Work Fun in Reston, VA

My work day Monday was entirely spent examining logs, records and performance evidence with a new point-of-contact from our performance & Sarbox compliance office. Sounds pretty boring, and it is: there's so many things I'd rather be doing. Still, these meetings are a vast improvement over the prior round.

In the past, the Risk Office simply asked for a massive amount of data, logs & records (1.6 GB uncompressed), then went on fishing expeditions to look for anything which they could use to justify a failing mark. This would be (kind of) appropriate for a financial audit, but fundamentally lacks common sense for a performance audit: show me a director prints off 1.6 GB of weekly activity logs, place his signature on each page of the report then rescans every page back into PDF files just to satisfy performance audits, I'll show you a director who needs his head examined.

In the current round, the auditor is simply looking to ensure that we are indeed logging information (a directory listing with timestamps is sufficient) with discrete samples pulled from randomly selected dates. In other tests, a few randomly selected standards & procedures docs are pulled and we're checked for compliance with our documentation. The only difficult part is proving humans read the online error reports: we've been able to show actions taken as a result of the error reports but I don't know how we prove a report was read when no action was initiated by it.

There are three more key controls to be examined today... I hope to be done with it by lunchtime.

Work Fun in Reston, VA

My work day Monday was entirely spent examining logs, records and performance evidence with a new point-of-contact from our performance & Sarbox compliance office. Sounds pretty boring, and it is: there's so many things I'd rather be doing. Still, these meetings are a vast improvement over the prior round.

In the past, the Risk Office simply asked for a massive amount of data, logs & records (1.6 GB uncompressed), then went on fishing expeditions to look for anything which they could use to justify a failing mark. This would be (kind of) appropriate for a financial audit, but fundamentally lacks common sense for a performance audit: show me a director prints off 1.6 GB of weekly activity logs, place his signature on each page of the report then rescans every page back into PDF files just to satisfy performance audits, I'll show you a director who needs his head examined.

In the current round, the auditor is simply looking to ensure that we are indeed logging information (a directory listing with timestamps is sufficient) with discrete samples pulled from randomly selected dates. In other tests, a few randomly selected standards & procedures docs are pulled and we're checked for compliance with our documentation. The only difficult part is proving humans read the online error reports: we've been able to show actions taken as a result of the error reports but I don't know how we prove a report was read when no action was initiated by it.

There are three more key controls to be examined today... I hope to be done with it by lunchtime.

Getting Dressed

I feel fully dressed today for the first time in a week.

About a week ago, I realized the belt holster for my cell phone was falling apart. By midweek, it was hanging together by a thread. Rather than risk losing my phone, I kept it in my jacket pocket if I carried it at all. Surprisingly, I missed the weight on my right hip.

I wear a number of toys on my belt. My work pager and RFID office badge are on my left side, the Palm Pilot (Tungsten E2) and cell phone are on the right. kent4str refers to it as my batman utility belt, esp. on those occasions when I had an extra pager to carry as the on-call UNIX admin. Missing any one of them, especially on a work day, makes me feel a little off balance.

Fortunately, the replacement holsters arrived in yesterday's mail. I ordered two, presuming that if mine was fading, kent4str's identical holster for his identical phone purchased at the same time must also be on its last legs. Sure enough, his gave way yesterday. Now that the cell phones are reclothed, all is right with the world, and my balance.

Getting Dressed

I feel fully dressed today for the first time in a week.

About a week ago, I realized the belt holster for my cell phone was falling apart. By midweek, it was hanging together by a thread. Rather than risk losing my phone, I kept it in my jacket pocket if I carried it at all. Surprisingly, I missed the weight on my right hip.

I wear a number of toys on my belt. My work pager and RFID office badge are on my left side, the Palm Pilot (Tungsten E2) and cell phone are on the right. kent4str refers to it as my batman utility belt, esp. on those occasions when I had an extra pager to carry as the on-call UNIX admin. Missing any one of them, especially on a work day, makes me feel a little off balance.

Fortunately, the replacement holsters arrived in yesterday's mail. I ordered two, presuming that if mine was fading, kent4str's identical holster for his identical phone purchased at the same time must also be on its last legs. Sure enough, his gave way yesterday. Now that the cell phones are reclothed, all is right with the world, and my balance.

NASA To Service Hubble

That headline didn't come out quite right, but I'm too lazy to change it.

NASA has announced they'll upgrade & update the Hubble Space Telescope after all instead of letting it die in orbit. I'm quite happy with the news: we've obtained a lot of good science from the telescope. It was so expensive initially that I think it a good use of money to spend a little extra to keep it functioning until 2013. And once the space shuttles are retired in 2010, the successor manned vehicle may not have the ability or facility to upgrade the telescope. By 2013, it will be about 23 years old, a good time to consider replacement with a completely new platform.

NASA To Service Hubble

That headline didn't come out quite right, but I'm too lazy to change it.

NASA has announced they'll upgrade & update the Hubble Space Telescope after all instead of letting it die in orbit. I'm quite happy with the news: we've obtained a lot of good science from the telescope. It was so expensive initially that I think it a good use of money to spend a little extra to keep it functioning until 2013. And once the space shuttles are retired in 2010, the successor manned vehicle may not have the ability or facility to upgrade the telescope. By 2013, it will be about 23 years old, a good time to consider replacement with a completely new platform.

Follow-up on Harley's death

After learning about Harley Walker's murder on Sunday (my LJ posting here), I've been watching for any further developments in the case. This is the latest I've heard.

Follow-up on Harley's death

After learning about Harley Walker's murder on Sunday (my LJ posting here), I've been watching for any further developments in the case. This is the latest I've heard.

Hallowe'en Candy Overload

Every year, kent4str and I have the same debate about candy.

There aren't a lot of kids in our neighbourhood so there's not much trick-or-treating. Still, there are a few visitors so we always have some candy on hand, just in case. I argue that we should have a small inventory of candy we personally like as we'll be stuck with the leftovers and I can't bear throwing anything out. kent4str maintains that if we only distribute candy popular with kids but stuff we ourselves don't especially like, we'll be less likely to stuff our own faces with the leftovers. Thus, we now ask you, the voters, in yet another pointless poll:

[Poll #857534]
In any case, the Coffee Crisp bars are mine, ya little twerps.

Additional Hallowe'en candy advice is always welcome.

Hallowe'en Candy Overload

Every year, kent4str and I have the same debate about candy.

There aren't a lot of kids in our neighbourhood so there's not much trick-or-treating. Still, there are a few visitors so we always have some candy on hand, just in case. I argue that we should have a small inventory of candy we personally like as we'll be stuck with the leftovers and I can't bear throwing anything out. kent4str maintains that if we only distribute candy popular with kids but stuff we ourselves don't especially like, we'll be less likely to stuff our own faces with the leftovers. Thus, we now ask you, the voters, in yet another pointless poll:

[Poll #857534]
In any case, the Coffee Crisp bars are mine, ya little twerps.

Additional Hallowe'en candy advice is always welcome.

Hallowe'en Wrap-up

We had two visits to our door, two children each. All got mittfuls of candy and donations to their UNICEF boxes.

We'll take the leftover chocolate to our respective offices and some to the C1 workshop tomorrow night.

Hallowe'en Wrap-up

We had two visits to our door, two children each. All got mittfuls of candy and donations to their UNICEF boxes.

We'll take the leftover chocolate to our respective offices and some to the C1 workshop tomorrow night.