It has become apparent to me that the world has reached an inflection point. It used to be that when you were in school you had to figure out what you wanted to be when you grow up and work very hard to acquire skills that would determine your success in that chosen profession. I have often told kids who were delaying this decision that they have three choices. You can pick something you love and whether it makes you a lot of money or not, at least you will love what you do. Or you can pick something that will make you a lot of money and at least you will have money to enjoy your life even if your work is not something you love. Finally you can not choose and in that case the world will eventually pick for you and virtually every single time the world picks something you hate that also pays poorly. Not choosing is always the worst decision.
This has always been good advice, but this current inflection point forces me to add to it or even replace it. The problem is that you can no longer expect to do one thing for an entire professional career. The world is changing too fast and automation will either transform your career beyond recognition or render it moot to the point where you have to start fresh with something new.
We all have to become Homo Adaptus, in that we have to be the people who constantly learn and adapt as the world changes. It used to be that the world changed every century, then every generation and more recently, every decade. But now we are staring down a world that will change nearly constantly. To just be employable in a meaningful and rewarding (in all senses of that word) fashion, you will have to be running to stay ahead of the curve. People in the tech and medical sectors are somewhat used to this, but now it is coming for us all and with a vengeance.
To me, being Homo Adaptus is to drive to always be learning, to always be figuring out what the future will be and what skills it will require. It requires that you seek knowledge and get out of the bubble of comfort. It reminds me of my days in the Military Academy and in the Army. As an Infantry officer your defense was never ready, there was always more you could do. There was no such thing as done and for Homo Adaptus this is true of preparing to compete in this fast changing world.
If you are still reading, you might be ready to thrive in this new world so my advice is to start finding and using resources that are already waiting for you. Watch TED talks (www.ted.com) in topic areas that pertain to your interests and spider from there. Find out who the thought leaders are in your areas of interest and seek out their books, blogs, podcasts, etc. and devour the content until you grow beyond them as sources or you choose another area of interest. Go to Khan Academy (www.khanacademy.org) and learn or relearn something on a regular basis. I am impressed by the 40 or 50 year old that has recently brushed up on their algebra and there are also tons of higher level topics there for you to learn. Collect sources of wisdom, knowledge and data.
If you can muster spending an hour a day doing something you know you should do, but do not want to do and know you can get away without doing then you have the discipline it takes to be Homo Adaptus and together we will rule the world. Pay it forward by showing someone else the way to find resources for their own search for wisdom.
If you are like me, you have been in a constant struggle that finds you striving to get more done in less time. Eventually you get to the point that you have to let things go from your to do list (que Frozen soundtrack here). To top it off there has been a recent backlash against what most of us consider multi tasking with many saying that the productivity boost is an illusion. While I believe the studies results I am not buying the conclusions. I think you can still get more done, and done better, if you do multi tasking in smart ways and there is a study that backs up my way of looking at things. If you merely swap from one mindless or even mindful task after another you end up lost and scattered, but if you pair mindless and mindful tasks correctly you can find much greater productivity. For example I read newsletters and browse stuff on my tablet while walking on the treadmill with the TV on. I do not watch gripping drama or subtle comedy, but when I want to drain the swamp on my DVR or watch something that is less engaging I find I can also get in some steps to feed my fitbit and purge a bit of email. I find that I can increase the complexity of the email or the program being watched so long as I do not try to watch an engaging show while doing important email. This is my formula. I imagine that I have 100 attention points at any given time. I can allocate 5 to 10 of those points to a physical task like walking on a treadmill, stretching or petting my dog. These are truly mindless tasks that steal very little attention once you are underway. Watching TV or listening to music where the programming is not very engaging might take 20 or 30 points. Then you have most of your attention to do something more weighty. This is not for everyone, but I find it very productive and now I think I know why. Research published in the Journal of Consumer Psychology says that when you are trying to solve problems creatively directing your attention elsewhere for a few minutes can enhance your results by letting your subconscious do the work. The bottom line is like everything else, you can make multi tasking work, if you mind the details of what tasks you pile together. Do it wrong and you end up falling behind and quality suffers, but there are still ways to do it effectively.
A conversation that comes up often concerns what rights a Windows Administrator (domain or local) has to folders and files. The common assumption is that being an Administrator is the backstage pass, but while it is somewhat true, the details are a bit more complex. Windows did not get to survive in the server space by oversimplifying security, but the defaults are quite open. The fact is that in most cases the Administrator will have rights to all files and folders, but that is not an innate right. It is more of a default circumstance that is very subject to change, especially in environments that have been around for a number of years.
The first thing to understand is that no user has inalienable rights to any file or folder. If an Administrator account or a group which the account is a member is granted no rights at all or is explicitly denied rights to a file or folder then the result will be Access Denied so long as that state persists. A single deny will override membership in a dozen groups with full control or even directly assigned full control. For mere mortal users that is game over, there is no way for them to change this situation without help. But here is where Administrator has a superpower. The key is that an Administrator has the ability to take ownership of any file or folder. This seems like a weak superpower, but it is in fact very powerful because once you own a file or folder, you can assign any permissions you like. This means that the deny can be removed or full permissions can be granted as needed to banish the Access Denied message. The root of this power is in the fact that the “Take ownership of files and other objects” user right in Local Security Policy defaults to giving this right to Administrators. Removing this right will allow permissions at the folder or file level to take precendence, but also removes the failsafe.
This mechanism has been around since Windows NT, but it has changed over the versions. Back in the early days an Admin could only take ownership for themselves, they could not assign ownership to any other user unless they logged in as that user. This meant that it would be hard for an Admin to take ownership, change permissions, read or edit something they should not be touching and then change permissions back and reassign the ownership to the original party. This changed several versions ago so that now Administrators can assign ownership since it must have been decided that the benefit of making ownership assignable outweighed the security of making the scenario from before more difficult.
Over time permissions get changed, often with the intent that the changes are temporary, but seldom does anyone find time to reverse these “temporary” changes to permissions. Sometimes blocking inheritance is part of the change and sometimes experiments become permanent. This all means that sometimes, even when you are logged in as an Administrator, you will see Access Denied. The key to overcoming this is understanding the way that being an Admin lets you access all files and folders. It is not as cut and dry as most people expect or would hope, but that is why it is secure.
As I have been running various organizations I have detected a key trend that I think delivers a critical insight. I find that people who are open to have their perspective changed are able to adapt to our changing technology world much better than those that are not open to changing their mind. Most people listen only to information that supports their current views. This is intellectually lazy and a sure road to obsolescence in any fast moving environment.
I have always been eager to hear views contrary to my own and am excited at the prospect of someone overturning my world view. I do defend my current thinking vigorously so it is not easy to get me to come over to the other side of an issue, but it is possible.
Based on this, the best advice I can offer to anyone wishing to rise to the top of the IT field or any other is to allow others the chance to change your mind. Maybe you think Native Clients are overrated, or the Cloud is a passing fad, but you should actively seek those that challenge those views.
As the Presidential elections draw closer here in the US, I have been having conversations with a number of people who do not vote and in many cases have no intention of voting. I found this attitude baffling at first, but have grown to understand that it comes from a lack of understanding of the true cost of this attitude.
For example I was talking to a young man who I have known for many years and he revealed that he had no interest in voting. He did not think it made a difference. I quoted Mark Twain by saying “The man that does not read has no advantage over the man who cannot read”. I said to him that I found that statement to be profound and felt that by the same token the man that does not vote has no rights beyond the man who lives in a society that does not let him vote. In this way not voting does a disservice to all those who have fought and died to guarentee that right for US citizens.
To the assertion by my young friend that voting does not make a difference I have the following warning. Our political system is ever more cynical. This means that those in power cater to those that can give and take their power and that means blocks of “likely voters”. If you belong to a demographic that is not seen as likely voters then you can expect your views on your issues to be ignored at best and at worst for the tides of legislation to actively work against your wants and needs. The only cure for this is to vote regularly for equality starts with the vote.
As a war veteran of the US Army, I feel that voting is a sacred duty that all citizens are bound to fulfill and the only greater sin against our democracy than not voting is hindering the ability of a citizen to vote. I hope my words here have motivated some to vote and others to abandon their support of any measures that limit participation in voting in any way.
The details of my session at TechEd in Orlando are posted here.
Hope to see you there!
There is still time to sign up for the upcoming Boston Code Camp!
Go to here for details.
Hope to see you there!
A friend of mine forwarded me a link to a provocative paper by Microsoft Research that called into question whether the security advice provided to users for their online activities is useful based on a risk-reward calculation. The link and the PDF document can be found here.
At first glance I thought that the paper was doing harm by dismissing user security as simply not worth attempting, but that is not the point. The point is that the advice provided to users is often hysterical and out of touch with the real world. This is something I have believed for a long time. So rather than just say,
“yes, that is right, we are screwed”, I want to offer up the advice (and mandates) that my own employees and family get when dealing with the security aspects of online security. Here are my Rules of the Road if you will.
- The password to my network must NEVER be used for anything else. Violating this rule is worth your job.
- If your password is long enough then you never have to change it, except of course if it is known to be compromised. My password to my domain is over 50 characters and it is a pass phrase so since I have never told it to anyone, never written it down, never used it anywhere else, I feel no need to change it regularly (I do change it over time, but not monthly or even quarterly).
- You should type in web sites yourself rather than click on links. If your bank sends you an email that something is wrong or they need to talk to you either open a new browser and type in the bank’s URL and login that way or call the bank using the number on the back of your credit card or on your last statement. Phishing is the biggest trap out there and always being suspicious of every link in every email is the best defense unless you are a security expert with alot of knowledge of TCP/IP (hint, if you didn’t understand any of that you are not that expert).
- When in doubt close the browser (and if you like for good measure open up task manager and kill all browser processes).
- Have a password plan. For me there are 5 levels of passwords. Level 1 is for sites I just don’t care about, but need a password anyways. I use a low security password but a password none the less. It is over 7 characters and has a number in it. Level 2 is for sites that I would not want a stranger browsing as me, but are not a risk to my reputation or my finances. Level 3 are sites like social network sites where I would face some embarrassment if someone hijacked it, but not financial loss. Level 4 sites are things like banking and I have very few of these and while according to my rules I could reuse passwords on this level I choose not to. Level 5 is of course the password for my business network and it stands alone.
- If you find the need to write down your passwords then either get a password keeper program like whisper32 (there are many to choose from). These programs are not hacker proof, but the hacker needs to get pretty deep to be able to even start attacking these kinds of programs.
- As the X-Files taught us, “trust no one! If someone asks for your password for anything stop talking to them no matter how the topic arrives.
Those are the highlights. I don’t try to make users security experts, but I seek to help them exercise some best practices. I am thinking of making this into a presentation for user groups and expanding it out with examples and much more detail.
I am happy to announce that very soon I will be providing a monthly article in the SD Times on Microsoft Technology.
With this regular writing task to spur me on I expect (and hope) to be doing alot more blogging as well…