Wednesday, July 30, 2008
Tuesday, July 29, 2008
Monday, July 28, 2008
Friday, July 25, 2008
Shuttleworth: Make Desktop Linux Better than AppleBy Darryl K. Taft
Mark Shuttleworth, founder of Canonical, calls on Linux developers to make the presentation layer of desktop Linux applications even more attractive to users than Apple’s Mac OS.
PORTLAND, Ore.—Mark Shuttleworth, founder of Canonical, which makes Ubuntu Linux, called for desktop Linux to improve to the point that its presentation layer is more visually exciting than Apple's.
During a talk at the O'Reilly Open Source Convention here July 22, Shuttleworth issued a final challenge to open-source developers before he left the stage.
"The great task in front of us over the next two years is to lift the experience of the Linux desktop from something that is stable and robust and not so pretty, into something that is art," Shuttleworth said to applause from the audience. "Can we not only emulate, but can we blow right past Apple?"
However, he made no mention of whether Apple intends to simply sit idly by while desktop Linux catches up to and surpasses the user experience that Apple has become so well-known for.
"I see this [need] for free software—beautiful, elegant software. We have to invest in making this desktop beautiful and useful," Shuttleworth said of Linux.
Meanwhile, he also said changes in technology drive changes in the economy and thus changes in society.
"More than any other time in history, software matters," Shuttleworth said. Despite enrollments in computer science declining, he said, "We're not done yet; the opportunity is only getting better."
For instance, "the iPhone is effectively a pure software experience," Shuttleworth said. "It's no accident that over the last 10 years in technology many of the biggest brands have been built using free software."
He cited Google as a prime example.
"The real stimulus of innovation is disclosure," Shuttleworth said. "And free software is the ultimate form of disclosure. Free software is the scaffolding of innovation."
Open-source developers should architect their solutions to be innovation-ready, Shuttleworth said. "Make it extensible," he said noting that allowing for plug-ins is a key to extensibility.
"Another key thing for innovation is platform tolerance," he said. "It's essential that we figure out how to work with Windows."
Developers also need to enable users to have a choice of tools, Shuttleworth said.
He then launched into a discussion of software development methodologies, stating that while he likes the agile methodologies, he has been considering how free software is impacting how developers think about software development methodologies.
Meanwhile, Shuttleworth said he hopes to see the industry move to an environment of "permission-free development," where developers are free to jump in and write code off of core open-source projects without seeking permissions.
Yet, although ad-sponsored content is great for the Web and for search applications, it is not the answer for free software applications that are not strictly Web applications, Shuttleworth said.
"I don't believe advertising will power free software applications; I think the emerging emphasis on services will help support that," Shuttleworth said
Monday, July 21, 2008
Why San Francisco's network admin went rogue
Last Sunday, Terry Childs, a network administrator employed by the City of San Francisco, was arrested and taken into custody, charged with four counts of computer tampering. He remains in jail, held on $5 million bail. News reports have depicted a rogue admin taking a network hostage for reasons unknown, but new information from a source close to the situation presents a different picture.
In posts to my blog, I postulated about what might have occurred. Based on the small amount of public information, I guessed that the situation revolved around the network itself, not the data or the servers. A quote from a city official that Cisco was getting involved seemed to back that up, so I assumed that Childs must have locked down the routers and switches that form the FiberWAN network, and nobody but Childs knew the logins. If this were true, then regaining control over those network components would cause some service disruption, but would hardly constitute the "millions of dollars in damages" that city representatives feared, according to news reports.
Apparently, I wasn't far off the mark. In response to one of by blog posts, a source with direct knowledge of the City of San Francisco's IT infrastructure and of Childs himself offered to tell me everything he knew about the situation, under condition that he remain anonymous. I agreed, and within an hour, a long e-mail arrived in my in box, painting a very detailed picture of the events. Based on this information, the case of Terry Childs appears to be much more -- and much less -- than previously reported.
A man and his network
It seems that Terry Childs is a very intelligent man. According to my source, Childs holds a Cisco Certified Internetwork Expert certification, the highest level of certification offered by Cisco. He has worked in the city's IT department for five years, and during that time has become simply indispensible.
Although Childs was not the head architect for the city's FiberWAN network, he is the one, and only one, that built the network, and was tasked with handling most of the implementation, including the acquisition, configuration, and installation of all the routers and switches that comprise the network. According to my source's e-mail, his purview extended only to the network and had nothing to do with servers, databases, or applications:
"Terry's area of responsibility was purely network. As far as I know (which admittedly is not very far), he did not work on servers, except maybe VoIP servers, AAA servers, and similar things directly related to the administration of the network. My suspicion is that you are right about how he was "monitoring e-mail"; it was probably via a sniffer, IPS, or possibly a spam-filtering/antivirus appliance. But that's just conjecture on my part."
Like many network administrators who work in the rarified air of enterprise network architecture and administration, Childs apparently trusted no one but himself with the details of the network, including routing configuration and login information. Again, from the source's e-mail:
"The routing configuration of the FiberWAN is extremely complex. Probably more so than it ought to be; I sometimes got the feeling that, in order to maintain more centralized control over the routing structure, [Childs] bent some of the rules of MPLS networks and caused problems for himself in terms of maintaining the routing.
"Because the system was so complex (and also because he didn't involve any of the other network engineers in his unit), Terry was the only person who fully understood the FiberWAN configuration. Therefore, to prevent inadvertent disruption of this admittedly critical network, he locked everyone else out. I know most of the networking equipment ... does use centralized AAA, but I get the impression he may have configured the FiberWAN equipment for local authentication only."
Childs' attitude toward other administrators is by no means unusual in the IT industry. This is generally due to the fact that admins who are tasked with constructing and maintaining networks of this size and scope care for them like children, and eventually come to believe that no one else could have the knowledge and skills to touch the delicate configurations that form the heart of the network.
A key point made in the e-mail is that Childs' managers and co-workers all knew that he was the only person with administrative access to the network. In fact, it was apparently known and accepted in many levels of the San Francisco IT department. Again, quoting from the e-mail:
"This is where it gets tricky for the prosecution, IMO, because the localized authentication, with Terry as sole administrator, has been in place for months, if not years. His coworkers knew it (my coworkers and I were told many times by Terry's coworkers, "If your request has anything to do with the FiberWAN, it'll have to wait for Terry. He's the only one with access to those routers"). His managers knew it.
Other network engineers for the other departments of the City knew it. And everyone more or less accepted it.
No one wanted the thing to come crashing down because some other network admin put a static route in there and caused a black hole; on the other hand, some of us did ask ourselves, "What if Terry gets hit by a truck?" If a configuration is known and accepted, is that "tampering"?"
My source appears to believe that Childs' motivation was the antithesis of tampering, and that Childs did everything possible to maintain the integrity of the network, perhaps to a fault:
"He's very controlling of his networks -- especially the FiberWAN. In an MPLS setup, you have "provider edge" (PE) routers and "customer edge" (CE) routers. He controlled both PE and CE, even though our department was the customer; we were only allowed to connect our routers to his CE routers, so we had to extend our routing tables into his equipment and vice versa, rather than tunneling our routing through the MPLS system."
Like so many other high-level network administrators, Childs seems to have taken his job extremely seriously, to the point of arrogance and perhaps to the point of burnout.
"Terry was very dedicated to his career as an engineer. He is a CCIE (probably the only one in the City government), and spent much of his free time studying and learning more -- the MPLS for the FiberWAN, VoIP some of the departments are rolling out, other new technologies for our 311 and E911 systems, etc. He worked very hard, evenings and weekends in addition to full-time 8-5 work, and rarely took vacations. His classification is "professional," so he doesn't earn overtime pay, only comp time -- which like many of us he never really had the opportunity to use. He was on standby more or less 24-7-365; whereas in the private sector, in a company of 20,000 or more employees, you'd expect to find multiple engineers rotating that standby status, I'm pretty sure he was always the guy on call."
This attitude is, again, not uncommon among high-level IT administrators. Neither is the fact that they tend to eschew what they perceive to be unnecessary questioning and bureaucratic "nonsense."
"Terry also, obviously, had a terrible relationship with his superiors. I should point out that he's not just a network engineer -- he was the lead network engineer for the entire City. His bosses were all managerial rather than technical, and while the other engineers did not actually report to Terry, they did defer to him in any technical matters. Even the network architect left it to Terry to actually figure out implementation. Terry felt that his direct superior was intrusive, incompetent, and obstructive, and that the managers above him had no real idea of what was going on, and were more interested in office politics than in getting anything done.
"[Childs] complained that they spent more time doing paperwork -- change requests, documentation, etc. -- than actually implementing or fixing anything (a common complaint among engineers, I know). He complained about being overworked (which he was, and which his colleagues are even more now) and that many of his colleagues were incompetent freeloaders (also not entirely without basis).
"You could see him getting red in the face whenever he started talking about his department. And once you were on Terry's bad side (which thankfully I never was), that's where you stayed, and you'd get only the most grudging assistance from him from then on. Whether any of his complaints were valid or not, I can't really say, but I don't think that's as relevant as how Terry felt."
Keys to the kingdom
If Childs' sole proprietorship of the FiberWAN network was normal operating procedure, how did the tensions between Childs and his managers come to a head? Why was Childs arrested on Sunday? There have been reports that the city's newly-hired head of security may have pushed for Childs to open the FiberWAN doors to other admins. My source doesn't know for sure, but offers some insight:
"I don't know much about his actions in the last few weeks. It's been a couple of months, at least, since I've even spoken to him, and even then it was probably only in reference to some specific request or ticket. But I can imagine that being the subject of disciplinary action by his supervisors for "performance" issues would be absolutely infuriating to him. I can imagine that his response would be, "How can you say my performance is poor when I've been doing what no one else here was willing or able enough to do?"
If Childs was pressured to give up the keys to the network that he had built and cared for so long, would he go so far as to explicitly prevent anyone else from tinkering with his charge?
"I can imagine that [Childs'] response to a demand to open up authentication to the FiberWAN would be, "Why? So you can screw it up and bring the Citynetwork crashing to a halt?" I can even imagine that, under so much pressure, he'd take steps (deleting or hiding config backups, for instance) to make sure he was the only one in control."
These tales offer significant insight into what may have occurred between Childs and the FiberWAN network hostage situation. Rather than a case of a rogue administrator attempting to cause damage to the network by locking out other administrators, this may be a case of an overprotective admin who believed he was protecting the network -- and by extension, the city -- from other administrators whom he considered inferior, and perhaps even dangerous. One important fact seems to be in Childs' favor, if reports that the network has continued to run smoothly since his arrest are true.. My source corroborates this.
"As for the impact of [Childs'] actions to the rest of the City, the mayor's statement basically has it right. The network is completely up and running. No servers that I'm aware of are affected. No one has had any downtime (yet). But until they get back into those routers, they can't make any changes. I don't know yet if Terry's lockout applies only to the FiberWAN or also to the other routers, firewalls, switches, etc. in the City network."
Laying the blame
My source doesn't appear to harbor any ill will towards Childs for this situation, and even believes that the city may be worse off with Childs out of the picture, and that some of the blame should be shouldered by Childs' superiors.
"It's a real shame. The city is losing a good network engineer -- probably the best, technically, that they've ever had. Ultimately he has no one to blame but himself, but it's too bad his superiors weren't better about establishing and enforcing policies about authentication, backups, auditing, cross-training, and separation/rotation of duties.
"You'll note the papers have referred to the new information security manager. It's only been a month or so since the City even had an information security policy, and even that is a bare, unmodified template from CCISDA that's awaiting discussion and alteration by a committee that hasn't been formed yet. (When I asked Terry if we could get a copy of the City's network security policy some months ago, he told me, "I've been trying to get them to approve one for years. I've written ones up and submitted them, but they don't want to do it, because they don't want to be held to it.")"
He also points out that by forcing the issue, the city may have significantly reduced its ability to use and control its own network.
"The one impact they haven't mentioned is that Terry was one of only two engineers assigned to special projects and to do major routing changes and perimeter firewall configuration. The service level, even after they regain control of the network, is going to be way down, until they can fill his mighty big shoes."
My source had many good things to say about Childs, but did not shy from negative comments, noting that Childs has a bad temper and can be very defensive.
"As for Terry's character, I can imagine this happening. He takes great personal and professional pride in his work -- to a fault. He can be very defensive if someone suggests there's something wrong with the way his network is set up, and that's been a problem for us (as his customer) a couple of times. Terry has a bad temper.
"He's the sort of person who, while his bile is up, won't budge an inch -- and then will call you a couple of hours later and acknowledge that maybe your suggestion was right, after all, or maybe here's an even better way to handle things."
The inner sanctum
Later in the e-mail, my source offered some insight into what may be at the core of the issue: Childs was so paranoid about the security of the network that he even refused to write router and switch configs to flash, which would mean that if the device was powered off, all configurations would be lost.
"At one point he was concerned about the security of the FiberWAN routers in remote offices, so he had them set up without saving the config to flash. "If they go down, I'll get alerted, and connect up to them and reload the config." Great, except we have power outages all the time in this city, some of those devices aren't on UPSs, and what happens if you're on vacation? And what about the 15 to 60 minutes it might take you to connect up and reload? He eventually conceded and (ahem) decided that disabling password recovery was sufficient security."
If Childs did this with some or all of the switches and routers comprising the FiberWAN network, then password recovery without significant network disruption becomes a bigger problem. Without first-hand knowledge of the state of those routers and switches, there's no good way to know, unfortunately.
If the details given to me in this e-mail are accurate, it would appear that this case is not nearly what it seemed originally. Perhaps it comes with the pressure and responsibility of the job, or the belief that the network they've built is simply too complex for mere mortals to comprehend, but it's not uncommon for highly skilled network administrators to become overprotective of their networks, or for networks of significant size to become an extension of the person who built them.
It certainly appears that Terry Childs believed San Francisco's FiberWAN network was his baby, and that by refusing to allow others to access the inner sanctum was in the best interests of the city, the citizens, and perhaps most importantly, himself.
Wednesday, July 16, 2008
Staying ahead of stale career Web sites and fully exploiting the Internet to find work
Network/Systems Management Alert By Denise Dubie
IT professionals looking for permanent positions in high-tech seem to be facing more challenges than in the past, and numerous online career sites promise to expedite the process with social networking and other features designed to bring the best listing directly to job-seekers' desktops.
See a slideshow of 20 most useful career sites for IT professionals here.
But despite the wealth of resources available online, IT job seekers say the career sites sometimes don't deliver as they promise. Some report that the in-demand skills employers want don't match the actual skills candidates currently have. Others say career Web sites have stale information and don’t deliver the usability or security features they want when posting personal information online.
"The problem with online sites is that you don’t get many responses (like none usually). A lot of the postings are old, the employers don’t clean them up very well," says David Currier, a member of the infrastructure team for Perot Systems/Owen & Minor Medical in Richmond, Va. "So although they indicate a lot of opportunities the real number is far less. I usually look for anything posted within the last seven days to get a fair feel for what might be available."
Recently high-tech job seekers have shared a few tips on what they do to stay ahead of stale sites and exploit the Internet fully to find work.
"Don't overlook something like Craigslist. I wouldn't have thought to look for a position there but I did find several promising possibilities," says Ron Nutter, Network World Help Desk Editor and an IT professional who blogged about his experience looking for full-time work in the Kansas City, Mo., area.
Nutter also points out that CareerBuilder added a feature that allows users to upload a resume that could be searched by potential employers, which he says could help a potential candidate get considered for a job he or she did not apply for. Also he says to maintain records of positions applied for and companies contacted for work.
"Keep a spreadsheet to track the jobs you have applied for and the calls you have had from recruiters and companies where you have applied for a position," Nutter says. "This will help you keep track of where you have applied and if you have filed for unemployment, you will be able to provide proof with very little effort on you job hunting activities."
Terri Morgan, a principal at Wudang Research Association, says she has had various experience with different online career resources.
"I look at two separate areas: 1) the site itself (features, functions, etc.) and 2) the content (what jobs do they have - most important," Morgan says. "I use Monster, CareerBuilder, and Dice mostly. They tend to have the freshest selections."
Monday, July 14, 2008
Thursday night July 31, 2008 from 5:30PM to 7:30PM
in Room 228 of the Commerce and Finance building at the University of Detroit Mercy McNichols campus.
Therefore I am inviting Detroit members of both BDPA and NSBE. Please spread the word to other members, because I know I forgot some people.
The topic will be a demonstration on how to use VMWare within a Network Environment.
I will go over installation, using VM images, running Frenzy BSD and some variation of Knoppix for running security services on a network, testing Network services with virtual machines before deployment (Fedora and XAMMP), and how the concept of backing up functional virtual machines, before a good one is lost. Time permitting I may even throw in a FreeDOS demonstration running a couple old DOS games, just as a way of changing things up. If you find this of interest please let me know, and from there I can decide whether or not its worth it to make arrangements for refreshments. I should also have a flyer for this done by the end of the week.
William E. Bowen CIAP MSCIS
Government Computer Specialist
University of Detroit Mercy Assistant Professor
DAE-NSBE Telecommunications Chair
BDPA Detroit TAC Member
Thursday, July 10, 2008
Tuesday, July 08, 2008
Thursday, July 03, 2008
How Linux app install leaves one PC expert befuddledby Jason Perlow
Adrian, you dumb arse!
At least that was my initial reaction when I read his “Linux’s dirty little secret” column about his struggles with installing applications onto a Linux distro. It was either the Linux Geek rage originating from the knowing that he didn’t Read the Fine Manual (RTFM) or the sheer jealousy of not getting 300+ Talkbacks whenever I post something on ZDNet like the fine Mr. Kingsley-Hughes. But I digress.
You can’t really blame Adrian, though. Adrian is a relatively new Linux user – he comes from the world of Windows, where you double click on a SETUP.EXE icon and minutes later, you’ve got an application installed on your system. With Linux, that’s not the case – different package standards between distributions and lack of standardization in software manifest tools has created a situation where on the most of the major Linux distros, you have Red Hat Package Manager (RPM) files and on others, namely Ubuntu and Debian, you have Debian Archives (.DEB).
Click on the “Read the rest of this entry” link below for more.
To add further complexity into the situation, the RPMs and DEBs used on one distro are not necessarily compatible with the RPMs or DEBs on another. And some software doesn’t come in a neat little package format – they come as good ‘ol compressed tarballs (tar.gz or tar.bz2). Case in point, if you want to use the very latest builds of anything from a Open Source project such as Mozilla or OpenOffice.org, and don’t want to wait for your distribution to spoon feed it to you over their network repositories, you need to un-Gzip or un-Bzip2 and tar extract the software to a directory and make manual symbolic links to the executables and launch icons on the desktop. Fun, right?
Granted, Adrian’s specific problem could have been solved by consulting Ubuntu Forums or going to VMWare’s fine Communities web site, where the VMWare Tools installation procedure is documented in detail. VMWare Tools is unique because it was primarily designed to use with Enterprise Linux distributions, such as RHEL and SLES – and because it is so tightly integrated with the Linux Kernel, it requires that specific driver modules be built for each distribution’s kernel, at each specific version level. For RHEL and SLES, you just need to install a single RPM file and run the configuration script, as everything is pre-built — these distros don’t change that quickly, so VMWare is safe with only needing to build modules for them periodically. But in the case of poor Adrian and Ubuntu 8.04, where the distro is refreshed every six months, you have to un-gzip-tar the software, install the linux-source and linux-headers, and install the build-essential package which contains all the necessary compiler and developer tool dependencies to build the kernel modules. THEN he can run the installer script. Got it? Good.
Fortunately, the problem will eventually just “Go Away” — the VMWare Tools package was released into Open Source, and eventually, every distribution will just have it built-in, like the newly released OpenSUSE 11 which is already VMWare enabled. I suspect that within short notice, open-vm-tools as well as the Microsoft Hyper-V hypercall adapter modifications to Xen and the Sun xVM VirtualBox tools will all be available in Ubuntu and any distribution that wants to use them. My sources tell me even ultra-geeky Gentoo, the source based distro popular with embedded systems and boot CDs, has it available.
This is all fine and dandy for VMWare Tools, but it’s hardly a happy ending for the balance of Linux users. Yes, the Linux desktop experience is improving. Yes, plenty of software is available on the download repositories for a lot of distributions, especially Ubuntu. But until this stuff is totally foolproof, even seasoned PC experts like Adrian are going to be thrown through a loop.Do we need form a concerted effort to make Linux applications easier to install?
Tuesday, July 01, 2008
by Dana Blankenhorn
We’re about to find out.
Netgear, a reputable name in routers, has launched the WGR614L, an open source 802.11g router.
It looks like any other Netgear router, it can even run under Vista (thanks Nachi), but it can run everything at a new Netgear site, MyOpenRouter, and more besides.
While Cisco accidentally created an open source router a few years ago, getting caught with Linux in its Linksys, the company never exploited this as a feature, but treated it as a bug, blaming chip supplier Broadcom.
Netgear is definitely treating this as a feature.
MyOpenRouter offers developers a comprehensive user guide, applications forums and downloads. Best of all this isn’t a stinky would-not-sell-otherwise router. It’s got an internal diversity antenna to improve performance, and supports WPS.
Nachiketa Prachanda, no relation (we assume) to the Nachi worm of five years ago, seems to be the main host-blogger at MyOpenRouter, and that’s a great idea because it immediately personalizes a site, gives it a voice.
So if there is a substantial open source router market out there, in 2008, Netgear will find it. I just wish the industry had this attitude back in 2003.
Sir Clive in 1985, on the appeal of the C5
Personal flying machines will be a reality, home computer and electric car pioneer Sir Clive Sinclair has said. He told BBC Radio 4's PM programme that soon it would be "economically and technically possible" to create flying cars for individuals.
Sir Clive is best-known for the Spectrum computer and his failed electric car effort, the C5. "I'm sure it will happen and I am sure it will change the world dramatically," he predicted.
Despite his pioneering work in the field of computers, Sir Clive told BBC Radio 4 he was not an internet user. "I don't use it myself directly," he said, explaining that as an inventor he tried to avoid "mechanical and technical things around me so they don't blur the mind".
Sir Clive Sinclair talks about flying car
He said the internet was "just wonderful and quite amazing" and its growth was not something he had predicted back in the 1980s. "It has totally surprised me. I utterly failed to foresee that."
The celebrated inventor is not working on developing flying car technology currently but said he would "love to be involved" with any effort. As a pioneer in personal transport, he said "flying cars were technically entirely possible".
"It would need to be automatically controlled because we can't all learn to fly.
"The vehicle would take off from your home and fly to wherever you want to go."
Sir Clive said personal flying machines would have to be electric powered, because petrol engines were not reliable enough.
Clive Sinclair holding one of his firms products - a TV set which can receive up to 13 channels on a two-inch screen. For a programme in the BBC World Service series, 'The Young Idea', Gordon Snell (Sir Clive pioneered many electronics fields - including portable TVs)
But, he admitted, his 1980s venture into electric cars "didn't achieve the success I expected". He said: "We did sell quite a few thousand. Looking back I can see why [we didn't have success].
"It was a bit daunting to go into traffic." The rising cost of oil, combined with environmental concerns, have made alternative-energy powered cars a goal once more. "Long before the C5, and ever since, I have strongly believed in electric vehicles. I am glad to say it's all happening at long last."
Sir Clive produced an electric powered bicycle, called the Zike, in 1992, but it too failed to capture the public's imagination. His latest project is the A-Bike, a lightweight, foldable bicycle. But, he said, he still harboured hopes of returning to the electric car field. "The thing is - to do an electric car is obviously a huge investment. I'd need huge success in the electric bike field," he said.