

Ultimately, I’m just as guilty, for I too benefited from this system.  In the process of pushing for change, I gained the experience and notoriety needed to achieve promotion, leaving my work, and any hope of meaningful lasting change, to atrophy, thus becoming part of the eternal cycle of zero sum innovation.

We are products of our time.  If the right conditions do not present themselves, any idea, good or bad, will fail to achieve fruition.  So it was with this story, but while we may not have seen our ideas implemented, technology forces change, and some version of them ultimately will be.  I’m curious how similar to our own goals they will turn out.

–Simon

Local File Repository with .htaccess

So, I run a web server.  I do not pay for hosting.  Maybe one day when I’m rich and famous I’ll have the need to offload my computing and security needs to a third party, but for now it’s the joy of having full control over the hardware that both feeds and permits my curiosity of technology.  Hey, the title of this post was not misleading.  If you’re actually reading this, then you must share some of these interests.

With all web-accessible content comes the need for access control.  Normally I handle this through the operating system’s administration panel, but a need arose in which this wasn’t as practical as I had hoped.  Here’s why:

  • No one can ever remember their login credentials
  • The web GUI is processor-intensive, and therefore slow (especially on mobile devices), leading to user impatience
  • the web GUI doesn’t play nice with mobile OSes in general
  • Mounting network shares is a lot of trouble for a single file (also: see the first bullet)
  • Access control management is a pain, especially when it’s a new user who doesn’t necessarily need access to the server for anything else
  • The files were meant to  be shared with anyone on the LAN, who presumably would already have been authenticated by me or else they wouldn’t be on my LAN in the first place
  • When a file needs to be downloaded, and the client doesn’t need to upload anything, few methods are easier and more universal than good ol’ HTTP

Based on these limitations and my needs, I determined the best solution was to create a file repository that was devoid of separate access control, restricted to the local LAN.  Only people on my LAN could access the files, and any people on my LAN by default would have de facto permission to access them (and not those on the guest subnet).

Fortunately from experience, once I identified these needs, I knew of the solution, though it did take a little research.  Any web server has individual configuration files which can be applied at the directory level:

  • IIS has “web.config”
  • NGINX has “nginx.conf”
  • Apache has “.htaccess”

apacheNatrually I would never be caught dead using IIS, although I was forced to use it for a prior job.  But my server, Linux-based of course, leverages NGINX with an Apache backend.  I had a working familiarity of Apache, and I had already dabbled with .htaccess and .htpasswd files before, as well as modifying the Apache config files to allow their overrides, so this seemed like the best option.

Still with me?  Okay good.  I created a new directory “/public_LAN/” and with the server’s own text editor, created the directory’s own .htaccess file.  And my god why do OSes have to be so difficult with non-standard file extensions?  I know why: some idiot will mess with a critical config file or open malware, but why can’t I turn it off?  I used to be able to edit any file type I wanted with older Apple OSes, but it seems that now it’s forbidden completely.  So no, I couldn’t just open my HTML editor and save a text file as .htaccess because that’s an usupported extension.  Whatever.

Into this file I placed:

Options +Indexes
ErrorDocument 403 “<h1>403 Forbidden</h1><p>This page is restricted to internal LAN access only:<br><a href=’http://192.168.0.106/public_LAN/’>192.168.0.106/public_LAN/</a></p>”
order deny,allow
allow from 192.168.0.
allow from 10.8.0.
deny from all

BAM!  Okay, triumphant interjection aside, what does this mean?  I will explain, else I risk bastardizing the value of this post:

Options+Indexes : This command enables directory browsing.  Web servers always have this off by default for security reasons, but since I was going to use the directory for the very purpose of browsing files within, I needed to turn it on.  This is how you do it.

external
Attempted external access

ErrorDocument 403 “<h1>403 Forbidden</h1><p>This page is restricted to internal LAN access only:<br><a href=’http://192.168.0.106/public_LAN/’>192.168.0.106/public_LAN/</a></p>” : This is optional, but it adds a custom 403 error page (for this directory only).  In short, mine says that if it’s triggered, the user isn’t inside the LAN and therefore can’t go there.  Attentive readers will notice that I neither link to a TLS connection, nor use the domain name.  More on this later.

order deny,allow : This sets the precedent that all access will be denied by default first, then checked for conditions under which access is allowed.

allow from 192.168.0. : This line is the condition under which access will be granted.  It is the first 3 blocks of the main LAN IP address.  This includes any client IP address that begins with these 3 blocks–which will be anything on my LAN (excluding the guest network).

allow from 10.8.0. : This is the second set of LAN IP addresses to allow.  In my case, this is the subnet for anything connected to the LAN via VPN.  I wanted this available to VPN clients too as the VPN is handling the authentication and encryption parts already for any remote access.

deny from all : Finally, any client that doesn’t meet the above conditions will be denied access.

public lan
Old-school HTTP directory listing

Okay, now the two elephants in the room, and all the technical babble.  First is the lack of encryption.  Ultimately I determined that this wasn’t necessary, as any file access would be strictly over the LAN.  If there are untrusted devices on my primary network, then I have bigger problems to deal with.  Also, I can’t service HTTPS without a domain name being used for the connection, since no Certificate Authority will issue a valid TLS certificate to a private IP address, so I’d have to use a certificate that won’t pass a browser’s domain name validation–in itself not a problem, but then it warns the client of a potential security risk, which the client may not understand, thus inciting panic and undermining the entire point of this project–seamless ease of use.  Also, as mentioned before, any remote access will be tunneled through a VPN, so any data that makes it to the outside web will be encrypted anyway.  Second, domain name validation isn’t possible for the above reason, but also because I can’t access this directory via the domain name anyway (okay, I can, but only by local IP–VPN clients still perform a DNS lookup for the host IP, making the client appear to the server that it’s outside the LAN), or the server will see the request coming from the WAN IP, and not the LAN IP.  Therefore, it will block the request.  I could add the WAN IP to the whitelist, but it’s not static and if it ever changes I’ll have to update the .htaccess file again.  Also the authentication side of domain name validation is moot while accessing via LAN IP, as it won’t be feasibly faked unless some rogue device is attempting ARP spoofing–again something which, if happening, means I have bigger problems to deal with.  Whew, done.

Obviously this isn’t high-end security, but it’s reasonably effective.  I wouldn’t use this method to conduct crime, but if I need to say, give a somewhat sensitive file to a guest and it’s too big to email, and I don’t want that file publicly accessible, then this is a pretty good solution.  Keep your data safe!

–Simon

Blaming the Borrowers

borrowersRemember that story with the little people who would steal insignificant items from around the house in order to craft useful tools needed for their survival?  It was a humorous take on the phenomenon of small and low-value clutter vanishing, seemingly without explanation.  It’s an innocent way to cope with the irritations of their misplacement.

Yet, fantasy aside, I notice a certain parallel between this event and the real world, specifically at work.  Why?  This building, a former military structure, might harbor the remnants of tiny X-Files-esque creatures, and that would be a far more entertaining explanation, but the more rational conclusion is that people as a whole posses flexible morals–which is a nice way of saying they’re lowlife thieving bastards.

“If it isn’t yours, don’t touch it.”  It’s a very simple bit of life guidance imparted by mothers upon their children, and then quickly disregarded.  Even in those days, school supplies and personal trinkets would go missing from my desk and wall-cubby–the problem being that personal storage at school had no means of security.  Once the scholarly youth reach a certain age, we apparently begrudgingly acknowledge that their innocence has been lost, and provide them with lockers.  Overnight, this solves the problem of theft.

From this moment on, we’re taught the basics of personal security.  We lock up our houses, cars, computers, and phones.  Any personal item not on our person gets secured.  Digital information receives encryption and access control.  Then we go to work and apparently, we completely un-learn everything we’ve ever learned about security, regressing back to grade school.  We’re issued cubicles which by their very nature are about as low-security as you can get.  And despite the regular lectures we receive about building security, the edifice is apparently so low-security that people have accidentally found their way into it, mistaking it for the courthouse next door, all the while patrolled by a security force too young to even buy beer.

Certainly everything could get locked in desk drawers, but that limits the efficiency of even having a desk if you have to go constantly rummaging.  Also, being human, it’s nice to have a small degree of personal effects upon my desk, such as photos, to remind me why I even come to work at all (it isn’t to fill empty time or to find meaning in my life).  And in my tenure with this company, things have gone missing from my desk.

Now, why do people steal?  I’ve pondered this question, but in the context of an office setting, I can’t think of a better explanation than “I want that”–so basic greed and self-serving motivations.  This isn’t a very interesting concept to explore, as it’s a basal animal reaction to a stimulus, so instead I focus on an observation: not why people steal, but what.

Based on past experiences, I find the items that go missing are valued at around $5 and hold no apparent sentimental value: decorations and office supplies.  These are items which could be requisitioned by the administrative assistants, or purchased at any general retailer, but apparently that’s too much trouble.  I’m assuming people, not without mom’s words of wisdom, have a general aversion to causing others pain, and so limit their thefts to items of low value so as not to cause financial stress, and avoid sentimental items because of the emotional pain their loss would inflict.  In the thief’s mind, the stolen item then isn’t all that important, so there isn’t much guilt involved with the crime, and besides, they could always justify the act as borrowing, like the person who borrowed my ruler…3 years ago? (I’m still waiting for its return).

Life lessons are always bitter.  I’ve learned to limit my desktop to pictures and general office supplies whose loss wouldn’t really upset me.  It’s an impersonal and spartan work environment, unquestionably impacting morale.  Maybe in another 10 years, my pay-band will net me an office.

–Simon

The Lion, the Witch and the Wardrobe

I never read the Narnia books.  I remember attempting this particular installment in the 4th grade, then quickly setting it aside and reading The War of the Worlds instead.  I always did like science fiction, but I enjoyed fantasy too.  Maybe I just didn’t like C. S. Lewis’ writing style at the time–who knows?  In any case, having read The Lord of the Rings series in high school, the Narnia books have been on my radar since (The Inklings).  And after an Isaac Asimov binge, I felt like a genre change.

I did read The Magician’s Nephew last year, which bears mentioning due to relevance, but for the sake of this blog I’m going to focus on books as I read them.

I noticed two themes upon mentioning this series to people.  First: no one agrees on the order in which to read them: chronological or date of publication?  Normally, my preference is date of publication, but this was a box set (my wife’s), ordered chronologically.  Maybe it was because this was the order in which I presume my wife read them and I hoped to replicate her experience, or perhaps because they were numbered and I succumbed to the box’s suggestion.  In any case, I’m glad I read The Magician’s Nephew first, because I did not find it an interesting read at all, and was therefore happy to have gotten it out of the way.  Still, I think for the sake of The Lion, the Witch and the Wardrobe, it would have been better to have read The Magician’s Nephew after, because The Magician’s Nephew doesn’t make nearly as interesting an introduction to Narnia as The Lion, the Witch and the Wardrobe did.  The mystery and awe of Narnia was kind of spoiled for me, as was the Professor’s hint at having knowledge of Narnia.

Second: Jesus.  On this point I’d just like to say, can we shut up about the allegory thing already?  First of all, Lewis was an atheist at the time.  Second, he was a returning First World War veteran, so the allegory interpretation doesn’t really resonate with the context of Lewis’ experiences.  Third, Lewis himself refuted this analysis.  Fourth, just shut up and form an original interpretation of your own and stop spouting what everyone else has already said about the book.

Now my thoughts on the story: I feel it would have been a fun fantasy adventure book had I read it when I was of the age for which the book was intended.  Still, it was fun to go along for the ride, and it hints at a greater complexity I hope to discover in greater depth as I progress through the series.  If nothing else, it’s worth the read for the cultural and literary significance.

Also, this might simply be pedantic musing, but Lewis, having been an Oxford alumnus, omits the Oxford comma from the title of this book.

–Simon

Winter Attire

scoutsI am not from Ohio.  I spent my adolescence in Texas.  Consequently, upon moving to Ohio, I discovered cold winters to be a bit of a novelty.  I certainly wasn’t a stranger to cold, by my experience with it was primarily derived from Boy Scout camping trips in the mountains of New Mexico.  As a result of these very specific circumstances, I learned how to dress appropriately for the elements because I couldn’t escape by going inside.  Apparently this respect for the natural word is a bit uncommon in our overly-comfortable lives.

Upon moving to Ohio, I gradually realized that I needed to wear a coat/jacket 5 months of the year.  That’s right, almost half the time I need some sort of protection from the cold.  What does this mean to any self-respecting young man who mildly cared about his appearance?  It means, if I am to wear a coat constantly, it should at least have a modicum of style.

Like most people at the time, I had a tactical fleece coat with a brightly-colored nylon outer shell.  In hindsight, I find it a bit odd that this is still the general preference, since I highly doubt that anyone wearing one is about to depart on some expedition into the wilderness.  A tactical coat might be effective, but it looks juvenile when worn out of context.  For example, it doesn’t pair well with slacks and a button-down.  And yet, for those who even bother to wear a coat at all (more on this later), it is the go-to combination.

Boy Scouts has paramilitary origins (i.e. scouting).  And unlike the scouts programs in more liberal regions, scouts in Texas definitely honored its beginnings: we marched in uniform, carrying our gear; we hiked to exhaustion; we trained with rifles; we routinely practiced field medicine.  You get the idea.  And I believe that my involvement in this program as a youth still influences me in adulthood–even though I’ve always remained a civilian.

Ultimately, through some combination of the above factors (sense of style, function, and regimented discipline), when it’s cold, I turn to a garment which embodies this function/style fusion: my trenchcoat.

matrix
Not like this…

Ah yes, no doubt you’re having visions of school shootings now, or flashers, or Nazis, or…The Matrix (people still think it’s funny and original to call me Neo (it’s not)).  I find it curious that a garment has become an icon for the violent and sexually deviant.  I’d like to say that I’m neither (fairly certain).  But the trenchcoat does has military origins, and was therefore born of practicality.

russian
Like this, because it’s COLD

Granted the ones I wear now have been adapted from their original purposes, but the protection they offer is unequaled.  They cover the whole torso and upper legs, have multiple layers of differing fabric, and an air gap.  In terms of coverage and insulation, you couldn’t ask for a more effective coat.  My point being–this type of winter wear has form and function, and a good choice for the modern man to look well-dressed, respect nature’s brutality, and to posses the discipline to wear the appropriate clothing despite comfort and convenience.

As an aside, I’ve also noticed that many don’t even bother with winter attire at all.  I’m definitely the only one in a building of ~1400 people who wears a trenchcoat, yes, but I’m also one of a small number who puts on any coat.  It was 18 degrees outside recently and I only saw hoodies.  I’m not sure if this is common in the Midwest in general, or if this is an Ohio thing.  But, it has been my experience that these regional natives never wear winter-appropriate clothing, and yet they complain about the weather constantly.

Why do functional and stylish garments fall into disuse?  I could make this same argument for the fedora, but even I’m not quite ready to go that route.

So, you might look at me strangely, but I’m dressed appropriately for the weather, but when your car breaks down, it’ll be your frozen corpse on the roadside.

–Simon