Wednesday, March 29, 2017


Another stormy night in Denton. Weather station caught a 40mph wind gust when the squall line came through and a little over a third of an inch of rain total. Also saw/heard some arcing powerlines a transformer blow in the distance a couple of streets south.

But the fence is still up. Shingles are still on the roof. And we're still here, albeit bleary eyed.

Monday, March 27, 2017


Definitions matter. And if you continually misuse a word to define your argument -- you will be defined by the error.

Sunday, March 26, 2017


Strafed to the north by golfball sized hail, then to the south with baseballs -- and then back to the north with more of both.

But just minor pea and limited marble at the Fort. Feels like it's going to be a long spring.

No bueno.

Saturday, March 11, 2017


This all important time of year, let's not ignore the all critical sacrifices of those who are forced to stand on the corner in an Uncle Sam or Lady Liberty costume hawking the tax prep services. Persevering through wind and the rain. Hot and the cold. Mockery and the smog. Doing a job clearly nobody else wants simply because it needs to be done.

True inspirations to us all. #NEVERFORGET

Wednesday, March 8, 2017

A Teachable Moment about Usernames, Passwords, Whiteboards, and Live Television

(Update 6:25P)
The later live shot went out of their way to not show the section of the whiteboard with the usernames and passwords. What was shown had the wifi password erased clean without any after image.

Good on them.

Bad security to have the info posted in the first place.

But the Organization reacted quickly to minimize the security incident. That's the right next move to be sure.

Hopefully, they are also (at a minimum):
1) Immediately changing all the affected passwords to new complex equivalents (while masked in my screenshot, the original passwords did not appear to follow such standards)

2) Establish/maintain a formal policy prohibiting the sharing of usernames and passwords in open mediums (post-it notes, whiteboards, etc)

3) Require unique usernames and passwords be assigned and used by all authorized individuals (as activity on shared accounts cannot be tracked/monitored without repudiation to a specific offender)

4) Establish/maintain a password expiration mechanism that forces all users to reset their passwords every 60-90 days (at a maximum)

5) Codify mandatory username and password lifecycle management requirements and limitations within a formal Access Control Policy (if it hasn't already been)

6) Include username and password requirements and limitations within Awareness Training and Acceptable Use Policy (AUP) provided to all organization stakeholders

Bonus points if they are also (at a minimum):
7) Creating new accounts replacing those which were wrongly shown to the live tv audience

8) Disabling and removing all assigned privileges from the existing now replaced accounts (including any remote access abilities)

9) (Regardless of points 6 and 7 are followed) Monitoring all accounts, both the newly established and the replaced disabled, for any misuse attempts

10) Establish/maintain a policy which reviews an internal/restricted area for confidential information -- removing/masking any identified -- prior to being accessible by the public (whether onsite, via a recorded video, or during a live TV shot)

(Original Post 4:38P)
Clearly no nefarious act here with the company or the news station. . . but. . .

If you're going to let a local news crew into your office to do a live shot praising your service - please remember to remove your admin and wifi passwords from the whiteboard in the background.

Or just don't put them there to begin with. That's a far better plan.

And also please only use complex passwords and accounts tied to an individual user so the activity can be fully tracked.

So much badness here. Not good times.