Wednesday, December 13, 2006

Reality bites.

Location: JFK (New York City), Terminal 7 (Delta, unfortunately)
Date: 08Dec06
Time: 20:15-ish
Elapsed transit time: 22 hours
Expected transit time remaining: 5 hours

Subject: TSA admits liquids restrictions are for revenue, not security.
Well, duh!

TSA: You can't take these liquids with you.
REC: They're each under 100ml and all in the bag.
TSA: You can't take them. They're drinkable.
REC: And they were drinkable when I got on in Munich and in London. I'm not even flying internationally. They're sealed cans provided by the airline! Look at the BA logo!
TSA: And I'm telling you that you can't take them to Florida.
REC: But I can buy the same stuff again right there ten feet away!
TSA: Exactly. You have to buy them here.
REC: So this has nothing to do with 'security' and everything to do with revenue generation?
TSA: Well, now you...
Supervisor (cutting TSA off): If that's how you want to see it, sir. Do you plan to make it to Tampa tonight or not?

Of course, this was after 8p.m. so even the shops where one could buy a just a fucking drink of water were already closed. Flights leave Terminal 7 through 11pm, shops close at 8, and there's not a single public drinking fountain.


The customers are no better.
FIX IT!!!!! PRIO 1!!!!!!!!!!!!!
Lemme see... It's a Prio-1 even though your system is running fine because you reset the password and everything is working now. OK...

Looking closer at their general set-up and the level-headed description, I note that this happened at the first instance of each roll-out and then never happened again. Twits.
Of course the password changed -- you instructed the OS to require a change at first log-in. $OurBigApp doesn't expect this because standard practice is to set machine and service accounts to "password never expires", normally with strong passwords.

Requiring users to change password at first log-in is a security measure which allows humans to set passwords which are unknown to the administrators who otherwise could spoof access to their accounts, something unnecessary for machine accounts.

Password handling is at the OS or security adapter level. $OurBigApp doesn't and can't access that. We only pass credentials via standard methods.

And I knew when I hit Send that I was going to get more or less the response they sent back, despite having explained the problem and their failed logic:
Our security policy is that every account has to change the password after first log-in. You must provide a solution to give the password correctly!
NO YUO! Talk to Microsoft.

Closed. Root Cause: 17-Fuckwit.
x-posted from HuSi.


Post a Comment

<< Home

In compliance with $MegaCorp's general policies as well as my desire to
continue living under a roof and not the sky or a bus shelter, I add this:

The views expressed on this blog are my own and
do not necessarily reflect the views of $MegaCorp, even if every
single one of my cow-orkers who has discovered this blog agrees with me
and would also like to see the implementation of Root Cause: 17-Fuckwit.