One of the phrases I hear often but find to be totally self-contradicting is “This is a win-win situation!” That phrase annoys the heck out of me! It’s one of those paradoxes that proves the nonsensical nature of the very message it tries to project.

The thing is there can’t be a winner without a loser. In a so-called “win-win situation”, who is the loser? Isn’t the loser the same people that “won”? Isn’t it more accurate that whatever outcome that was described as a “win-win situation” was actually a draw?

Yes, that’s exactly what happened. You didn’t winYour opponent didn’t win. You stalemated. It’s as simple as that. Trying to describe such situations as “win-win” is ridiculous.

So the next time you’re itching to use this cliched phrase; bite your tongue, drop the pen, move your hand away from the keyboard. The “win-win situation” thing has been overused to oblivion.

Just tell the situation as it is; the best compromise, equally beneficial middle path, fair and square… anything that doesn’t imply that either (or neither for that matter) party is “winning”.

Sad Weekend For Me

Sorry for not posting for the past couple of days. I just didn’t have anything to write about. Worst still, I’ve gone through what probably was the saddest weekend of my life as a family man.

On Saturday, I brought my wife to the gynecologist. We’re expecting our second child. However, upon examination, the doctor said that there’s been no growth at all since the last check up. There’s also no foetal echo (ie. no heartbeat detected).

And today, my wife started bleeding. I took her to the clinic first thing in the morning. A “cleaning” procedure has been scheduled for her at 3:00pm today (Malaysian time).

Yes, I do feel saddened by this whole ordeal; but hey, this is life. We score some points and we take some hits as well. Some more significant than others. The most important thing is to move on positively.

As the monetizing of web content becomes easier and its tentacles spread globally, anyone who has a blog will sooner or later have this thought pop inside their head; “Wow, imagine if I were to do this full time!”.

Some not only entertain this evil voices in their heads, but actually follows what it tells them to do!

I’m not saying that being a problogger is bad. I blog myself but I will never even considerbeing a problogger. Blogging is not a useful skill that you could use in life. It’s a hobby; something you do in your pastime. For me, it’s a marriage of my two main hobbies; writing and web technologies.

Earning your living by blogging is what I don’t recommend others to do; and here are four reasons why.

No Useful Work Experience

If you’re young and just graduated, being a problogger is one of the worst thing you could be. Now is a time where you’re expected to gain useful work experience. Contrary to what the Web 2.0 sheeps say, useful job experience doesn’t include RSS subscription, trackback and pingback proficiency, linkbaiting and meme participation.

Anybody can start a blog, there are tens of millions around already. Just because you’re making money from yours doesn’t mean that you should be blogging full time. Contrary to popular thinking, money is not why you should be working. It’s the experience that matters.

Getting a real job is part of of one’s self development. To be brutally honest, the janitor or maintenance guy in the office building will have a better insight to life compared to any problogger. A major reason is that they see the world with their own eyes, and not via some 22-inch monitor they bought from their AdSense income.

The probloggers in you didn’t like to know that, but deep down, you know it is absolutely true.

No Company Perks

Sure, you will “run your own business” if you choose to call your blog a business. Hey, whatever floats your boat mate 🙂

Believe it or not, there are lots of goodies that good companies provide for their staff. Company trips, annual dinners, training and self development are some that comes to mind quite easily. Then there are the “little things” such as unlimited coffee and tea, paid season parking and petrol allowances.

I guess probloggers won’t need those too much since most of them are still leaching off mommy 🙂

Lack of Life Beyond Cyberspace

Take away the thousands of feed subscribers, you’ll soon see that most probloggers are just a lonely person with no life outside of his network of blogrolls.

Somehow, someway, during their journey into problogging, money becomes everything. It starts of as a benchmark of sorts on how the wannabe problogger stacks up against real probloggers. When it reaches a certain point, the first thing that comes to this person’s mind is “It’s time to go pro!”.

I pity such people. Being a problogger means that your interaction with human beings outside the Internet would be close to zero. This is especially worse if you’re a nerd or geek of some genre or another. You’ll be inundated with worshippers who think that you’re the best thing since sliced bread.

Egos will expand and it will get to your head. The bad thing is, you’ll forget how to interact with a real life person. At least the garbage collector has real friends he has lunch with. He also gets the occasional “Hello!” from friendly housewives.

The problogger? Emails and IMs. I guess it’ll do for a desktop potato. Do you really want this for yourself?

Lose The Ability To Communicate Beyond Blog Commenting, Emails and IM

You know you’ve spent way too much time online when your parting words are something like:

  • Email me, OK!
  • Catch you on Y!M later tonight!
  • Skype you later!
  • I’ll comment on your post soon

In those rare moments where you’ll actually need to write a proper letter, you find yourself typing or writing IANAL, TTFN and ROFL more often than you should.

And God forbid should you actually need to talk to someone! You’re lucky if you could even look at the person’s eyes and actually say something intelligent without referring to something that has dot com in it.

When the subject of corporate data security comes up in any board meeting, chances are, the topics will straight away dive into complicated things such as firewalls and IDP systems. And when this happens, it’s obvious that the meeting participants are:

  • Not familiar with data security in the real world
  • Wants a quick fix at a reasonable investment rate in monetary terms
  • Prefers a certain department or an external third party to bear (almost sole)responsibility in this area

This approach is fundamentaly flawed, and it’s amazing to see so many corporate bodies adopt such simplistic approach to a very critical operational area.

More often than not, I noticed that decision makers often fail to address the real weakest link in any system: people. Yes, most people fail to see the value of data confidentiality. This is especially prevalent in clerical staff and junior executives. They tend to feel that they have no access to important information. Furthermore, they feel that what they do know is already public information.

In my years of experience in the IT line, it never fails to suprise me how people willingly disclose their passwords without verifying the identity of the party inquiring it. Sometimes I don’t even need to ask. Here’s a scenario that has happened way too often:

Me: Hi, I’m here to assist you with your Wizbang Application problem.
SU: Good. My username is <username> and password is <password>. Please look into it.

Even Microsoft uses a low-tech implementation for its enterprise-wide security awareness programme, via a simple card detailing information such as:

  • Where to access security policies
  • Whom to contact when an incident occurs and measures that can be taken

Low-tech, yes. Creates awareness, undoubtedly. Simple yet effective.

The thing is, data security awareness needn’t necessarily be complicated. In fact, the simpler it is, the more likely it is to be understood among all staff levels. To me, the problem is more of resistance. People expect something so important to be complex. This is the very nature of human beings, accustomed to years of social conditioning in which bureaucracy is seen as guardians of important procedures. Overcoming this mindset itself can be daunting. However, once this hurdle is overcame, the rewards are plenty.

An interesting post on discusses the need to include social engineering as part of penetration testing. I find myself agreeing to the logic behind this idea. You can have the most advanced data security hardware and software money can buy. However, all this will be useless without educating users of the importance of data confidentiality.

I feel that at its very basic level, a data security policy should, at the very least, address the following issues:

  • Identity verification
  • Password lifecycle
  • Disclosure policies
  • Remedial actions and solutions
  • Ownership, authority, and responsibility
  • Convenience vs. Necessary Restrictions

I will not even pretend that this is an exhaustive list. However, I can safely say that it probably is the very bare minimum requirement of things to be considered in order to develop a competent security policy. Since I came with the list, let me just name it the IPDROC guidefor ease of reference.

You’re probably thinking, “If the IPDROC guide is so good, why does it need a Remedial actions and solutions section?”. Well, my answer is, I’ve yet to see a good all encompassing solution when it comes to data security.

Saying that a proposed solution is perfect is at the very least, stupid and at most arrogant. There’s nothing wrong with making a stupid mistake. Nobody becomes smart by not making any stupid mistakes. However, those who are arrogant and refuse to acknowledge flaws in their creations are in my books, worse than stupid.

It is vital to have a remedial policy in place for unexpected situations. By skipping this portion, you’re taking a step towards havoc should something not go according to plan.

I thank you for reading this writeup to its completion. My intention on writing this is not to educate anyone. I probably am not worthy for such a thing. However, I do wish to share my thoughts about this issue and the observations I’ve made. Comments are most welcomed and highly appreciated.

I do a lot of driving. One thing that never cease to amaze me is that whenever I take the occasional journey along the North-South Highway, there’s bound to be bouts of rain and sunshine.

Never in my life do I recall driving along the highway and the weather is consistent all the way. In case you’re wondering, most of my highway travels are from JB to KL and vice versa. Occasionally, there are trips a little further to the north. Let me tell you that nothing scares the heck out of me than driving in heavy rain.

One thing I discovered by accident is that when driving in heavy rain and wearing sunglasses at the same time, I have a much clearer view compared to driving without them. Perhaps it’s the refraction effect of UV rays being bounced off the lenses(Correction: Dabido has kindly pointed out that the process is actually called Polarisation).

I’m sure it’s not due to some specially treated glass used in the lenses. Reason being, the effect is similar regardless if I’m wearing expensive Ray Bans or cheap RM10 Petaling Street “Oakleys”.

Try it the next time you’re driving in heavy rain and by chance have a pair of sunglasses nearby.