BTW, no one can beat Feyman's stories of security theater in his book. I forget if it's in Surely You're Joking or What Do You Care What Other People Think... but his stories of working around rules at Los Alamos during the Manhattan project are epic!
Back in 1994 there was a corporate communications sent to everyone that requested that staff not store firearms in their car glove compartments when parked on campus. Being Canadian, this was just absurd to me.
Among them is a story that after Feyman demonstrated to security people how easily their measures could be evaded, they, in classic security cop tradition, concluded that HE was the security problem.
I worked at the IBM Toronto Lab for 20 years. The security theatre ramped up to mind numbing levels. We had to change passwords every three months, but didn't have an integrated password system, that should have been a prerequisite for such a policy. As somebody who had access to piles of different porting test and development machines, changing passwords manually took half a day's work (we eventually wrote expect based scripts to automate this). You'd also get half way through a password change attempt, and then find that one machine of 70 would have different local password rules (which usually didn't conform to the official security policy) so you'd have to use a different password for some subset of the machines, despite trying to conform to the rules (8 characters, no more, no less, can't start or end with a number or a symbol, no dictionary words, upper and lower case required, special symbol required, ...) It was inevitable that some machines wouldn't be online for the password change attempt, which would also screw up the attempt to keep things synchronized. Of course, I ended up with a file that listed which generation of password I had for each machine, so that I could attempt to get in later without getting a password reset, or using our well known (to development) ssh-based root exploit, so we could reset our passwords without opening a ticket to have it done. I shared our remote root exploit widely within our organization as a protest against the stupidity of the security theatre. I bet it can still be used 6 years later. The security managers didn't care how much chaos their rules caused, nor how many real security holes were opened as work arounds for these rules. They just wanted to be able to report compliance to higher ups, so they could have the appearance of being effective. The real risks weren't expired passwords. For example, any student intern could walk out of the lab with all our product source code on a usb key.
I worked in an IBM development lab in 84/86 - it’s all true. You had to lock your desk, filing cab and terminal (or PC) when you left. Security would leave a sticker inside your desk draw if you failed to lock it - I got one! Two security violations in a year meant no pay rise so it was quite a big deal! BTW I bought and read your book - it was so helpful - I recognised so many things in myself! Scored 43 on the AQ test!!
Corporates in the late 90's / early 2000's used to have security check whether PCs were turned off at night for energy savings, all good until you came in the next morning and had to spend 30 / 60 minutes waiting for all the B.S scrips / A.V and crap to finish. Say average $35 per hour at the time times, 1000 workers every morning. Yeah, we were saving the planet and personally making bank whilst drinking coffee 20 years before the woke climate change people turned up.
Hi Dave! The reason for having your seat in the upright position is to protect your spine from vertical forces during a non-catastrophic impact, for example, a hard landing during rain or gusty winds. Sadly, most rules in aviation are written with blood (i.e. as a result of a deadly incident).
Oh another fun IBM security (or danger) story. I was in charge of a block of servers and unlike Unix servers that could perfectly be equipped with upgrades remotely, Windows machines in 2001 did require some stupid console interaction. And because of security, console over IP was not allowed to the office lan. So I got 24 hour clearance to the DC and you had to hand in your mobile phone at the security (why is beyond me because we couldn’t film or steal data on a Nokia in 2001). I got the clearance from 7am to 7am So I do the updates of the software at night and then from 5-7am there’s an offline service window. So I come in at 06am start the service pack upgrades and test everything (because with NT and 2000, nothing to as guaranteed to work). But it was all fine so at 07:10am I walk to the exit of the DC hold my card in front of the reader and… a red light. Again… again a red light. It dawned on me that some idiot developer, forgot to realize that it’s okay to enter during your service window but not to exit after it expired. You should always be able to exit!!! Also after the entrance periode as passed. So I pick up the emergency phone that has a direct connection to security… and nope the line was dead. Here I was stuck at 07:15 in a loud DC. The first employee that had to be in the DC appeared at 08:00am. Whom had to bring me to security. The security guard said: “I was already thinking, where is he? I got your phone here and I hadn’t seen you again”. The guy gave me my phone and registered my being in the DC. Then asked me why I didn’t call “I did, but that phone is dead!” The guy that took me, was like: “oh yeah I’m rewiring the phones lines, there. That makes sense, I’ll fix that one right away. I guess it’s more important than we’d thought.”
I just wanted to address some of your questions / statements if you don't mind. "you had to hand in your mobile phone at the security (why is beyond me because we couldn’t film or steal data on a Nokia in 2001)" Back in the bad old days mobiles and sheildings were non existant, mobile phones in the datacenter was a sure fire way to cause network problems, and data corruption if you ever left it on a server, today shielding is much better but you still surrender your phone. Everything inside a datacenter is critical, you don't want photos leaking out, or photos of racks and switches being public, and depending on the datacenter and its DSS and TIER Raiting its a security requirement today. "It dawned on me that some idiot developer, forgot to realize that it’s okay to enter during your service window but not to exit after it expired" It dawns on me you wasn't authorised to be in the datacenter, and access in and out is denied, emergency exits are in place to let you out without a card anyways. If your authorisation was till 7am, you should have been out at 06:59, None of my datacenters will allow you to enter or exit if your window has expired, staff are onsite anyways to let you folks out, and write up the security breach report for DSS and TIER certification requirements. "The guy that took me, was like: “oh yeah I’m rewiring the phones lines, there. That makes sense, I’ll fix that one right away. I guess it’s more important than we’d thought.”" That would have got him fired even way back when, those phones have to be tested daily and a secondary option must be available (but that's a newer rule)
@@AnIdiotAboard_ the no phones was indeed a stupid, shielding excuse. Like hospitals and airplanes had. IBM is overly cautious. At least that’s why I think it was. In the two times I had to be in the grid, I never really thought about it. Just handed it in. But makes sense because the grids were individual blocks within the DC that were locked so even if you had access to the DC you could only get into the grid where your stuff was. And that’s compartmentalized per client. And each grid (or kavel we call it in Dutch) was also shielded. Because CRT images could easily be captured. Not that I would think any of my colleagues would care. As all of us that had access to that wing supported all those servers. Oh perhaps that was the reason why phones weren’t also allowed. As you could call someone over and open the door for them and they could provide access to a different grid. Don’t know, don’t care. Not working there anymore and don’t want to go back to IBM. Hated it there! Poorly paid over managed shit show. It makes no sense to allow someone in and not out. Because I can do the same amount of damage, so it’s nonsensical to not allow an authorized person out. Unless you would proactively send security, who I trust far less than a senior grid owner. I am not helped with crashing my own grid as grid owner. My clients would call me 😄 In every other DC I went to, granted not private DC like IBM but public DCs where anyone can host their crap, you just registered your time of arrival. You could always leave. Otherwise with a severity 1, you would always be hustling to get extension. Because you don’t know how long something takes and that would slow down. Also by work law we are not allowed longer than 1 hour in a noisy environment without a break outside of that environment. That’s why you have grids with key access too within the cooled area. Emergency exits when your open them required by Dutch law to let the alarm go off. And when an alarm goes off, everything needs to be unlocked. I thought that to be very excessive I sat nicely and comfortably on the wiring guy’s cable spool. And the guy being fired over one phone not yet being wired up? A bit excessive, he probably had that planned anyways. Who is usually in a locked data center at 6/7am? At IBM nobody usually starts that early, except is externals who keep the place running 🤪
@@unicodefox well that would be very inconvenient because the only phone was at the entrance and I’m pretty sure that was an inside line only. Although I never found out because when I needed to call the security to let me out, it wasn’t hooked up. And after that I’ve never touched the red phone.
I swear that the coffee maker in the box story was told to me many years ago. I always assumed it was an apocryphal tale, but Dave's word is unimpeachable in my book so there ya have it.
"It is a longstanding prank at Microsoft’s main Redmond campus to send an unsuspecting new employee to building 7 under the pretense of having a meeting or needing to pick up something. There is no such building on the main Microsoft campus. This nonexistent building has also been used as a sort of inside joke. For example, if somebody invites you to a meeting in Building 7, they’re probably inviting you off campus to take a break from work."-- devblogs
The BBC had something similar at Television Centre in London. They had news studios numbered from N1-N6 and N8-N10. There was no N7 because they used the main studio TC7 for some news programmes and didn't want confusion between the two. So "I'm off to N7" usually meant going to the bar for a few drinks!
There in all likelihood a different equally valid reason why it doesn't exist, but I wonder if it works out to be the power-box for the carpark lights. You know about a meter high and here at least the outer case is made of fiberglass.
Raymond Chen's blog (and his book of the same name, which I also loved) is one of the main factors that made me regard Microsoft in a much more positive light. Like his blog, your channel shows us quite a bit more about the human side of Microsoft, and how the people there are clever and passionate about their work, but also have a sense of fun.
I worked for Symantec over a decade ago. I worked in tech support. The last year-and-a-half I was there I supported their physical firewall product. Because of the nature of the product our lab had to have a direct connection to the internet with a handful of internet routable IP addresses that we could use. When I joined the team part of the training was a very strong warning about the internet usage in the lab. You see, years before, an employee had setup their own private server in the lab and had been serving out large volumes of "content." After that incident it was well known that any abuse of the lab would result in immediate termination. Also, the lab was audited regularly to prevent such an incident.
I worked at Symantec too! And I never tried to setup private servers or anything like that, but I did notice that filesharing sites were not blocked. I never did anything illegal, although I do not remember ever having to go through any sort of training about what was allowed and what wasn't!
The air force tried to force me to lock my cabinet each night and I only used it to store my jacket and some personal clothes. So I rigged my lock to open when I pulled it out in an upward and to the right tugging motion. The same to close it. One time I got caught opening it without a key. The next day a lock was replaced. Which ironically made it worse. 🤣
One problem with unlocked cabinets is that some one else might use your cabinet to store things they would not want to be associated with, which could end up putting you into trouble. If its small things like narcotics it might be hidden enough for you to not notice.
The company I retired from required us to change our password frequently. At the time I didn't think this was a very good idea since it made more sense to have one highly secure password or phrase. Your password could not be ANY of your previous passwords. To make it easier for myself I used the same word and character followed by the current two digit month and two digit year. Always different, I could guess within a couple of tries if I wasn't sure, not very secure. But it was in compliance.
@@meneerjansen00 Which is why I wrote my password on a sticky note on the laptop. F them and their stupid policy. Fortunately they dropped the password change requirement.
My last work had implemented PCI compliance rules requiring password rotations every 3 months. I just tacked on the quarter (Q1, Q2 etc) and the next year the month (5 passwords were retained to prevent frequent reuse).
I co-lead the development of the OWASP Application Security Verification Standard and the OWASP Top 10. We do not permit applications to enforce password rotation, as it actually makes it easier for attackers to guess your password. The only thing that we do require is multi-factor authentication and longer passwords than normal. We are aligned with NIST 800-63 b, which has the same requirements. Microsoft also stopped enforcing password rotation in circa 2016 or so. Please stop doing it. It's not actually secure.
Best security setup I have seen was a command and control center for handling emergency services. These servers were literally handling the dispatch of calls to the operators and providing realtime info on things like the GPS trackers in the vehicles etc. You needed to get through 3 swipe card access points to get to the ground floor level server room... or you could go outside and climb in through the window that was permanently propped open with an AC duct as they had no permission to physically modify the outside of the listed building in which it resided Love the coffee pot story. That is pure gold Keep up the amazing content Dave, I for one will always be hungry for more
Nice video Dave. I arrived IBM Boca in 1991 after Microsoft had left the building - the dreadful coffee machines were still present ($0.35 a cup). These dispenser vending machines were an IBM dev site standard, at least at the half-dozen or so sites I visited around that time. Dreadful coffee! So good for your colleagues to resist the man and brew a good cup. I add, they were not alone... The OS/2 test labs saved the day, having non-approved refrigerators and coffee pots hidden where for some reason the security folks could not see, so sodas were essentially free as the world intended. After each all hands (free food event), a careful eye would see the test lab managers carting off supplies, always making new friends.
Thx, a great reminder of the excesses of the building security. Remember persuading my boss to get a decent coffee machine maintained by the company for employee use to avoid any potential risk of dodgy home appliances. Turning the dark side against them 😀👍
For the password renewal requirement at my previous company (was 90 days and couldn't reuse passwords) I used the current year + month and 3 chars of my name (8 chars total). I can only assume it was not as secure as the randomly generated 14 chars password that I used for the first time before getting annoyed :-). My current company luckily understands that and uses a different way - the security runs regular scans trying to guess your password and only request a change if they are able to guess it. So if you choose a good password you don't have to change it ever.
Wow, that's a kind of smart and intuitive way to do that, having some program or person every now and then going through and trying to guess passwords! I like that
@@duneode that doesn't work for your main account login, and should also be considered a risk since all passwords are locked behind a single one still.
Hey Dave, your security story reminded me about windows serial number, you had to enter during installation since 95. i found a workaround, and it was never fixed. After its asked, it was possible to boot in safe mode, open regedit and put any serial you like. Reboot and relax and enjoy while windows is finishing installation ;) you can try it
There was an even easier one with windows 95, it was a mathematical algorithm and could be easily cheesed with the serial number 00100-0123456789-00100 I was 14 and bored when I figured that out.
Which key in the registry are you editing on reboot? I've seen several candidates from version to version. Just curious which key in the registry compare with all mine. (I have a hexadeca-boot computer because total nerd)
When I worked at Intel in the early 90s, there was a standing rule that you could only take out 10 3.5" floppy disks, but you were allowed two, 250MB tapes. Then there was the time I was reprimanded for plugging in two outlet strips into each other, each with two wall warts that consumed a few watts each, yet no problem on the outlet strip on the adjacent cube that caught fire because there were 4 10 amp devices (American Ariums) plugged in to it.
I hear you. At my first job out of college we were located in a converted retail mall. Outlets were at a premium and we had daisy chains of outlet strips plugged into outlet strips. If a circuit breaker popped you just found another chain of power strips that led back to an outlet on a different circuit and plugged into that. Rumor had it the CEO/owner of the company just wrote out a check for the fire inspection fines due to all our violations as it was still cheaper than having the place rewired. It sounds like that may have been a sketchy place but it was a good company to work for, almost everything except for the power strips was good about the place. And before long we moved out of the mall and into our own new building. We had huge boxes full of power strips that were no longer needed so employees were free to take as many as they wanted for personal use. I have a few good heavy duty trip-lite power strips from that company that I still use. (Security there was a joke too, btw. But as others have said those were simpler times).
I was once asked to write a printer sharing tool so that managers could share their printer with their direct reports without going afoul of the corporate rules on who could have a desktop printer... circumventing the strict security rules they had in place to prevent resource sharing in windows. I wrote it in MS Access VBA so that there were no new installed executables for IT to question. Worked great!
@@heathbruce9928 so, back in the day, I actually liked it... but then I grew up in my expectations of a language. There used to be an Access Deployment Toolkit that allowed to to "compile" an Access mdb and install it as if it was a standalone exe. I used (abused) that to no end. Wrote an instant messaging app (cause IM was against security policy) that gave me backdoor practical jokes I could pull on anyone I could message. I.e. send a special coded message and make their motherboard start beeping every 3 seconds for 10 minutes, or make their cdrom tray eject. All that with Access VBA, and therein lies the problem. If I'd wanted to do major harm, it would have been a breeze. It might be a clunky base-index-1 tortoise of a language, but the dangers were myriad, and there was no way at the time to track down threats. Later, I used those skills to make a realtime multi-player chess game in an excel worksheet. So, could it do great things? Absolutely. Was it slow and clunky? Yes. Was it a security nightmare? Without a doubt.
That was our rule at work. You were only allowed to mess with someone's laptop if it didn't interrupt their work. Like when I came back to my laptop none the wiser. Until a week or so later I noticed icons on my desktop at home had been changed. Turns out while I was remoting to home, I'd forgotten to lock my laptop when I left my desk. Engineer next to me noticed, noticed I was remoted to home (we weren't supposed to but was doing it a way they'd not spot the traffic) he never said anything just changed the name of my icons on my desktop :) and laughed when I finally noticed.
THE worst Blue Badgewho NEVER followed the basic security rule had to be SteveB. Either outside a Bldg waiting for the doors to magically open or waiting for some Blue Badge to let him slip in (and we all had that video). And when he showed up at the Pro Club with no ID (how did he drive there?) and some new kid on he desk asks "Who are you?" ... Yup, my vote for Blue Badge failing the most basic security rule goes to SteveB.
I am loving this one! It reminds me alternately of working for a large, privately held software firm and of earlier Unix sysadmin jobs for universities. The former more for things like the security antics and the latter was an absolute trove of forgotten hardware. There was a memorable day in the early 2000s when we decided to clean out all dead-in-place wiring and equipment which remained under the university's main data center floor. The project quickly ballooned into two and a half days and included a lot of tech archeology. My personal favorite was the length of Thinnet which had an unusual MAU attached - longer and thinner than most and with a quarter-round profile.
Man I'd LOVE to come upon a time capsule like the one in your story! Also I work for a US retailer that is way over-cautious regarding employee password rules. Requirements: 12 char min length, must contain uppercase+lowercase+number+punctuation, change required every six months, and they track the last six passwords for each employee... and the worst part is that NOTHING this password protects is particularly valuable!! The most serious thing it's used for is signing in-and-out on the labor time sheet. Myself, I cycle the final digit 0-9, but I met this one guy who'd been here for decades - and let's say he was the opposite of a developer when it came to computer skills - I saw him sign-in once and his password was, like, a full paragraph long! Turns out he'd been adding one letter every six months for twenty years. :O
It’s not just about blocking the row behind you. It’s also about your own physical position in case of an accident or emergency landing and needing to brace.
I can't rationalize that one, as brace position uses the seatback in front of you. In fact, if you're in the last row, your seatback doesn't come into play at all.
I tried the coffee-maker (or teapot in my case) under a cardboard box trick in my first job. I had the box stacked on a few other moving boxes in the corner of the office to make it look like there was just some random stuff stored over there. But the facilities guy was onto that trick. When he came to inspect the office, he made a beeline to that corner and busted me.
Bisecting the currency to determine why the copier wouldn't copy it reminded me of when I was developing proprietary company software for MS-DOS. To keep employees from taking the software when they left I had the software put a large splash screen on the monitor with the company name and then the software would poke a handfull of screen locations to verify that the proper letters were there. We had an employee one time that somehow figured out there was a connection between the splash screen and the software running or not running so he did trial and error to remove parts of the splash screen until he determined the few screen addresses that mattered. On his screen instead of the full company name printed in large letters formed out of individual characters, he had blank space with only a half dozen letter scattered around the screen seemingly at random.
Dave, your content is some of my favorite on YT. I love a good story, and especially a good work-story. Your work stories are excellent. Thank you for taking the time to share, because I really enjoy it.
Yes! I would like to hear more of these. They remind me of things I had tried back in high school and even now at my current job - IT/Security is so under managed, unpopulated and under paid that they are begging to be challenged. :D
IT/Security is under managed? Is that why the stereotype from my perspective is a bunch of rogues? As a live media guy, my impression of IT, either directly or from stories told by other media people, is either A) nothing whatsoever (I guess they're like us in that if they're noticed, that in itself means that something is wrong!), or B) "Gilligan on a power trip". The general idea seems to be that if anything at all uses IP packets, then it MUST be managed by THEM, using a boilerplate mentality that ABSOLUTELY DOES NOT WORK FOR LIVE MEDIA!!!!! Meanwhile I'm thinking, "Who cares if it uses IP packets internally?! It's an audio patch cord!" Or maybe video, or perhaps a remote control for a camera, or similar. It literally replaces a bunch of thick and heavy analog cables that they certainly wouldn't have touched, with a single Cat-5. (okay, two Cat-5's for redundancy) Perhaps dedicated WiFi for some of it. That's all it is! Just a much thinner and lighter-weight replacement for the analog signals that we used to use. The IP networking stack simply happens to be a convenient way to do it, and it would have been completely and physically isolated from their network if they hadn't insisted otherwise and I lost the argument. So it would have been no threat to them whatsoever. And **I** take full responsibility for MY "network". They don't. At all. Ever. Even if something goes wrong, I still claim it...unless they caused it by their insistence on managing MY gear for me, which are NOT the computers that they're used to thinking of, even if some of it happens to use similar hardware. (live-media-processing and PC-gaming specs are often identical, for example, but the software is different, including the operating system in a fair number of cases......so you can't manage it with Windows PowerShell from your mom's basement: is that where the hangup is? /sarcasm ) I don't know how many times I or someone else has been dutifully locked out of a system that was fully tested and worked perfectly a few days before, because of "IT best practices". In the case of live media, that's a massively big deal because it can easily kill a show at the literal last minute and leave us scrambling and trying to dodge blame for failing our responsibilities, meanwhile the guy that can unlock it again is not answering the phone because it's outside of 9-5 M-F! (and even if we **can** get a hold of him, he's likely to give us a lecture on how "we're a security threat" and require a complete dissertation on why he's supposed to "violate policy" or whatever, AS THE CURTAIN IS ALREADY RISING!!!) (I've been tempted before, to get into "the IT closet" by whatever means necessary, and physically replace their managed switch with my unmanaged one. Their stuff wouldn't work, but mine would, and the show could go on. Then I'd put it all back, at least physically. Fortunately, I've never actually done that, and I hope I never do, but the temptation is quite strong with some of these guys......)
Keep up with the stories. As an aspi (and currently reading your book (and it's hitting every point, my partner is going to read it after me)) keep up the good work. You shed light on how the I.T. world works.
Great video as usual :) I worked for Dell doing tech support for Alienware products. It was a 24/7 line, so we worked in shifts, either 5 days with 2 days off or 10 days in a row and having 4 days off. Once I had to change my password on the 10th day, then I had my 4 days off and came back for a row of night shifts. The problem was that I forgot my password by then, and couldn't log on to my computer :D There was nobody else in the building (apart from the two security guards), so I couldn't go to the IT support guys to reset the password for me. On the next day, my team leader did ask the IT department to reset my password, which they did, and sent the temporary password to my mailbox, which was protected by the very same password they have sent me :D So there I was for two nights without access to my computer :D (the next day my TL asked to have the email with the temporary password delivered to him and sent me an SMS with it, so I could finally log in)
@@unnamedchannel1237 This was standard practice back then at Dell. It was just a temporary password, which needed to be changed at the first login. I wonder if they still do it like this :)
I'd love to hear more of these stories. I've been writing code all the way up and down the stack for 20 years and have never worked in a company with more than 500 employees (and even then, it was a satellite with about 60 at its peak), so apart from "no tailgating or letting people tailgate" there's not much to tell.
Oh that password story is a lot like what happened at at&t wireless prior to cingular buying them. What happened was there was like 20 different unique logins and someone created a script to change all the passwords, (to the same password) but unfortunately some of those systems only accepted 8 character passwords, and others had different mixed case rules and password history rules, so it was a major pain in the behind to use it. Ultimately it was discovered that nearly everyone had the same password algorithm for one subsystem that was not in this script and abused it to figure out some efficiency figures.
I always find this stuff funny, I know that I always loved messing with people I worked with using security rules that most of security did not know were part of there rules. You get to make 2 people look like they don't know there jobs....
Love it Dave - very entertaining and totally get your point about the "old days". Also, I watched with subtitles. Co-incidence that every time you said "Walt", the subtitles showed "Brian"...Perhaps a Walter White v Brian Cranston?
I'd love to see the follow ups.. And as a former Microsoft premier graveyard support, I hated that blue screens were blue, and so was the NT start screen. Can't tell you how many times I would be on a support call doing BSOD troubleshooting when the customer would reboot and say "I'm at a blue screen" simply as part of the startup process. On a side note, I am thankful that this changed in new versions of Windows.
I can remember the huge Fortran libraries where I worked, everything stored, boxed, filed, on 7" floppy disks. The library was off limits to me but I used them early am all the time! ^..^~~
I feel like I maybe got to see this one early, if it features the Microsoft confidential coffee maker this one is REALLY good but then Daves videos always are so that's hardly difficult to predict. I'm gonna pre-like it.
In the early 1990's I worked on a secure communications project for the military in England. Security was tight. The office the team worked in had to be some meters within the boundary of the site, it had no windows, it had no telephone or other communication cables. Hard drives were removed and locked in safe every night. I needed to show a security pass to a guard on the way into the site. I needed a door access card to get into our building. I needed a second door access card to get int the office. One summer it got really hot in that office, we were all wilting, no windows to open, the door had to be closed at all times, unbearable. We did not get any air conditioning until the MicroVax in that office expired from overheating.
12:15 This exact thing happened to me back in my apprentice days. Eventually my school achknowledged that I was fired from student place illigally and arranged for me to finish my education on the school as an intern. Without it I had to finish a new apprentice job and those were rare at the time.
The two stories I know were the 20x boxed Servers stolen from building 11, with the help of Security. And the programmer who wrote "Concept". MS did the best company meetings 🙂
I was at the ibm boca facility in 1987 on a return/reclamation shipment of some xt expansion chassis. the company I'd been working for found a "loop hole" (so to speak) in that no one was buying the expansion chassis. we bought thousands of them and dropped in some chinese motherboards (xt & xt286 that we'd sourced) and sold like hot cakes to lumberjacks. when we eventually got caught, ibm had us ship back the remaining inventory. I loaded up the truck and drove down to boca. great memories from the past......
IBM sharing a campus with AT&T in Tampa was fun. People who'd worked closely for years with IBMers were often greeted with a flat "Who let you in?" IBM at La Gaude had the best coffee I've ever had on a corporate site.
I remember having a set of throwing knives, and there was a place close to where I lived, with some nice wooden telephone poles, where I went to practice, next to a building complex. I didn't pay attention to the building initially. There was a huge parking lot, but never too many cars. And then one day I got curious curious. The building looked like a fortress with those black windows, and they had security cameras absolutely everywhere. I realized, the location was probably important. I went around, and holy crap! It was an IBM office complex. How I was able to go there for probably months to eat lunch and throw knives at telephone poles without ever running into security? I wasn't going through the font gate, but rather though a pass in the bushes leading to the parking lot. I'm glad I can laugh about it now. Nobody got hurt, and of course, I stopped, as soon as I figured out where I was.
This was so hilarious, I laughed out loud multiple times, especially for the temporary password cycler script and the half-dollar photocopy! subscribed
I worked for an American semiconductor company's contractor at the company's main R&D fab, in Oregon, for a few months. I can't comment on security, but the enforcement of clean room spec was done by, you guessed it, contractors. Underpaid, unenthused, and unmotivated, I think I was one of the only people to ever say good morning to them. The number of people I saw violating clean room spec, every single day, was crazy. But, count on engineers to mitigate the effects of lazy people, because contamination hardly occurred.
I worked in IBM Hursley in the early 90s and I remember the tailgating rules. Lots of doors that had to be swiped. Can't remember much security otherwise. We were contractors and frequently went in on the weekend to finish work and there was literally nobody around. Maybe guards toured occasionally but they never bothered or questioned us. Spent a lot of time killing time browsing the web on the OS/2 web browser. Even back then there were some very "exotic" sites of a pictorial nature and there was no firewall to stop from visiting them. There were vending machines around but in moments of boredom I'd walk to the central cafeteria for a coffee or something. They had these rotating vending machines where you used an electronic payment card to slide open the door to buy whatever was inside. I used to insert plastic fruit into vacant compartments and slide the doors closed so it looked like they contained a delicious bunch of grapes. I guess if they wanted to track the mystery plastic fruit bandit they could have figured out who it was from who was in the building at the weekend. So much for security. Oh well. I should add I worked hard, but I was glad to be a contractor rather than an employee in the place. Their culture was weird, excessively bureaucratic and using processes & software that seemed to come from a parallel universe. When I read of layoffs in IBM I can imagine the shock and lack of useful skills some of those employees have outside of IBM.
I really enjoy these stories. I have some personal experience of the IBM security mania from the 90's when i worked at a company that was one of IBM's agents selling the AS/400 here in Sweden.
@@jeffreyphipps1507 yes, it was a great system and i really enjoyed the command language. I used to travel around Sweden doing software updates on our customers AS/400's. Mainly OS-upgrades and PTF's but also the software that our company wrote for it which was a system for housing rental companies.
I worked at IBM in the Space Management department that assigned office space to various departments. We kept a room in the basement listed as storage and "stored" a ping pong table and mini fridge there. The primary security requirement being strictly enforced there was "NO TAILGATING", i.e. don't allow another person to follow behind you through a gate or door, even if they had an IBM badge and worked with you. I also covered for the receptionist there and had to check ID's and passports of every guest, if a guest was from a list of 11 countries I had to call the main security office and report who they were and wait for approval. One of the countries was China and needless to say we had a lot of visitors from there. When I worked at HSBC in the IT department (Sr. Technician III) we were constantly defeating the latest firewalls and lockdowns put in place to get our job done. As smart as the System Admins thought they were, we were always one step ahead of them.
After you said the infractions at IBM were stored in a database I was expecting the story to take a different turn. Like when Ferris Bueller dials in and takes away some of his school absences.
I set up the machine and maintained it that held and used the Novell Root Private Key. It was inside a room inside a room. The outer room had card badge access and the inner room had a manual combination lock. I had just come out of the outer room when a VP walked by. He tried his card badge on it and it did not open. He was upset so he said to let him in there. I said he was not authorized for that. He said to let him in anyway. I said ok, but let me tell you the consequences. That is Novell’s most sensitive secret and since I am currently the only one with access, if it compromised I’m the only one that can be blamed. But if I let you in there you could also be blamed, so here, let me open that for you. He quickly retreated.
On the 74gear you tube channel, he made fun of a UA-camr claiming that airlines want you in the brace position so that in the event of a crash, your spine will shoot through your brain, causing instant death, thereby avoiding more expensive lawsuits
as windows lacked security and any decent app bundles, people started creating their own windows re-packs. Such repack would install you a pre-activated windows with tons of software of all sorts. So there was a windowsXp repack back in a day. It was called ZverCD and it had preinstalled radmin :) thousands and thousands of people got it. Then ofc someone noticed the radmin running and it's access password went public. Basically you could connect to a random pc with admin rights and do anything to it. Imagine you are on your windows and suddenly notepad opens up and starts talking to you
Long ago I worked at a company which had hardware and software installed on customer premises and some of those customers had our support engineers on site full time. Our system had a console that printed out stuff on fanfold paper and that output was sometimes quite important to debugging problems. At least one of our customers had a rule that vendors couldn't take printed paper out of the data center. However, vendors were free to take hardware including disk drives out as they swapped spares and the like. WTF? I can't take out a few MB at most of data printed on fanfold paper but can walk out with a disk drive with 500MB (this was some time ago) on it? This was in the days of large enclosures (full or half width and quite a few "U") with electronics around the sealed Winchester drive and these enclosures screwed on with a few screws. So the field support teams kept a couple "transport" drives around - when they wanted to get us some paper off the console, they would unscrew the enclosure cover on one of the transport drives, put the paper from the console inside, screw the cover back on, and walk out of the DC with it w/o any questions being asked!
Oh I've tried to work with high security stuff... Funny thing was how casually many projects were talked about in the workplace, but how almost nothing leaked outside... But then there was the prototype department and its subsidiary which was working with other companies... They were not even allowed to reveal what companies they were working with. Anyway, I know that IBM have always been "by the book", yet I was surprised that they couldn't even make an exception if you ask nicely.
Pretty sure I heard about a guy who bridged the corp network by accident. He was there long after I was, so either it was not completely verboten or the story may not have been as accurate as I was lead to believe. I met Steve one time. He visited our site and saw the wallpaper on my test PC, a scan of an album Dangerous Toys, by the band of the same name. The extent of our "meeting" was that he inquired why that wallpaper and I pointed out that not a single peice of software on that PC was available in retail at the time. There might have even been a pre-beta or two in there somewhere. If I recall, it had the Quake beta running on Chicago for fun, but I may have my time-line a little blended.
I just love the idea of engineers making vb scripts to remember their passwords. In my own agency I have had the same alpha, numeric and symbol password that is replaced every 3 months. I am at variant 32 and the hash still won’t let me go back to 1.
Sadly we can't use any of our previous 24 passwords and we can't change it more than once per 24 hour period (precisely to stop the practice you mentioned of cycling through a bunch of temporary passwords to get back to your preferred one)
So, in the 90s, I would print obviously fake money and I would hand color it. I usually had a few of these fake bills in my wallet as they were fun to add to $$ when buying things as a kind of present to a nice worker. Once I had no cash, and purely as a joke, I put one of my Talking Moose bucks and put it in a pop machine...it somehow worked. I was astonished and laughing about what the guy who owns the machine would think. I tried them in a few more machines, but non would take it. I should point out I was 11 or 12 at the time and had no idea how illegal it was to use one of those bills as $.
I'm not autistic but every time I see the cover to your book with those TWO half eaten nuggets I get triggered! It's moral law to finish one nugget before taking a bite of another!! :) Just found your site and love it. I don't understand most of it, but I love it and I'm sure I'll learn....eventually...maybe a little.
Hi Dave, just thought id explain the reclined seat on an airliner confusion, its due to the seat belt, if you are reclined enough in the event of sudden breaking or collision there's a non zero chance that you'd slide right under your seat belt causing even greater injury than if you just weren't buckled in. Great video :)
Also seats are only safety tested in the "TTL' (Taxi, take off and landed) position for occupant injury - such as 'HIC' -(Head Impact Criteria) - the further your seat is back more velocity, more HIC, more potential damage. It's Aircraft - Safety first.
@@common_c3nts "anti-submarining seats" are a requirement in all cars these days. If it can happen with a 3 point, self tensioning and locking seatbelt. It can happen with a single lap belt manually tensioned on an airliner.
Former Flight Attendant here… the reason you can’t recline during takeoff and landing is because it’s a critical phase of flight. If something is going to go wrong, this is when it is likely going to happen. As such, they want you to be ready to roll if you have to quickly evacuate and the back of a seat can prevent you from quickly exiting, and when you are in the back row, it’s a preparedness thing. Seconds can be the difference between life and death. I love your channel, thanks for the great content and keep that seat up! 🤪
0:10 Weirdly somehow it reminds me of one level in a first person shooter pc game I played years ago called "Gore ultimate soldier", Two "tech giants" one called "Baztech" in blue and "Wetcorp" in red, with the "good guys" being blue and the "bad guys" in red of course. Classic lore stuff! Yea I know this comment seems a bit irrellevant to the subject but that's what crossed my complicated spectral mind!
i remember OS/2 when i was working on a movie in special effects. The 266 we had with a new huge 2 GB hard drive did not help at all and we had such a problem rendering that a local film studio lent us a SG tower that was seemingly made of lead,lol. It sped up the process by 10 fold easy. We were rendering single hairs on a head moving in the wind back then. what a farce. Oddly enough Pixar would be Pixart if we had sold them the name. I told him to take the 6 g's offered but he thought he was smarter and then......oh well. lol
I once had to implement a realtime process control system in OS/2. Soon discovered that if you wrote an infinite loop, with no system calls, the OS would hang, requiring a hard boot.
I work in the copier industry and with today's digital devices you can't copy money. As soon as the counterfeit detection goes off it stops the job. It won't even write to the drum. Keep sharing the stories I really enjoy them.
Now instead of fighting with security per se, at my job I fight with the corporate proxy, which seems to break almost every dev tool, and many tools don't seem to use the proxy environment variables I set in my system, so I often end up having to configure each tool manually
In regard to windows piracy Piracy is now the only way to use windows 7 (the best OS Microsoft has ever made) since you cannot buy a legitimate license key anymore
Both interesting and entertaining, so a double 👍👍. I'm actually old enough to remember (and be excited about!) upgrading to 3.1 ... and I loved the colors of Dos Shell (or was it Doss Hell?) Anyway, I for one will look forward to more Tales From the Crypt. TY Mr. D.
![[UA] Eternal Fire проти NAVI | EPL Season 20 Malta](http://i.ytimg.com/vi/chvlsDygrZM/mqdefault.jpg)
BTW, no one can beat Feyman's stories of security theater in his book. I forget if it's in Surely You're Joking or What Do You Care What Other People Think... but his stories of working around rules at Los Alamos during the Manhattan project are epic!
Back in 1994 there was a corporate communications sent to everyone that requested that staff not store firearms in their car glove compartments when parked on campus. Being Canadian, this was just absurd to me.
Feynman was the best lock picker that never was!
Not sure of the book, but "Richard Feynman Lecture -- "Los Alamos From Below"" is a well told story.
yeah, it's a wonder he didn't get himself shot just once ... :)
Among them is a story that after Feyman demonstrated to security people how easily their measures could be evaded, they, in classic security cop tradition, concluded that HE was the security problem.
I worked at the IBM Toronto Lab for 20 years. The security theatre ramped up to mind numbing levels. We had to change passwords every three months, but didn't have an integrated password system, that should have been a prerequisite for such a policy. As somebody who had access to piles of different porting test and development machines, changing passwords manually took half a day's work (we eventually wrote expect based scripts to automate this). You'd also get half way through a password change attempt, and then find that one machine of 70 would have different local password rules (which usually didn't conform to the official security policy) so you'd have to use a different password for some subset of the machines, despite trying to conform to the rules (8 characters, no more, no less, can't start or end with a number or a symbol, no dictionary words, upper and lower case required, special symbol required, ...)
It was inevitable that some machines wouldn't be online for the password change attempt, which would also screw up the attempt to keep things synchronized.
Of course, I ended up with a file that listed which generation of password I had for each machine, so that I could attempt to get in later without getting a password reset, or using our well known (to development) ssh-based root exploit, so we could reset our passwords without opening a ticket to have it done. I shared our remote root exploit widely within our organization as a protest against the stupidity of the security theatre. I bet it can still be used 6 years later.
The security managers didn't care how much chaos their rules caused, nor how many real security holes were opened as work arounds for these rules. They just wanted to be able to report compliance to higher ups, so they could have the appearance of being effective. The real risks weren't expired passwords. For example, any student intern could walk out of the lab with all our product source code on a usb key.
I worked in an IBM development lab in 84/86 - it’s all true. You had to lock your desk, filing cab and terminal (or PC) when you left. Security would leave a sticker inside your desk draw if you failed to lock it - I got one! Two security violations in a year meant no pay rise so it was quite a big deal! BTW I bought and read your book - it was so helpful - I recognised so many things in myself! Scored 43 on the AQ test!!
Corporates in the late 90's / early 2000's used to have security check whether PCs were turned off at night for energy savings, all good until you came in the next morning and had to spend 30 / 60 minutes waiting for all the B.S scrips / A.V and crap to finish. Say average $35 per hour at the time times, 1000 workers every morning. Yeah, we were saving the planet and personally making bank whilst drinking coffee 20 years before the woke climate change people turned up.
I'm new to computer architecture/software dev and curious about this book, where can one find a copy?
@@joeldejonge2986 see the first entry in the video description
Not much has changed. Working at IBM for 22 years now at their Toronto Lab, I feel that only the NSA has stronger security than IBM.
should've left the desk unlocked with a dye pack in it
Hi Dave! The reason for having your seat in the upright position is to protect your spine from vertical forces during a non-catastrophic impact, for example, a hard landing during rain or gusty winds. Sadly, most rules in aviation are written with blood (i.e. as a result of a deadly incident).
Oh another fun IBM security (or danger) story.
I was in charge of a block of servers and unlike Unix servers that could perfectly be equipped with upgrades remotely, Windows machines in 2001 did require some stupid console interaction. And because of security, console over IP was not allowed to the office lan. So I got 24 hour clearance to the DC and you had to hand in your mobile phone at the security (why is beyond me because we couldn’t film or steal data on a Nokia in 2001). I got the clearance from 7am to 7am
So I do the updates of the software at night and then from 5-7am there’s an offline service window. So I come in at 06am start the service pack upgrades and test everything (because with NT and 2000, nothing to as guaranteed to work). But it was all fine so at 07:10am I walk to the exit of the DC hold my card in front of the reader and… a red light. Again… again a red light.
It dawned on me that some idiot developer, forgot to realize that it’s okay to enter during your service window but not to exit after it expired. You should always be able to exit!!! Also after the entrance periode as passed.
So I pick up the emergency phone that has a direct connection to security… and nope the line was dead.
Here I was stuck at 07:15 in a loud DC.
The first employee that had to be in the DC appeared at 08:00am. Whom had to bring me to security.
The security guard said: “I was already thinking, where is he? I got your phone here and I hadn’t seen you again”.
The guy gave me my phone and registered my being in the DC. Then asked me why I didn’t call
“I did, but that phone is dead!”
The guy that took me, was like: “oh yeah I’m rewiring the phones lines, there. That makes sense, I’ll fix that one right away. I guess it’s more important than we’d thought.”
I just wanted to address some of your questions / statements if you don't mind.
"you had to hand in your mobile phone at the security (why is beyond me because we couldn’t film or steal data on a Nokia in 2001)"
Back in the bad old days mobiles and sheildings were non existant, mobile phones in the datacenter was a sure fire way to cause network problems, and data corruption if you ever left it on a server, today shielding is much better but you still surrender your phone. Everything inside a datacenter is critical, you don't want photos leaking out, or photos of racks and switches being public, and depending on the datacenter and its DSS and TIER Raiting its a security requirement today.
"It dawned on me that some idiot developer, forgot to realize that it’s okay to enter during your service window but not to exit after it expired"
It dawns on me you wasn't authorised to be in the datacenter, and access in and out is denied, emergency exits are in place to let you out without a card anyways. If your authorisation was till 7am, you should have been out at 06:59, None of my datacenters will allow you to enter or exit if your window has expired, staff are onsite anyways to let you folks out, and write up the security breach report for DSS and TIER certification requirements.
"The guy that took me, was like: “oh yeah I’m rewiring the phones lines, there. That makes sense, I’ll fix that one right away. I guess it’s more important than we’d thought.”"
That would have got him fired even way back when, those phones have to be tested daily and a secondary option must be available (but that's a newer rule)
@@AnIdiotAboard_ the no phones was indeed a stupid, shielding excuse. Like hospitals and airplanes had. IBM is overly cautious. At least that’s why I think it was. In the two times I had to be in the grid, I never really thought about it. Just handed it in.
But makes sense because the grids were individual blocks within the DC that were locked so even if you had access to the DC you could only get into the grid where your stuff was. And that’s compartmentalized per client. And each grid (or kavel we call it in Dutch) was also shielded. Because CRT images could easily be captured. Not that I would think any of my colleagues would care. As all of us that had access to that wing supported all those servers.
Oh perhaps that was the reason why phones weren’t also allowed. As you could call someone over and open the door for them and they could provide access to a different grid. Don’t know, don’t care. Not working there anymore and don’t want to go back to IBM. Hated it there! Poorly paid over managed shit show.
It makes no sense to allow someone in and not out. Because I can do the same amount of damage, so it’s nonsensical to not allow an authorized person out. Unless you would proactively send security, who I trust far less than a senior grid owner.
I am not helped with crashing my own grid as grid owner. My clients would call me 😄
In every other DC I went to, granted not private DC like IBM but public DCs where anyone can host their crap, you just registered your time of arrival. You could always leave.
Otherwise with a severity 1, you would always be hustling to get extension.
Because you don’t know how long something takes and that would slow down. Also by work law we are not allowed longer than 1 hour in a noisy environment without a break outside of that environment.
That’s why you have grids with key access too within the cooled area.
Emergency exits when your open them required by Dutch law to let the alarm go off. And when an alarm goes off, everything needs to be unlocked. I thought that to be very excessive I sat nicely and comfortably on the wiring guy’s cable spool.
And the guy being fired over one phone not yet being wired up? A bit excessive, he probably had that planned anyways. Who is usually in a locked data center at 6/7am? At IBM nobody usually starts that early, except is externals who keep the place running 🤪
@@CallousCoder I mean you could still phone a friend on the outside who was writing everything you said to them down.
@@unicodefox well that would be very inconvenient because the only phone was at the entrance and I’m pretty sure that was an inside line only. Although I never found out because when I needed to call the security to let me out, it wasn’t hooked up. And after that I’ve never touched the red phone.
I swear that the coffee maker in the box story was told to me many years ago. I always assumed it was an apocryphal tale, but Dave's word is unimpeachable in my book so there ya have it.
"It is a longstanding prank at Microsoft’s main Redmond campus to send an unsuspecting new employee to building 7 under the pretense of having a meeting or needing to pick up something. There is no such building on the main Microsoft campus. This nonexistent building has also been used as a sort of inside joke. For example, if somebody invites you to a meeting in Building 7, they’re probably inviting you off campus to take a break from work."-- devblogs
And how many of them ended up in building 8 to be meet by?.. It would make for a few good stories.
I'll keep that in mind when I get hired at Microsoft in my next lifetime maybe?
The BBC had something similar at Television Centre in London. They had news studios numbered from N1-N6 and N8-N10. There was no N7 because they used the main studio TC7 for some news programmes and didn't want confusion between the two. So "I'm off to N7" usually meant going to the bar for a few drinks!
There in all likelihood a different equally valid reason why it doesn't exist, but I wonder if it works out to be the power-box for the carpark lights. You know about a meter high and here at least the outer case is made of fiberglass.
A quick google search on the map shows it's under construction.
Raymond Chen's blog (and his book of the same name, which I also loved) is one of the main factors that made me regard Microsoft in a much more positive light. Like his blog, your channel shows us quite a bit more about the human side of Microsoft, and how the people there are clever and passionate about their work, but also have a sense of fun.
I worked for Symantec over a decade ago. I worked in tech support. The last year-and-a-half I was there I supported their physical firewall product. Because of the nature of the product our lab had to have a direct connection to the internet with a handful of internet routable IP addresses that we could use. When I joined the team part of the training was a very strong warning about the internet usage in the lab. You see, years before, an employee had setup their own private server in the lab and had been serving out large volumes of "content." After that incident it was well known that any abuse of the lab would result in immediate termination. Also, the lab was audited regularly to prevent such an incident.
I worked at Symantec too! And I never tried to setup private servers or anything like that, but I did notice that filesharing sites were not blocked. I never did anything illegal, although I do not remember ever having to go through any sort of training about what was allowed and what wasn't!
@@KristopherNoronha You sound like a 'content' addict 😉
The air force tried to force me to lock my cabinet each night and I only used it to store my jacket and some personal clothes. So I rigged my lock to open when I pulled it out in an upward and to the right tugging motion. The same to close it. One time I got caught opening it without a key. The next day a lock was replaced. Which ironically made it worse. 🤣
One problem with unlocked cabinets is that some one else might use your cabinet to store things they would not want to be associated with, which could end up putting you into trouble. If its small things like narcotics it might be hidden enough for you to not notice.
The company I retired from required us to change our password frequently. At the time I didn't think this was a very good idea since it made more sense to have one highly secure password or phrase. Your password could not be ANY of your previous passwords. To make it easier for myself I used the same word and character followed by the current two digit month and two digit year. Always different, I could guess within a couple of tries if I wasn't sure, not very secure. But it was in compliance.
Everybody does that. It's impossible to come up w/ a unique password every month and remember which is the current after 2 years. ;)
@@meneerjansen00 Which is why I wrote my password on a sticky note on the laptop. F them and their stupid policy. Fortunately they dropped the password change requirement.
My last work had implemented PCI compliance rules requiring password rotations every 3 months. I just tacked on the quarter (Q1, Q2 etc) and the next year the month (5 passwords were retained to prevent frequent reuse).
Yep, that's exactly what I do now.
Password rules are cancer
If some bozo wants to use 1234, that's their problem
I co-lead the development of the OWASP Application Security Verification Standard and the OWASP Top 10. We do not permit applications to enforce password rotation, as it actually makes it easier for attackers to guess your password. The only thing that we do require is multi-factor authentication and longer passwords than normal. We are aligned with NIST 800-63 b, which has the same requirements. Microsoft also stopped enforcing password rotation in circa 2016 or so. Please stop doing it. It's not actually secure.
lol
As an InfoSec professional of a decent number of years I must agree. Password rotation is a bigger risk than password retention.
Best security setup I have seen was a command and control center for handling emergency services. These servers were literally handling the dispatch of calls to the operators and providing realtime info on things like the GPS trackers in the vehicles etc. You needed to get through 3 swipe card access points to get to the ground floor level server room... or you could go outside and climb in through the window that was permanently propped open with an AC duct as they had no permission to physically modify the outside of the listed building in which it resided
Love the coffee pot story. That is pure gold
Keep up the amazing content Dave, I for one will always be hungry for more
Nice video Dave. I arrived IBM Boca in 1991 after Microsoft had left the building - the dreadful coffee machines were still present ($0.35 a cup). These dispenser vending machines were an IBM dev site standard, at least at the half-dozen or so sites I visited around that time. Dreadful coffee! So good for your colleagues to resist the man and brew a good cup. I add, they were not alone... The OS/2 test labs saved the day, having non-approved refrigerators and coffee pots hidden where for some reason the security folks could not see, so sodas were essentially free as the world intended. After each all hands (free food event), a careful eye would see the test lab managers carting off supplies, always making new friends.
Thx, a great reminder of the excesses of the building security. Remember persuading my boss to get a decent coffee machine maintained by the company for employee use to avoid any potential risk of dodgy home appliances. Turning the dark side against them 😀👍
For the password renewal requirement at my previous company (was 90 days and couldn't reuse passwords) I used the current year + month and 3 chars of my name (8 chars total). I can only assume it was not as secure as the randomly generated 14 chars password that I used for the first time before getting annoyed :-).
My current company luckily understands that and uses a different way - the security runs regular scans trying to guess your password and only request a change if they are able to guess it. So if you choose a good password you don't have to change it ever.
Just get a password manager.
Wow, that's a kind of smart and intuitive way to do that, having some program or person every now and then going through and trying to guess passwords! I like that
@@jaykebird2go security audit
@@duneode that doesn't work for your main account login, and should also be considered a risk since all passwords are locked behind a single one still.
Hey Dave, your security story reminded me about windows serial number, you had to enter during installation since 95. i found a workaround, and it was never fixed. After its asked, it was possible to boot in safe mode, open regedit and put any serial you like. Reboot and relax and enjoy while windows is finishing installation ;) you can try it
There was an even easier one with windows 95, it was a mathematical algorithm and could be easily cheesed with the serial number 00100-0123456789-00100
I was 14 and bored when I figured that out.
With NT 4 you just had to enter 1111, job done
Which key in the registry are you editing on reboot? I've seen several candidates from version to version. Just curious which key in the registry compare with all mine. (I have a hexadeca-boot computer because total nerd)
@@enzedpcs2 Same with Windows 95. 🙂
When I worked at Intel in the early 90s, there was a standing rule that you could only take out 10 3.5" floppy disks, but you were allowed two, 250MB tapes. Then there was the time I was reprimanded for plugging in two outlet strips into each other, each with two wall warts that consumed a few watts each, yet no problem on the outlet strip on the adjacent cube that caught fire because there were 4 10 amp devices (American Ariums) plugged in to it.
I hear you. At my first job out of college we were located in a converted retail mall. Outlets were at a premium and we had daisy chains of outlet strips plugged into outlet strips. If a circuit breaker popped you just found another chain of power strips that led back to an outlet on a different circuit and plugged into that. Rumor had it the CEO/owner of the company just wrote out a check for the fire inspection fines due to all our violations as it was still cheaper than having the place rewired. It sounds like that may have been a sketchy place but it was a good company to work for, almost everything except for the power strips was good about the place. And before long we moved out of the mall and into our own new building. We had huge boxes full of power strips that were no longer needed so employees were free to take as many as they wanted for personal use. I have a few good heavy duty trip-lite power strips from that company that I still use.
(Security there was a joke too, btw. But as others have said those were simpler times).
Where I worked, it was forbidden to plug anything in to a power socket. Only IT had permission to do that.
I was once asked to write a printer sharing tool so that managers could share their printer with their direct reports without going afoul of the corporate rules on who could have a desktop printer... circumventing the strict security rules they had in place to prevent resource sharing in windows. I wrote it in MS Access VBA so that there were no new installed executables for IT to question. Worked great!
Access VBA... ugh, please don't remind me 😆
Why is Access VBA such a chore? Just because MS chooses not to update the ide?
@@heathbruce9928 so, back in the day, I actually liked it... but then I grew up in my expectations of a language. There used to be an Access Deployment Toolkit that allowed to to "compile" an Access mdb and install it as if it was a standalone exe. I used (abused) that to no end. Wrote an instant messaging app (cause IM was against security policy) that gave me backdoor practical jokes I could pull on anyone I could message. I.e. send a special coded message and make their motherboard start beeping every 3 seconds for 10 minutes, or make their cdrom tray eject. All that with Access VBA, and therein lies the problem. If I'd wanted to do major harm, it would have been a breeze. It might be a clunky base-index-1 tortoise of a language, but the dangers were myriad, and there was no way at the time to track down threats. Later, I used those skills to make a realtime multi-player chess game in an excel worksheet. So, could it do great things? Absolutely. Was it slow and clunky? Yes. Was it a security nightmare? Without a doubt.
@@heathbruce9928ahaha what IDE?
This is a great channel with awesome stories and helpful content. The coffee pot box marked confidential is hilarious. Thanks dave for sharing.
It was marked MICROSOFT-CONFIDENTIAL. 😉
Seems getting around rules and security is the favorite sport of all developers! Thanks for the great stories.
That was our rule at work. You were only allowed to mess with someone's laptop if it didn't interrupt their work. Like when I came back to my laptop none the wiser. Until a week or so later I noticed icons on my desktop at home had been changed. Turns out while I was remoting to home, I'd forgotten to lock my laptop when I left my desk. Engineer next to me noticed, noticed I was remoted to home (we weren't supposed to but was doing it a way they'd not spot the traffic) he never said anything just changed the name of my icons on my desktop :) and laughed when I finally noticed.
This should be obvious to anyone with half a brain, but the above message is fraud and not from Dave.
THE worst Blue Badgewho NEVER followed the basic security rule had to be SteveB.
Either outside a Bldg waiting for the doors to magically open or waiting for some Blue Badge to let him slip in (and we all had that video).
And when he showed up at the Pro Club with no ID (how did he drive there?) and some new kid on he desk asks "Who are you?" ...
Yup, my vote for Blue Badge failing the most basic security rule goes to SteveB.
I am loving this one! It reminds me alternately of working for a large, privately held software firm and of earlier Unix sysadmin jobs for universities. The former more for things like the security antics and the latter was an absolute trove of forgotten hardware. There was a memorable day in the early 2000s when we decided to clean out all dead-in-place wiring and equipment which remained under the university's main data center floor. The project quickly ballooned into two and a half days and included a lot of tech archeology. My personal favorite was the length of Thinnet which had an unusual MAU attached - longer and thinner than most and with a quarter-round profile.
Man I'd LOVE to come upon a time capsule like the one in your story! Also I work for a US retailer that is way over-cautious regarding employee password rules. Requirements: 12 char min length, must contain uppercase+lowercase+number+punctuation, change required every six months, and they track the last six passwords for each employee... and the worst part is that NOTHING this password protects is particularly valuable!! The most serious thing it's used for is signing in-and-out on the labor time sheet. Myself, I cycle the final digit 0-9, but I met this one guy who'd been here for decades - and let's say he was the opposite of a developer when it came to computer skills - I saw him sign-in once and his password was, like, a full paragraph long! Turns out he'd been adding one letter every six months for twenty years. :O
It’s not just about blocking the row behind you. It’s also about your own physical position in case of an accident or emergency landing and needing to brace.
I can't rationalize that one, as brace position uses the seatback in front of you. In fact, if you're in the last row, your seatback doesn't come into play at all.
@@DavesGarage It's about making everyone conform so we're all equally miserable. 😁
I tried the coffee-maker (or teapot in my case) under a cardboard box trick in my first job. I had the box stacked on a few other moving boxes in the corner of the office to make it look like there was just some random stuff stored over there. But the facilities guy was onto that trick. When he came to inspect the office, he made a beeline to that corner and busted me.
Bisecting the currency to determine why the copier wouldn't copy it reminded me of when I was developing proprietary company software for MS-DOS. To keep employees from taking the software when they left I had the software put a large splash screen on the monitor with the company name and then the software would poke a handfull of screen locations to verify that the proper letters were there. We had an employee one time that somehow figured out there was a connection between the splash screen and the software running or not running so he did trial and error to remove parts of the splash screen until he determined the few screen addresses that mattered. On his screen instead of the full company name printed in large letters formed out of individual characters, he had blank space with only a half dozen letter scattered around the screen seemingly at random.
Dave, your content is some of my favorite on YT. I love a good story, and especially a good work-story. Your work stories are excellent. Thank you for taking the time to share, because I really enjoy it.
Yes! I would like to hear more of these. They remind me of things I had tried back in high school and even now at my current job - IT/Security is so under managed, unpopulated and under paid that they are begging to be challenged. :D
IT/Security is under managed? Is that why the stereotype from my perspective is a bunch of rogues?
As a live media guy, my impression of IT, either directly or from stories told by other media people, is either A) nothing whatsoever (I guess they're like us in that if they're noticed, that in itself means that something is wrong!), or B) "Gilligan on a power trip".
The general idea seems to be that if anything at all uses IP packets, then it MUST be managed by THEM, using a boilerplate mentality that ABSOLUTELY DOES NOT WORK FOR LIVE MEDIA!!!!! Meanwhile I'm thinking, "Who cares if it uses IP packets internally?! It's an audio patch cord!" Or maybe video, or perhaps a remote control for a camera, or similar. It literally replaces a bunch of thick and heavy analog cables that they certainly wouldn't have touched, with a single Cat-5. (okay, two Cat-5's for redundancy) Perhaps dedicated WiFi for some of it. That's all it is! Just a much thinner and lighter-weight replacement for the analog signals that we used to use. The IP networking stack simply happens to be a convenient way to do it, and it would have been completely and physically isolated from their network if they hadn't insisted otherwise and I lost the argument.
So it would have been no threat to them whatsoever. And **I** take full responsibility for MY "network". They don't. At all. Ever. Even if something goes wrong, I still claim it...unless they caused it by their insistence on managing MY gear for me, which are NOT the computers that they're used to thinking of, even if some of it happens to use similar hardware.
(live-media-processing and PC-gaming specs are often identical, for example, but the software is different, including the operating system in a fair number of cases......so you can't manage it with Windows PowerShell from your mom's basement: is that where the hangup is? /sarcasm )
I don't know how many times I or someone else has been dutifully locked out of a system that was fully tested and worked perfectly a few days before, because of "IT best practices". In the case of live media, that's a massively big deal because it can easily kill a show at the literal last minute and leave us scrambling and trying to dodge blame for failing our responsibilities, meanwhile the guy that can unlock it again is not answering the phone because it's outside of 9-5 M-F! (and even if we **can** get a hold of him, he's likely to give us a lecture on how "we're a security threat" and require a complete dissertation on why he's supposed to "violate policy" or whatever, AS THE CURTAIN IS ALREADY RISING!!!)
(I've been tempted before, to get into "the IT closet" by whatever means necessary, and physically replace their managed switch with my unmanaged one. Their stuff wouldn't work, but mine would, and the show could go on. Then I'd put it all back, at least physically. Fortunately, I've never actually done that, and I hope I never do, but the temptation is quite strong with some of these guys......)
@@aaronduerksen1378 cool story bro
"Microsoft was pretty chill about security..." Oh those few words explain so much of my frustration and pain as an administrator.
This was hilarious would definitely love to have part duex
Part deux!, especially more on that time machine room from the 80's!
Keep up with the stories. As an aspi (and currently reading your book (and it's hitting every point, my partner is going to read it after me)) keep up the good work. You shed light on how the I.T. world works.
Great video as usual :) I worked for Dell doing tech support for Alienware products. It was a 24/7 line, so we worked in shifts, either 5 days with 2 days off or 10 days in a row and having 4 days off. Once I had to change my password on the 10th day, then I had my 4 days off and came back for a row of night shifts. The problem was that I forgot my password by then, and couldn't log on to my computer :D There was nobody else in the building (apart from the two security guards), so I couldn't go to the IT support guys to reset the password for me.
On the next day, my team leader did ask the IT department to reset my password, which they did, and sent the temporary password to my mailbox, which was protected by the very same password they have sent me :D So there I was for two nights without access to my computer :D (the next day my TL asked to have the email with the temporary password delivered to him and sent me an SMS with it, so I could finally log in)
A: who the F sends passwords via email .
@@unnamedchannel1237 This was standard practice back then at Dell. It was just a temporary password, which needed to be changed at the first login. I wonder if they still do it like this :)
I'd love to hear more of these stories. I've been writing code all the way up and down the stack for 20 years and have never worked in a company with more than 500 employees (and even then, it was a satellite with about 60 at its peak), so apart from "no tailgating or letting people tailgate" there's not much to tell.
The camera at the beginning of this looked amazing!
Oh that password story is a lot like what happened at at&t wireless prior to cingular buying them. What happened was there was like 20 different unique logins and someone created a script to change all the passwords, (to the same password) but unfortunately some of those systems only accepted 8 character passwords, and others had different mixed case rules and password history rules, so it was a major pain in the behind to use it. Ultimately it was discovered that nearly everyone had the same password algorithm for one subsystem that was not in this script and abused it to figure out some efficiency figures.
I always find this stuff funny, I know that I always loved messing with people I worked with using security rules that most of security did not know were part of there rules. You get to make 2 people look like they don't know there jobs....
So funny, I spent 6 years as a Software Engineer at IBM. Great job Dave !
Love it Dave - very entertaining and totally get your point about the "old days". Also, I watched with subtitles. Co-incidence that every time you said "Walt", the subtitles showed "Brian"...Perhaps a Walter White v Brian Cranston?
A great example of “ we thought that was so important back then but it really wasn’t “
I'd love to see the follow ups.. And as a former Microsoft premier graveyard support, I hated that blue screens were blue, and so was the NT start screen.
Can't tell you how many times I would be on a support call doing BSOD troubleshooting when the customer would reboot and say "I'm at a blue screen" simply as part of the startup process. On a side note, I am thankful that this changed in new versions of Windows.
I can remember the huge Fortran libraries where I worked, everything stored, boxed, filed, on 7" floppy disks. The library was off limits to me but I used them early am all the time!
^..^~~
I feel like I maybe got to see this one early, if it features the Microsoft confidential coffee maker this one is REALLY good but then Daves videos always are so that's hardly difficult to predict. I'm gonna pre-like it.
He didn't mention the official "TCP/IP Coffee Pot Protocol"?
@@stephenjacks8196 Error 418
In the early 1990's I worked on a secure communications project for the military in England. Security was tight. The office the team worked in had to be some meters within the boundary of the site, it had no windows, it had no telephone or other communication cables. Hard drives were removed and locked in safe every night. I needed to show a security pass to a guard on the way into the site. I needed a door access card to get into our building. I needed a second door access card to get int the office. One summer it got really hot in that office, we were all wilting, no windows to open, the door had to be closed at all times, unbearable. We did not get any air conditioning until the MicroVax in that office expired from overheating.
Awesome stories, Dave! Keep them coming!! Love the channel
Thanks for doing it!!!
12:15 This exact thing happened to me back in my apprentice days. Eventually my school achknowledged that I was fired from student place illigally and arranged for me to finish my education on the school as an intern. Without it I had to finish a new apprentice job and those were rare at the time.
"Left to the viewer as an exercise" I am cryin' over here.
The two stories I know were the 20x boxed Servers stolen from building 11, with the help of Security. And the programmer who wrote "Concept". MS did the best company meetings 🙂
I was at the ibm boca facility in 1987 on a return/reclamation shipment of some xt expansion chassis. the company I'd been working for found a "loop hole" (so to speak) in that no one was buying the expansion chassis. we bought thousands of them and dropped in some chinese motherboards (xt & xt286 that we'd sourced) and sold like hot cakes to lumberjacks. when we eventually got caught, ibm had us ship back the remaining inventory. I loaded up the truck and drove down to boca. great memories from the past......
All of that with the coffee machine, when all you had to do was set the "official" coffee vending machine on fire.
Ha! I actually work in that building in Regina! Great stories. Keep them coming!
IBM sharing a campus with AT&T in Tampa was fun. People who'd worked closely for years with IBMers were often greeted with a flat "Who let you in?" IBM at La Gaude had the best coffee I've ever had on a corporate site.
I remember having a set of throwing knives, and there was a place close to where I lived, with some nice wooden telephone poles, where I went to practice, next to a building complex. I didn't pay attention to the building initially. There was a huge parking lot, but never too many cars. And then one day I got curious curious. The building looked like a fortress with those black windows, and they had security cameras absolutely everywhere. I realized, the location was probably important. I went around, and holy crap! It was an IBM office complex. How I was able to go there for probably months to eat lunch and throw knives at telephone poles without ever running into security? I wasn't going through the font gate, but rather though a pass in the bushes leading to the parking lot. I'm glad I can laugh about it now. Nobody got hurt, and of course, I stopped, as soon as I figured out where I was.
I love your sense of humor, man! Great video! Greetings from a new subscriber.
My boss, with embedded metal and tattooed, sent me an email with the "I love you virus". I didn't open it because I didn't love my boss.
@3:20, there's always some b'stard with a guitar 🤣 I am reminded of the party scene at the frat house in Animal House
This was so hilarious, I laughed out loud multiple times, especially for the temporary password cycler script and the half-dollar photocopy! subscribed
I worked for an American semiconductor company's contractor at the company's main R&D fab, in Oregon, for a few months. I can't comment on security, but the enforcement of clean room spec was done by, you guessed it, contractors. Underpaid, unenthused, and unmotivated, I think I was one of the only people to ever say good morning to them. The number of people I saw violating clean room spec, every single day, was crazy. But, count on engineers to mitigate the effects of lazy people, because contamination hardly occurred.
Security rules are always the most fun when training new hires to follow rules no one outside of thier first few weeks bothers to follow.
I worked in IBM Hursley in the early 90s and I remember the tailgating rules. Lots of doors that had to be swiped. Can't remember much security otherwise. We were contractors and frequently went in on the weekend to finish work and there was literally nobody around. Maybe guards toured occasionally but they never bothered or questioned us. Spent a lot of time killing time browsing the web on the OS/2 web browser. Even back then there were some very "exotic" sites of a pictorial nature and there was no firewall to stop from visiting them.
There were vending machines around but in moments of boredom I'd walk to the central cafeteria for a coffee or something. They had these rotating vending machines where you used an electronic payment card to slide open the door to buy whatever was inside. I used to insert plastic fruit into vacant compartments and slide the doors closed so it looked like they contained a delicious bunch of grapes. I guess if they wanted to track the mystery plastic fruit bandit they could have figured out who it was from who was in the building at the weekend. So much for security. Oh well.
I should add I worked hard, but I was glad to be a contractor rather than an employee in the place. Their culture was weird, excessively bureaucratic and using processes & software that seemed to come from a parallel universe. When I read of layoffs in IBM I can imagine the shock and lack of useful skills some of those employees have outside of IBM.
I really enjoy these stories. I have some personal experience of the IBM security mania from the 90's when i worked at a company that was one of IBM's agents selling the AS/400 here in Sweden.
I really liked the AS/400.
@@jeffreyphipps1507 yes, it was a great system and i really enjoyed the command language. I used to travel around Sweden doing software updates on our customers AS/400's. Mainly OS-upgrades and PTF's but also the software that our company wrote for it which was a system for housing rental companies.
I worked at IBM in the Space Management department that assigned office space to various departments. We kept a room in the basement listed as storage and "stored" a ping pong table and mini fridge there. The primary security requirement being strictly enforced there was "NO TAILGATING", i.e. don't allow another person to follow behind you through a gate or door, even if they had an IBM badge and worked with you. I also covered for the receptionist there and had to check ID's and passports of every guest, if a guest was from a list of 11 countries I had to call the main security office and report who they were and wait for approval. One of the countries was China and needless to say we had a lot of visitors from there. When I worked at HSBC in the IT department (Sr. Technician III) we were constantly defeating the latest firewalls and lockdowns put in place to get our job done. As smart as the System Admins thought they were, we were always one step ahead of them.
I was a hardware engineering intern at IBM Boca in 1992 and 1993.
After you said the infractions at IBM were stored in a database I was expecting the story to take a different turn. Like when Ferris Bueller dials in and takes away some of his school absences.
Little Bobby Tables…
I set up the machine and maintained it that held and used the Novell Root Private Key. It was inside a room inside a room. The outer room had card badge access and the inner room had a manual combination lock. I had just come out of the outer room when a VP walked by. He tried his card badge on it and it did not open. He was upset so he said to let him in there. I said he was not authorized for that. He said to let him in anyway. I said ok, but let me tell you the consequences. That is Novell’s most sensitive secret and since I am currently the only one with access, if it compromised I’m the only one that can be blamed. But if I let you in there you could also be blamed, so here, let me open that for you. He quickly retreated.
“ they’re more what you’ll call , guide lines, the rules “
Best episode by far. Amazing
On the 74gear you tube channel, he made fun of a UA-camr claiming that airlines want you in the brace position so that in the event of a crash, your spine will shoot through your brain, causing instant death, thereby avoiding more expensive lawsuits
«Something akin to a brown crayon dissolved in scalding dishwater»... not entirely unlike coffee?
Love the Law and Order theme Dave!
as windows lacked security and any decent app bundles, people started creating their own windows re-packs. Such repack would install you a pre-activated windows with tons of software of all sorts. So there was a windowsXp repack back in a day. It was called ZverCD and it had preinstalled radmin :) thousands and thousands of people got it. Then ofc someone noticed the radmin running and it's access password went public. Basically you could connect to a random pc with admin rights and do anything to it. Imagine you are on your windows and suddenly notepad opens up and starts talking to you
Long ago I worked at a company which had hardware and software installed on customer premises and some of those customers had our support engineers on site full time. Our system had a console that printed out stuff on fanfold paper and that output was sometimes quite important to debugging problems.
At least one of our customers had a rule that vendors couldn't take printed paper out of the data center. However, vendors were free to take hardware including disk drives out as they swapped spares and the like. WTF? I can't take out a few MB at most of data printed on fanfold paper but can walk out with a disk drive with 500MB (this was some time ago) on it?
This was in the days of large enclosures (full or half width and quite a few "U") with electronics around the sealed Winchester drive and these enclosures screwed on with a few screws. So the field support teams kept a couple "transport" drives around - when they wanted to get us some paper off the console, they would unscrew the enclosure cover on one of the transport drives, put the paper from the console inside, screw the cover back on, and walk out of the DC with it w/o any questions being asked!
Oh I've tried to work with high security stuff... Funny thing was how casually many projects were talked about in the workplace, but how almost nothing leaked outside... But then there was the prototype department and its subsidiary which was working with other companies... They were not even allowed to reveal what companies they were working with.
Anyway, I know that IBM have always been "by the book", yet I was surprised that they couldn't even make an exception if you ask nicely.
Pretty sure I heard about a guy who bridged the corp network by accident. He was there long after I was, so either it was not completely verboten or the story may not have been as accurate as I was lead to believe. I met Steve one time. He visited our site and saw the wallpaper on my test PC, a scan of an album Dangerous Toys, by the band of the same name. The extent of our "meeting" was that he inquired why that wallpaper and I pointed out that not a single peice of software on that PC was available in retail at the time. There might have even been a pre-beta or two in there somewhere. If I recall, it had the Quake beta running on Chicago for fun, but I may have my time-line a little blended.
I just love the idea of engineers making vb scripts to remember their passwords. In my own agency I have had the same alpha, numeric and symbol password that is replaced every 3 months. I am at variant 32 and the hash still won’t let me go back to 1.
Ahh, the fun times of product activation and learning about the FCKGW key… memories of a different era.
Sadly we can't use any of our previous 24 passwords and we can't change it more than once per 24 hour period (precisely to stop the practice you mentioned of cycling through a bunch of temporary passwords to get back to your preferred one)
These are my favourite kind of stories, I'll definitely keep a look out for more!
So, in the 90s, I would print obviously fake money and I would hand color it. I usually had a few of these fake bills in my wallet as they were fun to add to $$ when buying things as a kind of present to a nice worker. Once I had no cash, and purely as a joke, I put one of my Talking Moose bucks and put it in a pop machine...it somehow worked. I was astonished and laughing about what the guy who owns the machine would think. I tried them in a few more machines, but non would take it. I should point out I was 11 or 12 at the time and had no idea how illegal it was to use one of those bills as $.
I'm not autistic but every time I see the cover to your book with those TWO half eaten nuggets I get triggered! It's moral law to finish one nugget before taking a bite of another!! :)
Just found your site and love it. I don't understand most of it, but I love it and I'm sure I'll learn....eventually...maybe a little.
Hi Dave, just thought id explain the reclined seat on an airliner confusion, its due to the seat belt, if you are reclined enough in the event of sudden breaking or collision there's a non zero chance that you'd slide right under your seat belt causing even greater injury than if you just weren't buckled in.
Great video :)
Thanks for the explanation my friend.
That is why you tighten your seat belt so that can't happen.
Also seats are only safety tested in the "TTL' (Taxi, take off and landed) position for occupant injury - such as 'HIC' -(Head Impact Criteria) - the further your seat is back more velocity, more HIC, more potential damage. It's Aircraft - Safety first.
@@common_c3nts "anti-submarining seats" are a requirement in all cars these days. If it can happen with a 3 point, self tensioning and locking seatbelt. It can happen with a single lap belt manually tensioned on an airliner.
Former Flight Attendant here… the reason you can’t recline during takeoff and landing is because it’s a critical phase of flight. If something is going to go wrong, this is when it is likely going to happen. As such, they want you to be ready to roll if you have to quickly evacuate and the back of a seat can prevent you from quickly exiting, and when you are in the back row, it’s a preparedness thing. Seconds can be the difference between life and death.
I love your channel, thanks for the great content and keep that seat up! 🤪
Having worked at IBM until 20 years ago it has always been that way and probably still is.
0:10 Weirdly somehow it reminds me of one level in a first person shooter pc game I played years ago called "Gore ultimate soldier", Two "tech giants" one called "Baztech" in blue and "Wetcorp" in red, with the "good guys" being blue and the "bad guys" in red of course. Classic lore stuff! Yea I know this comment seems a bit irrellevant to the subject but that's what crossed my complicated spectral mind!
i remember OS/2 when i was working on a movie in special effects. The 266 we had with a new huge 2 GB hard drive did not help at all and we had such a problem rendering that a local film studio lent us a SG tower that was seemingly made of lead,lol. It sped up the process by 10 fold easy. We were rendering single hairs on a head moving in the wind back then. what a farce. Oddly enough Pixar would be Pixart if we had sold them the name. I told him to take the 6 g's offered but he thought he was smarter and then......oh well. lol
More details on G99 please
I once had to implement a realtime process control system in OS/2. Soon discovered that if you wrote an infinite loop, with no system calls, the OS would hang, requiring a hard boot.
I work in the copier industry and with today's digital devices you can't copy money. As soon as the counterfeit detection goes off it stops the job. It won't even write to the drum.
Keep sharing the stories I really enjoy them.
This was great! Do more of these!
Numerous parts of this were laugh-out-loud funny. (You have woken my previously moribund desire to visit Fargo) Thanks!
Very enjoyable! Yes, please drop us a few more like this!
I like how he says Walt but subtitles says Brian.
Wait… you guys had just ONE password? Youre in heaven...
Now instead of fighting with security per se, at my job I fight with the corporate proxy, which seems to break almost every dev tool, and many tools don't seem to use the proxy environment variables I set in my system, so I often end up having to configure each tool manually
Law & Order. Love the intro.
I worked at a place with the crazy password changing frequency too. One day I just went into AD and set myself to password never expires
In regard to windows piracy
Piracy is now the only way to use windows 7 (the best OS Microsoft has ever made) since you cannot buy a legitimate license key anymore
We also have a G99, back behind the massage chairs. I'm pretty sure that I'm the only one who remembers what's in there.
Both interesting and entertaining, so a double 👍👍. I'm actually old enough to remember (and be excited about!) upgrading to 3.1 ... and I loved the colors of Dos Shell (or was it Doss Hell?) Anyway, I for one will look forward to more Tales From the Crypt. TY Mr. D.