Browsed by
Month: February 2017

Cocks That Lay Eggs

Cocks That Lay Eggs

Even someone without a rustic upbringing, or has not spent extensive amounts of time engaged in the honest toil that is work at a farm, would have no trouble acknowledging the not oft quoted enough wisdom:

Hens that crow do not lay eggs

As with many things, this has parallels in life.

When you settle down and sink into a state of smug satisfaction, God in his infinite wisdom (and excellent sense of humour) can be relied upon to rally the troops and really make things hum.

I am reminded of a gentleman, who we shall call Bill to protect the guilty, who, like a thunderbolt crossed the bows of my quiet existence as I was labouring painstakingly to build the team at an organization I worked for,  whose name I conveniently forget.

Bill I shall credit with being one of the most pleasurable interviews I have ever done.

I had no need to lull him into a sense of comfort. He ensconced himself so comfortably in his chair that I more than once had to verify I was in fact in my office, and in the right chair.

He positively cooed as he effortlessly and with confidence recited a litany of three, four and five letter acronyms. He then proceed in great detail to outline how he had made use of said three, four and five letter acronyms in various projects. Successfully, might I add.

He correctly concluded that some practical demonstrations would impress me still further and logged in on his laptop and proceeded to confidently give me a few demos as well as some a cursory tour of the source code and structure of the applications he had worked on.

My heart was beating in excitement. This is precisely the sort of individual I wanted in the team.

I put on my most winning smile (trusted friends are yet to agree on whether it is in fact a winning smile, or the grimace of an imbecile).

“I don’t suppose you are available to join the team? We’re a small team, a young team and …”

“Oh don’t you worry about that!” Bill gushed, silencing me with a raised finger. “This is the sort of challenge I have been looking for! When can I start?”

“Well, I can’t really pay the sums you are no doubt used to and …”

Bill’s lazily raised finger cut my speech short yet again.

“Fear not. I will take what you can offer me. We can always revise the terms later! When can I begin?”

“Tomorrow if you can!”

Bill’s laugh shook the room like an explosion.

“Ha ha! Can’t quite make it tomorrow but give me two weeks to organize my affairs!”

“No worries. In the meantime we shall organize laptops and whatnots for you!”

Bill’s thunderous laugh had me grabbing the top of my head to keep it from lifting off.

“Great! See you then!”

With another laugh that shook the rafters, Bill took his leave.

I excitedly explained my windfall to our team leads and my glazed eyes missed the uncertainty in theirs.

On hindsight, I should have realized I was buying land purely from a photograph. But let me not get ahead of myself.

Bill, his generous girth and explosive laugh were soon amongst us.

He held forth extensively on several technical topics, effortlessly pointing out several debilitating flaws in database, programs and  operating systems that I have been happily using for years.

As I engaged Bill, I quickly came to the conclusion that Bill was a great fan and admirer of Bill. Bill thought very highly of Bill. Bill could (and did) go to great lengths to articulate Bill’s considerable opinions.

Bill’s laughter regularly rattled our window panes as he inspected our code, marvelling how we were allowed to drive, live on our own and potentially sire offspring.

We winced, smiled glassy smiles and took the dressing down by the great man.

I outlined the tasks I expected from him, which he responded with an thunderous laugh and a wink.

“No biggie!” He said gleefully flexing his fingers

As weeks went by, and explosive laughs cannoned off the gypsum board (yes, gypsum!) I began to grow anxious.

The great man wrote his code industriously. But the source code repository continued to echo in emptiness.

Finally I worked up my courage to inquire.

Bill: “Oh! I thought I’d start off with a thingamajig framework.”

Me: “Well, that sounds neat, but that is not what we discussed!”

Bill: “No biggie! Give me a day.”

That day was longer than … something very long.

Enquiries as to why the delivery of the baby was rapidly closing in on elephantine timelines were met by a tapestry of reasons.

The approach changed, the tools changed, the frameworks changed. Then a global recession, war in Iraq, insurgency in Afghanistan, global warming, The Fall Couture line – each time I inquired, a dazzling reason why nothing was shipped was delivered earnestly and enthusiastically.

Close to a year later I reached the startling realization that not a single complete module had issued from the great man’s gifted fingers.

We sent Bill on his way, assuring him we would pay him the rest of his month’s salary.

It was only while going through the company computer that he surrendered that the penny dropped.

Over and above amassing an impressive cache of exotic lurid videos, Bill spent a great deal of his time

  • Perusing job sites and submitting applications for employment
  • Updating his impressive CV to indicate our organization owned its entire existence to him and his genius, as he had architected and written in their entirety our current applications
  • Expressing amazement at the functional idiots, and in particular myself, he had the misfortune to work with
  • Planning to write his own version of our software, and upon concluding that within a month, simply poach our customers

The last one brought tears of laughter to my eyes.

As I wiped the laptop disks, and for good measure wet wiped the keyboard and my hands I had cause for reflection.

Bill had been with us for almost a year and had never delivered. Code, at least.

Why had I not caught this earlier?

Hens that crow do not lay eggs

Dazzled with the strutting and crowing, it took me almost a year to realize no egg had been laid.

What’s more, the cock had been having a devastating effect on the sturdy reliable hens that had been steadily and surely laying eggs.

We would agree on an approach, or a tool, or a framework and overnight Bill would roundly reject it as being beneath him and institute his own.

Unsurprisingly, chaos would ensue.

Bill would also on occasion vanish without an explanation. Once he was gone for almost two weeks, leaving us to wonder if he had met his untimely demise.

Once he startled his team leader with a text message explaining his inability to show up to work one day was due to the fact that the neighbour who used to give him a lift to the stage had departed for a brief holiday.

I foolishly waived the probation period, designed to catch such things and am the wiser for it. Nothing like almost a year of wasted time, not to mention money, effort, sanity and goodwill, to school one.

With age (hopefully) comes wisdom

  1. Some people interview beautifully but are unable to deliver
  2. Some people interview terribly but consistently knock it out of the park
  3. An interview is actually a poor way to determine fit for work and team, and performance
  4. The only way to verify ability is output (work, rather than narratives)
  5. Take probation seriously
  6. Do not be seduced by the charm, to the detriment of substance
  7. The most solid, reliably, productive people are generally the quiet, unsung heroes
  8. Hire slowly. Fire quickly
  9. Involve a larger team, and preferably those who will work in that department, in the process
  10. Learn from mistakes. Even if they are your most disastrous ones
Security Chapter 2 : Using A Password Manager

Security Chapter 2 : Using A Password Manager

If you have not read part 1, why you should not share site passwords, you can do so here first.

A password manager (surprise surprise!) is software that helps you generate, save and manage your passwords.

Good ones will be almost transparent – only appearing when you need to log in or generate a password.

I personally use 1Password. It’s not free but I’ve used it for several years chiefly because it has been around for a very long time and has a corresponding mobile app that seamlessly works with the desktop

There are several free alternatives

There is also LastPass but this one was hacked some years back and their database was compromised. I like to think they have since tightened up their security.

Of course the question arises  – if these can be compromised, what is the point?

My reasoning it is much easier to breach your lax security than it is a password manager.

For illustration purposes I will walk you through setting up and using Enpass.

Disclaimer: I have no affiliation with 1Password (other than I use it) or Enpass, or any other password manager.

Also, I have never used Enpass before, and just picked it at random. The experience for me will be just as it is for you setting it up for the first time.

First, let us grab Enpass. Go to the site https://www.enpass.io/downloads/ and download the appropriate version for your operating system. For purposes of this demonstration, let me grap the Windows version for my (virtual) machine

Double click on the downloaded file to set it up

Accept the license agreement

Finalize the installation

Now, launch Enpass

The next screen is the important one. Here you are expected to supply the master password. This is the one true password that will secure all your other password, and the only one that you will be expected to remember. If you forget this password – you’re done!

The indicator (in green) shows the strength of your password. Type a nice long password. Try to make it something memorable that is easy to remember for you, but difficult for someone else.

You can use an entire sentence as your password – for example a bible verse or a line from a poem. Just make sure the indicator turns green.

Once you have typed and confirmed it, click done.

By the way, the reason you are asked to confirm passwords is to make sure that if you have made a typo, it will be caught.

You should have the following screen.

If you leave this screen idle for more than a few minutes, it will lock

To unlock, enter the master password

The next order of business is to enable browser integration.

For enpass you do this by going to Tools > Settings

In the screen that opens, click ‘Browsers

Then click ‘Install browser extensions

This will redirect you to this page https://www.enpass.io/enpass-browser-extension/

Click the button to install in your browser of choice

In my case I clocked Chrome.

You will be taken to the following page

Click on ‘Add To Chrome

You should see the following

 

Click ‘Add extension‘ and you’re done.

You will see a new icon on the browser bar. (The far right key in a circle)

There is one last thing you need to do.

  1. Launch Enpass, go to Tools > Settings
  2. Click Browser
  3. Check ‘Enable browser extensions

To check that you are good to go, lick on the icon in the browser toolbar.

You should see the following

Now let us see how it works.

Let us set up, for example, an amazon account. Here is the screen for creating an account

Provide a name, and then an email.

At the password, don’t provide your usual go-to password. Hit Ctrl and then / (at the same time)

If you are logged in to Enpass, you will see the following popup

If you are not, you will see the following. Go on and log in

Once you are logged in, click the gear icon at the bottom.

You will see the following

What you are seeing here is a password that Enpass has automatically generated for you. You can customize the password length and set whether it is pronounceable (for easier memory of for example).

Of note is the password, usually something like !Ly3*4i*;U\3WGdNpm

This is an 18 character long password that  is almost impossible to guess, and very difficult to crack (a discussion for a future post). Which makes it pretty secure.

A pronounceable password looks like this

lucas-addis-pad-mull-mayer-dyad-rabid-kepler-moron-scar

Click the chef hat to customize the password further – number of digits, symbols, etc. There are some sites that have niche requirements.

Once you’re done, click Fill & Copy

The Enpass extension should auto-fill the password and the conformation, and then copy the new password to your clipboard in case you want to see it.

Once Enpass has filled in the password and confirmation, click create account.

You should see the following prompt, showing that Enpass has recognized you have created an account and saved both your login and password. Go ahead and click Save

And we’re done.

If you launch Enpass you should see the following

Now let us verify that it works.

Go to the amazon login page

Hit Ctrl and / (At the same time)

If you are logged in, Enpass will fill in your details and automatically log you in

If you are not logged in, you will get a prompt to log in. Once you do, Enpass will fill in your details and log you in.

And that is how you use a password manager.

Any time you are creating a new account, or logging into an existing one, hit Ctrl and / to generate and autofill the password.

This should work for most sites.

You no longer need to remember your passwords! I do not in fact know any of mine. Except, of course, the master password

A good password manager also allows you to save and autofill additional data such as:

  1. Credit and debit card details
  2. Software serial keys
  3. Frequent flyer numbers
  4. Remote server credentials
  5. Router username and passwords

So try one out and let me know your experience.

Security Chapter 1 : Don’t Share Site Passwords

Security Chapter 1 : Don’t Share Site Passwords

Quick, how many online accounts do you have?

If, you are the typical online citizen, you at least have the following:

  1. Primary email, usually gmail
  2. Secondary email, usually that yahoo account you set up decades ago
  3. Facebook
  4. Twitter
  5. Office email

And then there are the rest

  1. Tumblr
  2. Pintrest
  3. Tinder (We see you!)
  4. Amazon
  5. AppleID
  6. etc

Those are at least 10 online identities. With 10 usernames and passwords.

Let’s face it – if you add credit card PINs, debit card PINs, MPesa PINs and all sorts of other things we need to remember  – it becomes a challenge keeping up with all the accounts.

It is also a challenge remembering all these passwords and PINs.

So, like most people, you chose one (or more of these options)

  1. Choose a simple password
  2. Re-use the same password across sites
  3. Write down your passwords in a notebook or text file on your PC, or saving them as contacts

What’s the harm?

Very simple. If someone compromises (or guesses) one of our passwords, then they have access to all your accounts.

Which is pretty bad.

What is even worse is this.

If someone compromises (or guesses) your primary email account – GAME OVER.

This is because your primary email account likely contains the following

  1. Correspondence from your bank – statements, credit card details, etc
  2. Correspondence from family and friends – upto and including sensitive / private details – family issues, health, etc
  3. Scans of your national ID, passport, PIN numbers etc

On top of all this, most people use their primary email to register to create other accounts. That means, if a nefarious individual has access to your primary account, they can access all your other accounts very simply without needing to know those passwords by the simple technique of clicking ‘forgot password’.

Guess where the new password or instructions will be sent?

Securing your primary email account is something I will go into depth later.

But for this article – back to the topic at hand.

Let’s face it – most of us (including yours truly) lack the inclination, let alone the ability, to create and remember unique passwords for all our online identities.

Luckily, there is a tool that can help with this – a password manager