LOPSA-NJ News Aggregator

My first column is up at Simple Talk: Exchange. If you like it, make sure to vote it up! I hope you get something from it. You might also look at my sysadvent contribution as a peripheral to this.

Thanks very much to my editor, Michael Francis. He worked with me to get a format that we think works very well. I'm looking forward to being a regular contributor to the ST:E. Thanks also to all of you, my blog readers. You're the reason I started writing the blog, and what has kept it going over the first 9 months. Brought to you by Standalone Sysadmin
http://standalone-sysadmin.blogspot.com

I honestly don't remember what I was looking for today when I came across Double Driver, but I don't think it was anything as cool as what I found.

Double driver is for Windows systems, and when you run it, it scans the system to find all the used drivers. It then gives you the ability to backup those drivers (maybe to a network drive or flash media, for instance).

I installed it and checked it out, and I now have a flash drive that contains all the drivers that I'd otherwise have to hunt for and find if I need to reinstall my Vista machine. It's a very handy application, and if you know you're going to be reinstalling (or even if you don't, it doesn't hurt to be safe), you might want to check it out. Brought to you by Standalone Sysadmin
http://standalone-sysadmin.blogspot.com

I'm working on learning more about Microsoft's Sysinternals. There are a lot of really handy sounding utilities, and too many for me to keep track of. I was looking through the disk utils, and I found LDMDump. It's a utility that prints out information on the logical disk scheme. Here's a quote from the utility's page:

"There are no published APIs available for obtiaining detailed information about a disk's LDM partitioning, and the LDM database format is completely undocumented. LDMDump was developed based on study of LDM database contents on a variety of different systems and under changing conditions."

Now, I ask you...how ridiculous is it that a Microsoft-paid developer has to resort to essentially reverse engineering a partitioning scheme to figure out how it works? "The LDM database format is completely undocumented". Unreal. Brought to you by Standalone Sysadmin
http://standalone-sysadmin.blogspot.com

I use Juniper Netscreen (5GT and SSG5) to maintain the intersite VPNs in my company, and to function as firewalls. I was having an FTP issue today, which I suspect is caused by the firewall, so I wanted to see what was going on.

If you work on several pieces of equipment that are similar in function and interface, you might get confused, or your brain takes a shortcut, and you end up doing something silly, like typing "ls" at a Windows command line. Same thing with me and routers sometimes, so I logged into my netscreen and typed "debug" and hit question mark, because I wasn't sure of the argument list. The list of arguments came up, and I started scrolling through , looking for likely candidates. Around this time, it hit me, "There is no debug statement in ScreenOS". I quit out, and just hit "?", which should give me a list of all available commands. Sure enough, it wasn't listed there:


alpha:ns1(M)-> ?
clear clear dynamic system info
delete delete persistent info in flash
exec exec system commands
exit exit command console
get get system information
ping ping other host
reset reset system
save save command
set configure system parameters
trace-route trace route
unset unconfigure system parameters
alpha:ns1(M)->


Well...huh. So I googled it. It turns out that there is a debug command, just not generally documented, and it can do what I'm looking for. I found a blog entry on Geek2Live that seemed to hold the general ideas of what I wanted, and it even included a nifty mindmap to explain it.

If you're interested in this sort of thing, you might enjoy this list of hidden ScreenOS commands and the Juniper knowledge base article on capturing debug flow information. Brought to you by Standalone Sysadmin
http://standalone-sysadmin.blogspot.com

Most people have to deal with two types of screws: flat heads and cross-heads. Sysadmins are not most people.

I've dealt with hex heads, security bits, weird triangle things, and stuff I could hardly describe. Someone, however, has gone to the effort to categorize different screw heads. Here's the writeup on instructables.

Anyone want to start bragging about how big their security bit set is? ;-) Brought to you by Standalone Sysadmin
http://standalone-sysadmin.blogspot.com

Ever look at the filename of the Cisco IOS image on a router and wonder what all the letters mean and what capabilities are included in your OS?

To find out, you can go through a few dozen pages in the IOS Reference Guide, or the much longer Cisco IOS Packaging (Product Bulletin No. 2160).

If you want a quicker way to find out what's in your image, you can use the Cisco Feature Navigator. It's really simple. You put in the image name that your device boots from and it gives you a list of what features you've got. Figuring out those individual features is left as an exercise for the reader ;-) Brought to you by Standalone Sysadmin
http://standalone-sysadmin.blogspot.com

Who called it? Who da man?.

Zune freeze issue is a result of the Leap Year.

OK, enough gloating. Hopefully they'll fix the firmware before 2012 ;-) Brought to you by Standalone Sysadmin
http://standalone-sysadmin.blogspot.com

Tim (a member of my local LUG) writes about some observations he has made of a nearby river and speculates on a tidal bore-like phenomenon [1].

One thing that surprised me was how short the list was on the Tidal Bore Wikipedia page [2], and the fact that is it missing an entry for Tidal River at Wilson’s Promontory [3] (where my family often spent the Christmas holidays when I was young).

Some of the tidal bores are described as having a wave as high as two meters, Tidal River is not so impressive, my observation was that during the 80’s it was about 40cm near the mouth of the river. The area near the river mouth had many bends when I last saw it which absorbed some of the energy of the wave (but I expect that the river changes course constantly so it might be straight from time to time).

On one occasion I River Surfed [4] about 500 meters upstream at Tidal River on a surf-mat (an inflatable surf-board).

I have searched for research into this issue, the Tidal Bore Research Society [5] seems to just maintain a list of tidal bores and not do any real research. Pierre Lubin, Stephane Glockner, and Hubert Chanson published a paper titled “Numerical simulation of turbulence generated by a tidal bore” [6]. Hubert Chanson at the University of Queensland has written an interesting paper titled “Physical Modelling of the Flow Field in an Undular Tidal Bore” [7]. Hubert seems to have published more papers related to tidal bores than anyone else (or at least more papers that are publicly accessible).

• [1] http://tau-iota-mu-c.livejournal.com/141448.html


• [2] http://en.wikipedia.org/wiki/Tidal_bore


• [3] http://en.wikipedia.org/wiki/Tidal_River,_Wilsons_Promontory


• [4] http://en.wikipedia.org/wiki/River_surfing


• [5] http://www.tidalbore.info/


• [6] http://www.trefle.u-bordeaux1.fr/personnel/documents/ti2009_lubin.pdf


• [7] http://espace.library.uq.edu.au/view.php?pid=UQ:9448

ALWAYS wipe your equipment before you sell it to anyone.

This includes things like hard drives and network devices.

I can't mention any names at all, or specifics, but I ordered a couple of refurb routers a few days ago, and I was very surprised today when I saw full router configs in place, complete with IPSec settings, ACLs, and plaintext read/write SNMP strings.

Always wipe your configs before you sell the devices. Always. Brought to you by Standalone Sysadmin
http://standalone-sysadmin.blogspot.com

If your Zune doesn't work this morning, it's not just you.

Apparently, Zunes all over the world froze at or near midnight(local time) last night.

The fact that this follows an iPhone post isn't me gloating, that's just a coincidence. Promise. ;-)

[Edit] It just occurred to me that since this is a leap year, today is day 366. It would be hilarious if they screwed that up. Brought to you by Standalone Sysadmin
http://standalone-sysadmin.blogspot.com

My blackberry died at a particularly inopportune moment over the holiday weekend. Specifically sometime between when I went to bed on the 25th and when the firewall cluster members decided to kill each other on the 26th. In any event, I didn't find out about it until nearly noon, which is Not Good(tm).

To rectify the situation, I got permission to go buy another phone, and I cleared it with the president to pick up an iPhone, since there were a lot of positive responses when I asked, way back in November. Matt's response in particular swayed my opinion.

In the intervening week, I have to say that I've become pretty attached to the thing. With some additional apps from the AppStore (if you're considering getting an iphone, prepare to hear that phrase a lot), it becomes much easier to type mail (get Firemail for landscape typing), there are free RDP, VNC, ssh (touchterm), and other apps as necessary, and best of all, there are built-in settings for VPN (IPSec, PPTP, and L2TP). Browsing the web using Safari in landscape mode makes even Opera mini on the Blackberry look like masochism.

In fact, the only complaint that I have is that the notification options suck. Apple really, really dropped the ball with the configuration options for notifications. You can change ringtones for phone calls and text messages, but you cannot change ringtones or adjust volume for incoming email. At all. And the default notification is a quiet, polite "blip", which doesn't wake me up at 3am. And that's a deal breaker.

Before I took my iPhone back, I wanted to try everything, so I decided to jailbreak (I used quickpwn for Windows) it and see what I could change. The process went very, very smoothly (as soon as I realized the the "power" button is the one on the top right that you click to lock the phone).

I used Cydia (the jailbreak equivalent of the App Store) to install OpenSSH on the phone:

Matt-Simmons:/usr root# uname -a
Darwin Matt-Simmons 9.4.1 Darwin Kernel Version 9.4.1: Sat Nov 1 19:09:48 PDT 2008; root:xnu-1228.7.36~2/RELEASE_ARM_S5L8900X iPhone1,2 arm N82AP Darwin

and used that to sftp in and copy the ringtone to my desktop, which I then modified using Audacity to increase the volume and added a double beat to the beginning, so that it now goes "chi-ching!". Saved that, exported it as an AIFF file, renamed it to the original new-mail.caf and then dragged it back across the sftp pipe to the phone. Sent an email to myself, and I'm now guaranteed to be woken up if I get mail at night.

I should really look into getting a dev kit for the phone. It would be really handy to support actual profiles and to use the GUI to set things like this up. There is a local terminal app available, but it doesn't appear to be supported on my firmware. I'm sure it'll be updated shortly.

Anyone else have any neat tricks for a jailbroken iPhone? Brought to you by Standalone Sysadmin
http://standalone-sysadmin.blogspot.com

A teacher in Arizona steals Linux CDs from a student and then accuses a Linux distributor of being a criminal [1]. Even though she had used Linux in the past she didn’t believe that software was free. Of course that implies that in the past she had performed actions that she believed were criminal.

Neat Little Mac Apps interviews Marshall Kirk McKusick - he describes how the BSD Daemon logo was designed and one of his most significant bugs [2].

OurDelta.org offers MySQL builds with some extra features and support [3]. I was recommended to use their builds by Arjen Lentz of Open Query [4], as one of my clients is going to use the services of Open Query it seems best to use the Our Delta builds if only to get better support from Open Query. The extra features in the Our Delta builds seem interesting, but I’m not sure that my client needs any of them at this time.

The Global Guerilla blog reports on a man who single-handedly invaded the most heavily guarded power station in Britain and shut it down to protest against new coal power stations [5]. The entire blog is worth reading, the author has a lot of interesting ideas.

PhpMyVisites is a free web site analytics system that competes with Google Analytics [6]. I haven’t implemented it yet, but it looks promising. It seems that PhpMyVisites is not being updated any more (not even security updates) and the replacement is Piwik [11].

Andrew Lahde was a fund manager who made significant amounts of money by betting on the inability of US mortgagees to repay their debts, he wrote an interesting goodbye letter (Telegraph.co.uk) [7]. He now has a Wikipedia page which gives some interesting background to his career [8]. An Employee of the Financial Times is famous for flaming Andrew [9], I have submitted a comment pointing out that being famous for flaming someone who is more successful than yourself is nothing to be proud of and suggesting that he advocate his own political views when criticising those of others - I doubt that it will get through moderation. It’s a pity that Andrew doesn’t have a blog, I would like to read more from him.

At CCC a paper by Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger on how to crack the PKI infrastructure used for SSL signing was presented [10]. The root cause is some CAs still using MD5 even though it was broken a long time ago.

Updated to note that Piwik is the replacement for PhpMyVisites.

• [1] http://linuxlock.blogspot.com/2008/12/linux-stop-holding-our-kids-back.html


• [2] http://www.neatlittlemacapps.com/show/nlma-episode-048-interview-marshall-kirk-mckusick


• [3] http://ourdelta.org/


• [4] http://openquery.com.au/


• [5] http://globalguerrillas.typepad.com/globalguerrillas/2008/12/journal-climate.html


• [6] http://www.phpmyvisites.us/


• [7] http://www.telegraph.co.uk/finance/financetopics/financialcrisis/3219870/The-astonishing-sign-off-of-a-wealthy-fund-manager-in-full.html


• [8] http://en.wikipedia.org/wiki/Andrew_Lahde


• [9] http://blogs.ft.com/gapperblog/2008/10/yours-truly-angry-mob/


• [10] http://www.phreedom.org/research/rogue-ca/


• [11] http://piwik.org/

I like looking at big scary apocalyptic events. There's just something...calming...about it. Watching movies where the Earth gets destroyed makes me feel better about the real world and how comparatively un-screwed-up it is. This tendency of mine has spread to the internet, I think. I talked about some crazyness a while back, but today's news is much more fun.

Hackers at the Chaos Computer Conference announced today that they have managed to completely break SSL by using 200 PS3s. Not just that they can spy on communications between hosts communicating over SSL, but that they can brute-force create a "trusted" certificate for whatever they want.

So let me posit a quick scenario. Hackers use the BGP flaw to redirect your bank's traffic to their server, where they've installed a freshly created fake trusted certificate and they man-in-the-middle till the cows come home. Not even two-way authentication can help you then. The best part is that these aren't "bugs" in the applicable protocols as much as flaws in their design.

I suppose in the beginning banks and other lucrative targets can filter known-offenders from their access lists, but the use of botnets will stop that from being an effective tactic.

I wonder if [EDIT] two way PKI will start being cost-effective to implement in that case, since (as I understand it?) the keys and certs aren't being recreated byte-per-byte, they're creating a rogue certificate authority and using that to issue certs. There's a large difference between that and replicating someone's 2048 bit private key. At least, I'm pretty sure. IANAC (I am not a crytpologist).

If the large institutions decide not to do anything, it might get really interesting. Maybe we'll have to go back to writing checks. ;-) Brought to you by Standalone Sysadmin
http://standalone-sysadmin.blogspot.com

Everyone from Slashdot to people I talk with on the street are shocked, shocked, shocked, by the report in the New York Times that TXTing costs carriers almost nothing, even though they've been raising the price dramatically.  (SMS is "Short... Tom Limoncelli http://www.EverythingSysadmin.com

Hello,

Maybe you are interested on installing untrusted packages on your Debian box, but by default you are prompted with this prompt:

Do you want to continue? [Y/n/?] y
WARNING: untrusted versions of the following packages will be installed!

Untrusted packages could compromise your system’s security.
You should only proceed with the installation if you are certain that
this is what you want to do.

untrusted_package

Do you want to ignore this warning and proceed anyway?
To continue, enter “Yes”; to abort, enter “No”:

This is fine, since it warns you about it, but it breaks non-interactive scripts, because needs user confirmation.

What then? the solution is easy, you only need to tell to aptitude that you want to use those packages without user confirmation.

From aptitude manual:
Option: Aptitude::CmdLine::Ignore-Trust-Violations
Default: false
Description: In command-line mode, causes aptitude to ignore the installation of untrusted packages. This is a synonym for Apt::Get::AllowUnauthenticated.

Just go!
# aptitude -o Aptitude::Cmdline::ignore-trust-violations=true -y install your_untrusted_package

WARNING: untrusted versions of the following packages will be installed!

Untrusted packages could compromise your system’s security.
You should only proceed with the installation if you are certain that
this is what you want to do.

untrusted_package

*** WARNING *** Ignoring these trust violations because
aptitude::CmdLine::Ignore-Trust-Violations is ‘true’!

Writing extended state information… Done

It does not use an interactive prompt and of course your script will continue :)

See you!

Posted in Debian, Linux, Shell scripts, Tips      

This is a continuation of Adventures in VoIP part 1


Elastix

The harder half of this endeavor has been the configuration of Elastix. I missed most of the operating system install, but I have been doing a lot of the work getting the extensions set up and configuring the operating panel. My boss got to set up the inbound and outbound routes and configure the trunk lines on the server. Being a Windows guy (and my DOS days being long behind me) I am not all that comfortable working straight from a command line anymore. Thus I attempted to use the web gui supplied with the software.

The web gui is not actually all that bad. I can honestly say they spent some time working on it, but there is one thing they did that drives me absolutely batty. What the hell is up with the red bar? You go in and edit an extension. At the bottom of the form is your standard issue submit button. You think you've made your change, you go and check and nope! It's still the same. You must have missed the red bar. Check out the image. As you can see, the red bar isn't all that red and looks very much like it is a part of the natural background. Up until you look closely and see the pale blue text that says "Apply Configuration" and proceed to facepalm. Unembedded FreePBX (The Elastix form is actually a front end for this) does this right. Notice the orange on blue. Completely contrasting and smacks you right upside the head and tells you that you need to do something. It's noticeable.

Another annoyance encountered dealt with the batch upload. Rather than manually setting up 40+ extensions, you can load a simple csv file and get all of them in at once. After loading (I did remember to click the red button), only some of my extensions worked properly. Oddly enough, only the ones manually entered. I checked to make sure the settings were exactly the same and on a whim, I decided to just hit submit and reload the config. Of course previously unworking extension started to work. I then proceeded to manually reload all the extensions to get the working. I am certain I could have done that from the command line, I just didn't know the way and with my luck I would have just killed something on accident (Yes I have that kind of luck. Ask me about my dead RAID unit sometime, and try not to laugh too hard at me).

With that out of the way, the next task was getting the operator panel online. One thing we noticed is that it could only display 39 extensions in its default configuration. So after a bit of googling, I come across instructions for altering the operator panel. And there is no gui for this. Off to the command line I go. One way a lot of users decide to show more buttons is to physically change how big they are. This option is a no-go for me. Firstly, getting them to look good is a pain in the ass from what I have read. Secondly, our receptionist is somewhere around 70 and her eyes aren't what they used to be (She is surprisingly good with working a computer, as far as receptionists go at any rate. She calls in a timely manner when there is a problem and is polite when something needs fixed.) So to change button positioning, there is a text file to edit: op_buttons.cfg and a perl script to edit: retrieve_op_conf_from_mysql.pl.

The buttons config defines the area that the buttons will take up in pixels on the screen. You can also change column headings, column colors and a few other options. The perl file is where you actually change where the buttons will be. Apparently you edit the perl file so it can generate a buttons config file (op_buttons_additional.cfg) and that file is included with the op_buttons.cfg to get the buttons and their placement. Any manual changes to op_buttons_additional.cfg get nuked whenever Asterisk restarts or the panel reloads. My first attempt at editing the two files was a complete disaster. I found out that it will not automatically extend its default four columns downward, but it will certainly add more to the right off the screen. So that was a dismal failure. I ended up removing the entry for queues (for call queues if you are running a call center) and extending my extensions there.

With that issue solved I moved on to the next one: I was not getting all of my parking lot extensions. For those who have not dealt with larger phone systems (namely me before this job) a parking lot is a set of extensions used for holding calls for other users. That way you can transfer the call there and someone can pick up anywhere in the shop instead of trying to get to their extension before the voicemail get it. Anyway, we have nine parking lots set up 51-59, and the operator panel was only displaying five of them. I double-checked my configuration and I had set up nine, so I delved into the mysterious perl file again and found this:
for (my $i = 1 ; $i <= $numberlots && $i <= 5 ; $i++ ) Now I don't know perl, but I am pretty damn sure I can recognize a for loop when I see it. Two seconds and a reload later and I am in business with all the lots.

And that is pretty much where I stand now. I'll publish further update(s) and anecdotes from the whole process when the system actually comes online.

This was written back on the 18th and since then the system is now online. There will be more forthcoming in this series as soon as I get time to actually write it. Brought to you by Standalone Sysadmin
http://standalone-sysadmin.blogspot.com

I tout documentation quite a lot, but the specifics behind the actual documents have been a little fuzzy. For instance, having an internal wiki is invaluable, but it's as easy to create crap documentation just as well as good documentation (probably easier). What goes into a good document? What form should it take? There are no easy answers.

As with many things, one of the best ways to learn is to examine what other people have done, and that's where Craig Borysowich comes in. If you don't read his blog on IT Toolbox, you should. He consistently produces excellent examples of documentation with his Deliverables series. He also completed posting an example of a system blueprint. For anyone who hasn't already done something like this (like me), it's an amazing time saver, since Craig has done all the hard work.

Like I said, if you're looking for excellent examples of documentation, you owe it to yourself to check out his blog. Brought to you by Standalone Sysadmin
http://standalone-sysadmin.blogspot.com

Lots of blogs list a bunch of stuff that happened in the year just past, and I have done a year-in-review post before, but in looking back at posts on this blog and elsewhere, what strikes me most is not the big achievements that took place in technology in 2008, but rather the questions that remain unanswered. So much got started in 2008 — I’m really excited to see what happens with it all in 2009!

Cloud Computing

Technically, the various utility or ‘cloud’ computing initiatives started prior to 2008, but in my observation, they gained more traction in 2008 than at any other time. At the beginning of 2008, I was using Amazon’s S3, and testing to expand into more wide use of EC2 during my time as Technology Director for AddThis.com (pre-buyout). I was also investigating tons of other technologies that take different approaches to the higher-level problem these things all try to solve: owning, and housing (and cooling… and powering…) equipment. Professionally, I’ve used or tested heavily AppLogic, GoGrid, and all of the Amazon services. Personally, I’ve also tried Google App Engine.

2008 was a banner year for getting people to start tinkering with these technologies, and we’ve seen the launch of ‘helper’ services like RightScale, which puts a very pretty (and quite powerful) face on the Amazon services. The question now is whether the cost-benefit analyses, and the security and availability story is going to be compeling enough to lure in more and bigger users. I think 2009 is going to be the year that makes or breaks some of these initiatives.

The other question I have about cloud computing, which I’ve been asking since the last half of 2007, is “where does all of this leave the sysadmin?” It seems to me that a great many of the services being trotted out for users to play with seek to provide either user-level GUI interfaces, or low-level developer-centric interfaces to solve problems that historically have been the purview of system administrators. I’ve been wondering if it will force sysadmins to become more dev-centric, developers to become more system-savvy, if it will force more interaction between the two camps, or if it means death to sysadmins on some level, to some degree, or for some purposes.

I really think there’s a lot of hype surrounding the services, but I also think there’s enough good work being done here that 2009 could begin to reveal a sea change in how services are delivered and deployed on the web.

Drizzle

If you’re working in the web 2.0, uber-scaling space, and you’re using MySQL, chances are your relationship with your database is less ideal than it was when you were using it to run your blog or your recipe database. As you try to scale MySQL through various means, you find that there are lots of things that could be handled better to make MySQL scale more gracefully. Some extra internal accounting and instrumentation would also be nice. In many cases, it would also be nice to just cut out all of the crap you know you’re not going to use. If you’re looking to sharding, it would be good if there was a database that was born after the notion of sharding became widely understood.

Drizzle is a project started by some MySQL gurus to take a great experimental leap toward what could become a beacon in the dark sea of high scalability. At the very least, it will serve as a foundation for future work in creating databases that are more flexible, more manageable, and, more easily scaled. Of course, it’s also likely that Drizzle will be tied more closely to a slightly narrower audience, but I can say from experience that had the ideals of the Drizzle team been fully realized in an open source product prior to 2008, I may not have even installed MySQL in the first place. I had at least a passing familiarity with what I was getting myself into, and pulled the trigger to use MySQL based on criteria that deviated somewhat from pure technological merit.

I don’t believe Drizzle has announced any kind of timeline for releases. I wouldn’t expect them to. Instead, the first release will probably be announced on blogs in various places with links to downloads or something. The Cirrus Milestone for the project seems to focus quite a bit on cleanup, standardization, and things that, to prospective deployers, are relatively uninteresting. But I think 2009 will at least see Drizzle getting to the point where it can support more developers, and make more progress, more quickly. In 2009, I think we’ll see people doing testing with Drizzle with more serious goals in mind than just tinkering, and I think in 2010 we’ll see production employments. Call me crazy - it’s my prediction.

Microsoft

Windows market share on the desktop, it was recently reported by IDC, has dropped below 90% for the first time in something like 15 years, to 89.6%. Mac users now represent 9.1% of the market, and the rest is owned by Linux, at a paltry 0.9%.

It would seem that OS X has eaten away a few percentage points from Windows, and done perhaps more damage to the Linux space. I have no data to back that up at the moment - I’m going by the enormous shift from Linux to OS X between OSCON 2006 and OSCON 2008. I’ll let you know what I see at LISA 2009, which I plan to attend.

But what about Microsoft? Sure, they’re the company IT wonks love to hate, but the question of how their apparent (marketed) direction will affect their products and business is one that truly fascinates me. Microsoft has become the Herbert Hoover of American software companies, while Apple is FDR, perceived as having saved many of us from the utter depression and despair of the Hoover years (insert joke about sucking here).

Microsoft is enormous. It moves horribly slowly. It has shown a stubborness in the past that would seem difficult for something so large to shake off. Their products reflect this big, slow, obstinacy. What end users need is a software company that is going to lead its users in the direction they’re all moving in already on their own. It can no longer be about “allowing users” to do things (Ballmer has used such phrasing in the past). It needs to be about enabling and empowering, and getting the hell out of the user’s way.

The big question I think 2009 will answer is whether or not Ray Ozzie can affect change to either the culture, or the mechanics of how Microsoft does business (either one is likely to have a drastic effect on the other).

Python 3.0

It’s here already. I, for one, am quite excited about it. I think that GvR, Alex Martelli, Steve Holden, and others have put forth a very admirable effort to communicate with users and developers about what changes are imminent, what they mean, and how to prepare to move forward. I think 2009 is going to require 100% of the communication effort expended in 2008 in order to continue to rally the troops. I don’t know, but would imagine that the powers that be can see that as well, and so it will be. Assuming I’m right there, adoption will increase in the community, and the community buzz resulting from the wider adoption will begin to take some of the pressure off of the really big names, who quite honestly have craploads of other things to work on!

I believe that by summer 2009 we’ll see Python 2.6 migrations happening more rapidly, and a year out from that point we’ll start to see the wave of 3.0 migrations building to more tsunami-like proportions.

Another question: is there sufficien new adoption of Python going on to register 3.0 on the usage scale? Probably not now, but hopefully in 2009…

USA Gets a CTO

I’ve read a few articles about this, but all I’ve read really just amounts to noise and speculation. What, exactly, will the CTO be charged with? I’ve seen Ed Felten floated as a candidate for the position, but he’s not a person who’s going to want to run in and try to herd cats to try to standardize their desktop computing platform. I think if the CTO position is going to take charge of the things Felten has already shown a keen interest in (namely, high-level IT policy, the effect of technology on society, privacy and security… as it relates to the former two items, etc), then there could be nobody better for the job. Princeton’s Center for Information Technology Policy is one of the few places (maybe the only place) I’d actually take a pay cut to join ;-P

I imagine that 2009 will answer the questions surrounding the nation’s very first CTO.

It’s The Economy!

I’m a freelance technology consultant and trainer. Anyone who is making a living freelancing is probably wondering about the state of the economy, no matter where they live (incidentally, I live in the US). The numbers aren’t good. The S&P is down something like 41% this year - the largest drop on record. The state of the markets in general, along with the failing of the banks and their subsequent appearance in Senate committee hearings, as well as the deflationary spiral in the housing market (and predicted more general deflationary spiral) invoke images of bread lines and soup kitchens… or at least very little work for freelancers.

Personally, I have a lot to lose if things *really* go south to the degree that they did in the 1930’s, but I have to say that I don’t think it’ll happen. If you’re worried about this becoming the next Great Depression and are really losing sleep over it, I recommend you read a book called “The Great Depression” by Robert S. McElvaine. There are probably tons of books you can read, but this is one I happen to like. It’s full of both fact and opinion, but the opinions are well-reasoned, and loudly advertised as being opinions (you’re not likely to find a book about any topic relating to economics that isn’t full of opinions anyway).

What I think you’ll find is that, while there are a lot of parallels between now and then, there are lots of things that *aren’t* parallel as well (partly as a result of the depression - for example, the US is no longer on the gold standard, and both banks and securities trading are infinitely more regulated now). Also, not all of the parallels are bad. For example, things began to improve (though slightly at first) almost the day a new Democratic leader replaced the outgoing Republican regime.

My advice (which I hope I can follow myself): If the market numbers bother you, don’t look. Service your customers, don’t burn any bridges, rebuild the ones you can, build new ones where you can, and above all, Do Good Work. When you don’t have work, market, volunteer, and build your network and friendships. Don’t eat lunch alone, as they say.

What are you wondering about?

My list is necessarily one-sided. A person can be into only so many things at once. What kinds of tech-related questions are you searching for answers on as we enter the new year?

addthis_url = 'http%3A%2F%2Fwww.protocolostomy.com%2F2008%2F12%2F29%2F2009-waiting-to-exhale%2F'; addthis_title = '2009%3A+Waiting+to+Exhale'; addthis_pub = 'jonesy';

I'm reading through an enjoyable book called Backup and Recovery by Curtis Preston, and I thought I'd recommend it to any of you who are looking for more information on backup (and more importantly, recovery) schemes. Curtis runs a site called backupcentral.com, which hosts a wiki and forum about backup solutions, commercial and opensource.

I hadn't heard of it, and I figured some of you might not have either. Brought to you by Standalone Sysadmin
http://standalone-sysadmin.blogspot.com

Social networking sites are on the rise, that much is apparent. Tom Anderson sold myspace.com for $580 million dollars. Current estimates are guessing over 140 million users on Facebook. And before you think that social networks are just for kids, Linked In hosts 30 million profiles of experienced professionals who are looking to network with others. Clearly, these sites are tools which can be used to learn and grow in a professional capacity.

I've had my LinkedIn account for a long time, and initially I resisted the others. Eventually I succumbed to Facebook, then myspace, mostly due to peer pressure. Since I have accounts on those three networks, I figured I'd check to see if there were any groups put together by IT administrators. And how.

Most of these groups feature discussions on various topics that you might find interesting. Check them out,and let me know what you think.

LinkedIn
IT Management
System Administrator (Mac, Win, and Linux)
System Administrators
Nagios Administrators

Facebook
Unix Sysadmin
Linux Administrators
Cisco Systems
Appreciate your sysadmin
*NIX
Network/Security/System Administrators
System Administrator Appreciation Day

MySpace
Sysadmin Superstars
Network Admins / Engineers / System Specialists
Computer / Network Administrators
Sysadmins
Network / Sysadmin / Comptechs
Network Engineers

If you know of any other social networking sites (or other types) that you'd recommend, let us know in the comments. I'm always looking for other sources of information, and I know lots of other people are too.

[EDIT]
Talk about coincidence. I wrote this last night and scheduled it for this morning for 8:30am. Before it could go live, Dru posted a link to some BSD Certification groups created on LinkedIn. Funny how things happen sometimes :-) Brought to you by Standalone Sysadmin
http://standalone-sysadmin.blogspot.com