Phasor Burn

Internet Storm Center, Handlers Diary for Sep 25, 2004 :

In spite of the Policies in place that prohibit download and installation of software, in spite of the policies in place that prohibit P2P applications, despite the Firewalls and protective measures that the organization had taken, despite installing a managed anti-virus solution they got infiltrated.

Fairly involved measures to secure a corporate lan/wan failed. What this leads to is the need for adaptive network security devices that can detect a shift in normal usage patterns and automatically block the new pattern until an administrator has vouched for it’s validity.

There are companies out there that have products with these “automatic detect, repair, block, heal etc functions” but they are on the high end and out of reach of most organizations. Well, maybe not so much out of reach dollar wise compared to the dollars spend in clean up from an infestation, but even today it’s very hard to convince companies to spend significant funds on this sort of protection up front.

Of course there’s some open source ids packages out there as well as commercial. The tools are there, but like anything else of this nature they tend to be complicated and error-prone to set up and manage. That’s the real problem.

Active IDS that changes the firewall settings dynamically, all available in some form of low cost easily available autonomic computing device is something that I would hope to see appearing sooner rather than later.

Four flights of stairs isn’t much.

Until you’ve been up and down them many times in quick succession.

I’m dealing with stone-age american express travel agency that needs forms filled out and faxed. They won’t take electronic copies, and I need to deal with them if I want to expense my business flights out to see my customer.

I could expense travel to my own company, but hey if the end-customer wants to pay for travel to see them provided I jump thru their corporate travel policy hoops… I’m game to try it their way.

Elevator didn’t come and didn’t come, so I went down the stairs with my amex traveller profile forms in pdf format on my usb key. Business centre pc so locked down I can’t get to d: or whatever. Best it will let me do is read a floppy. Great.

Elevator not coming when I push the button from downstairs. Hump back upstairs, try to upload files to web server at home.

Discover pptp not working. Do the hop-skip-jump to dump files on an intermediate machine first via ssh, (thankfully I left ssh open to it!) then rsync to my web server.

Back to the elevator on our floor. Not arriving. Ever.

Down the stairs I go.

Suck pdf’s down onto the business centre pc and print.

Elevator on main floor not coming. Up the stairs I go.

Fill out forms using lots of info from the customer’s internal site for employee id, office address, cost centre, etc etc. Yes I am a contractor but they make me use an employee id etc. It’s like they can’t figure out how to handle contractors and everything has to be twisted and bent to make them fit into their internal systems.

Why am I contracting to this large corporation with all it’s forms-pushing bullshit? I dunno… Seemed like a good idea at the time.

Let’s go fax these forms now that I have them filled out. Oh, elevator going down not working (still). Hump down the stairs. Not able to fax long distance from the business centre here in the hotel. Over to front desk. Not a problem, they fax it gratis, no charge.

Back to elevator. Still no workee. Someone from hotel, looks like facilities (mechanical engineer) guy tells me that they put the elevator into test mode today to conform to fire department rules of how often they should test etc.

While under test, it broke. They are waiting on elevator repair guy.

Nice, you think you could put a sign on the elevator at each floor?

Doorknobs.

Up the stairs I go….

Do a bit of email and other remote work, decide that I’m hungry. I should have gotten something to eat downstairs when I was there just a little while ago. It’s 0130pm, best get down there before the restaurant closes and I am stuck with whatever is in the bar.

Restaurant closed.

Lounge closed.

Kitchen closed.

Up the stairs….

Mini-bar refridgerator empty, unstocked, nada, zippo, zilch.

All this in a Hilton?

Wasn’t it bad enough that the elevator wasn’t working and the supposed T1 internet to every room is likely shared T1 for the whole facility, of which my tests showed I was getting 50Kbit downlink speeds (yes, modem speeds…).

Gaaaah…. I want to go home.

Check out this introduction to the Fear and Testing article at The ServerSide

Frank talks about fear and how it can derail efforts to find and solve scalability and performance problems.I’ve been around a lot of software development efforts over the years and one component of these projects has remained constant: fear. Software development is really, really hard. There are going to be times when it seems impossible to get from here to success. These are the times that fear can grip an engineer to the point of inaction. This is especially true for QA technicians needing to understand and solve scalability and performance problems at the end of a software development effort. Many times fear keeps the QA tech from testing.

The full article can also be found on the author’s own website.

Since when is QA there to solve performance and scalability issues at the END of a software development issue? That’s something that should be done much much earlier in the development cycle. Right? Bueller? Bueller?

Sure QA needs to understand and test for performance requirements, but these things should be first thought about and acted upon back in the in the requirements gathering, design, development, and integration phases well before QA gets involved.

I’m in downtown San Jose this week. My wife is attending BorCon (How’s that for a poorly named conference … bore-me-con?) while I spend my days working from the hotel room and attending evening BorCon events on a guest pass.

Cost a bit for the priviledge of having the choice between a few different finger foods and bud or bud light…. But what the hell, I need to get out of the room after 8 hours sequestered away.

It’s great that I just need a notebook and internet connection to do my job as technical support and administrator for a virtual classroom system.

One thing I have noticed - and maybe I’ve just got too narrow of a view of the city from the perspective of just the downtown area around the convention centre - is that this city seems to be… lacking a real downtown core. That’s the BEST picture I could find.

Is it due to being in earthquake territory? I’m not sure.

The official city of San Jose website says it is the 3rd largest city in California with just under a million residents. Streets are very clean as compared to say, San Francisco. Almost reminds me of home, except for the extreme lack of business towers or any building higher than about 6-7 floors, and a very very very dead downtown business zone.

Tonnes of empty streetfront space in both new, older, and really-run-down buildings all over the first street area. Was the economy really hit that bad, or are all the normal street frontage businesses located elsewhere - in malls etc?

Office workers … I don’t see any around here. Maybe they’re all in various semi-industrial business parks elsewhere.

Anyways, most amusing to me. I’ve lived most of my adult life in Calgary (also of just under one million residents, but it has a real skyline) and can definitely say it sure feels strange to be downtown in what is supposedly the heart of busy silicon valley with nothing but a few squat hotels scattered near the 2-storey convention centre and mostly-empty storefronts.

John Costello on the SAGE list mentioned (among other things) :

Microsoft does mention that the mail store will not mount when it reaches 16GB, in Exchange 2000/2003 Standard. Hm.

Mark Christensen’s response :

The 16 gig limit is artificially imposed on the “Standard” version of exchange to help “add value” to the enterprise version. It seems to consist of a check once per min to see if the 16 gig limit is passed, and if so shutdown the information store.

I worked on a SBS 2000 server which includes Exchange 2000 standard. There were no limits on mailbox size in the organization, and eventually they passed the 16gb limit, and remained that way even after an offline defragmentation. Microsoft does have a migration path from SBS 2000 to the “Enterprise” version of Exchange. Microsoft support’s most helpful suggestion was to use an older backup to restore everything, so the database would be smaller than 16 gb.

Eventually I discovered that I could change still change Exchange’s deleted mail retention policies, and start the information store every 15 min, just before the mailbox cleaning service was scheduled to run. At which point database would be cleaned up nearly a full min. before it
was shut down. After numerous repetitions of this cycle, I ran an offline defragmentation, and was able to start the store with just less than 16gb. I then deleted some old junk, set up mailbox limits, and restored user access to Exchange.

Before it was all over the e-mail service was down for 36+ hours, and Microsoft’s best advice was to throw away all new mail on the system!

___________________________________
Mark Christensen,
IT Manager
Humantech, Inc.
734-663-3330 ext. 128

www.humantech.com

How’s that for a quality microsoft product and equally superior support?