So I did a little bit of testing on my new web cluster.
Not bad for not having a real load balancer…
I’ve been waiting, and working.
I’ve been waiting for my work to release a its new product. I’ve been waiting, politely, for my boss to blog about it. I’ve been waiting to show off this new product.
I’ve been working on provisioning, and working with customers on beta testing the new product. I’ve been working on templates, and auto install media, to make everyone’s life easier. I’ve been working on documentation for customers.
I’ve been waiting for, and working on, a VMware vCloud Director based product known as vmForge VDC.
This is cool stuff!
Well, in honor of IPv6 day, I decided to spurn people along. I created an IPv6 validation badge of my own, and a few other things to prod people to get their providers to switch.
I’ve also updated http://ipv6.chronophage.net with a new look. It also shows you a video that warns you of the real and present dangers of not switching to IPv6, or celebrates your IPv6 achievement with an INTERNET classic
Making the pages was fun, especially using php to spit out the various dynamic graphics. In one spot I use a validator lifted from here On the main page i simply have this
SetEnvIfNoCase REMOTE_ADDR "^[0-9a-f:]+$" IPV6_USER=1 in my apache config, and check for that variable in my shtml index. I use a php filter elsewhere. This is to test various ways of IPv6 validation. If you see an error, please comment.
Making dynamic graphics was straight out of the php documentation. That language has a function for everything!
No one will accuse me of being a website designer, I hope it’s ugly enough for you.
Anyways, have fun! Happy (pending) IPv6 day!
So I put a hypervisor in your hypervisor, so you can virtualize while you virtualize.
Elastic Sky X. That’s what ESX stands for. Crazy, right?
Well, more playing means more caveats
First, something I forgot to mention yesterday. To get ESX working in Ubuntu, Workstation needs to be able to put the vmnet interfaces into promiscuous mode. That requires allowing the user or group that you use to start Workstation to have read/write permissions over the vmnet devices in /dev. A simple chmod will do the trick.
Now, back to our story…
VMware vSphere, lots of RAM, a decent amount of disk space, a fairly recent copy of 64bit Windows (I used Server 2008 R2) ESX and vSphere Server iso and exe files. Iron will. Patience. Some sort of NAS distribution (I used FreeNAS.)
“Sudo’s command matching routine expects actual commands to include one or more slash (‘/’) characters. The flaw is that sudo’s path resolution code did not add a “./” prefix to commands found in the current working directory. This creates an ambiguity between a “sudoedit” command found in the cwd and the “sudoedit” pseudo-command in the sudoers file. As a result, a user may be able to run an arbitrary command named “sudoedit” in the current working directory. For the attack to be successful, the PATH environment variable must include “.” and may not include any other directory that contains a “sudoedit” command.”
I actually read about this on Full Disclosure. This is very similar to an earlier exploit. Sudo is a great tool, but you always have to be *very* careful who you give sudo access to.
So, some of my users are avid World of Warcraft players. They’ve been complaining that they keep getting phishing schemes in their email accounts. Since Bayesian Filtering isn’t catching on, I think it’s time for custom SpamAssassin rules.
An unfortunately common trend across the IT world is this: Your IT infrastructure is running great and everyone is happy. The budget cuts have to happen and the boss looks around, and decides that their good, but expensive IT professional is no longer worth paying. So they replace him or her with someone cheaper, with less experience, and problems set in. Often major problems. Usually, at this point, the company goes back to their original IT professional with their hat in hand, or their IT offices start to resemble a by-the-hour hotel.
It’s easy to want to compare IT to Sales and Marketing. But those traditional roles have a direct correlation to performance and results. Sales does well, money comes through the door. Marketing does well, and your company is on the lips of Jane Q Public. If IT performs excellently, nothing happens.
It’s hard to justify nothing. Nothing doesn’t make the books.
So, the person in charge of the purse strings looks around, sees someone who apparently does nothing, and gets rid of him or her.
Then something happens. The network goes down. The un-patched server is compromised. Money starts flying out the door. Consultants are called, the emergency fixes is done. The new IT guy or gal is fired, and the boss goes looking for a better qualified IT professional. Lesson learned, right?
Unfortunately, not. Often, the new IT Professional comes on, gets everything working again, and what does the boss see? Nothing.
Wash, Rinse, Repeat.
There are really two ways a professional deals with this: 1) He or she rides out the cycle with his or her reputation intact, but has to deal with scrambling for a new job more often than not, or 2) He or she implements Operation Job Security.
Operation Job Security is a simple formula really. Implement arcane solutions that are fragile, and prone to break often, but not too often. Don’t document anything. And play the martyr whenever you have to fix anything.
The last time I talked to a small business owner who loved his IT guy, I was at a bar after work. The conversation went something like this:
“I love my IT guy,” he tells me, out of the blue. Well, not really. Our conversation went from the weather, to our jobs. The standard Midwestern small-talk. He owns a small manufacturing business, I do IT.
“Anytime anything breaks, my guy is there, 2 am, whenever. He’s amazing.”
“Oh?” I take a sip of my Guinness.
“How often do things break?” My question hangs in the air while he thinks about it.
“About once a quarter.” he says.
It doesn’t click. Yet.
“Reliably?” I ask him, with a touch of irony.
“Well, yeah…” There’s a moment of awkward silence. Realization sets in.
“Oh.” he says.
“Oh.” I say.
Oh is right. Mr “I love my IT Guy” is a victim of a master of Operation Job Security.
The word “victim” is right. I don’t blame IT Guys or Gals who implement Operation Job Security, we all have to eat and pay bills, but it *is* a con game.
Sabotage is not cool, it’s not professional, it’s not ethical, and ultimately, it gets you nowhere. It’s predatory, and violates the trust between a client and his or her paid professional. It breeds resentment, on both sides of the equation, and makes the whole industry look bad.
Take the high road. Take pride in your Nothings. Do it right.
Then again, that’s easy enough for me to say.
One of the many terms you’ll hear thrown around an internet service provider is Request For Comments, aka, RFC: “This isn’t per the RFC!” or “We follow the RFC!” or “Read the RFC!” So what is an RFC, and why do you want to know what it says.