Internet Gold Rash

Pun intended, read on.

I remember reading about the gold rush. Actually there were many of them, and after the dust settled down only the grocery store owners had made any money. Those professionals became wealthy, if not rich, because they enabled the fools to go kill themselves over some nuggets of gold in grizzly infested territories.

Likewise during our very own gold rush, the Internet buble’s rush, there are bunches of “entrepreneurs” trying to strike gold and a few grocery store owners who make the money. Oddly enough today’s store does not even provide axes and spades but abstruse advice on how to “Entrepreneur” with a passion and expect to find gold nuggets. Even more peculiar is that they get paid for enabling others to become gold diggers.

The Padlet Bubble region of space of ubiquitous computing

A couple of years back I predicted that computers would be free, i.e. subsidized by telcos so that they can sell ADSL, 3GPP , or whatever will be the current connectivity fancy. It was apparent to me that manufacturing costs were extremely low and access charges could easily pay for them. At the time I was thinking of desktop PCs shipped to kids and grown ups alike. These PCs would be tied to the providers’ network and offered with a simple leasing plan. I am loath to admit that I was not entirely right.

With the advent of iOS,Android,ChromeOS,iPad,ChromeBook etc, we are entering the Padlet Bubble region of space. It has come to pass that computing devices have become ubiquitous, yet unlike whatever I imagined. I thought they would be like a classic computer with a keyboard and mouse and not the mutation of an old beast: a strokable intelligent screen.

So I will now recast my predictions, deep breath, crystal ball focus: The advent of free computing is upon us already, not much of a prediction there. Computing hand held devices will be the mainstream computing means of the new era. As the laptop has taken a bite out of desktop sales , so will tablets steal market share from laptops and desktops alike. We already have multicore pads, all they have to do is grow up a little and become more computer than phone. Give them an HDMI interface and a decent USB port and there you have it, who needs a laptop any more ? We will even see the almost extinct internet shop rise up again and offer docking and/or storage services to tablet owners looking for a faster/cheaper connection instead of their telco connection, or a large screen for an online game.

Now for a slightly more extreme prediction: E-paper will become cheaper and less power hungry. Padlets with rollable / extendable e-paper displays will become extremely sought after. Just think unfolding a large screen from the side of your pad and watch full size …tube videos, or play online games on decent sized display.

Crystal ball is out, don’t get me started on security of those devices.

Padlets = Pads/Tablets

The Universe rotates around an axis of pure Irony

If there is an axis around which the universe rotates, then it is Irony.

Irony is pandimensional, unrestricted by our current understanding of physical laws and all permeating.  Irony is probably the glue force or elemental particle or ultradimensional string or what have you that researchers should consider in their grand unifying theory of everything.  At least everything that revolves around the human condition and causes bitter laughter.

Examples of universal Irony:

By the time you understand how this world works you are too old to enjoy it, isn’t that ironic?

If you marry the girl that you are infatuated with, you lose that infatuation, isn’t that ironic ?

Good employees are the ones that get all the shitty work because the boss knows they will perform. Slackers get less work because they are slackers and are slack with their duties, isn’t that ironic?

Bad debtors get more cash to help them repay old debts, those who pay regularly cannot even request  an application to fill in for another loan. Isn’t this ironic ? Probably, but not funny these days, especially after the fiscal crisis.

You spent 40 years in school only to graduate with already dated knowledge, isn’t that ironic ?

I am spending time to right clever ditties down only no one will read them. Isn’t that ironic?

The west is democratic but it fosters autocratic rulers elsewhere, that would be ironic if it wasn’t so inhuman.

The hungrier the children in Afrikia the reacher the charities that claim to help them, isn’t that ironic?

The more secure you think you are  the easier the next hax0r kid will  crack your systems, isn’t that ironic?.

The Japanese made Sci-Fi horror flicks of a Gozzira afflicted by radiation, now they have to live through the reality or disaster in their nuclear plants, not to mention that they are now moving their families to Hiroshima and Nagasaki prefectures. This would be ironic if the disaster was not so massive.

..

go ahead sent me your irony

Hiring for talent

I have been having a discussion over on linkedin about how one goes about hiring people for talent, so I am reposting my answer as a blog entry.

I can only talk about the IT industry so here is my 2c worth. The really cool companies in IT are looking for capable hands on generalists with team leading abilities in a particular field and a yen for creativity. What the previous mouthful asks of the prospective employee is: “are you knowledgeable,capable and mature enough to tackle just about anything novel I can throw at you without throwing a fit?” Don’t forget to mention that your budget for support is limited therefore your prospect should be a tool maker too.

If they flinch on the idea on operating on unknown landscapes on a large scope with limited resources while maintaining rank morale, then chances are that they are not talented.

Caveats: Beware of divas.

Auditable internet perimeter using bastion hosts.

What a mouthful, Auditable Internet Perimeter using bastion hosts! Sometime ago I published a technical recipe on securing Web based applications using open source tools. Here is then another recipe in almost completely auditing external users and their actions.

Although my claim is that too much security is a bad thing, there are situations where one has to be paranoid. Take for example the access of remote, even intercontinental sometimes,  support engineers who get to work on your digital assets. How can one be sure that the unknown self proclaimed support engineers are not of the slacking kind, or even worse of the malicious kind?  One must be able to review their work and act upon that knowledge.

First of all you will need a firewall. No really you do, although firewalling is not enough , it is a necessity of modern business. Let’s assume for starters that you configure your firewall for remote VPN access for your teleworkers and remote support engineers. When you give access to remote users,  auditing firewall logs becomes as useful as counting grains of sand. It is time consuming and worthless. Configure then your firewall to allow access only to your bastion servers for the remote users.

I use two sets of bastion hosts, unix based on linux and Windows based on you guessed it, windows ™. On linux I do not use the stock SSH server but a hacked version of it. It saves to a file all the users’ terminal interaction and you can replay or text search the log. The patches are on my site  for version 4.7p1. For previous versions of sshd look under  kdvelectronics. Gotchas: to built sshd with my patches you first have to build the ssh client , then the server. Also remember to include the UsePrivilegeSeparation no directive in sshd.conf.

Let’s do windows now. First you will need a Windows based terminal server with enough licenses, you dig? Then grab and install Rautor by yours trully, lastly include the rautor executable in your AD Group Policy’s logon script. Presto screen dumper, keyboard logger, screen scraper in one shot with a playback application that works for Remote Desktop connections also! It is  bit more difficult to locate / text search under the windows environment but at least you will have something to start with.

Now for the dessert. To properly maintain a secure perimeter one needs a unified password management system. Active Directory is very useful in that affair , couple it with winbindd on unix and all your remote and local users operate under a common access mechanism. Still not satisfied ? Still want the whole cake ? SSHD with my hacks can be compiled under cygwin in windows, so you can roll out a single bastion host under a single security policy, fully auditable and relatively secure.

Oh did I mention the cost? The Windows licenses plus consulting time. Somebody please do a bit of market research for an equivalent solution, if it exists, and let me know. Gracias a todos.

Too much security is a bad thing

As far as most corporations around my neighborhood  are concerned,  the role of  IT security is to keep the authorities at bay, so that business can go on as usual. Intelligently ran business realize that they need security to safeguard what I consider the most valuable asset of theirs in the modern service economy, their data.

So a security officer is always been drawn between the need for productivity, the need to assuage the authorities AND the necessity to safe guard the corporate infrastructure. Which leads me to “Too much security  is a bad thing“.

If one designs systems and services so that they are “absolutely” secure, then it will come to pass that not even their designer can use them.Once upon a time I worked someplace where we created a log in/access system that required three different sets of passwords and three different hops through an equal number of firewalls  to get to the target machines. It was and still is very secure on paper, but it made our life so difficult that we scripted automated log in systems to bypass all that cruft. Not to mention that uploading or moving files was a nigthmare of chasing spagheti SSH connections and we had to maintain three different firewall technologies.

Too much security annuls itself. It forces people into such stress that they find ways around it. A moderate, well designed IT security model  where certain liberties are given, yet monitored, is a much better alternative. But that on another technical recipe of properly setting up an auditable bastion perimeter for data centers.

Startup liquidity

A good friend has a  startup for a great network enforcement engine. It is a great product, almost completely unique in its market, with great potential, and incredible engineers behind it. Engineers who have worked really hard with next to no pay, because they believed in it and it tickled their imagination.

As the time comes the device is steadily moving from beta to full production. My friend is now embarrassed to ask for the money he well deserves from his beta testers as they are ordering the devices. So I talked him into offering certain  discounts and amenities to the betas but not too much for a number of reasons.

• It diminishes the value of the final product
• The beta testers will want you to be solvent and keep providing the service they required and expected by allowing your product through the door.
• And finally my spin doctor diatribe:

Great tech takes great people to do. They are willing to work gratis for a period of time but not forever. They have to get the dividends of their labor so that they can keep doing what they do best, i.e. create great tech.

Microsoft , gotta love it.

Many years ago, more than I care to recount, I got a job opposite the World Trace Center as a C programmer to maintain a largish DOS application. Remember the Microsoft C compiler of the time ?  It had various memory models like the tiny, small , huge etc. After fighting code bloat for a few months  I decided to try the huge memory model of the compiler that would allow me to use extended memory and help the product a bit. Lo and behold everything compiles just fine  without warnings, so I fire up the application and it dies on the spot.

Luckily we were using the best debugger of the time Turbo Debugger ! So I start tracing my code, and I find out that the application dies when I call printf which is the most basic C function to print something to the screen. What happened is that the linker was linking the wrong libraries, to be specific a call to printf was implemented as push stack segment, push stack offset , call the function, but the code within the function was: pop stack pointer , go on. Obviously the variables were trashed and the program crashed. Soon after that I left the company for my masters degree and haven’ t worked with microsoft tools until recently…

Switch back into the modern day and age. I am constantly honing my abilities in the programming field so I decided to get a grip on the C# programming environment figuring that after two decades they would have gotten their act together. Surprise, surprise,after fighting with visual studio express for a few hours, it promptly crashed on me. Thankfully I did not have any important work going on at the time. Still I am not deterred, I will even figure out why the god forsaken implementation of ldapsearch does no subtree searches …. I am told to use the novell dlls, sigh…

Psychologists aaaaaargh

I have been trying to market rautor to a few people around my country and I have run into an issue that I expect to be prevalent around the world.

Although most non technically oriented people are  known for their aversion to technology at large the internet has made them even more so. Case and point is that some child psychologists outright refuse the idea of monitoring a child’s usage  of their computer because then “the parent loses the child’s trust”. I am not competent or knowledgeable in psych to be able to counter this claim but I do have an opinion or two of my own.

First of all the idea or rautor or other equivalent programs is not to stifle the kids but to monitor them. In any case when children become competent enough at a certain age with a new technology, they far surpass their parents and it is impossible to control them, the issue is to protect them during their formatting years. In any case while a child is growing up , its parents constantly monitor it, either by eavesdropping in its phone conversations or by peeping into its playroom in subtle or less so manner. I  consider monitoring internet usage just such a case, not to mention that rautor can be configured to be active ONLY when a certain program starts running on the computer, all the other time it is in-operational.

Secondly monitoring and auditing can certainly be abused by any parent to brow beat their children. But in an abuse case, how do you trace the child’s online behavior and who has it been in contact with ? This is the gap that rautor is trying to fill, overseeing of behavior.

Please feel free to post your comments, I at least am interested as both the developer and a dad.

Anti-depressants

Abandon hope all ye who enter here. That is the sign above the entrance to Dante’s Inferno and quite frankly it should also  be above the entrance to most Telecoms in Greece right now.

The market has been  turmoil, so much so that a number of small operators closed up shop and a number of medium to large ones are merging or are being acquired. We , the workers, all knew that this day would come, we just hoped it would be postponed indefinitely. Unfortunately the days of reckoning are  upon us, and that brings me to the topic of this blog entry, despair and depression.

When one sees the faces of co-workers one can only see anxiety an despair. The times are tough and a layoff can be disastrous for a family man or quite frankly for everyone. In these difficult and trying times my only consolation to my work force is the following simple mantra:

I do not know what is in store for us, what I know is that we have worked hard as team and built elegant systems and kept the shop going while others sat on their haunches bemoaning their fate. If you do not trust yourself and your abilities, if you doubt whether you will make it or not, stand back and recount your work. Trust your work and your efforts, it has been good and valuable and if things work out the way they are supposed to work in this life, the value of your toils will become apparent. Trust your work and count on that trust. Artifacts, which is what you artisans make, have a tendency to seek out their creators. Trust your cerebral children and they will lead the way back to you.

This little mantra has been quite effective to keep my team’s morale from sliding down the ravine of despair. That and a good stream of work therapy