I’ve been building some dashboards in Splunk to make it easier to compare some things, and Splunk’s timechart option is useful for baselining—before you can spot the abnormal, you need to recognize the normal. I sometimes monitor things using the timechart option, but sometimes Splunk will truncate the timecharts randomly, so I’m not necessarily comparing the same timeframes.
Here’s how to force it to 24 hours:
(insert search parameters here) | fillnull value=NoVal | timechart span=15m count
Continue reading How to keep Splunk from truncating timecharts
My boss doesn’t think I’m human. His proof: He asks anyone who knows me if he or she has ever seen me eat. No one has.
They’ve seen evidence of me eating. But actually taking a bite? No. Not even the time we went out for BBQ.
Continue reading Dave Farquhar, lunch ninja
My name, and my department’s name in general, gets thrown around a lot at work. We have a bit of a reputation as the can’t-do guys.
Professionalism dictates I not go into specifics about what kinds of things we reject or disapprove, but if I were to explain them, no security professional would disagree with me.
The other side of the argument, of course, is that the system still does its job the way it’s supposed to do and the system cost a lot of money. Here’s a story of a tense situation and how we were able to come to an understanding. Continue reading Defusing in person
As I mentioned in passing last week, I had a job interview at the end of the week. There was one question, near the end of the interview, that’s a fairly common question, but I wanted to record my answer to that question because I think it’s important.
The question: What do I see my next role being?
Fair question. I said I didn’t know for sure, but I knew what I have to do to find out. Continue reading Farquhar’s security New Year’s resolutions
I had numerous ancestors who fought in the U.S. Civil War. On my mom’s side, one of my direct ancestors was a Union spy during the war. He was captured three times. We joke sometimes that he was better at escaping from Confederate prisons than he was at being a spy. He survived the war and lived a long life.
On my dad’s side, Dr. Isaac Proctor Farquhar put medical school on hold and became Private Isaac Proctor Farquhar, like many of his brothers did. The elder Farquhar brothers who were already doctors became officers in the Union army, while the younger Farquhar brothers became infantry. All survived, came home to their families and resumed their productive medical careers.
James Washington McAdow did not. Continue reading Remembering Private McAdow
“Peggy” from “Computer Maintenance Department” (1-645-781-2458 on my caller ID) called again. Lots of people are aware of these phone calls. They call, make vague claims about receiving a report that your computer is running slow and giving you errors, and are very careful not to say who they are or who they work for. Usually I just do whatever I can to get them off the phone.
But after having lunch with some other computer security professionals last week, a couple of them talked me into finding out how these guys operate. So I fired up a PC that turned out to have a real, legitimate issue. After resolving that issue myself, I turned the caller loose on my semi-functional PC so I could see what these scammers actually do. He had me connect to Teamviewer.com and run their remote access software. I followed his instructions, watched him connect, then slyly unplugged my network cable.
When my network connection dropped, “Peggy” quickly transferred me to a “senior technician” who used the name “Roy.” Continue reading This “Computer Maintenance Department” sure doesn’t know much about computer maintenance
I have two sons. My youngest has been talking for a few months now, and learns a few new words every day. One day this past week, he learned the word “blankie.” It’s probably the most innocent word in the whole English language, but it’s the end of an era to me.
Let me explain.
Continue reading My youngest son learns the word “blankie”
There’s a disturbing story on Slashdot today: Kids are playing dumb to avoid being bullied.
I have two things to say. I was bullied when I was a kid. In seventh grade, it was me against the world (or at least the entire school), and the problem followed me, though not as intensely, through two more schools, until sometime in my sophomore year.
But it gets better. Trust me on that. Some of the losers who picked on me never graduated high school. Some spent time in jail. Some couldn’t get a date if their lives depended on it now. Their lives peaked right around age 18. Meanwhile, things are pretty good for me, largely because each time I’ve been told to pass a long test if I want to keep my job, I’ve been able to do it.
Continue reading Don’t hide your abilities to avoid bullies
This is a companion piece to Ken Floro’s The Southside Cavaliers vs. Vanishing Tom. I’m trying my best to write in someone else’s style and not get my keyboard (among other things) handed to me. In Ken’s story, I’m Hacker Dave.
I accidentally spent my 16th birthday with Vanishing Tom. We both attended a school-sponsored seminar on a Saturday, which happened to be my birthday. The subject was something about achieving your potential. Everyone else present was a football player or basketball player or cheerleader. Tom and I were the only people there without an athletic connection.
“I need an attitude adjustment,” Tom announced when he saw me, making no effort at enthusiasm.
Ah, we were both there for the same thing. I can’t speak for Tom, but I was surprised that everyone there accepted both of us for a few hours that Saturday. But come Monday we were just Tom and Dave again, same as we ever were. I never heard anyone mention that Saturday again. Continue reading Dave, have you seen this classmate?
The creepy Girls Near Me smartphone app is drawing some much-needed attention at data brokers, companies that aggregate information about you from public information and information you provide to marketers. I even found an article that talks about how to opt out from selected brokers.
I recommend you do. Open up a temporary Yahoo or Hotmail account, use it for your opt-outs, then close or abandon the account. Continue reading Take back some privacy