Wednesday, October 20, 2004

Notes from CTO breakfast

First I should once again thank Phil Windley for hosting the CTO breakfast. It usually happens the last Friday of every month and the regular attendees always bring something to the table to discuss. I am not a CTO, don't claim to be one but hope some day to aspire to the levels the gentlemen that do attend have achieved. This is the only place where I feel I am not the largest geek in the room.

So I thought I had better throw my notes up here or else I will forget them.

So what topics got thrown on the table:

Google Desktop Search. Everything from the interesting traffic sent back to the mothership to how badly the processor is consumed from the launch of the program until the entire hard drive has been indexed. On my own machine this took a little over 3 hours to index. Someone mentioned Nat Friedman you may know him from his Ximian days (one of my all time favorites) but we went into his project Dashboard . This app is more useful in my eyes than what google is rolling out - the main thing to note here - people seem to want their google everywhere as we all aren't as organized as we thought.

QEMU was the next topic - I think the leap to virtualization came from the leader Phil - he always seems to understand when it's a great time to change the direction. Virtualization has become a hot topic followed closely or even tied into the ability to make virtualization invisible to the end user. There are the common products VMware (which I use), VirtualPC (former SCO employee swears by it) and then the open source revolution. Development has begun to cross platforms - if I have the app on OSX then I expect it to be over on my WindowsXP box - and it sure would be nice if I could run the same app on the linux box as well. The general consensus was that we may see a change in the way we see OS's that takes the desktop and makes it ambiguous across every platform. this brings the focus back to the applications and not what lies underneath. You can see this change in Apple - the move from OS9 to OSX fundamentally changed the OS and improved the functionality.

Security always get mentioned in one way or another - since I am really interested in it I usually bring it up but not this time. We talked about LogWatch, and some possible extensions to the security model it provides - RSS (XML not the person) got involved and some ideas were scribbled down - got to be careful sometimes we are always looking for that next big project so people have to stake their boundaries.

Downloads - how about a Friendster/Digital Fingerprint download suggestion web site. You could know that a download was clean, and who recommended it among your friends - you can then quickly determine whether you should ever trust your friends again and whether they actually have any idea of what good software is.

There were many little side discussions, more notes but these were the main hot topics. Always looking for new topics to introduce so feel free to drop me a comment.

Tuesday, October 19, 2004

Hmmm

Sometimes when you least expect it you really have to stop and think. I say this because a vast majority of time we are wandering through life just making things work and not paying attention to what we are doing.

So recently I have been thinking about "What I want to be when I grow up?" Most people would assume that I am grown up - they would be wrong - my son and I get along perfectly because I stopped growing up somewhere around 18ish and well the average 18 year old is about the same maturity level as my 3 year old.

So my sudden questioning of possible career change started a few weeks ago when my wife suggested I started reading Zen and the Art of Making a Living. There are quotes from Joseph Campbell, Vincent van Gogh, James Joyce, D.T Suzuki, Anais Nin, William Blake and tons more. It is an amazing book . I am going to start trying to add a weekly comment about the book, and a quote that struck a cord with me.

On a side note: I get to go see Michael Moore tomorrow at UVSC - VIP section no less - have to dress like a young republican and I am going with at least two republicans but I respect their opinions so this should be interesting. I will try and snag some pixs and drop a comment afterwards.

Tuesday, October 05, 2004

Where in the world?

So I am sitting in Baltimore - out here for some training on these amazing firewalls that were recently purchased for the project I am working on. The only thing that I am waiting for is for them to implement SSL VPNs and then it will be ranked as one of my favorite firewall devices out there.

Again with the politics - last night I got to sit down with a very dear friend of mine who happens to be working for Homeland Security. Eventually conversation came around to, "What would Ward do if he anyone listened?"

I started off with CALEA. In October 1994, Congress took action to protect public safety and national security by enacting the Communications Assistance for law enforcement Act of 1994 (CALEA), Pub. L. No. 103-414, 108 Stat. 4279. The law further defines the existing statutory obligation of telecommunications carriers to assist law enforcement in executing electronic surveillance pursuant to court order or other lawful authorization and requires carriers to design or modify their systems to ensure that lawfully-authorized electronic surveillance can be performed.

A bunch of legal mumble jumble that basically says that we as telecommunications providers better have a method to allow law enforcement the ability to serve a warrant and tap phone/date communications. My problem is with the unfortunate guys that are sent by the various law enforcement agencies to certify and/or utilize the network. In this day and time, our continued worry of terrorism, whether it be cyber or real you need to have guys that can understand what they are looking at - the government has done nothing to provide the money necessary to prepare these guys - not to mention getting one of the agencies to send someone out to the site for review can be one long painful experience.

I don't have a problem with spending the time to help these guys but I am not law enforcement and at the end of the day I am not the one who has to know the laws and how to catch whoever they are after. Additionally if you are conducting illegal business in the electronic age utilizing the communication options available to you I would expect that you are going to be bright enough to know about things like PGP, Skype, or IPSec - and if you aren't you paid somebody to come work for you that showed you what technology was out there and how things worked - I am betting money that the law enforcement officer standing next to me is not going to be that informed. Spend the money to either hire guys like me that are willing to help out or train the guys you have working for you.

I won't carry on about the VoIP discussion that we had - I pointed to the benefits of VoIP but also the many ways that the services could be abused.

I told a little story about a little run in with TSA a few weeks ago. Coming through an airport I frequently travel through my carry-on was pulled and opened. Not an uncommon thing, upon opening my bag they discovered a pair of nail scissors, an item that had been in bag for the last three months of flying - I was informed they would have to confiscate them or I could return to the outside and hand them off to someone - nail scissors folks. At this point I was a bit frustrated with the very large guy they had now sent over to talk to me - asking him why they were dangerous he informed me that they could be held in your hand used to punch holes in someone's chest - this I agreed with - as for the threat - highly unlikely - I laughed and asked the employee if I could use his ballpoint pen. This I told him was much more dangerous than the scissors, I could perform a much more violent attack and the actual chance of killing someone with that pen were more likely - I then smiled and told him he could throw the scissors away. I fortunately wasn't grabbed and hauled away - but this does indicate to me a couple of problems.

The government has attempted to provide a false sense of security by increasing the security at airports and secondly the idea that me and my scissors would be dangerous are more likely the inability for an organization to actually understand the true threats that face this nation.

We need to stop being lemmings and following along. There is the possibility of future threats - Why? - Cowboys running things have pissed off enough people in this world that they are going to try and take a chip of the bully's shoulder. This is no longer a matter of whether we did right or wrong - that can of worms is open but now how are we going to clean up the mess. This should be the main focus of the current election.

The outcome of the conversation - I got to throw some of my issues on the table and he heard them - he asked for several of my business cards so he could throw them around the office - maybe I get the chance to talk to someone else that wants to hear what I think.

As I walked out the door he reminded me that my vote for Bush would help keep him in a job and feeding his family - I laughed - we both know my vote wasn't headed that way - then I reminded him that I knew my vote had already been cancelled out by another friend back in Utah. Great night with a really dear friend who tolerates my outspoken political ramblings.

Wednesday, September 29, 2004

Politics!?

So I have been away for awhile - it's just been busy - 85 million has a way of doing that to you - the project has been going like gang busters (must be a term coined in the 20's when the Fed's were cracking down - Elliot Ness style)

We have been testing things - the speeds are amazing, I regularly disconnect from my enterprise network and utilize the raw FTTH speed for updating systems, and downloading content (television shows I missed during the week) Bittorrent is the video Napster of the moment. Sure beats my Tivo which is currently residing in Denver with my wife and family.

So what's new? The nation is trying to figure out who should be the next president - we have debates tomorrow between the candidates - we have the typical fire storm brewing about the fact that it is no longer an independent function, there are biases being created, yadda yadda yadda.

Guess what folks it doesn't matter - in a bit of clarity it finally smacked me in the face the other night -the democrats are going to choke because somewhere along the way we as a party chose to play nicely with the other children on the playground - we have a bully or two (Michael Moore & Al Franken) and I stretch the definition of bully to include these gentlemen.

However, when we flip to other side and please don't use liberal and conservative - those definitions were lost long ago and should never be applied when talking about politics today. They have O'Reilly (the man who never tells anyone to "shut up") Hannity and Combs, Rush (everyone’s favorite pill popping conservative watch dog) Limbaugh, and most of the cast of Fox News (oxymoron Fox News - hmm like military intelligence) - notice a trend here - the media is your most powerful ally when you become a politician - and the boys running things right now have the media drinking daily from their special kool aid mix.

You will hear the arguement, "the media is controlled by those freaking liberals" I tend to disagree with that assessment - a recent Time article noted "3092 Bush campaign ads that aired from January through June on cable channels that mostly attract affluent white male voters - same period 265 Kerry campaign ads" Wish I could find the New Yorker article (yes even living in Utah I can find the occasional dissident publication) that was attempting to make the same point.

Somewhere someone dropped the ball - why aren't there rude democrats? Who said things had to be nice and polite? The occasional shock jock, some musicians banding together are not going to swing the vote. College Humor (NSFW) has been running a political contest of sorts, actually think they might be on to something and then we have Votergasm (NSFW) - talk about setting the republicans off - Rush has been foaming at the mouth for two days now. MTV has Rock The Vote with VH1 throwing in their support too - that's the key - the youth - need to spin them up - give them a reason to want to jump on board, let them realize that no matter how screwed up things are the adults know that they are leaving the mess for the next generation to clean up.

Michael Moore is coming to town – here in Utah – the radio jocks hammer it daily – yet when you check the web site for tickets the event is completely sold out – the same can not be said for Sean Hannity. Kerry and crew better figure this out real soon and look back at their roots – Kerry needs to nut up (great southern expression), be the general pain in the @ss that helped him get to where he is today. Edwards needs to grab a bat and start swinging for the stands – the gunslinger and crew are not going to go away without a fight and we should all be a little worried if the upstarts manage to lose it.

Have I rambled enough - what am I trying to say - get out there do the research and add your vote to those in November. As a republican friend of mine noted the other day, "it disappoints me to know that my vote is being cancelled out by your vote." Happy to make that difference.

Monday, August 02, 2004

How to interview? Observations I have made.

I just finished interviewing several candidates for a position I have open. In this day and age - people expect to know why they didn't get hired - most especially college graduates. So here's some advice I have going into the interview.

1st and foremost always exhibit confidence. Approach an interview as if you are selling something - Yourself! I bring examples of my previous work along. Whether it's the book I helped write or some documentation from my last project. The whole idea here is convincing the interviewer that by choosing you they will get the best ROI! (Return On Investment)

If you don't know the answer to a question have a strong supporting backup answer. How would you go about finding the answer? What resources would you utilize to determine the correct answer? 90% of the time the interviewer is looking to understand how you think and how you act on your feet.

Don't be afraid of failure - without failure you simply don't learn things in life. The questions I ask are standard interview questions all picked up from Google - learn a solid answer for these types of questions and again stick to that answer - personal answers are not the best answers. Interviewers are more interested in how you handled something on the job - be it college, senior project or an after school job.

Listen to the interviewer - they often give hints in their questions as to how they want you to answer them back. It could be within the question they are asking or it could have come in the discussion of a previous question.

Don't put it on your resume if you can't answer the question. It amazes me that people still do this. If the technical grilling doesn't catch it in the interview you will fall down on the job and then everyone knows it.

And finally read the job description closely - notice the hints as to what they will be interviewing you on. Create an outline of the necessary knowledge before the interview - I often make a multiple page review sheet before I go to an interview that refreshes me on the different questions that could arise from my resume and the job description.

Thursday, July 29, 2004

Done gone and got funded

As of 9:00 am MST the project I am happily working my life away on was funded.

This is a wonderful thing - it means there are people out there that believe in what we are going to deliver - FTTH - and it also has some sadness behind it - my life is about to go to hell in a handbasket. I have been enjoying working in the lab, testing code, writing software, learning the insides of the network and come Monday this all changes - all the real work begins and we deliver on the promise. (Any old WINfirst crew will remember this as our catch phrase.)

I am sure there is more to say but at this very moment I am supposed to be in a meeting.


Tuesday, July 13, 2004

The Bookstore - Yippie Skippie

I went to the bookstore the other day. I love bookstores! - they are my college library. In college I was one of those kids that actually went to the library. When I pledged with my fraternity - I already knew where the library was - some of my pledge brothers actually had to dig out the map and locate the building on campus.

It could also be that as a little boy my father owned a college bookstore (same campus where I would end up going to school) and I grew up in a crib in the back among the books.

It might be that I was the only kid growing up that had a room in his house called the library, big chairs, well the old white oak house had big chairs and an ugly couch. The room had walls with shelves of books, and my dad; being the eclectic he was, had a book on every subject.

Anyway back to the post - I picked up two new books to add to my growing collection of Web/PHP/MySQL books and then as an after thought I picked up a new hacking/security book.

MySQL/PHP Database Applications
To quote the review, "Rather than make up trivial programs just to illustrate aspects of the MySQL/PHP environment, this book features code snippets, each half a page or so in length, that illustrate the behavior of key code structures. For example, in explaining conditional statements in PHP, the book gives you a no-frills IF statement with real values in place. It's not always obvious how the code structures will behave in practice, but the book does a consistently good job of commenting intelligently on the place of each aspect of the language in a well-designed application. The latter half of the book attacks specific problems--a chat system, a guest book, and so on--and walks through the setup of MySQL and each important PHP function for each. --David Wall" Couldn't have described it any better.

Dreamweaver MX 2004 - The Missing Manual
If you haven't ever picked up a missing manual - you have been missing out on the secrets of most every operating system, software application currently being used. I have read the OS X book, the iPod book, and even the Windoze XP book. These are great, nice simple lessons that show me how to easily take my raw php/mysql and add it to beautifully created web pages. Anything that helps me look better than I normally look works for me.

and finally a book that scares me a lot -

Stealing the Network: How to Own a Continent
This books scares me in multiple ways - First as a wannabe hacker in my youth I am frightened to see how I could have been so easily swayed to make a real nuisance of myself for someone else's gain. Secondly as the acting Director of Security, building a FTTH network that will give some awesome capabilities to some misguided youth (nothing wrong with this - I was misguided) I see the endless possibilities that someone could take this network too. Finally I read this book and wonder to myself, (me wondering) "This book teaches those script kiddies that if they actually learned 2+2=4, or how to use MS Project, they too could be real nuisances to society. So in the end I give this book all my recommendation - want to understand how that dark world you are trying to protect your systems from work - read the first book in the series Stealing the Network: How to Own the Box Want to understand how your whole network could fit into someone's puzzle and be used to for their gain read the second book. I can't wait for the next book.

Saturday, July 10, 2004

Tuesdays with Morrie

Supposedly this is a great book. I bought a copy of it a little over a year ago, my wife immediately took it away from me and told me I could read it when she finished. Well here I sit still wondering whether I will ever get to read it. Now you ask - why is he going on about this book - well someone made a movie about it - didn't realize this...

So I was flipping through the channels- okay my mother in law was watching Oxygen and the movie happened to be coming on. So here I sit watching it, trying to gleam the few bits of wisdom the producers might have allowed to be included in a movie as they slaughtered the original manuscript.

I should go fishing - I think better when I am standing in the middle of a cool stream watching the water dapple as a trout noses up to the top to see what some crazy fool is throwing across the water.

Thursday, July 08, 2004

PHP, MySQL...Oh my

So I have been working on this provisioning tool I posted about. Things have changed since I last posted on it. I have changed from building it entirely inside of a TCL wrapper and instead designed this wonderful little web tool. It's quick, smooth, and has the ability to easily grow as new requirements become pressing needs. Those designers in the crowd understand how scope creep allows one gadget, button, request to suddenly take precedent over another one.

In the process of building this tool I have come to love three books: (has to be love when I regulary haul them back and forth from office to house.)

PHP and MySQL Web Development

The purple book - This book has a great layout,you start building an order system for Bob's Auto Parts and work through adding to the scripts. I keep thinking it's an O'Reilly book, and looking for it on my Safari account when I can't remember something. It is what I consider one of the best references going for building good web sites.

PHP MySQL Website Programming: Problem - Design - Solution

This book has given me some processes for building a website from the ground up. I have just spun my own sites out without really thinking about it, looking at the flows, or even deciding how the file structure should be constructed before I actually began programming. I took those classes back in my college programming days and forgot them soon after I became a Network Engineer.

and finally because everyone should have a book about web site design from one of the best

Philip and Alex's Guide to Web Publishing

I have owned this book for several years, quoted from it (CTO Breakfast) and generally have used this book as reference for everything web related I have ever touched. Philip is always writing something interesting, he had an amazing company (I dreamed of working for his company. You can do a little research on the web and find out how about the demise of ArsDigita.)

Monday, June 28, 2004

Little Girls

Haven't been around for a few weeks - My life got turned upside down about two weeks early. My spank'n new little girl showed up on June 20th. The doctor, my wife, son and myself were all under the impression that she would arrive in our hands July 4th. She obviously didn't get the memo...


So I got McKaia Ann at 14:08 MST on June 20th. She came into the world at 7.46 lbs, and 18.5 inches long - I think that was a bit of a stretch - she is so tiny. I can hold all of her in one hand - amazing!


I will try to get back up to date - have a very busy week in front of me - Service Provider is in town, need to finish the mockups for provisioning web pages, and look at the video channel manager.

Wednesday, May 26, 2004

New RSS Reader

So here we go again - trying a new reader on my Windows PC - Sauce Reader - I have been swapping as much well I live in Utah you make up the joke to go along with that.


I already like this reader it allows me from inside of various feeds to go ahead and blog about it, as well as just to create my own on the fly. makes it nice when I am sitting in a meeting come up with a thought after reading someone's feed and want to pass it along.


I am intrigued with RSS and what can be done with it. I have been working on an interface for the provisioning system, as an addition to the interface I have added a RSS feed that allows the NOC Manager the ability to see all the ports being configured. So we have a rolling status window of all the installs taking place in the field. Neat way to tweak the technology for a constant update. As an addition I also have the interface track all the configured ports per NOC technician and deliver a newsletter at the end of the day showing the productivity and errors broken out. Should be an interesting tracking model for the NOC.

Thursday, May 20, 2004

Tcl_Dev_Kit 3.1 - Building TclApps

Tcl_Dev_Kit 3.1 - Building TclApps

So for the last week I have been messing around with this Expect script, fondly known in my office as the WardGUI, it will allow a NOC technician the ability to choose a specific community switch location, then the slot and port number associated with a specific house and finally the services that need to be enabled for that location. The script works, needs some spit and polish and to actually have some files to pull the variables from but it delivers the goods on my one test switch. (Please see the UTOPIA project if this makes no sense to you.)

So then I decided I needed to get fancy and as I like to consider myself a bit of a *nix nut let's add some fun to the mix. Originally the GUI part was going to be driven from the web but then I got the bright idea I could wrap this whole thing up in a pretty little TclApp - this would allow me to run it on my happy Mac, the Windows XP box I have been beating the script out on or the FreeBSD box I originally wrote the Expect script on. Now the people in the audience are watching this and someone just whispered, "you know you could do that on all those machines with a web interface?" Yes, I know that but where's the challenge and besides I am building it and you're not, so leave me alone.

To most programmers this would seem quite trivial - they could more than likely knock this little doodad out in a day but to a non-programmer (I build networks man!) this has been quite a struggle. ActiveState is doing their best to help me accomplish this with their documentation, and demos. I will let you know how this thing turns out.

If anyone has any good TclApps that I should take a look at let me know. Might as well learn how to do this right the first time.

Wednesday, May 19, 2004

SecurityFocus HOME Infocus: TCP/IP Skills Required for Security Analysts

SecurityFocus HOME Infocus: TCP/IP Skills Required for Security Analysts

This article brings to point something that has bothered me off and on for awhile. You need the skills before you claim you can do it.

For several years now I have been interviewing network engineers. I have a standard that I have been following that involves a 15 page Excel spreadsheet that contains basic questions that most CCNAs should be able to answer. During the process of giving out this interview I have had various reactions - several gentlemen have left in tears - to having one engineer actually point out an error in my questions. He got hired immediately.

Interviewing has gotten tougher in our industry - before you put a resume out there make sure you understand everything you claim you know. You don't have to be able to recite the specific RFC details assocaited with MGCP.

I encourage young engineers to understand the OSI model, play around with the TCP stack, learn how things communicate, but don't forget to take the time to understand the architecture within your computer and it's relation to the OS's - Windows XP, Linux, FreeBSD.

Tuesday, May 18, 2004

So I decided it was time to start logging again. It has been so long since I last touched the keyboard.

I now live in Saratoga Springs, UT. A small little town with great aspirations of becoming a little larger town. Hey, it has a grocery store, movie rental store, a gas station, and two pizza parlors.

The city building leaves a little to be desired but then it's paid for. If the city ever need s to move, our city council can walk outside and bolt the wheels back on.

I moved here to Utah from Colorado because I was finally convinced that there was a need for FTTH (Fiber To The Home) The project I am currently working on is called UTOPIA. A very unfortunate name but all in all a very interesting project.

I have been involved with the project for over a year now. I have had a range of responsibilities including and not limited to speaking in front of several city council meetings, the Utah Senate Transportation & Public Utilities & Technology Standing Committee, and anyone else I could get to stop and listen to me.

My current title is Director of Integration and Security. Many would think what an amazing title, you must have so much responsibility. Well they would be right about one thing - I currently have 7 projects open on my desktop that require my attention by the end of this month. We are after all a start up and everything that comes with being a startup has landed on or near my desk if it has anything to do with integrating this network.

Oh and don't forget I also need to make sure we are secure about what we are doing. I picked my CISSP up at the start of this project and fortunately the things I learned concerning Disaster Recovery, Business Continuity, Cyber Incident Response, and Forensics have all come to be useful. Still not sure why I need to remember how tall a secure fence needs to be and why again it needed 3 strands of barb wire.

Well that's enough for now. I will be trying to relay my thoughts, interesting articles etc. through this interface to the world.

Interesting tidbits of the web I have found.

GloFish
I love this. I really need to get one - maybe I could carry it around with me at night , bound to be better on the environment than a battery.

Newspaper Kites
This is an important skill to know. Whether you build a kite for yourself or children, this will always manage to bring a smile. Paper airplanes are acceptable on rainy days but nothing is better than a blustery March day and a kite pulling at your arm.

CERT
You should take a look at least once a week if you are in the technology business. It's always better to know that you have a system that has a major compromise than it is to find out 2 days later when a script kiddie has crashed your web server into the ground. Remember the moment you connect to the net you are working without a safety net.