Archive for 'July, 2011'

Happy SysAdmin Day! This week’s blog posts have been full of SysAdmin Day contests, so I’ll round out the week with one final contest. Except, this is slightly different. First, it’s not a SysAdmin Day contest. Second, it has a huge payout. Ten thousand dollars, to be exact.

MegaPath, a privately owned data services provider, is hosting a “Tech Talk Video Contest” that has a $30,000 USD prize purse. The contest is a video based one, with some other opportunities to win a few hundred dollars in prizes along the way.

From the contest website:

For Filmmakers—Create a video, up to 60 seconds long, that somehow features techies using obscure high-tech jargon to discuss the finer points of communications technology.

 

Your video could be about techies arguing different points, trying to convince a boss about an obscure point, or it could just be techies waxing poetic about their high-tech muses.

There is a lot of room for humor in this one, but the tech talk needs to come through loud and clear. It may help to use graphics or text to spell out more complex terms. Check the jargon dictionary to perfect your usage.

The contest started on June 10, 2011 and the last day to upload a video is August 12, 2011. The winners will be announced on August 26, 2011. The grand prize for the winning video is $10,000USD with stair-stepped cash prizes for second, third and all the way down to 12th place.

Want to see what kind of videos are being submitted? Check out the competition at the videos page. Like, for example, this really, really campy (really campy) music video geek-rap called “I’m IT.”

If you don’t have any videographer skills (or can’t find someone to humiliate in front of a camera), you can still win some dollars. Check out the “Awards Page” to see the different prizes that are available. For example, you can be entered to win $500 for simply sharing the links (the sharing contest closes on August 26, 2011).

Admittedly, the myriad ways one can win a prize is bewildering and I don’t quite get it all. Check out the “Competition Details” page for full details and maybe you can find other ways to enter for some prizes.

Take a look at the contest and see if you’ve got what it takes to enter. If you make a video, make sure to let me know and I’ll link to it. Happy SysAdmin Day! Now go brush off your Flip camera and start shooting some video!

(Yet another SysAdmin Day event is taking place! This time it’s the 2011 Root Election. The following post is by SysAdmin Ariel Jolo, one of the event’s creators. Some of the event’s promotional materials [e.g. their YouTube videos] are in Spanish, but it’s about time you dusted off your language skills anyway! Ariel says that YouTube subtitles are available for those of us who are challenged when it comes to Spanish to English translation.

Take it away, Ariel…)

The 2011 Root Elections

SysAdmin Day 2011 is coming and we must choose who is going to be the next Root by getting involved at the Root Election website. You have your choice of two candidates that represent two different parties, TCP and UDP. Let’s examine, in no particular order, the candidate for the TCP party:

TCP Party

Enrique Ernel is the candidate for the TCP (Technologist Conservative Party), whose bases have been professed by admins since the beginning of time. TCP is a traditional party whose proposals include:

• Good administration starts at the datacenter
• Use of physical servers
• Virtualization is a lie
• Hand-compilation and optimization
• Say NO to GUIs

Here’s the TCP candidate’s promotional video (Spanish language, subtitles are not turned on in this embedding):

UDP Party

On the other hand, Juan Manuel “Juanma” Cadres, the candidate for the UDP (Users Democratic Party) promotes the use of new technologies like Cloud computing. UDP represents a new wave of administration practices that broke from the “old administration” by offering a practical approach to administration problems. In their own words, their tenets include:

• Not worrying about the physical infrastructure
• Say YES to virtualization
• Use pre-packed software
• If a server goes down it can be easily replaced

Here’s the UDP candidate’s promotional video (Again, Spanish language and subtitles are not turned on in this embedding):

The Root Election Website

You can visit the Root Election website to see the proposals of both parties as well as add your own. [Editor's Note: For example, one of my proposals was that no SysAdmins should be allowed to make changes to anything on a Friday. - Wesley] If you join one of the parties you will have a small test on your knowledge concerning your preferred platform. Linux, BSD, Solaris, Windows, Storage, Database and more can be tested on. You can put yourself to the test and see if you too could be root.

[Editor's Note: I joined the UDP party and took the Windows admin trivia test! I got 3 out of 4 questions right, but I'm demanding a recount. -Wesley]

Root election Videos

Both parties have some videos on YouTube (subtitles must be enabled if you’re a bit rusty on your Castilian) explaining their policy. I encourage you to see them by checking out the YouTube channel at: http://www.youtube.com/eleccionroot

Links

First, the 2011 Root Election campaign was created by the digital advertising agency “Coso“, so if you liked it, send them a note at [email protected]! =)

Here is the complete listing of all of the 2011 Root Election links. Use whatever social network you prefer and send us your greetings.

Website: http://www.rootelection.com / (Original Spanish language site: http:/www.eleccionroot.com – Also note that the English website might be a bit rough in its translation. Email Ariel at [email protected] if you’d like to pitch in and smooth out some of the English.)

Twitter: http://twitter.com/rootelection

YouTube channel: http://www.youtube.com/eleccionroot

Facebook page: www.facebook.com/eleccionroot

Identi.ca: http://identi.ca/eleccionroot

E-mail address: All thanks, marriage proposals, flames, encouragements and complaints should be directed to [email protected]

 

The last Friday of July has been known as System Administrator Appreciation Day for the 12 years now. It’s a nice way for SysAdmins to get some positive press within their circle of coworkers. Often times we’re only thought of when things go wrong. It’s not uncommon for people to look at us and wonder “What do they even do all day?” With the help of SysAdmin Appreciation Day we can hopefully forge some better relationships with those we serve.

CyberArk, a software company that makes tools to manage and protect privileged accounts and sensitive information, is hosting their Second Annual System Administrator Appreciation Day Contest. In this contest, any SysAdmin is encouraged to answer the question ”What is your greatest enterprise IT accomplishment in the past year?” The best answer to that question, as determined by a panel of three judges, will be awarded an Amazon Kindle!

But who are these three judges? Let me introduce them to you:

• Matt Simmons: The SysAdmin that needs no introduction. If you’ve been around many prominent sysadmin communities you’ve probably seen his name or heard him mentioned. He writes his own blog at www.standalone-sysadmin.com that is a wealth of information about all things systems administration especially in a SMB environment.
• Bill Pesiridis: Cyber-Ark’s own rock star SysAdmin will be joining in on the fun. One can be sure that such a security minded individual will have keen insights into the risks and rewards associated with systems administration.
• Me! Yep, me.

Contest Specifics

By now I hope you’re interested in getting in on the fun. Not just for the Kindle, but for the enjoyment of sharing your triumphs with your fellow admins. As Proverbs says, rejoice with those who rejoice! Of course, the latter half of that proverb says to weep with those who weep, and I could use a shoulder to cry on as a result of a client’s PCI compliance challenges, but that’s for another blog post.

Entering the contest

• The contest will begin at 10:00 a.m. ET on Monday, July 25th (that’s today!) and will conclude at 3:00 p.m. ET on Thursday, July 28th. Responses will be monitored throughout the week. The winner will be announced by 1:00 p.m. ET on Friday, July 29th by @CyberArk through a series of Tweets.
• Entrants must tweet a response to the question “What is your greatest enterprise IT accomplishment in the past year?”
• You must be following @CyberArk. Prize information will be sent via Direct Message.
• You must tweet your answer with the #SysAdminDay hashtag and include @CyberArk
• The proper syntax is “#SysAdminDay @CyberArk RESPONSE”

• Participants are encouraged to include a URL in the Tweet! The URL can link to anything that better explains your triumph. It can be an image (TwitPic) or a blog post. This way, participants can provide a more detailed and/or creative response. This is not a requirement for eligibility but it may help participants to get their message across in a more impactful manner.
• Limit one Tweet (entry) per participant—any user that creates and/or uses multiple accounts to participate will be deemed ineligible. Re-Tweets from other users are encouraged, however.

Here are a few examples of acceptable tweets:

#SysAdminDay @cyberark I tore out our old POTS and implemented a 100 handset VOIP system!

#SysAdminDay @cyberark 700 mailbox Exchange to Zimbra migration? Hard. $50,000 less in licensing each year? Priceless.

#SysAdminDay @cyberark No-touch upgrade from Windows XP to Windows 7 for 1,000 users! More at my blog: Read More →

(Note, I am not implying that any greater success will be had with any of those topics or tweets)

Wrapping it all Up

Let’s recap. You have to send one (and only one) tweet in the format of “#SysAdminDay @cyberark [Yay me!]” sometime between 10:00 a.m. ET on Monday, July 25th and 3:00 p.m. ET on Thursday, July 28th. You can include a link to a picture or blog post about your triumph. You also have to be following @CyberArk to be eligible.

For the fullest and latest contest rules, check out CyberArk’s official page concerning the contest. While you’re at it, check out their infosec blog for some good chatter on the industry.

Submit your best triumph in the past year so we can all bask in the warm glow of your accomplishment! I look forward to examining each of your trophy projects and sharing in your joys.

“You know the phone system is still using the default username and password?” I asked the accountant over my IP phone.

Two and a half years ago a Samsung phone system had been donated to a small non profit that I do some work for. It’s a nice system, at least as far as I can tell. I know very little about phone systems, but from the manuals that I’ve perused and webinars that I sat in on I’ve been generally impressed. I usually leave it alone, though. My only venture into its guts was to add my IP phone to it. In spite of being 600 miles away from the office, I was just an extension away. Ahh, technology.

However, in the last few weeks I’ve noticed an increase in problems with the phones. One problem in particular made me decide to log into the system and see if I could sleuth my way to a solution. An extension suddenly failed and now leaves that line open constantly. Nothing can be dialed in or out. The user switched ports on the wall, but now has someone else’s extension and user information on their phone (one that no longer uses their phone). Logging into the system, which incidentally has a public IP address, made me remember that the default login details were never changed.

“Sounds like that would be a good idea,” he said, reiterating what I knew.

The accountant is my main contact at the business. He’s the one who most understands IT’s importance, which is fortunate since he also approves purchases. I was sharing his screen using Dameware MRC from my home office and we were both looking at the login on the Samsung phone system. My intention was to illustrate to him first hand some of the difficulties I had been having as I tried to track down some of the phone system problems and thus encourage the business to make a call to the real phone technician.

I navigated to the place where the password could be changed.

“What to put… what to put…” I mumbled into the mouthpiece. “It’s got to be something that the phone guy can remember, so none of my infamous 24 character random strings.”

“How about ‘I’m late for a very important date’?” he suggested.

“Not bad, I do prefer pass-phrases to passwords. Let’s mix it up a bit though.”

I typed in “imLATEforAveryIMPORTANTdate”

“That should be secure enough!” I said triumphantly. However, my spidey sense tingled as I looked at the long password. Maybe it’s because I’ve been doing this for less than a decade. Maybe it’s that I don’t think very much of my skills. Whatever the cause, I didn’t say anything about my uneasiness much less act on it.

I’ve been around long enough to know that password fields are sketchy things. Many a bank has scraped their virtual fingernails down my virtual blackboard by making their passwords restricted to a certain length or not including special characters or both. Many old systems on networks can only handle lower case passwords.

“Let’s see if it accepts it.” I clicked the button to save the new password.

No error messages were seen.

The accountant chuckled, “So now how do we test it to see if it works? Log out and try to log in?”

“Pretty much,” my voice gently hued with doubt. I just… I just didn’t feel right.  I logged out and typed the username in but pasted the password just to make sure it was the same one I put into the backend.

I clicked the login button. The page paused for a few seconds and then refreshed. No errors, no complaints. Just a fresh login screen. The bad feeling inside began to hold its head a little higher.

“Let me try this on another computer.” That’s my first troubleshooting technique. Try it on my PC. Maybe it’s everyone else that’s gone crazy.

I switched windows from the remote session with the accountant back to my PC. I wanted to make sure that I had the password on my clipboard and not some other text so I pasted it into the username field so that I could see what the text actually was. It was then that I noticed something… odd.

Username: imLATEforAveryIMPORT

Suddenly, things started making sense, but in a twisted way. I pasted the clipboard into a test document: imLATEforAveryIMPORTANTdate. “Okay, I’ve got the full string in there.” I then pasted it into the password field. I saw nothing but stars, but I arrowed through each of them and counted twenty characters from start to finish. The password was 27 characters. I forlornly hit the login button, but the response was the same. The login page merely refreshed.

On a whim I decided to put the former username and password in; the default set. That time I got an explicit error that whined about the username and password being wrong. That was truly odd. Somehow the 27 character password, even cut down to 20 characters, was not being seen as the wrong password, but yet it wasn’t allowing access. I imagine that it had something to do with hashes that were matching to a point, but still weren’t long enough. I wasn’t sure.

The phone guy will be getting a call in the very near future.

The Moral

First, expect security account management to be terribly implemented. Everywhere.

Second, always know beforehand what the account creation limitations are. Usernames, passwords, keys, whatever.

Third, know before changing anything what the account reset procedures and consequences are. Fortunately, from what I’ve seen so far, the admin account can be set back to default without blanking out the entire system. However, it takes some handset know-how that I think I’ll leave for the true phone tech.

Fourth, expect that limitations are not verified and know that just because the account information was accepted does not mean it was allowed. Test it out. After you test it, be happy that you followed step 2.

Do you have any similar password stories to share? Let me know in the comments below or link me to your story (or you can write it and post it on my blog; just contact me)

This is something of an aggregated re-post of a series of articles that have been published over at Simple Talk.

I’m paranoid by nature. I was the one growing up who, while other boys daydreamed about giant mechanical spiders eating the city, played baseball and wrecked their BMX bikes, was daydreaming about building a house in a mountain that was completely self sustaining, hurricane-proof, earthquake immune and had a helipad and rocket propelled evacuation capsule. In fact, I still dream about my hoped-for mountain home’s solar field, grey water recycling plant, greenhouses and indoor/outdoor pool complete with a waterfall and mutant laser dolphins.

This paranoia has served me quite well in my professional life. I like to team NICs, use multipaths, replicate data, version documents, archive files, etc. and etc. I also like clustering and other forms of high availability. However, while reading a vendor white paper (yes, I read those once in a while) I began to ponder just what was being protected by most HA solutions. After some time given over to thinking, researching and writing about the topic, I was shocked at how little protection most if not all high availability systems provide.

Aside from a technical misunderstanding of HA, there are also some career-based misunderstandings that surround high availability. Some people tend to think that HA can make their career more secure or their bosses appreciate them more or their userbase happier. HA will not, by itself (or even in part, as the case may be), make any of those things happen.

After my study on the topic was over and the dust had settled, I had hacked out four articles that follow in succession with each other to clarify the situation. I list them all out here for a quick reference to the entire series:

1. 7 reasons why High Availability will help you fail in even more spectacular ways than ever!
2. 7 Career Pitfalls that High Availability Systems Will Not Help a SysAdmin Avoid
3. 7 Things that High Availability is Not
4. The One Way That High Availability Will Help You
5. “High Availability or High Recoverability?” (This article was added in August 2011 as a result of some great comments that were added to this blog post)

If you decide to read any or all of those articles, let me know what you think of my treatment of the topic. I once was a lover of high availability solutions, but after closer inspection, I see the concept as a lot less of the savior that I once did. It’s a very tightly scoped thing that has less potential to save your bacon than you may first think. In fact, in some scenarios it can be a time and money waster that distracts you from where you should really be spending your time making a system more resilient.

Do you agree? Do you disagree? Does your experience dictate otherwise or is it in lockstep with my ideas? Let me know in the comments below.

Apparently there is no definitive feature matrix for the new Cisco IOS 15. Jeffrey J Fry (AKA, Fry Guy, @fryguy_pa on Twitter and of course CCIE #22061) was having none of that noise. He has compiled a massive (repeat: MASSIVE) feature matrix to differentiate between the base image, the security image, the data image, and the Unified Communications / Collaboration Image. Take a look at his great work here:

Cisco IOS 15 Feature Matrix by Jeffrey Fry.