Chris Massey

Weather Control

Chris Massey — Fri, 14 Jan 2011 08:59:00 GMT

When the age of SaaS dawned, and the first wisps of the cloud started to condense above our heads, much hype was made of the fact that you could put your “stuff” in the cloud, and then never have to worry about it again. Sadly, that’s only half true. ...(read more)

No Rest for the Virtuous

Chris Massey — Thu, 16 Dec 2010 11:01:00 GMT

It has been an impressively brutal month in terms of security breaches, and across a whole range of fronts. The "Cablegate" leaks, courtesy of Wikileaks, appear to be in a league of their own. The "Operation Payback" DDoS attacks against PayPal, MasterCard and Visa (not to mention the less successful attack against Amazon) are equally impressive. Even more recently, the Gawker Media Network was subjected to a relatively sophisticated hack attack by Gnosis, with the hackers gaining access to some 1.3 million passwords and usernames, as well as internal credentials of Gawker employees, and a big block of users & staff email addresses. Pretty spectacular stuff.

While DDoS attacks and truly skilled hacks are difficult (though not impossible) to defend against, information leaks should theoretically be under better control. It's hard to predict what's going to be thrown at you from the Lions and Tigers and Bears of the internet, but much more within our power to control information flows and potential leaks within our own domains. Not necessarily easy, but much more manageable.

The confidential information recently exposed by Wikileaks was, with a few notable caveats, handled in much the same way as the average Enterprise might manage large amounts of communications data - with PST files. While the scale of the breach is impressive, the methodology is more mundane, and something we're all potentially at risk from. All of a sudden, Brien Posey's horror stories pale into insignificance!

Ultimately, security is always your domain, regardless of whether your server environments are on-premises or in the cloud. Uptime is an obvious concern, and while your PaaS is probably in a better position than you to weather a storm, but it's also more of a target. There's the question of whether you're willing to trust your private data to a 3^rd party, but that's evidently a problem you need to address closer to home as well.

The fundamental nature of security challenges remain the same wherever your environments are hosted; it's only the fine details that change. Just because you're using a big PaaS provider (Amazon being the case in point), that doesn't mean you'll be immune from digital damage. You'll just find it easier to point the finger of blame.

Alan Turing Needs Your Help

Chris Massey — Mon, 22 Nov 2010 13:21:00 GMT

Well. sort of. Clearly, you are using a computer. If you are on this site, you are probably quite familiar with computers as artifacts of our modern society. Hopefully, you are also familiar with the fact that Alan Turing, logician and mathematician extraordinaire, was instrumental in laying down the foundations of modern computer science, and did a little work to help turn the tide of WWII in the Allies' favor. Hold that thought.

A phenomenal collection of Turing's papers (including his first ever published paper, and some pioneering work on Artificial Intelligence) are going to be auctioned off in London tomorrow, and are expected to fetch something between $482,000 & $800,000. The reason I mention this is because supporters of Bletchley Park (Home of the code-cracking Colossus and, more recently the National Museum for Computing) are scrambling to raise enough funds to win the auction and keep these historically priceless papers available to the public.

I know it's cutting it a bit fine, but I urge you to join me in paying our respects to Alan, without whom blogging, developing and database administration would probably be a lot harder. I've made a donation to Turing Papers fundraising page*, and I suggest you do the same.

*Even if the funds raised fall short of the auction price, the money will naturally still go to Bletchley Park, which is doing sterling work to preserve and promote the history of computing.

A Bit Cloudy

Chris Massey — Thu, 18 Nov 2010 14:04:00 GMT

"Systems Administrators, I come in peace. You have nothing to fear from me"
- Office 365

Microsoft Business Productivity Online Suite recently absorbed a few other services and has been rebranded as Office 365, which is currently in private Beta and NDA-d up to the eyeballs. As Microsoft's (slightly delayed) answer to Google Apps Premier Edition, it shows a lot of promise; MS has technical expertise, market penetration, and financial capital all going for it. On the other hand, Google has its fair share of brainpower, and is built from the ground up with network uptime in mind. That is, after all, what their business completely relies on.

Office 365 is also an implicit brand promise (backed up by an explicit 99.9% uptime SLA), and it's already looking like Microsoft might have to work a little harder to honor that promise. Unsurprisingly, I've seen it argued that even 99% is still pretty darned good, and that plenty of enterprises with in-house IT support suffer much worse than 90 minutes of downtime in 2 months. This is all true.

It also doesn't take into account a few points:

With in-house IT, downtime doesn't mean users can't work, it just means they can't work online. If you're using the full Office 365 suite (i.e. with hosted versions of Office itself), then you've potentially got a bigger problem.
It's damaging to the Microsoft brand if they can't honor this promise. They're presumably trying to sell this SaaS suite to managers and executives, and in that arena, confidence is king.

Speaking of confidence, their support for SME's seems to be of the "moderated community-based" variety. So, forums and twitter, then. This suite is designed to appeal to smaller businesses who are likely to not have the in-house expertise to recognize bad advice - that's why they're going down the cloud route. It's designed to put them on an equal software footing with larger enterprises, except when things go wrong, apparently.

To add fuel to that particular fire (and it's a fire that you should draw warmth from), given that they're supporting IE6 (oh, the humanity!), one assumes that they're hoping to attract users who are firmly near the bottom of the IT knowledge histogram.

Do SysAdmins need to worry about their jobs? I doubt it. Particularly as this opens up new opportunities to specialize in network administration, or to rebrand yourself as a Downtime Troubleshooter. Either way, I suspect there will be plenty of call for your expertise in the near future.

The #1 Tip

Chris Massey — Thu, 21 Oct 2010 13:02:00 GMT

The best IT articles and suggestions come from the grizzled front-line veterans, and the best grizzled front-line veterans are the ones who are willing to listen to the suggestions of their peers. Wesley David may not be grizzled, but he is on the proverbial front line, and has recently kicked off a series of articles with his "top tips" for what tools a SysAdmin should have on hand at any given moment. Of course, tips and tricks are not a new format, nor necessarily objectively true, but they are no less useful because of that. So rather than make this about what I think, I want to open the floor and make this about you.

Given that I had "tips for boosting network performance" in mind, I went to our own SysAdmins yesterday and put them on the spot, asking them what their suggestions might be. After they made it very clear that I was asking a slightly silly question, and that there was no conclusive answer to my painfully open-ended question, here're some of their suggestions:

- Not all cables are created equal; check them often: Occasionally a cable will be damaged, or sometimes you'll just be plain unlucky and get a 'bad' cable. Either way, packets get lost.

- Build in network redundancy: There are arguments both for and against deduping the data in your network, but multiple physical paths are always a good idea.

- Make sure you Subnet properly: It shouldn't need saying, but sometimes it does. To borrow a line from a Slashdot user, "Segment your traffic according to where the load is, not where the politics are"

- Keep an eye on those broadcast-heavy apps: And don't be afraid to engage in a little traffic-shaping.

- Look at teaming / load-balancing your network cards: It just makes sense.

- Make sure your switches are consistently configured: Not only will this make initial setup easier, but reducing network variables will make your life easier when the time comes to troubleshoot.

- Educate your users: This one might be an uphill battle, but it'll (hopefully) pay off in the end.

Naturally, you'll be a staunch supporter of some of these tips, and consign others to the "unimportant" or "well, duh" pile, but I'm hoping you'll also share some of your own pearls of hard-earned wisdom, because I don't think #1 Tip is technical; it's professional - Listen (debate) and Learn. A quick glance at the Slashdot comments thread suggests that for every SysAdmin tip, there is an equal and opposite opinion, and I'd love to hear some of both.

TOOWTDI

Chris Massey — Thu, 23 Sep 2010 06:19:00 GMT

PowerShell 2 is an integral part of Exchange Server 2010, and the latest Windows Server technologies, perhaps on the premise that ubiquity breeds familiarity. Exchange has now reached the point where some operations are only available to Powershell scripts, leaving no safe but slow GUI alternative for the tentative administrator (although there’s a certain irony here). Changing the famous Perl acronym TMTOWTDI: TOOWTDI AIWIIP (There is only one way to do it, and it will inevitably involve pain/PowerShell)...(read more)