Tuesday, May 31, 2005

I feel the timing is at best questionable


Could you please post Rich Marquez' latest initiative on the blog? I feel the timing is at best questionable. Or maybe he's just trying to scare LANL staff away from reading the blog at work?

From/MS: Richard A. Marquez, ADA, A108
Date: May 31, 2005

Subject: New Monitoring Tool to Identify Computer Misuse

LANL AM 701.09 states “Personal use of electronic information
resources (including Laboratory computers) is prohibited if it:
Directly or indirectly interferes with the Laboratory’s use of the
resources; Burdens the Laboratory with additional costs;
Interferes with the user’s employment or other obligations to the
Laboratory; or is an unacceptable use as defined in (AM701). 03.”

I know we all use our Laboratory computers at times to send
personal e-mails or to visit sites not directly related to our
work. This memo is a reminder to everyone that our ability to
engage in reasonable incidental personal use of Laboratory
computers is a privilege and not a right. I caution you not to
abuse this privilege by spending unacceptable amounts of time
visiting non-work-related sites (for example, eBay) or by viewing
websites containing inappropriate material.

The Laboratory has now acquired software that allows for the
monitoring of LANL computer web traffic. This software is capable
of continuously scanning all LANL computers for inappropriate
activity. It has the ability to characterize the vast majority of
websites as to content and to sort the websites into acceptable
and unacceptable categories.

This new tool provides the Laboratory with a stronger ability to
block access to inappropriate websites. It also identifies
employees who spend unacceptable amounts of time on non-work-
related websites. Should such misuse be identified, offending
employees will be subject to disciplinary action, up to and
including termination of employment. Please refer to Incidental
Use of Government Property, Directors Instruction 05-002

We must all understand that the privilege of being able to use our
work computers for incidental personal activities was negotiated
with DOE, and that privilege can be revoked should it ever become
evident that it is being abused.

I expect managers to monitor computer usage, and I am counting on
all of you, as professional adults, to comply with the spirit of
this privilege. It would truly be a shame if it were lost.

Cy: ADA:05-049

Well, I suppose if LANL management wanted even more people to retire, this would help the fence-sitters to make up their minds.
Actually, to me it is having the opposite effect. I think its high time that this be done since there are plenty of people that abuse the privilege. I know, my job as a Systems/Network/Desktop Support Administrator lets me see first hand whats going on. Don't flatter yourselves and think its's just to get at people looking at the blog. Windows systems are the worst and I am continually patching, removing spyware and trojans etc. We all know that most of these get on peoples systems that are visiting non work related sites. Just this Sunday I had a notification that someones system was infected with a data mining worm. Then I received a notifcation that there printer was jammed. Sunday, at the office. Hello! Now whats the bet that this person was doing legitimate lab related business? Zero. To make it worse this PC belongs to a manger.
Anonymous : 5/31/2005 01:43:43 PM said:

"Windows systems are the worst and I am continually patching, removing spyware and trojans etc. We all know that most of these get on peoples systems that are visiting non work related sites."

I'm not a Systems Administrator, so please forgive my ignorance. How does these nasty things get past the fire wall? If they come in e-mail attachments, how do they get past the virus protection program?

I use a free firewall, a free virus protection program, and a free spyware blocker on my PC. I keep all up-to-date and have no problems.
That wouldn't be the first time I've heard of or seen a manager doing Lab business on a weekend. I don't recommend it, but over my years at the Lab, it was pretty common. How else are you supposed to get your work done, when you are in meetings all day everyday during the week?
yes fine timing, Marquez----does this go under the heading of "Floggings Will Continue Until Morale Improves" ?

After Nanos blows HUNDREDS of millions of dollars on nothing, please get all the bean counters together with Big Brother so that you can catch the folks who spend a few minutes a day checking on news or whataver.... And I'd wager whatever "software" they got and whatever "watch dogs" they have spying cost most than the time "offenders" spend on personal email (define, please) and other web sites.
You people need to get a grip and read the memo. Incidental reading of news, personal email etc is not a big deal. Its the obsessive behavior. I am sure youa re all adults and can figure out the difference and the meaning of the memo. Scientists, indeed.
"Sunday, at the office. Hello! Now whats the bet that this person was doing legitimate lab related business? Zero."

Obviously this poster is not employed in a group where there is more work than qualified people.
I'm not upset by this memo or the new auditing systems, as such, as long as the guidance is reasonable and the technology is workable, so that:

* people whose jobs require lots of internet research don't get caught in the dragnet.
* the software makes reasonable assumptions about "how much time" is being spent on the internet. Accidentally leaving a web browser open in the background to certain news sites can mean it refreshes ads every five minutes, all day.

I understand the necessity of what they are doing. Many years ago, at another institution, I created some tools that detected a particular contractor who came in to work every day and spent six hours surfing for pr0n. There are a few of these types in every institution, and I'd rather we catch it first here rather than on cBS.

It makes sense to be liberal about internet usage. Many companies have realized that allowing work/life boundaries to blur usually works out in the organization's favor. Still, you have to catch the employees who have completely checked out.
You know, I wonder what happened to judging an employee by his ability to produce.

Unfortunately as I was writing the above I realized that in today's LANL, there are lots of employees who don't "produce". Rather, they just suck off of overhead to satisfy DOE/UC "requirements".
To anonymous @ 5/31/2005 06:45:10 PM. I do work in a group where there is more work than qualified people. This person however is not one of them. I have worked on this users (managers) system numerous times to fix problems. All could be traced to non work related web site visits, running games, making music cd's. On the laptop was the sons homework etc. I am not saying *ALL* lanl employees do this but I say that there are quite a few that do. I work on weekends and after hours as well but I can assure you it is 100% work related.
...out the door goes the summer students, as fast as they arrived... What's a work ethic?
I would not characterize all summer students as slackers. I have no problem with students in the scientific fields but as far as in the support side it makes no sense. Most are kids of parents that work at the lab. Some are good and some are bad. They are usually the first to misuse computers. Could be boredom for lack of real work or learned habits of the parents.
To 01:43 --

It used to be, pre-Nanos, that you would find 4 - 6 people from my group in the office on either weekend day.

Doing work.

No longer the case. We'll let you puzzle out the reason why.
Marquez is certainly a great one to lecture anyone on proscribed extracurricular activities in the workplace.
Even so, if the laboratory provided a source of information on par with the blog there would be no reason to glance at the blog at work ever once and a while to see what's going on. Even UC officials read the blog for that reason. However, most of us have our retirements on the line and I for one feel ill at ease wandering around in information vacuum that the Laboratory presents me with.

Fortunately, I can do two things at once! Today, I listened to the outstanding lecture on finding other Earths (Director's Seminar Series) and read a little from the blog and a mountain of e-mails. Come to think of it, I also signed a few papers, drank coffee and chewed gum. That's five things at once. How do you rack up those hours?

One more thing! Last week I was working on a long Powerpoint briefing and got a "Failed Security Check" notice that shut down my computer and cost me about four hours of work sice I lost everything. Now that's what I call progress. However, it is great hearing from a Laboratory expert about the vulnerabilities of Windows and now it appears that the Laboratory is taking full advantage of the vulnerabilities to track its employees. I'm going to convert to Macs before I retire just to make a political statement. My first Mac e-mail will be to President Dynes, "With Brooks (present NNSA), Foley (former DOE/DP) and Marquez (former ALO/DOE/NNSA), we know where Los Alamos is. We are sandwiched between and infiltrated by DOE/NNSA. The $2B question is where the heck is UC?"

PS: As one poster pointed out, its amazing that I have no virus problems on my personal system at home with my ZoneAlarm firewall, Spybot anti-spyware, BCWipe utility, constantly updated McAfee Virus software, plus a few other things I prefer not to discuss. Yet the home of the World's Greatest Science can't seem to protect itself.
I have nary a quibble with what was said by 8:57, except for maybe one little thing:

At home I run Linux with Shorewall as the firewall. Never been breached.

Well, except for that one time where I forgot to turn the firewall back on after doing some maintenance on it. But then the only problem was somebody attempting a Windows exploit. I bet they felt stupid...
Marquez is an idiot... this is management?
Yes, Marquez was selected by UC-approved managers to be our ADA.

Fine job, all.
management is NOT coming up with stupid rules and strictures and crap. It's NOT micromanaging people til they can't do anything..... and it's not creating a network of spies. COME TO US, LOCKMART!
This memo is a Red-Herring. We already have Dyna-Blocker at the lab to
block inappropriate web sites. If Marquez has a problem with Ebay, then
it, too, could easily be added to the blocked site list. Make no mistake
about it. The real reason for this memo is to serve as a particular form
of intimidation for the work force.

Check the sitemeter for this blog. On any given day, you'll see hundreds
of people at a "lanl.gov" address reading the blog. Using Dyna-Blocker to
block the site from LANL would look too blatant. Therefore, this memo serves
as the vehicle to slow down the visitors. Be forewarned that if you continue
to use LANL computers to read this blog, you may soon be talking to your
Group Leader.

Welcome to the new, post-Nanos LANL. The yelling and name calling has
stopped, but not much else has changed. UC claims they want to keep the
"academic environment" at LANL by winning the RFP. But tell me -- what
University monitors their academic staff in this heavy-handed fashion?
None that I know of.
"Just this Sunday I had a notification that someones system was infected
with a data mining worm. Then I received a notifcation that there printer
was jammed. Sunday, at the office. Hello! Now whats the bet that this person
was doing legitimate lab related business? Zero. " - Poster 1:43pm

Marquez is empowering System Administrators like the one you see above to
control important aspects of our lab. Notice how he/she quickly determines,
with no plausible evidence, that this evil staff member was up to no good.
And why is he suspect? Because this fellow came in on a Sunday to work, and
that can't possibly be good! The lab is now heavily infested with people like
the above System Administrator, and they will soon be calling the shots about
how we do our work, all thanks to Mr. Marquez.
If every staff member used a Mac for accessing the web, while having an
off-line Window PCs for doing scientific work, there would be no problems.
Of course, then the System Administrators would be out of a job. Nah,
let's just keep the spyware-infect-able, virus-prone, bloat-ware-loaded
Window PCs on all our networks. In fact, let's declare it a new mandatory
platform standard. That way all the Sys Admins can keep their jobs.
In case you don't already know, for the past three years or so working alone on the weekends or at night is very much frowned on. In administrative and S div circles you are considered a malicious deviant bent on violating safety and security rules. Needless to say, I'm a little hesitant to even think about coming in outside regular hours, the upside is my wife loves my new work schedule. Once someone finally drops dead at their desk or has a lab accident off hours, the staff will probably be locked out on the weekends and after hours.
The Dynablocker product is made by WebWasher Enterprise AG, a German company.
My guess is the new product being added by the lab is probably from the
same company and called "Webwasher Content Reporter". And I'll bet those
crack German programmers have put in some wonderful back-doors. Heck,
Germans make the best hackers on the planet. They're far better than the
Israelis, Russians, or even the Chinese! Maybe we will even be able to get
a look at some of Mr. Marquez's private E-mails in the near future.

Not totally sure if I'm right about the product choice, but more info on it
can be found at this URL:


This page states:

"Personal data in reports (e.g. employee names) can optionally be made
anonymous and are encrypted so that your company is protected against
potential labor law risks relating to the monitoring of personal Internet
and e-mail usage."

You can be sure that LANL will switch this anoymous reporting option off.
UC doesn't particularly care about breaking labor laws, as the Kaupilla
case has clearly shown.
Who is this fool who thinks that anyone who comes in to work on Sunday is "not working?" Is this some bible thumper who thinks we all ought to be in church on Sunday?

It is not only the managers who work late and come in on weekends. Many TSMs also do so. And, there are many who work from home at night and on weekends using VPN.
Marquez sent this out to show his DOE/NNSA bosses that he is doing his job. Remember that DOE doesn't care about results, and they have a checklist mentality.
Marquez is just playing the politics.
And regarding his comment about eBay, one lab employee purchased an iPod and sold it on eBay with the LANL property sticker still affixed.
This was not the only incident with lab property sold on eBay.
Glen Michel has been collecting stats on who visits which site for the past two years.
Please, Bible thumpers are not concerned with how your computer is wired and protected or even if you work on Sunday. They are only concerned about how you are wired and internally configured. Fire-walls are good in this context as well, if you get my drift.
In relationship to this specific Blog, the obvious message is “if you say something here that we don’t like, and it’s posted from work, we’ll track you down and make it very hard for you.”

What is “excessive”? The policy is deliberately vague for a reason. Completely shutting down the web would cause massive employee dissatisfaction. Granted, there are some groups that put in excess of 40 hours each week. But there are others where only a
few hours of real work get done each month. This isn’t always the employee’s fault; more often than not, there is less work to be done than the number of people available to do it. Being able to occasionally surf the web available provides a relief from extreme boredom, and provides a distraction to prevent employees from becoming involved with the real issues.

I know: A few years ago my group was trying to freeze me out and was giving me no work to do. I was isolated in a small cubicle, in a near “detention hall” type of situation. I knew enough to maintain regular working hours, so they couldn’t find an excuse to fire me. If I hadn’t been able to surf the web for a few hours each day, I wouldn’t have kept my sanity, quite literally.
It's not like Marquez has made some inappropriate actions on work time (spelled **harrassment**) during his illustrious career.
11:19, lots of folks report the same story: your group tries to freeze you out by giving you nothing to do, but you have to put in the hours so not to get fired. The web does provide a distraction under these horrible conditions.
Guess Rich "I like women" Marquez can leer at women since it doesn't involve misuse of government property.

I once overheard him say that he likens himself to Charlie's Angels, although he calls it "Rich's Angels."

As a Hispanic woman, I find him a disgrace to the Hispanic culture and the reason there is racism.
If you check who is looking at the blog at this very moment, you will seen some lanl.gov, a few llnl.gov, and, interestingly a few doe.gov.

I think that given the scarcity of information being provided by LANL/HR and UC about the benefits under the transition and new contract, it is reasonable for LANL employees to surf the outside web (e.g., this website) to find out what their future is.
Who authorized the use of the Dynablocker product on our networks? I'd bet the farm that he or she cannot fully describe the functionality of all the lines of code in the product and how that functionality opens Doors in Windows.
Oh oh- I needed a rough cost on a new solenoid actuator for a purchase request last month, but the supplier did not list prices- so I checked EBAY. Those selling used models always list the new price for comparison... Yipes... now I'm probably in trouble.
Of course, one could always use a program like Anonymizer to completely bypass
the problem of company web snooping:


It encapsulates all your surfing into a 128-bit SSL encrypted connection.
SSL is routinely used by many web sites, such as for logins, etc.
LANL has always had the means of catching people who misuse the internet. Maybe they got a new, better tool, but LANL has caught and appropriately disciplined numerous employees over the years.
I don't know what Marquez was trying to do with his email if not to scare people.
There are people who misuse their computers, but LANL rarely does anything to them. It would jam up the already jammed up Staff Relations beyond hope. Of course one could say Staff Relations is beyond hope for lots of other reasons as well.
And, Lord knows, Rich Marquez is the last person in the world who should be pointing fingers. The skeletons in his closet -- and office, would fill the Physics Auditorium.
The real reason not to misuse your computer is that, if LANL, wants to fire you, they can audit your computer and fire you for dirty jokes you emailed or any number of other minor offences. Normally they only do this if they want to get rid of you for something else that is not necessarily against the rules.
As for people sitting and surfing the web, during my worklife at LANL, I saw many students who were given no work to do but who hoped to look busy so they surfed the web all day for the summer. They would have much preferred to do some real work but their "mentors" did not do their jobs. This is really hard on ambitious students who are hoping to learn something and make new career connections at LANL. Instead, they have to fight to stay awake.
It is also true that LANL managers frequently try to harass people out of their jobs by assigning them no work. These people are usually at their wits end due to boredom and humiliation. Of course, if they are caught surfing the internet -- this could give managers a chance to fire them. These people are really between the devil and the deep blue sea. Do they hope for a change of management or do they quit and move the family to a different job? If they are scientists and haven't published in years, as is customary at LANL, they will have a really tough time finding a new job.
There are also people who have work who surf the web all day. I onced worked with a guy who spent his time buying model railroad parts on ebay, managing and imaginary stock portfolio, and buying accessories for his truck/camper from his office computer. It wasn't very hard to detect that he was doing so. His stuff flew off the printer all day long. No high tech detective work required. He still works at LANL and, as far as I know, still does nothing. But he didn't get fired in spite of all the he did. A contributing factor to his remaining at LANL, he claimed, was that every time a member of S-Division sent him a dirty joke he saved it, just in case they were inclined to try to fire him. I also noticed that he was acutely away of who had power and who didn't and was very cozy with those who did.
"if LANL, wants to fire you, they can audit your computer and fire you for
dirty jokes you emailed or any number of other minor offenses. Normally they
only do this if they want to get rid of you for something else that is not
necessarily against the rules." - Poster 10:53 am

Is it any wonder that the vast majority of posters to this blog use a
signature of "Anonymous". UC fired a LLNL employee over $4 in disallowed
phone calls. If you cause UC problems, they will come after you.
To 11:55 --

Not if you can hurt them back if they try to screw with you. Look at this blog, and how Doug left on his own terms.
UC marplots do not need find a reason to fire someone because they've shown that they can make up a reason if one doesn't exist. That's the essence of scapegoating.
RE: Just this Sunday I had a notification that someones system was infected with a data mining worm. Then I received a notifcation that there printer was jammed. Sunday, at the office. Hello! Now whats the bet that this person was doing legitimate lab related business? Zero. To make it worse this PC belongs to a manger. [From 5/31/2005 01:43:43 PM]:

If I worked for the ErBu, SVR, ISI, Syrian Mukhabarat, StB, or others like these, I would be doing a few things. I would get LANL employees to visit sites that I ran, also, I would snoop on the connections going on between LANL servers and all outside access points. Using the former, I'd be gathering all the info I possibly could, directly, and, to the extent possible, implanting key loggers and data mining worms. As for the latter, I'd infect commerial servers frenquented by LANL folks in such a manner that when those particular IPAs / MAC Addresses connected, the infection would spread into the LANL clients.

To believe that the above scenario is not happening is incredibly naive, to say the least.

Something must be done, and soon.
Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?