Last night / this morning was a maintenance window at work. Lots of stuff to do. One call had about 30 people on it.
Now I'm the junior most member on my team. There are still things I don't know how to or can't do. Not that I don't know how. I mean I know how did them at my last job. Just don't know how we do them at this job. Can't because I don't have the needed access. Some of it I'm figuring out how to do work's way.
Anyway. there was an issue with an SSL cert. Really looks like someone sent us the wrong information in the turn up requests, since the same typo was in all of it (DNS and SSL). Anyway that got fixes late last night, but the people who were complaining didn't bother to test it. Ended paging everyone on my team. The one that fixed it asked why I didn't test it. Which I was in the process of doing when the other people said to start making the pages. Really those should come from me, not other people. Anywho. The other guy on my team was able to take care of the DNS stuff. But man was he ranting (and rightfully so).
Then at the very end, I got a huge win. Something wasn't working. Looks like another case of bad info. I was able to fix it. Before I started looking at it I had no clue what to even do. I vaguely knew the problem was related to NAT and Routing.
But I really found the problem falling back on one of my older skills that I love to use. Its kind of funny really because I was mentioning on a forum yesterday how great that skill was.
The skill - Being able to set up, and read a packet capture (sniffing) with TCPDump in real time. Once I found out what the problem was, I fixed it. with about 60 seconds to go in the maintenance window. :)
Showing posts with label I get paid for this. Show all posts
Showing posts with label I get paid for this. Show all posts
Sunday, July 10, 2011
Tuesday, December 7, 2010
interesting
So a year ago, the company I work for moved. One of the thing that needed to be done was readdressing our Citrix XenServers. I was busy working on Layer2/3 switch problems, so someone else did the address change. Unfortunately one of them didn't work right after. The address was changed (by following Citrix's documentation). However networking and XAPI would fail to start. Networking had to be started by hand. (By the way, you have to bring up both the physical and xenbr interfaces for it to work).
This week I'm looking at erroneous traffic on the network. One of the things I noticed was the bad XenServer trying connect via port 443 to an old ip address.
Looking at it, /etc/xensource/pool.conf had the old address in it. So I commented it out. Then rebooted. Brought the network up by hand, and decided to try and figure out what the deal was.
Googling around, I found information to try using the xe commands to make network configuration changes. Problem is, you need xapi running for xe to work. restarting XAPI doesn't give the world's greatest error message in /var/log/messages. Exit status 2. Watching from the CLI, the error was xapi failed to start.
Someone else on the Citrix Forum said that they recreated the files in /etc/sysconfig/network-scripts. So I copied those files from a working box, and changed what I needed too.
Still not going.
Hunting around, I found /opt/xensource/xapi, which I think is what "service xapi restart / xe-toolstack-restart" are trying to run. I tried to start that. Got the following error: xenserver exception Failure("cannot parse pool_role from pool config file")
Google was next to useless trying to find information on that. So I fired up find on the box and tried to find anything with the filename pool (based off what little information Google did give me).
The /etc/xensource/pool.conf came back up. So I went back into the file I changed last night, took out the comment character(#) and figured for grins to change the line to read slave:.
Restarted xapi and it worked.
Rebooted and the box came up right, everything working.
Long way of saying: if you're running Citrix XenServer in a pool, have to re-address and things brake, check the pool.conf file.
Interesting what happens when you're trying to fix one problem and in the process end up solving another.
This week I'm looking at erroneous traffic on the network. One of the things I noticed was the bad XenServer trying connect via port 443 to an old ip address.
Looking at it, /etc/xensource/pool.conf had the old address in it. So I commented it out. Then rebooted. Brought the network up by hand, and decided to try and figure out what the deal was.
Googling around, I found information to try using the xe commands to make network configuration changes. Problem is, you need xapi running for xe to work. restarting XAPI doesn't give the world's greatest error message in /var/log/messages. Exit status 2. Watching from the CLI, the error was xapi failed to start.
Someone else on the Citrix Forum said that they recreated the files in /etc/sysconfig/network-scripts. So I copied those files from a working box, and changed what I needed too.
Still not going.
Hunting around, I found /opt/xensource/xapi, which I think is what "service xapi restart / xe-toolstack-restart" are trying to run. I tried to start that. Got the following error: xenserver exception Failure("cannot parse pool_role from pool config file")
Google was next to useless trying to find information on that. So I fired up find on the box and tried to find anything with the filename pool (based off what little information Google did give me).
The /etc/xensource/pool.conf came back up. So I went back into the file I changed last night, took out the comment character(#) and figured for grins to change the line to read slave:
Restarted xapi and it worked.
Rebooted and the box came up right, everything working.
Long way of saying: if you're running Citrix XenServer in a pool, have to re-address and things brake, check the pool.conf file.
Interesting what happens when you're trying to fix one problem and in the process end up solving another.
Wednesday, July 21, 2010
that was fun.
Wrote a shell script for work. Don't do that enough. Could have been done a million and one ways, but I did it this way (see below).
The itch:
Person who maintains the FTP server's user accounts is not a GNU/Linux person. She's asked for help and simplicity in the past for creating user accounts. Need to create the user, the home directory, set the password and set file permissions and file acl permissions.
The solution (slightly modified):
#!/bin/bash
# program to create new ftp users. Creates directory, sets permissions and ACL. Will ask for password.
# password section for Redhat Based systems
# get user name from command line
if [ -z "$1" ]
then
echo "$0: Usage: $0 user-name "
exit 3
fi
name="$1"
# create user account, and directory
useradd -d /FTPDIR/"$name" -s /bin/bash -g 502 "$name"
# get new password for user
echo "enter password for user $name"
read user_password
echo $user_password | passwd --stdin $name
# change ownership of directory
chmod 777 /FTPDIR/"$name"
# set acls for directories
setfacl -R --set u::rwx,g::rwx,o::rwx /FTPDIR/"$name"
setfacl -d -R --set u::rwx,g::rwx,o::rwx /FTPDIR/"$name"
# let user know it's done
echo -e "\n User $name is ready to log in. \n"
The itch:
Person who maintains the FTP server's user accounts is not a GNU/Linux person. She's asked for help and simplicity in the past for creating user accounts. Need to create the user, the home directory, set the password and set file permissions and file acl permissions.
The solution (slightly modified):
#!/bin/bash
# program to create new ftp users. Creates directory, sets permissions and ACL. Will ask for password.
# password section for Redhat Based systems
# get user name from command line
if [ -z "$1" ]
then
echo "$0: Usage: $0 user-name "
exit 3
fi
name="$1"
# create user account, and directory
useradd -d /FTPDIR/"$name" -s /bin/bash -g 502 "$name"
# get new password for user
echo "enter password for user $name"
read user_password
echo $user_password | passwd --stdin $name
# change ownership of directory
chmod 777 /FTPDIR/"$name"
# set acls for directories
setfacl -R --set u::rwx,g::rwx,o::rwx /FTPDIR/"$name"
setfacl -d -R --set u::rwx,g::rwx,o::rwx /FTPDIR/"$name"
# let user know it's done
echo -e "\n User $name is ready to log in. \n"
Monday, August 17, 2009
centos install
So I'm rebuilding my RedHat 4es based DNS boxes at work with CentOS 5.3. Partly because I don't have RH support anymore, partly to get the latest security fixes, and lastly because I've been wanting to rebuild them for a while.
CentOS had been giving me problems with installing since Saturday Night (note these are production systems and I had to create 2 new ones to cover the load, which went with no problem last week). Now I'm sure I could have stayed and got it working in an hour or so Saturday night, but 1) I was sick. 2) I didn't have any blank discs and the DVD I was using was scratched up pretty bad.
The load on this one server, kept getting to the point where it would try to install the drivers for the usb-storage. I'm assuming that means the CD-rom drive. And I'll explain why.
Looking around wasn't much use, I was looking for something along the lines of the knoppix cheat sheet. Something that told me all my boot options. But even googling the problem I was having wasn't much use. Until I used linux.google.com.
Someone else had a similar problem with their box, and turning off USB worked for them. However when I did that, my blade no longer saw my cd-rom drive. (The cd-rom drive is connected via ILO, and I've never had this problem before). Re-enable, and tell it to start without the storage driver worked. (linux nousbstorage). However, I was then left with having to do a net based install.
I had to do those for my virtual boxes last week, so no great problem there.
Once again I wonder why I'm doing CentOS installs, but meh. Personally I'd rather do Debian or Gentoo, but this is what the business told me to run.
CentOS had been giving me problems with installing since Saturday Night (note these are production systems and I had to create 2 new ones to cover the load, which went with no problem last week). Now I'm sure I could have stayed and got it working in an hour or so Saturday night, but 1) I was sick. 2) I didn't have any blank discs and the DVD I was using was scratched up pretty bad.
The load on this one server, kept getting to the point where it would try to install the drivers for the usb-storage. I'm assuming that means the CD-rom drive. And I'll explain why.
Looking around wasn't much use, I was looking for something along the lines of the knoppix cheat sheet. Something that told me all my boot options. But even googling the problem I was having wasn't much use. Until I used linux.google.com.
Someone else had a similar problem with their box, and turning off USB worked for them. However when I did that, my blade no longer saw my cd-rom drive. (The cd-rom drive is connected via ILO, and I've never had this problem before). Re-enable, and tell it to start without the storage driver worked. (linux nousbstorage). However, I was then left with having to do a net based install.
I had to do those for my virtual boxes last week, so no great problem there.
Once again I wonder why I'm doing CentOS installs, but meh. Personally I'd rather do Debian or Gentoo, but this is what the business told me to run.
Saturday, August 8, 2009
Fun with grep
I got a copy of the Grep Pocket Reference back in early July via PDF format (from O'Reilly's Safari Bookshelf). I read through it but didn't really learn that much.
Last week the hard copy version arrived (2 weeks after I ordered it from Amazon). I've been reading it the last week. The parts I'm going through right now talks about Regular Expressions (regex). I've read about regex more times than I can count, in classes, in shell scripting books, on the web. This time it made sense.
My firewall log parsing for ip addresses has really improved. For example. I'd usually do "grep '< my ip address >' /external/logs/firewall1". The problem my address at work is .18, but it would pull .181 - .189 also. The first thing I did was back slash the . (dots) in the ip address. It cleaned up some stuff from the logs but not much. It's nicer to know that's not looking for any character and only matching what I want it too.
Which was a problem I was having when I wrote failed a few years ago.
Yesterday I read about word boundaries. I tested it this morning with my work IP address, and no longer am I getting the .181 - .189 addresses. Which is fun. It'll make looking for some things easier in the logs at work.
-------
------
I sudo the 2 lines, because I need to be root to access that log file. I didn't want to setuid the script to run, nor did I want to be root when I ran it. It also requires me to type my password to run it, since sudo only remembers my password for 5 minutes.
To make this work on Redhat based systems, change auth.log to secure.log
Last week the hard copy version arrived (2 weeks after I ordered it from Amazon). I've been reading it the last week. The parts I'm going through right now talks about Regular Expressions (regex). I've read about regex more times than I can count, in classes, in shell scripting books, on the web. This time it made sense.
My firewall log parsing for ip addresses has really improved. For example. I'd usually do "grep '< my ip address >' /external/logs/firewall1". The problem my address at work is .18, but it would pull .181 - .189 also. The first thing I did was back slash the . (dots) in the ip address. It cleaned up some stuff from the logs but not much. It's nicer to know that's not looking for any character and only matching what I want it too.
Which was a problem I was having when I wrote failed a few years ago.
Yesterday I read about word boundaries. I tested it this morning with my work IP address, and no longer am I getting the .181 - .189 addresses. Which is fun. It'll make looking for some things easier in the logs at work.
-------
Just for fun, here is what the finished version of Failed looked like (modified slightly):
#! /bin/sh
# checks for /var/log/auth.log for login failures.
# version 0.2
# < my email address removed >
# prints failed invalid users
echo "Failed Invalid User Attempts"
sudo grep "Failed" /var/log/auth.log | grep -i 'invalid' | grep -v '< work login id removed >' | awk '{print $1,$2,$3,$13,$11}' | sort -u
echo ' '
#prints failed vailid users, except for me.
echo "Failed Valid User Attempts"
sudo grep "Failed" /var/log/auth.log | grep -vi 'invalid' | grep -v '< work login id removed >' | grep -v '< home login id removed >' | awk '{print $1,$2,$3,$11,$9}' | sort -u
echo ' '
------
I sudo the 2 lines, because I need to be root to access that log file. I didn't want to setuid the script to run, nor did I want to be root when I ran it. It also requires me to type my password to run it, since sudo only remembers my password for 5 minutes.
To make this work on Redhat based systems, change auth.log to secure.log
Saturday, August 1, 2009
I'm jumping on the band wagon...
...I'm just late that's all.
So I'm thinking about passwords lately. With Black Hat and Defcon this week, the report that some big name Infosec people had their accounts broke into, a friend's tweet on getting 400 followers, and me having to change my FB password today, I thought I'd share how I come up with passwords.
Now for fun the other night, driving back from Tang Soo Do on a long and lonesome highway east of Omaha... I came up with about 15 or so passwords based off a tv show I liked. They were between 8 to 10 characters each.
So there are a few ways I do it. There are 2 examples in each.
Method One:
I'll take a phrase, the longer the better, and modify it.
The quick red fox jumps over the lazy brown dog (a well known pangram , ie uses all the characters in the English language) or I'm here to chew bubble gum and kick arse and I'm all out of bubble gum (mainly because I'm fond of quotes).
I'll take the phrase, and use camel case (mixed case), with numbers, special characters (anything over the number keys), and letters. I'll then mix them up like below:
Th3Qu!ckBrownF0xJump3s_Over_the_L2zy_red_dog
I'm_h3r3_2ch3w_BubbleGum&kick@rse.&I'm@ll0ut_ofBubbleGum
I can mix them other ways too. For example, I swapped brown and red, just to make it a little different.
Method Two:
I'll take a song lyric or a line from a movie, tv show, or whatever and I'll modify it by using just the first letter of each word, and the some of the other steps above. Examples I'll uses are Seger's Turn the Page, and a line from Cool Hand Luke.
"On an long and lonesome highway east of Omaha" becomes:
0@L&lh3oO!
"What we've got here is... failure to communicate. Some men you just can't reach. So you get what we had here last week, which is the way he wants it... well, he gets it"
Wwgh!F2c.SmUjcr=SugWwhHlw,W!twhWi_whg!! (to be honest, I'd modify it a little more, and weighing in around 30 characters, I'd use that for a pass phrase for my encrypted hard drive).
There are some other rules I use, if you notice, I have 2 characters side by side, 1 will be cap, 1 will not be. I tend to use the 2 interchangeably at home and at work, so we have phrase on some boxes, and the vegitable soup on others.
Lastly Method 3, which I only use on rare occasions is:
pwgen (password generator) from the linux command line. I'll add options like at least 1 special character, 1 upper case, 1 number and set it to be 10 to 12 characters long.
and finally...
I tend to use password safes, with things divided in them. Keepass and Password Safe.
I have had a few users complain when I give them a 10 to 12 character password based on something they said in the conversation. 1 about being long, and 2 about being so random, but when I tell them I use 24 to 26 character passwords regularly they tend to think it's not that bad and they seem to remember what they got fairly well.
There are other ways to make passwords too, and if you google them, I suggest googling site:lifehacker.com
Have fun, be safe online and for extra credit, figure out why I think this is a bad password. BwDn$b! (there are 2 reasons I don't like it).
So I'm thinking about passwords lately. With Black Hat and Defcon this week, the report that some big name Infosec people had their accounts broke into, a friend's tweet on getting 400 followers, and me having to change my FB password today, I thought I'd share how I come up with passwords.
Now for fun the other night, driving back from Tang Soo Do on a long and lonesome highway east of Omaha... I came up with about 15 or so passwords based off a tv show I liked. They were between 8 to 10 characters each.
So there are a few ways I do it. There are 2 examples in each.
Method One:
I'll take a phrase, the longer the better, and modify it.
The quick red fox jumps over the lazy brown dog (a well known pangram , ie uses all the characters in the English language) or I'm here to chew bubble gum and kick arse and I'm all out of bubble gum (mainly because I'm fond of quotes).
I'll take the phrase, and use camel case (mixed case), with numbers, special characters (anything over the number keys), and letters. I'll then mix them up like below:
Th3Qu!ckBrownF0xJump3s_Over_the_L2zy_red_dog
I'm_h3r3_2ch3w_BubbleGum&kick@rse.&I'm@ll0ut_ofBubbleGum
I can mix them other ways too. For example, I swapped brown and red, just to make it a little different.
Method Two:
I'll take a song lyric or a line from a movie, tv show, or whatever and I'll modify it by using just the first letter of each word, and the some of the other steps above. Examples I'll uses are Seger's Turn the Page, and a line from Cool Hand Luke.
"On an long and lonesome highway east of Omaha" becomes:
0@L&lh3oO!
"What we've got here is... failure to communicate. Some men you just can't reach. So you get what we had here last week, which is the way he wants it... well, he gets it"
Wwgh!F2c.SmUjcr=SugWwhHlw,W!twhWi_whg!! (to be honest, I'd modify it a little more, and weighing in around 30 characters, I'd use that for a pass phrase for my encrypted hard drive).
There are some other rules I use, if you notice, I have 2 characters side by side, 1 will be cap, 1 will not be. I tend to use the 2 interchangeably at home and at work, so we have phrase on some boxes, and the vegitable soup on others.
Lastly Method 3, which I only use on rare occasions is:
pwgen (password generator) from the linux command line. I'll add options like at least 1 special character, 1 upper case, 1 number and set it to be 10 to 12 characters long.
and finally...
I tend to use password safes, with things divided in them. Keepass and Password Safe.
I have had a few users complain when I give them a 10 to 12 character password based on something they said in the conversation. 1 about being long, and 2 about being so random, but when I tell them I use 24 to 26 character passwords regularly they tend to think it's not that bad and they seem to remember what they got fairly well.
There are other ways to make passwords too, and if you google them, I suggest googling site:lifehacker.com
Have fun, be safe online and for extra credit, figure out why I think this is a bad password. BwDn$b! (there are 2 reasons I don't like it).
Monday, April 13, 2009
I love finding new tools
TCPview, and netactview. They do the same thing, but one does it in Windows, the other does it in Linux.
Going through firewall logs Friday I found a box trying to hit Akamai Technologies' servers faster than once a second. Like 2 or 3 a second. The box lives on a part of the network with restricted outside access.
There was so much chatter in the logs I was looking at, it looked like it was the only box. The reason it caught my eye to start with was they all had Deny statements with them. Not knowing what the box was doing, we pulled it off the network. There have been infected user boxes before, from surfing sites that were a no no.
The other Network Engineer / Windows Admin today tossed TCPview on the box, it's basically a gui for netstat. Constantly updates in the window, and uses color codes too. However the box had been swept, put back on the network and updated.
I looked at the logs, thinking maybe the issue was a software update (as far as we know the sweep came back clean, the person who did the the sweep is off today), I saw several other boxes. Joking the other guy and I walked back to the area saying it's probably Adobe. Toss TCPview on it, and low, it is adobe updater.
I liked the tool. So I looked, turns out that netactview does the same thing in Linux. Very Nice.
I could do the same thing with netstat, but I hate watching text scroll by.
Going through firewall logs Friday I found a box trying to hit Akamai Technologies' servers faster than once a second. Like 2 or 3 a second. The box lives on a part of the network with restricted outside access.
There was so much chatter in the logs I was looking at, it looked like it was the only box. The reason it caught my eye to start with was they all had Deny statements with them. Not knowing what the box was doing, we pulled it off the network. There have been infected user boxes before, from surfing sites that were a no no.
The other Network Engineer / Windows Admin today tossed TCPview on the box, it's basically a gui for netstat. Constantly updates in the window, and uses color codes too. However the box had been swept, put back on the network and updated.
I looked at the logs, thinking maybe the issue was a software update (as far as we know the sweep came back clean, the person who did the the sweep is off today), I saw several other boxes. Joking the other guy and I walked back to the area saying it's probably Adobe. Toss TCPview on it, and low, it is adobe updater.
I liked the tool. So I looked, turns out that netactview does the same thing in Linux. Very Nice.
I could do the same thing with netstat, but I hate watching text scroll by.
Thursday, March 26, 2009
from knoppix to gentoo
I'm so displeased with the knoppix install (the knoppix 5.3 install left me displeased last week), that I'm going to give Gentoo 2008.0 a run.
I've had problems with getting Gentoo to install in the past on other boxes, but that's half the fun.
I've had problems with getting Gentoo to install in the past on other boxes, but that's half the fun.
Maybe I like my Gnu/Linux harder
Edit: If you found this page searching for knoppix 6 and ssh, please go to this post.
So I was excited when Knoppix released version 6. I was expecting great things.
The one thing I wasn't expecting was a great disappointment. I installed Knoppix6 on the work laptop this week. They said they wanted to go back to the smaller cd architecture over the DVD one. I thought that was a great idea.
However I think a fresh install should include a few simple things.
Knoppix 6, boots and goes straight to a gui. No login, no nothing. Even if this was a home box, I would want someone to have to login to the box, not just drop them in a directory for everyone. Since this is a laptop, I'd want a login for even more reason. I do different thing than other people that use the laptop. It's a shared resource for the team. I don't want them accessing something I'm doing when it's not finished. Something that has always been an issue I've had when working on scripts. It won't be finished, people try to run it, and break things as a result.
SSH is a common tool in the Nix world. At least I, and an developer I talked to today think so. What's the point of a Nix box that doesn't have SSH installed? Sure it doesn't have to be automatically started when the box boots, so you can make config changes the first time. But eventually auto start would be the goal. I use ssh to talk to other boxes. If I hadn't had a external net connection (like where I was Tuesday, when I broke the network) I wouldn't have been able to download ssh and install it. (Luckily this laptop is set for dual boot, and I could do things from Windows with Putty).
I created the user account I wanted. The first of 4 I'm making. It's the generic backdoor account for the department. The people who are going to have access to the laptop will each get their own accounts at some point. However su is aliased as sudo su. Which is great for the default knoppix user, but my account (net-eng) wasn't in the sudoer's file. And wouldn't let me into su. Of course I got around this by using the full path, but still.
net-eng@Microknoppix:~$ which su
net-eng@Microknoppix:~$ type su
su is aliased to `sudo su'
I'll set my own aliases thanks.
The system has limited packages, yes I know they wanted to save size, but half the reason of using a distro is got get packages on the install. If you're not going to include packages then why bother? Then there is the case of the live cd. It gives you cheat codes for boot, kde, gnome etc. But when I tried kde, nothing happened. Seriously it feels like it has the functionality of a Windows install. Other cheats, like kiosk mode wouldn't start for me either.
When I'm doing an install, I'd like to be asked who I want to use the computer, and be able to create an account on the install. Not be given a generic one of the maintainer's choice (the knoppix account in this case). I want to have the setting options. I want to put the name and password I want. As far as I can tell, there is no knowing the knoppix user password. And it doesn't ask for it when you sudo, because it has the no password option set.
Secondly I work in an environment where I have more than one computer. For the last 2 years, because of the previous usefulness of knoppix, I've been pushing to move some of the boxes to that. But when they all install to Microknoppix as the host name, and don't ask for any kind of domain information, it makes setting the systems up slower. Because now I'll have multiple with the same name and lack of domain information, I'll have to touch the boxes multiple times to get them set up.
Lastly, the new simpler 0wn installer forces you to use the reiserfs system. Personally I like EXT3. Just what I prefer. I'm not the only one in that camp either. One of our clients is requesting that all the drives we send to them, with their data on them are the EXT3 format.
But there is more to 0wn being useless than just that. I preconfigured the laptop with an EXT3 and a NTFS partition, since it is dual boot. 0wn couldn't see the EXT3 partition. It has an option to start gparted to modify the table but it would never load, it looks like it's not installed / not on the live-cd. Pre-configuring reiserfs didn't work either, the automatic option couldn't find it, and it wasn't showing a list of drives. Running 0wn from the command line did work, and I was able to get cfdisk to run, instead of gparted even though I used the gparted option. Then it saw the reiserfs partition no problem.
I used to think that knoppix was one of the most useful distros out there. It lived up to it's claim to be the swiss army knife of linux distros. I can also understand the developer's desire to shrink the growth down some. However, they've gone too far and the distro is no longer a swiss army knife in my book.
I loved the kiosk mode, I've used older versions as emergency web servers, nfs servers, and to make disk images when I had to do forensics work (which I'm not an expert on). I got a few co-workers to start using it too. One even went out and bought the Knoppix Hacks book (second edition). The problem is, Knoppix 6 just doesn't live up to what it's previous versions were, at least in my book.
So I was excited when Knoppix released version 6. I was expecting great things.
The one thing I wasn't expecting was a great disappointment. I installed Knoppix6 on the work laptop this week. They said they wanted to go back to the smaller cd architecture over the DVD one. I thought that was a great idea.
However I think a fresh install should include a few simple things.
- a login screen
- ssh pre-installed (maybe not turned on but at least installed)
- su working like a proper su, not an alias for sudo su.
- a system that doesn't make me feel like I'm using a windows want to be.
- the ability to create a user account and host name on set up.
- the ability to use the file system of my choosing.
Knoppix 6, boots and goes straight to a gui. No login, no nothing. Even if this was a home box, I would want someone to have to login to the box, not just drop them in a directory for everyone. Since this is a laptop, I'd want a login for even more reason. I do different thing than other people that use the laptop. It's a shared resource for the team. I don't want them accessing something I'm doing when it's not finished. Something that has always been an issue I've had when working on scripts. It won't be finished, people try to run it, and break things as a result.
SSH is a common tool in the Nix world. At least I, and an developer I talked to today think so. What's the point of a Nix box that doesn't have SSH installed? Sure it doesn't have to be automatically started when the box boots, so you can make config changes the first time. But eventually auto start would be the goal. I use ssh to talk to other boxes. If I hadn't had a external net connection (like where I was Tuesday, when I broke the network) I wouldn't have been able to download ssh and install it. (Luckily this laptop is set for dual boot, and I could do things from Windows with Putty).
I created the user account I wanted. The first of 4 I'm making. It's the generic backdoor account for the department. The people who are going to have access to the laptop will each get their own accounts at some point. However su is aliased as sudo su. Which is great for the default knoppix user, but my account (net-eng) wasn't in the sudoer's file. And wouldn't let me into su. Of course I got around this by using the full path, but still.
net-eng@Microknoppix:~$ which su
net-eng@Microknoppix:~$ type su
su is aliased to `sudo su'
I'll set my own aliases thanks.
The system has limited packages, yes I know they wanted to save size, but half the reason of using a distro is got get packages on the install. If you're not going to include packages then why bother? Then there is the case of the live cd. It gives you cheat codes for boot, kde, gnome etc. But when I tried kde, nothing happened. Seriously it feels like it has the functionality of a Windows install. Other cheats, like kiosk mode wouldn't start for me either.
When I'm doing an install, I'd like to be asked who I want to use the computer, and be able to create an account on the install. Not be given a generic one of the maintainer's choice (the knoppix account in this case). I want to have the setting options. I want to put the name and password I want. As far as I can tell, there is no knowing the knoppix user password. And it doesn't ask for it when you sudo, because it has the no password option set.
Secondly I work in an environment where I have more than one computer. For the last 2 years, because of the previous usefulness of knoppix, I've been pushing to move some of the boxes to that. But when they all install to Microknoppix as the host name, and don't ask for any kind of domain information, it makes setting the systems up slower. Because now I'll have multiple with the same name and lack of domain information, I'll have to touch the boxes multiple times to get them set up.
Lastly, the new simpler 0wn installer forces you to use the reiserfs system. Personally I like EXT3. Just what I prefer. I'm not the only one in that camp either. One of our clients is requesting that all the drives we send to them, with their data on them are the EXT3 format.
But there is more to 0wn being useless than just that. I preconfigured the laptop with an EXT3 and a NTFS partition, since it is dual boot. 0wn couldn't see the EXT3 partition. It has an option to start gparted to modify the table but it would never load, it looks like it's not installed / not on the live-cd. Pre-configuring reiserfs didn't work either, the automatic option couldn't find it, and it wasn't showing a list of drives. Running 0wn from the command line did work, and I was able to get cfdisk to run, instead of gparted even though I used the gparted option. Then it saw the reiserfs partition no problem.
I used to think that knoppix was one of the most useful distros out there. It lived up to it's claim to be the swiss army knife of linux distros. I can also understand the developer's desire to shrink the growth down some. However, they've gone too far and the distro is no longer a swiss army knife in my book.
I loved the kiosk mode, I've used older versions as emergency web servers, nfs servers, and to make disk images when I had to do forensics work (which I'm not an expert on). I got a few co-workers to start using it too. One even went out and bought the Knoppix Hacks book (second edition). The problem is, Knoppix 6 just doesn't live up to what it's previous versions were, at least in my book.
Wednesday, March 25, 2009
Don't know what to think
this is going to be long. Sorry for your RSS feeds.
If you remember, when I started getting the Self Defense class together, I didn't really think I was the right person to teach it. Part of me still feels that way. While I have 20+ years experience in martial arts, I don't have a black belt. I'm close, but meh. I've worked as a bouncer, and a contract body guard / crowd control / security (granted it was 2 weekends a year, for the most part, and I only did it for a couple of years).
Recently I decided to axe the women only class. Because no one shows up for it. I wasn't told I had to yet, no body had hinted that I needed to start thinking about it, etc. I'm going to slide the co-ed class down to that slot, and maybe expand it, maybe not.
Tonight, a lady showed up for the women's class. I'm carrying a box, I juggled it and the blocker to get in the door, she stood at the top of the stairs, and didn't move even when I said excuse me. Granted she had no idea what was in the box, and it wasn't heavy, but I think it's common curiosity to at the very least move. She just looked, and then turned back and waited for the person at the sign in desk who wasn't there.
So I walked around her, hard to do, considering I'm a decent size guy, and I had a box in my hand. (The kind offices get paper in), with a foam blocker on top of it. I went into the room we train in, put the equipment down, and walked back out.
Snooty like, she asked if I was one of the self defense instructors, I said yes. She asked me if I knew who was working the sign in desk. I said no, but I was going to find out. I came back with the desk worker. The lady told me that she was there to watch the class. I said you have to play. My rules are you come to the class, you train. I don't like people sitting watching. (I can adjust the class for new people). I started cleaning the room, because the group in it before us, left mud all over the floor. At 7:33 she comes over and asks, don't you think you should get the class started? I said I would, if she was ready, other wise I have to wait for someone to show up. Her response was "Maybe the problem is the instructor". The two co-ed students how had just arrived heard her say it, the security guard / desk person heard her stay it. The security guard wanted to ask her to leave at that point but isn't allowed to (apartment complex clubhouse, can't kick out residents unless they're being destructive).
She asked what made me qualified to teach, I said I've been doing martial arts for 24 years (this is my 24th year), I've worked as a bouncer and a body guard. She didn't like my reason for not allowing shoes or jewlery (safety for yourself and others, even shown how a kick could be bad, and told her my brother broke his leg kicking recently). She didn't like that I had a guy and girl training together. Told her, it had the same safety rules as the martial arts school I go to. She kept insisting that women and men fight differently, I disagree (and have years of MA to teach me that). She asked me the type of people I body guarded for, I told her, tv and movie stars. She asked me about and your way protected them, then got up, said she came for a self defense class not a dance class.
Needless to say, it left me in a bad place. I've never felt like I should be teaching the class to begin with, my masters said I could, and my students (the 2 that keep coming back) think I do a great job. I wonder if I'm teaching them the right things and the right ways (there is no wrong on either), and if I should be teaching them other things than what I am (I do need to cover ground more, but want to wait for mats, which I don't want the complex to order if I only have 2 students).
So half the class the T and E were trying to get me to blow off the lady's criticism. But I guess they liked the later stuff. I showed a little ground stuff tonight. How to get an attacker off you. E didn't think it would work against a big guy. I'm 240 (she was talking bigger). Had her try it, and I went flying, and it was all her.
The security guard told me I'm a good teacher from what she's seen (she wants to take the class, but ends up having to work). She also said the lady was in the day before causing problems too. But it's still enough to bother me. I know I should let it go, but when you already wonder if you're doing the right thing, and get comments like she left tonight, it doesn't make you happy.
If you remember, when I started getting the Self Defense class together, I didn't really think I was the right person to teach it. Part of me still feels that way. While I have 20+ years experience in martial arts, I don't have a black belt. I'm close, but meh. I've worked as a bouncer, and a contract body guard / crowd control / security (granted it was 2 weekends a year, for the most part, and I only did it for a couple of years).
Recently I decided to axe the women only class. Because no one shows up for it. I wasn't told I had to yet, no body had hinted that I needed to start thinking about it, etc. I'm going to slide the co-ed class down to that slot, and maybe expand it, maybe not.
Tonight, a lady showed up for the women's class. I'm carrying a box, I juggled it and the blocker to get in the door, she stood at the top of the stairs, and didn't move even when I said excuse me. Granted she had no idea what was in the box, and it wasn't heavy, but I think it's common curiosity to at the very least move. She just looked, and then turned back and waited for the person at the sign in desk who wasn't there.
So I walked around her, hard to do, considering I'm a decent size guy, and I had a box in my hand. (The kind offices get paper in), with a foam blocker on top of it. I went into the room we train in, put the equipment down, and walked back out.
Snooty like, she asked if I was one of the self defense instructors, I said yes. She asked me if I knew who was working the sign in desk. I said no, but I was going to find out. I came back with the desk worker. The lady told me that she was there to watch the class. I said you have to play. My rules are you come to the class, you train. I don't like people sitting watching. (I can adjust the class for new people). I started cleaning the room, because the group in it before us, left mud all over the floor. At 7:33 she comes over and asks, don't you think you should get the class started? I said I would, if she was ready, other wise I have to wait for someone to show up. Her response was "Maybe the problem is the instructor". The two co-ed students how had just arrived heard her say it, the security guard / desk person heard her stay it. The security guard wanted to ask her to leave at that point but isn't allowed to (apartment complex clubhouse, can't kick out residents unless they're being destructive).
She asked what made me qualified to teach, I said I've been doing martial arts for 24 years (this is my 24th year), I've worked as a bouncer and a body guard. She didn't like my reason for not allowing shoes or jewlery (safety for yourself and others, even shown how a kick could be bad, and told her my brother broke his leg kicking recently). She didn't like that I had a guy and girl training together. Told her, it had the same safety rules as the martial arts school I go to. She kept insisting that women and men fight differently, I disagree (and have years of MA to teach me that). She asked me the type of people I body guarded for, I told her, tv and movie stars. She asked me about and your way protected them, then got up, said she came for a self defense class not a dance class.
Needless to say, it left me in a bad place. I've never felt like I should be teaching the class to begin with, my masters said I could, and my students (the 2 that keep coming back) think I do a great job. I wonder if I'm teaching them the right things and the right ways (there is no wrong on either), and if I should be teaching them other things than what I am (I do need to cover ground more, but want to wait for mats, which I don't want the complex to order if I only have 2 students).
So half the class the T and E were trying to get me to blow off the lady's criticism. But I guess they liked the later stuff. I showed a little ground stuff tonight. How to get an attacker off you. E didn't think it would work against a big guy. I'm 240 (she was talking bigger). Had her try it, and I went flying, and it was all her.
The security guard told me I'm a good teacher from what she's seen (she wants to take the class, but ends up having to work). She also said the lady was in the day before causing problems too. But it's still enough to bother me. I know I should let it go, but when you already wonder if you're doing the right thing, and get comments like she left tonight, it doesn't make you happy.
Saturday, March 21, 2009
What ever happened to standards?
Last week I had to go down to our plant in Ohio to run cable. While there, I found out that we didn't have an plugs for the face plates. These are the female ends that sit inside the wall for network cabling.
So we ran over to a couple of stores to find some. The first two stores didn't have any. The third one did. When we got back to the plant, I found that the receptacle that I got didn't fit the face plate.
Now this caused 2 problems. 1, it looked half-assed. Which I feel is a direct reflection on my work ethic (even though that is how I was told to leave it). 2, it left the cable too short for the need. I ended up putting a male end on the cable, expecting the equipment to be moved over closer to the wall, which it wasn't. I had only ran enough cable for the run to reach the wall.
What the problem really shows though is a problem with patents. They've destroyed standards. When I was younger, I could go into a store, and get a face plate, or a plug, or anything else, and know that even though they were from different manufacturers, they'd fit together no problem. As long as they were not meant to be decorative.
Even now looking at power strips, they all do the same thing. They all have roughly the same amount of outlets, but they're all shaped different and have their own patent numbers.
I thought the point of the patent was to make people create new things, not use it as a way to get rich, and lock the end users into one company's equipment.
Basically now if I want to replace a cable or outlet; I have to go and buy the part, the "proper" face plate, and maybe even a new outlet box for mounting the cable into the wall.
And if I'm adding cable to the existing box, but can't get the female adapter, that means I'll have to buy more, replace the ones ran previously (which could be a problem depending on how many times they've been cut back to replace the adapters, and how much extra cable length was ran), and then buy the proper parts to make it fit and be presentable.
Maybe it's just me but I think there is something wrong with this picture.
So we ran over to a couple of stores to find some. The first two stores didn't have any. The third one did. When we got back to the plant, I found that the receptacle that I got didn't fit the face plate.
Now this caused 2 problems. 1, it looked half-assed. Which I feel is a direct reflection on my work ethic (even though that is how I was told to leave it). 2, it left the cable too short for the need. I ended up putting a male end on the cable, expecting the equipment to be moved over closer to the wall, which it wasn't. I had only ran enough cable for the run to reach the wall.
What the problem really shows though is a problem with patents. They've destroyed standards. When I was younger, I could go into a store, and get a face plate, or a plug, or anything else, and know that even though they were from different manufacturers, they'd fit together no problem. As long as they were not meant to be decorative.
Even now looking at power strips, they all do the same thing. They all have roughly the same amount of outlets, but they're all shaped different and have their own patent numbers.
I thought the point of the patent was to make people create new things, not use it as a way to get rich, and lock the end users into one company's equipment.
Basically now if I want to replace a cable or outlet; I have to go and buy the part, the "proper" face plate, and maybe even a new outlet box for mounting the cable into the wall.
And if I'm adding cable to the existing box, but can't get the female adapter, that means I'll have to buy more, replace the ones ran previously (which could be a problem depending on how many times they've been cut back to replace the adapters, and how much extra cable length was ran), and then buy the proper parts to make it fit and be presentable.
Maybe it's just me but I think there is something wrong with this picture.
Wednesday, March 18, 2009
Said something today, so unlike me.
"Doing documentation SUCKS!".
Saying that is so unlike me. I'm usually one of the first people that not only calls for the documentation, but also one of the first do it. When I write code, my comments in the code usually take up more lines than the code itself. I usually volunteer to write the documents for programs and projects because I enjoy it.
However for some reason, while doing the documentation for the network changes I did yesterday in our plant in Wooster Oh, I turned to the person I share my office with and said the above statement. I think part of it is because I'm tired. 2 road trips to Wooster in under a week, and not sleeping well is starting to wear on me.
After the documentation was finished I was happy and happy with it, but doing it I couldn't stand it.
Saying that is so unlike me. I'm usually one of the first people that not only calls for the documentation, but also one of the first do it. When I write code, my comments in the code usually take up more lines than the code itself. I usually volunteer to write the documents for programs and projects because I enjoy it.
However for some reason, while doing the documentation for the network changes I did yesterday in our plant in Wooster Oh, I turned to the person I share my office with and said the above statement. I think part of it is because I'm tired. 2 road trips to Wooster in under a week, and not sleeping well is starting to wear on me.
After the documentation was finished I was happy and happy with it, but doing it I couldn't stand it.
Friday, March 6, 2009
AT&T U-Verse Did something right.
*Edit: If you found this page on a search engine while looking for info on AT&T blocking port 25 go to this post
I know the title surprises me too. Even more since this was going to start off as a huge rant about them.
As it says on the side bar, I work as a Network Engineer. I won't say where, but I'm the senior technical resource in the department. Security, design, repair, etc all fall under my position. That includes fixing misconfigured servers and trouble shooing problems (so we can know what needs to be fixed).
Yesterday we (the system administrators) got an email from someone not able to send us email. From what we could tell it looks like their problem, is on their stuff. Not ours. While looking into that problem, I saw another one. The company's email servers were listed on some Real Time Black Lists (RTBL). Which are used to block emails from spammers.
Looking into why we were on the list, one of our mail servers were listed as an open relay which means that spammers could send mail through our mail servers. The easiest and fastest way to check, is to login to the servers via telnet and see if they will send the mail. So, I bounce to my box at home (from work via ssh), and try to telnet to port 25 on the mail server. Not working. Can't telnet to port 25 anywhere else either. Luckily a friend was able to let me use his linux box to trouble shoot the problem, and it wasn't blocked from there. We fixed the configuration on our mail server this morning.
But I still couldn't get to the server on port 25 to re-test remotely. So I took note, and after confirming stuff was fixed, I started to look into why I couldn't telnet from home. My budy doesn't have a problem leaving my account on his box, but that doesn't mean I want to have to rely on his box being up.
After hunting around, it turns out to try and cut down on spam, ISPs are blocking port 25 outbound. It is, what it is. And I think it's a bad idea, to a point. People like me, who need to test are the smaller subset of people that need to use the port, while the spammers are the bigger group. Blocking it from everyone does prevent zombies and spammers from using the port to send spam. But it also prevents us from being able to fix our systems. The better idea would be to start blocking the mail servers that are found to be open relays. Although blocking port 25 prevents finding open relays that haven't been blocked yet. It also cuts down on some traffic (the hunting of open ports).
So I started looking into AT&T and the blocking of the port. The article I found, on their help site, said that they're blocking port 25 for Dial up and Dynamic High Speed internet customers, and doesn't affect people with static ip address, or dedicated connections (Frame Relay, T1, T3).
But wait, I pay 15.00 a month for 8 static ip addresses. So I called ready to raise hell. I fought my way through the automated system, it took several tries and they had to remotely "test" my connection, before transferring me to a live person. I told her the deal, I'm a network engineer, I need to test my mail servers at work remotely, and port 25 is being blocked. She couldn't unblock it. So off to tier 2 I go. The guy there was a lot of help. Re-explained the situation, he looked up my account, confirmed I do have a static ip address (although he read the read column the first time), and unblocked the port for me. he noted the account that I requested it unblocked and why.
Seriously I was expecting to jump through a bunch more hoops before getting things resolved. I wasn't happy at the start of the call, but was by the end. And now I can get to my servers at work the way I need to so I can make sure they're not open relays the next time I find us on a black list.
Is there a better way to block the spammers? Yes. Will it happen? no. I can think of several ways. The biggest is to take the profit out of it, like they did when they ended prohibition. Re-writing the standards so relaying is changed, and being and open relay can't happen. (There has been some work in this). will it be easy to fix the problem... not in today's world.
I know the title surprises me too. Even more since this was going to start off as a huge rant about them.
As it says on the side bar, I work as a Network Engineer. I won't say where, but I'm the senior technical resource in the department. Security, design, repair, etc all fall under my position. That includes fixing misconfigured servers and trouble shooing problems (so we can know what needs to be fixed).
Yesterday we (the system administrators) got an email from someone not able to send us email. From what we could tell it looks like their problem, is on their stuff. Not ours. While looking into that problem, I saw another one. The company's email servers were listed on some Real Time Black Lists (RTBL). Which are used to block emails from spammers.
Looking into why we were on the list, one of our mail servers were listed as an open relay which means that spammers could send mail through our mail servers. The easiest and fastest way to check, is to login to the servers via telnet and see if they will send the mail. So, I bounce to my box at home (from work via ssh), and try to telnet to port 25 on the mail server. Not working. Can't telnet to port 25 anywhere else either. Luckily a friend was able to let me use his linux box to trouble shoot the problem, and it wasn't blocked from there. We fixed the configuration on our mail server this morning.
But I still couldn't get to the server on port 25 to re-test remotely. So I took note, and after confirming stuff was fixed, I started to look into why I couldn't telnet from home. My budy doesn't have a problem leaving my account on his box, but that doesn't mean I want to have to rely on his box being up.
After hunting around, it turns out to try and cut down on spam, ISPs are blocking port 25 outbound. It is, what it is. And I think it's a bad idea, to a point. People like me, who need to test are the smaller subset of people that need to use the port, while the spammers are the bigger group. Blocking it from everyone does prevent zombies and spammers from using the port to send spam. But it also prevents us from being able to fix our systems. The better idea would be to start blocking the mail servers that are found to be open relays. Although blocking port 25 prevents finding open relays that haven't been blocked yet. It also cuts down on some traffic (the hunting of open ports).
So I started looking into AT&T and the blocking of the port. The article I found, on their help site, said that they're blocking port 25 for Dial up and Dynamic High Speed internet customers, and doesn't affect people with static ip address, or dedicated connections (Frame Relay, T1, T3).
But wait, I pay 15.00 a month for 8 static ip addresses. So I called ready to raise hell. I fought my way through the automated system, it took several tries and they had to remotely "test" my connection, before transferring me to a live person. I told her the deal, I'm a network engineer, I need to test my mail servers at work remotely, and port 25 is being blocked. She couldn't unblock it. So off to tier 2 I go. The guy there was a lot of help. Re-explained the situation, he looked up my account, confirmed I do have a static ip address (although he read the read column the first time), and unblocked the port for me. he noted the account that I requested it unblocked and why.
Seriously I was expecting to jump through a bunch more hoops before getting things resolved. I wasn't happy at the start of the call, but was by the end. And now I can get to my servers at work the way I need to so I can make sure they're not open relays the next time I find us on a black list.
Is there a better way to block the spammers? Yes. Will it happen? no. I can think of several ways. The biggest is to take the profit out of it, like they did when they ended prohibition. Re-writing the standards so relaying is changed, and being and open relay can't happen. (There has been some work in this). will it be easy to fix the problem... not in today's world.
Tuesday, February 24, 2009
Allons-y
So I don't remember if I mentioned it last week or not. But we had a guy that was let go. Not in my work group, but under the same director as I. Anyway... I was tasked with making backups of his boxes and data. Up to today, I though the only had 2. I just found out, that he has 4. FOUR COMPUTERS!!!! I don't even have 4.
Just makes my job take longer. And I have other stuff to do, stuff like my normal job. Sigh.
Just makes my job take longer. And I have other stuff to do, stuff like my normal job. Sigh.
Tuesday, February 10, 2009
The usb version is faster
So yesterday at work, I killed my computer. I recovered it this morning. but because recovery could cause loss of data, I backed the box up first yesterday... Everything was still on the hard drive, but I deleted this tiny little partition that was needed to boot.
Last week we got a laptop in from a former sales associate. I don't know if I should laugh or feel insulted. He decided to "wipe" his hard drive before sending the company laptop back. One that he had his username, password, and EBAY account information taped too.
Anyway, I said last week I could recover it. One of the help desk people came over today and said that she was told to give it to me.
30 seconds after booting the thing with a USB Key with Linux (Knoppix) Installed, I was staring at the guy's data. Stupid users...
Seriously though, if you're going to delete your data, at least make it a challenge to get back. Do what I do, at least whipe the partition out. Deleting one boot file, not even worth the time really.
I started recovery on the laptop, but the fans were not running and it overheated. So I've re-did the boot with an external hard drive attached, and well the usb was faster to boot.
Last week we got a laptop in from a former sales associate. I don't know if I should laugh or feel insulted. He decided to "wipe" his hard drive before sending the company laptop back. One that he had his username, password, and EBAY account information taped too.
Anyway, I said last week I could recover it. One of the help desk people came over today and said that she was told to give it to me.
30 seconds after booting the thing with a USB Key with Linux (Knoppix) Installed, I was staring at the guy's data. Stupid users...
Seriously though, if you're going to delete your data, at least make it a challenge to get back. Do what I do, at least whipe the partition out. Deleting one boot file, not even worth the time really.
I started recovery on the laptop, but the fans were not running and it overheated. So I've re-did the boot with an external hard drive attached, and well the usb was faster to boot.
Friday, January 30, 2009
Today was just strange
This is cross posted between my LJ and My Blog
Tried to get up at 5am. Didn't work. Got up around 8:30. Went and paid rent. Then went and talked to the Coordinator, because she didn't call yesterday.
The Self Defense class is on. Next Wednesday at 7:30pm for the ladies, 8:30 for both sexes.
Leaving there, a guy whipped around a corner (we have medians with little turns in them to get into parking lots), didn't even bother trying to slow, I almost t-boned him. Then at the first light I had to turn at, a semi started fish tailing. Turned down another road and got 1/2 way to the road I needed, only to have it closed by an accident. 2 lane road, and the 2 cars took up the whole thing. Looked bad.
Ran by the post office, watched a cute break down about her package. Dropped off my Package going back to amazon for refund, and finally left for work. Get there, get told a server is down in our Louisville office. Called the Louisville tech to reboot the box, it's been flaky. Found out that the doors down there were broke. The mag locks would not disengage. So I got to spend time on the phone with him to figure out how to break into the computer room down there.
Other weird things most the day, like at lunch when I was given the wrong pager for my food, and they had to come find me, so they could give it to me. Then when I got ready to go, which takes about 15 minutes for me to do, the Help Desk Lady comes over and says the police are there.
Turn around there's a county sheriff deputy. Oo. He said they're was a 911 call and hang up from our building. He said they tried to call back, but couldn't get out of the automated system so they sent him out. We walked around, he said since he didn't hear any screaming he wasn't worried. It was either a wrong number or caused by the weather, which happens in the winter. He left, I figured I'd walk around some.
Went to carpet row first, since that's where the VPs, the Owners, the Directors and others like that sit. Saw my director was still there. Told him the cops were there because they got a 911 call. The look on his face was just pure worry would be the best way to say it. He went straight to 11. I had to calm him down quickly. We went over and talked to the Manufacturing Director and VP, then the four of us walked the building. Each person took a different area. We met back up and all was good.
So next week there will probably be a memo if you accidentally call 911, stay on the phone and tell them you got them by mistake.
So then I was getting ready to go again, and the MFG Director stops by says his guys can't get to the Manufacturing share on our network. Look, and the NAS heads crashed again. Spent the next 1.5 hours dealing with that.
Then home ward bound. Stopped to get some clothes for the Self Defense class. That and looking at toys and other things, took about an hour.
Tried to get up at 5am. Didn't work. Got up around 8:30. Went and paid rent. Then went and talked to the Coordinator, because she didn't call yesterday.
The Self Defense class is on. Next Wednesday at 7:30pm for the ladies, 8:30 for both sexes.
Leaving there, a guy whipped around a corner (we have medians with little turns in them to get into parking lots), didn't even bother trying to slow, I almost t-boned him. Then at the first light I had to turn at, a semi started fish tailing. Turned down another road and got 1/2 way to the road I needed, only to have it closed by an accident. 2 lane road, and the 2 cars took up the whole thing. Looked bad.
Ran by the post office, watched a cute break down about her package. Dropped off my Package going back to amazon for refund, and finally left for work. Get there, get told a server is down in our Louisville office. Called the Louisville tech to reboot the box, it's been flaky. Found out that the doors down there were broke. The mag locks would not disengage. So I got to spend time on the phone with him to figure out how to break into the computer room down there.
Other weird things most the day, like at lunch when I was given the wrong pager for my food, and they had to come find me, so they could give it to me. Then when I got ready to go, which takes about 15 minutes for me to do, the Help Desk Lady comes over and says the police are there.
Turn around there's a county sheriff deputy. Oo. He said they're was a 911 call and hang up from our building. He said they tried to call back, but couldn't get out of the automated system so they sent him out. We walked around, he said since he didn't hear any screaming he wasn't worried. It was either a wrong number or caused by the weather, which happens in the winter. He left, I figured I'd walk around some.
Went to carpet row first, since that's where the VPs, the Owners, the Directors and others like that sit. Saw my director was still there. Told him the cops were there because they got a 911 call. The look on his face was just pure worry would be the best way to say it. He went straight to 11. I had to calm him down quickly. We went over and talked to the Manufacturing Director and VP, then the four of us walked the building. Each person took a different area. We met back up and all was good.
So next week there will probably be a memo if you accidentally call 911, stay on the phone and tell them you got them by mistake.
So then I was getting ready to go again, and the MFG Director stops by says his guys can't get to the Manufacturing share on our network. Look, and the NAS heads crashed again. Spent the next 1.5 hours dealing with that.
Then home ward bound. Stopped to get some clothes for the Self Defense class. That and looking at toys and other things, took about an hour.
Thursday, January 22, 2009
I'm rabbid I tell you.
One of my biggest problems with work, is turning off after I leave the office. The drive, to and from work, I think work. Doing dishes, I think work, sleeping, I dream work. And sometimes, just sometimes, it actually keeps me up at night.
Tonight is on of those nights. A group of severs at work, are being hit by people trying to use them as a proxy. Damn script kiddies. Anyway, if they were to actually look, they'd see that they're getting 403 errors back and that their attempt at proxying through my system is not working. I've looked at the access logs on all 4 boxes in question. I've even tried it myself.
It just doesn't work. It's just annoying though, that they keep trying. The person who acts as the product support for those servers pointed out the problem today, again. I've been looking at this since before I went on vacation, and it was in the back of my head since then. Problem is, more people are doing it now.
I spent from 11pm, to 1 am looking at it, and reading about penitration testing, and how to test if you're a proxy and etc, etc, etc. As far as I can tell, we're good... I'm going to do a large sweep of the logs tomorrow and see if they agree... But that's still 2 hours I wasted that I won't get back.
Sigh. I like my job, I like the things it lets me learn. I enjoy the stuff I was doing tonight... BUT I NEED TO LEARN TO HIT PAUSE and LEAVE IT FOR LATER
Tonight is on of those nights. A group of severs at work, are being hit by people trying to use them as a proxy. Damn script kiddies. Anyway, if they were to actually look, they'd see that they're getting 403 errors back and that their attempt at proxying through my system is not working. I've looked at the access logs on all 4 boxes in question. I've even tried it myself.
It just doesn't work. It's just annoying though, that they keep trying. The person who acts as the product support for those servers pointed out the problem today, again. I've been looking at this since before I went on vacation, and it was in the back of my head since then. Problem is, more people are doing it now.
I spent from 11pm, to 1 am looking at it, and reading about penitration testing, and how to test if you're a proxy and etc, etc, etc. As far as I can tell, we're good... I'm going to do a large sweep of the logs tomorrow and see if they agree... But that's still 2 hours I wasted that I won't get back.
Sigh. I like my job, I like the things it lets me learn. I enjoy the stuff I was doing tonight... BUT I NEED TO LEARN TO HIT PAUSE and LEAVE IT FOR LATER
Monday, January 5, 2009
sometimes it is the smallest things
I have the ability to log into my home system from work. With a full working gui. It's like sitting at my desk at home, although a little slower for the screen to redraw sometimes. It makes remote testing great. You can learn how to do it here, if you have the right software.
Today is the first time I tried it since I got AT&T hooked up. It wasn't working. Turns out I had to change an ip address. I looked at it, like 30 times and just scanned over it like it wasn't there.
It works now. I feel a little silly about missing something so simple. Oh well.
Today is the first time I tried it since I got AT&T hooked up. It wasn't working. Turns out I had to change an ip address. I looked at it, like 30 times and just scanned over it like it wasn't there.
It works now. I feel a little silly about missing something so simple. Oh well.
Monday, November 24, 2008
follow up to crypto
It's really really going over well. At least with the test group. The two help desk people that were here today, have already started to use it for personal conversations too. The ones with their friends. One of them im'd me from home, to see if it was working. Of course since it wasn't the same key as the one he had here, I was getting conflicting key errors.
Just really neat to see it spreading like it is. They're using it, they're getting their friends to use it. Yeah it's not as good or strong as GnuPG or PGP, but it works.
I also know that one of the developers is on board for it. I think the other one might be too.
Just really neat to see it spreading like it is. They're using it, they're getting their friends to use it. Yeah it's not as good or strong as GnuPG or PGP, but it works.
I also know that one of the developers is on board for it. I think the other one might be too.
It shouldn't be THAT easy
I've sold my manager, and director on Encrypted IM... We're running a small test right now, in the IT group (the IT people, we'll fold the rest of the IS people in later (the developers, dbas and etc).
We're using Pidgin, with Pidgin-encryption. Really easy to set up. Install Pidgin. Install Pidgin-encryption. Works with all major IM servers, and Operating Systems.
After installing, set your user accounts (don't have to, but that is the way I like to do it), then go and turn on the plugin for pidgin-encryption under options>plugins.
When you turn it on, by selecting the check box, it creates rsa keys for all accounts in the client. Click on configure plugin button, and go to the second tab. Highlight the account, press regenerate key. Change the key size to 2048. The bigger the key the harder it is to break. I have mine set at 4096 (the largest size supported by the client at this time).
Then when you IM a someone, you'll notice somewhere in the text window (here at work it's on the top of the window) a little lock. Click it, and it turns on the encryption. If the person on the other side has the plugin installed, you'll get their key. You should have 2 locks at that point. with arrows pointing to each other. You're encrypted and good to roll. If you're sending an im to someone without encryption, just turn off the crypto, by hitting that little green lock.
So what does encryption do again? It makes it so no one else can read your messages, unless they are supposed to. Encrypted IM rocks. This is really fast, easy to set up, and simple to use. You don't have to worry about someone, like Google (if using Google talk), storing your IMs and giving them to the cops. Because It's encrypted. However, the cops can make you give up your key, at least in the United States. But, if you're transferring Intellectual Property (YOUR OWN, or YOUR EMPLOYER'S) you don't have to worry about the competitor getting your data.
So what shouldn't be that easy? Getting upper management to buy in on this. I've been trying for 2 years. They both said yes today. The director said to bring it up at the next team meeting, and we'll work it out.
We're using Pidgin, with Pidgin-encryption. Really easy to set up. Install Pidgin. Install Pidgin-encryption. Works with all major IM servers, and Operating Systems.
After installing, set your user accounts (don't have to, but that is the way I like to do it), then go and turn on the plugin for pidgin-encryption under options>plugins.
When you turn it on, by selecting the check box, it creates rsa keys for all accounts in the client. Click on configure plugin button, and go to the second tab. Highlight the account, press regenerate key. Change the key size to 2048. The bigger the key the harder it is to break. I have mine set at 4096 (the largest size supported by the client at this time).
Then when you IM a someone, you'll notice somewhere in the text window (here at work it's on the top of the window) a little lock. Click it, and it turns on the encryption. If the person on the other side has the plugin installed, you'll get their key. You should have 2 locks at that point. with arrows pointing to each other. You're encrypted and good to roll. If you're sending an im to someone without encryption, just turn off the crypto, by hitting that little green lock.
So what does encryption do again? It makes it so no one else can read your messages, unless they are supposed to. Encrypted IM rocks. This is really fast, easy to set up, and simple to use. You don't have to worry about someone, like Google (if using Google talk), storing your IMs and giving them to the cops. Because It's encrypted. However, the cops can make you give up your key, at least in the United States. But, if you're transferring Intellectual Property (YOUR OWN, or YOUR EMPLOYER'S) you don't have to worry about the competitor getting your data.
So what shouldn't be that easy? Getting upper management to buy in on this. I've been trying for 2 years. They both said yes today. The director said to bring it up at the next team meeting, and we'll work it out.
Subscribe to:
Posts (Atom)
