Senior vs junior sysadmin during an outage
Yet another manifestation of jw.fi.
My previous posts are archived as html on my hard drive as I had to make a semi-emergency evacuation of my previous host since TextDrive is finally pulling the plug.
The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.
Spiceworks recently had the opportunity to meet with trackside engineer Antony Smith of the Caterham F1 team, a super-friendly British chap who found himself here in Austin once again for the U.S. Formula One Grand Prix. In Part 1 of this interview series, Antony explains the crucial role IT plays in the F1 industry today, gives us an inside look at the technologies Caterham F1 uses, and tells us how they manage to pull it off, race after race, at F1 circuits around the globe.
An unusual botnet that has ensnared more than 12,500 systems disguises itself as a legitimate add-on for Mozilla Firefox and forces infected PCs to scour Web sites for vulnerabilities that can be used to install malware, an investigation by KrebsOnSecurity has discovered.
Following NSA leaks from Snowden, engineers lose faith in hardware randomness.
I think you can choose any large piece of software and find basic and advanced algorithms implemented in it. As a case study, I’ve done this for the Linux kernel, and shown a few examples from Chromium.
After spending several years as both in dev and ops I’ve begun to notice some trends that I can only describe as groups of people behaving virtuously – it’s just that the virtue in question depends on the group.
It might sound like a weird thought, but that’s exactly because it is. I am writing this based on purely intuition and gut feeling on the subject. I am no guru, no soothsayer, no diviner of truths.
I am just a hacker. A guy who writes for his future self. So I can gain some sort of feeling of growth through retrospection.
“Simplicity is the ultimate sophistication.”
― Leonardo da Vinci
The core principle and virtue by which dev lives and breathes is elegance. Be it elegance in design, naming conventions or a fun past-time such as code golf.
Elegance is the goal of making really complicated and complex matters disappear under the veil of simplicity. Elegance is the recursively self reorganizing piece of genetic code that is written in 3 lines of esoteric Perl but is perfectly legible in English.
Beautiful code is one goal of elegance. It is its own reward. An ends in it of itself. Write purely functional code without any side-effects and reap the mental gratification such that only Zen Monks from Nepal know of.
Elegance is making the thing that works the simplest thing it can be.
On the flipside of DevOps is Ops. Operations. The guys who make sure everything works smoothly and continue to do so for the foreseeable future. Reactionary or proactive - it doesn’t matter. These guys are always active in either case.
The core tenet of the Book Of Ops is pragmatism - that is being as practical as possible.
Practical in the sense of field medics vs. neurosurgeons. Patching your mate with whatever is available that suits and then fixing the root cause with better time.
Pragmatism is doing the simplest thing that works.
It is knowing that things could always be improved, it’s not getting tangled in analysis paralysis which is quite common in dev or software architecture design.
Pragmatic Ops forces hack’n’slash with Occam’s razor while Dev is combing over the fine print of Law of Demeter or which whitespace you used.
Having been on both sides of the fence I can relate to both.
As said, the mental satisfaction you get from having all indentation across your 1000’s LOCs consistent and automatic or 100% test coverage of business logic is immeasurable and borderline euphoric. That same feeling can easily be seen as petty and nonsensical when viewed from without. But without that passion for detail and precision and concision the whole thing would probably spiral out of hands and end up as another statistic of a software project gone astray.
At the same time the prevalent trend in software development is “Just Ship It” whose main focus is to fight perfectionism inherent in most devs. It also hammers in the point that going live is a more pragmatic way of finding bugs than artificial tests in lab conditions.
You can always make software good, but not fool-proof and there’s big reserves of fools out there in the world ready to break your app.
From a dev viewpoint ops’ usual lack of care for the finer parts of the craft of programming seems barbaric. It seems that ops is satisfied with using duct tape as a band-aid instead of using the correct tool - actual band-aids - for the job.
And that’s pretty much the case from the ops’ point of view with the slight addition of context: we’re all out of band-aids and this guy’s gonna bleed out before sunset unless we use duct tape.
I think I might be over-extending my analogy, but I would continue to say that ops is ER and dev is surgery.
The job of ops is to perform constant triage of incidents from a insignificant as a log telling us that the ntp daemon had to adjust the clock for the third time in 5 minutes to having a user tell us that they cannot access a service to having a datacenter disappear from the network. Ops needs to prioritize case-by-case and escalate issues to either getting patched up quickly with duct tape or sent away for further investigation.
Devs are more akin to surgeons with their extremely delicate adjustments. Devs use scalpels to make a precise cut here, to insert this pace-maker there and then tiny stitches to fix the problem. Whereas the ops tool of choice would be to use an axe to crack the ribcage open and connecting a 12-volt car batter to get a jolt going.
What might seem like obvious and/or absurd issues via my analogy, there are real-world counterparts to these tool choices and actions taken. That is why the whole concept of DevOps is now on the rise. It is a term that aims for an equilibrium between the two factions.
DevOps is about compromise and complementing each other. Compromise in that neither side can be driven purely by their whims and wants that aims only for their own virtue.
DevOps is like playing DnD: Your lawful good paladin cannot expect nor demand that your chaotic good rogue plays by the same rulebook, pray to the same deity or even respects the same aspects as virtues. But if your paladin wants to survive it needs to loosen the grip on what is kosher and what can be forgiven due to pressures of the situation.
The number one Internet commodity is so blazingly easy to come by that you won’t believe your eyes! Step right up, step right up and drink the snake oil!
Ignorance, being a hater and trolling are the lowest possible forms of being online. Of these only one can be cured by being patient and understanding while the other two take advantage of anyone being understanding and patient.
Once upon a time I wrote quite a lot in my personal space on the big bad Internet. Then I became self-aware. I had bitten on the apple of knowledge that are Internet forums such as reddit, hackernews and twitter. I became acutely aware of how imperfect I as a human and as a techie was.
This lead to a very chronic case of analysis paralysis with my “articles”. Everything, and I mean absolutely everything, had to be thoroughly research on both sides of every point. I was as if I was writing scientific theses on mundane, subjective matters.
"I like the color blue" would not do. I would have to research what might be the reason for my preference. I would need to justify that black and red are equally valid choices but just not my cuppa tea. It went nowhere fast and as a result I entered a 4+ year hiatus of writing anything at all.
Then I reincarnated my blog ‘Just Words’ with the gusto brought forth by my switch away from software development to an ops role. I managed to write 2 ‘articles’. Then zilch. Nada.
After some reflection I have come to realize that the main fault I had was that I was trying to please others. I was writing for the entire dev/sysadmin/infosec community to validate myself and gain “street cred”.
… and so forth.
How is this any different? Am I not still hoping that someone will read this?
Well sure. In the same way I hope that someone will offer me a 6-digit job based on the fact that I happen to be on LinkedIn.
I am writing for myself. In the future. I want to be able to gaze back at my own self and my thoughts in 2 or 5 years from now and hopefully be amazed of the lucidity - or more likely the rampant stream of consciousness - and reflect on how that future me has evolved.
2014 will bring a lot of new challenges and so it is wise to arm yourself with the finest cyber security tools that can be downloaded for free or can be purchased. So if you are looking for port scanners, free security assessment tools and various other tools then this is the spot to be. This list is an collection of cyberwarfare and cybercrime tools. Security tools that have been collected from the internet can be found here. They all have an legit and trusty source.