vmware box is alive

Phew! Swapped out my Radeon 9500 card for an equally pricey (haha!) Diamond Radeon X550 and my vmware box has signs of life. In fact, the signs were so good that I finished mounting the parts, finished up the cabling, and powered on long enough to make sure Ubuntu 6.04 loaded from CD and saw everything. Good deal!

beep pause beep beep…damn you!

I had forgotten the joy of building one’s own computer, since last I put one together about 3 years ago. I got all the parts for my system last night, but the bugger won’t give me any display. It started out with two long POST beeps, which the AMI BIOS specs say should be a memory or parity error. Great. After a lot of reseating (which eventually became rather redundant especially after I got out my dice and starting trying some saving rolls…) I started getting 1 long, 2 short beeps which should indicate a video display issue. Hrm, that’s not making any sense…

In the end, I’ll likely purchase a few more parts to swap around and see if something needs to be RMAd. I’m guessing either the motherboard has a problem or maybe one RAM module is DOA or the video card isn’t compatible. The one thing I don’t miss from building personal systems is the voodoo (not the card, for those old school enough…) you need to make sure all parts are compatible. A complete part list can be found on my wiki under “vmware box”.

personal updates on web environments, ssl, ips, and new box

Looks like my flurry of posts early this week were just pre-empting my lack of posts through hump day. Things at work have heated up a bit, especially with me learning some new things. In particular today, I am working with Wise MSI packages for our web server deployments in addition to new SSL management now that we have a hardware load-balancer which is performing SSL termination for us. I”m utilizing tools in OpenSSL to not only convert existing IIS exported keys into readable formats but also to generate new keys via scripting.

We’re also working on a new development environment: 1 of 13. Yes, 13. Don’t ask, I think it’s the wrong way to go and half of them won’t get used or updated enough. It’ll turn into our nightmare before someone gets wise and trims that back down to something simpler like “dev-staging-prod” plus a few others. Thankfully, all of the servers will be virtual.

Also into this week I’ve been re-turning our IPS. Our IPS management server took a final dump on Friday and wasn’t about to come back on. Thankfully we do backups of the full MySQL database so I recreated the server as a virtual box, reinstalled the product manager, got it talking to the appliance IPS itself, and then restored everything from backups. Talk about slick! I only had to do minor tweaks and retuning on things not covered in the backup. Not bad, and it is nice to be able to properly validate our backup/restore procedures. Backups always bother me in the back of my head until we can actually do them once and verify things work as needed. In addition, since this box was put together before I came on board, it was also nice to see we had documentation on the build and settings (thank you Accuvant!).

Lastly, parts for my new vmware box are arriving. The case arrived yesterday and the rest should be in today when I get home. These will be married to a few extra core parts I already had on hand to be turned into a dedicated Ubuntu VMWare Server box that will run a variety of “always on” machines. (In contrast to my gaming rig which only doubles as a VMWare box now and then for throw-away VMs or testing.) This should keep me busy until the weekend as I make sure I don’t have to RMA anything. I’ll post pics and notes later on about this box.

that’s no moon. it’s a space station.

Alex Hutton just posted a comment to my last post referencing a Star Wars (the best movie ever) quote. You know, I have this list of things to see and/or experience on a daily basis that make life happier. Ya know, kinda like petting a tiny kitten or watching a young puppy waddle around, they just make the soul happy. Here’s my going list with this one new addition at the bottom (yes, some of these might be a little disturbing, I apologize, but they make me laugh):

– violent pelvic thrusts into the air (think: don’t fuck with the jesus” from the big lebowski)
– dry heaves (from someone else, and not to be confused with actual puking; think an overweight linebacker who has run way too many sprints…)
– uncontrollable writhing on the ground (although NOT induced by a medical condition, that’s just mean)
– any quote from Star Wars (or Monty Python can substitute)

(cute images from cuteoverload.com)

those first few years are the hardest

I’m feeling talkative today…makes me wish I had IM or IRC at work! Alas, I get to only post here or comments elsewhere!

I really cannot explain just how valuable a little IT experience is. Six years ago out of college I had to beg to get interviews for IT positions, and even then, a very small percentage would ever get back to me. This made sense and I knew it, for a college grad with no practical experience. In the last few months alone I’ve had calls come in with zero solicitation, which is astounding to me. It is a lot different from the “I’ll take any job, anything!” mentality of 6 years ago to the “I can be picky now and say no if I foresee minor problems” of today. Those first few years are definitely the hardest. Hrm…I’m maybe a little too positive today…better bring it back down!

new headers take two

I guess I forgot which pages I had imported into MT as templates. In redeploying my entire site last night, MT replaced my random image code! Oops, anyway, they are up again although I won’t be able to edit any sizes or remove any until after work. 🙂

new header images posted

If you come to my site every now and then you may have noticed my head images changed slightly, randomly. Well, I added some more images (stolen shamelessly from other places on the net, you’ll recognize some I’m sure) to the rotation. Where before I had 3, I now have 43. I’ve not had time to QA anything and I already see a couple I want to remove or need to resize, but all in all, get out of your RSS shell and click through to check it out if you want. The change of scenery is really just helpful to someone like me who has to view the page daily, hehe.

continuing my education finally

I have finally begun the road of post-college continuing education (way behind schedule!). Today I passed what I consider my warm-up certification: Security+. Go me!

I was surprised by some of the questions on the exam, for instance what protocol does the ESP portion of IPSec run over? I had no idea (heck, I don’t think I really knew what they meant by that!). Interestingly, Wikipedia knows! I think if I have any advice on this test, look up the objectives not just in books but also Wikipedia.

Some other questions I see as rather tough for someone who has been in IT a while. “What is the first thing to do in XYZ?” You can easily overthink some of the questions and/or argue the subjectivity of some of the answers. There was another rather technical question that I wish I had the answer to (or even how to look it up!). If an unauthorized user got hold of a Linux /etc/passwd file, what would likely be the cause? SSH 0.9.4 (I might have that # wrong) installed and configured; Sendmail set up with access to administrator’s web mail; SSL something using the Apache account without virtual hosts defined; FTP server with anonymous access configured. I was like, “huh?” I could maybe pop SSH if that version is vulnerable to something, maybe that sendmail answer is referring to being able to remote in as root, maybe that Apache account has root level permissions, or maybe that FTP server somehow allows access to the otherwise normally protected /etc/passwd location? I think I answered the SSH one…no clue if that was correct.

I’m pretty sure the exam is taken from a pool of questions so I don’t see them all, but I was surprised by the number of MAC (Mandatory Access Control) questions I had (at least 5!), some of which were almost word-for-word like others. Anyway, I don’t want to go over too many questions from the exam, but suffice to say it is a nice mix of technical and conceptual questions dealing with security.

Coming up:

the backlog it taunts me

Man, it is amazing the backlog of things to play with and check out that an IT geek can accumulate. Having not had too much time lately, I’ve gotten a 6 month backlog of about 200 little notes to myself to check this site out or that blog out, check this tool our of that tutorial. Crazy! If I happen to start posting a bunch of stuff here, don’t yell at me. I used to use my blog as my notes place on new tools and things, and sometimes I’d post about something for my own benefit but never really ever get around to playing with it. I hate it, but that’s the way of keeping up with technology!

Scope! I need scope! Perhaps a job change that reduces my scope of responsibility might be helpful? I could just get a job where I create Exchange email accounts all day. 🙂 Yikes!

my it autobiography

Everyone has stories to tell. In fact, one of the best secrets to dating is to realize that simple fact and give your date a chance to tell their stories, and for you to show genuine interest in listening. This is one reason the web has blossomed so much: we all have something to say and really hope at least one other person out there wants to hear it.

Likewise, us IT professionals have our stories on how we got started in this field. Recently a thread along this vein was started at the SecurityCatalyst community and Rebecca Herold tagged me to put my story up. So here it is!

Part 1: the geekdom
I’ve long been a geek. I have always been a video gamer (since Atari), I love arcades, and I enjoy science and puzzles. I got my first computer, a Pentium-60 just to play Doom and a handful of other games at the time (Wing Commander, Descent, Hexen…). From there, I really took to computers but I never evolved beyond gaming and online chats.

Part 2: college
I started college in the fall of 1996 at Iowa State U. My roommate and good friend, Ryan, got me interested in having my own web page, so in the winter of 1996 I started learning what View Source did and how to write my own HTML markup. I’ve had a web page ever since. This, along with my addiction to Quake (the first one, you noobs) was my main involvement with computers.

I started out college by going about 2.5 years into Environmental Science. Yes, I wanted to save the whales (and otters!). But I faced some harsh realities during those early, largely unmotivated years. I knew that that field was not quite what I was looking for, was highly competitivem, and really would never be lucrative in pay. And as much as I have a passion for that area, I realized I could do just as much on my own as a hobby or lifelong interest as I could do pursuing it for a career. I spent a semester or two doing some deep soul-searching for what I wanted to do. Eventually I realized that I loved computers and had a bit of a knack for them; I was a go-to guy in my dorms for computer questions. (Years of computer gaming can really enhance your troubleshooting skills…) So I switched majors to Management Information Systems, lost 45 credits that didn’t apply in the transition from sciences, and graduated in 2001 by taking the max number of credits for my remaining semesters. Needless to say, I was very happy even though I walked out into the IT world the year after the .com boom busted.

Part 3: security
Upon graduation I really wanted to get into web design and coding, but with the dot com busting, the IT class of 2001 was really not a lucrative class like the previous years. I spent a lot of my time during job searching to hone my skills and learn new things.

On a whim, I picked up the book Hack Attacks Revealed by John Chirillo. I was immediately hooked and knew that I could happily trade web coding for systems management and eventually security. Since then, I’ve been working in this area and pursuing the field ever since. Picked up my first real job in early 2002. Within a month of working on the technical support team, I was offered a place on the web dev team, but turned it down to hold out for another role I knew would soon become needed: systems administration. I got that a year later, in 2003, and have since been a sysadmin with a big interest in security.

general update on things going on

My projects and other things have been taking up way too much of my time lately.

My bracket in the NCAA tournament (mens) has been about as bipolar as any bracket I’ve ever done. Typically I do very well in these things, but like most, picking the winner is the make-or-break decision. Pick the winner, and you’ve no doubt gained points throughout, miss the winner, and you’re sunk. This year I had only 20 hours from selection show to entry submission, and the lack of research showed through, although I was saved by a very well-seeded bracket. I did horrendously in the first two rounds, but picked 7 of the 8 Elite Eight teams and, until UNC lost, I still had all Final Four teams.

My WoW time has suffered as well, although that might not be a bad thing! My main is still level 60 and my Draenei Shaman is level 36. Yeah, I’m slow and my time/effort has dropped considerably (thankfully). If I didn’t have real life buds in game, I’d have left it long ago.

At home last night I enjoyed just how easy Linux is becoming as I continue to just be immersed into it. Much like my idling in some IRC channels or mailing lists, just hearing things for a while means I gain some understanding; or being around something. I’m not planning on taking my CCNA for a bit, yet I am already just sitting in and contributing to some local buddies doing their studying and talking, and I pick things up. Hang out with baseball fanatics for a while, and you’ll find yourself learning about baseball until, before you know it, you’re considered someone “in the know.” My Ubuntu install and SSH server took all of 15 minutes once the actual OS installer finished. Talk about easy. Next I will be playing with Squid and Snort and setting up more ubiquitous remote access, if I can (from Windows and Linux boxes without using VNC…)

At work, I’ve been busy exercising my scripting muscles by automating our installation process for web applications and servers. I’ve done all of the easy work so far, although the hard stuff I have saved may turn out really easy if I ease up on my own requirements and utilize Windows-native exe apps rather than programmtically build my own (gacutil and regsvcs). Scripting is really exciting and amazingly powerful. With Exchange 2007 on the horizon for many orgs (whose management seems to be fully PowerShell-based), I like this head-start I’m getting. Someday soon I’ll dig a bit more into Perl and/or Python to round out my scripting exposure.

my personal privacy stance on pseudonyms

Andrew Storms posted a really nice bit over at nCircle about our personal privacy stances online, namely some commentary about pseudonyms online.

Obviously I maintain a pseudonym online. In fact, I have two. “LonerVamp” is a carry-over from years long past and I keep it mostly because it is far more unique than “Michael” or even “Michael Dickey.” If ever someone from my past wants to look me up, by god, they can do so just fine. And sometimes they do.

Another reason I still like this name is simply the extra layer between my time online and my real person. I really have no difference in who I am based on my screenname anymore. I think I got over that back in 1997. But anyone looking to poke around at me from either the “Michael” or the “LonerVamp” direction will have to do at least some measure of work beyond the first 5 hits on Google to put two and two together, find the bridges, and then actually cross them. Not impossible, by far, but at least not trivial for any nobody to do. Someone really has to want to do it.

I do maintain another pseudonym on a few low-usage sites and mailing lists. For instance, my MySpace identity is linked to another Gmail account and I only use it to comment on journal entries of friends or view pictures. Basically, I can maintain this because it is low interaction. When something is low interaction, I don’t have to worry as much about my real self coming out in that identity.

Andrew is also mostly correct in saying if you want to “properly” enact change, you do need to step away from the veil of anonymity and put yourself out there. I agree with that, which is another reason I don’t mind the connection between my real name and screenname. I accept that connection and likely always will. But I will say some perfectly anonymous people enact change, especially in IT and security, just fine from their dark corners. And I would be willing to bet that a few people with names like Tim Conners are really obfuscated pseudonyms. Why use LordofDespairXX when you can look like everyone else as Jimmy Toulouse? However, like Curphey recently mentioned, why hide your feelings and your opinions and, basically, yourself?

By the way, if you call me LV, Loner, or LonerVamp at a con or meetup or even in IM someday, that is fine. I’m used to it and have always been called that at gaming LANs anyway. In fact, if I have a name-tag, that will be the prominent name although both will likely be present.

minor blog update and spam prevention added

I stayed on the down-low all weekend and didn’t do much to feed the geek; instead sticking to things around and outside my apartment. However, I did upgrade Movable Type from 3.33 to 3.34. I didn’t think this would be a huge improvement, but anything to do with the cgi part of the site loads very significantly faster now. Yay!

I also loaded Akismet (which has nothing to do with wireless tech), based on suggestions, and have started playing with the configuration of it and MT’s built-in spam filtering. I can definitely see the improvement as I have to delete less and less comments every day. And I am pretty adamant about leaving my blog’s comments open to anyone.

Eventually I need to make sure my outbound firewall (host-based on the server) is allowed outbound connections so I get proper blacklists and updates, but I decided to wait. My background in sciences in college always tugs at me in the computer world: set the stage and then change things only one at a time to see the effect on the system.

mail servers

Reading some stuff on spam and email today got me all inspired to keep a mail project in mind as the year progresses. I’d like to stand up a linux mail server on my home network someday. It’s not like I dislike my windows mail server application, but it’s done. It’s there, and implemented. And, of course, there is still spam getting through. Unless I go with Exchange (overkill, although valuable experience) and some commercial apps to help support it, my best bet it to go with Linux, a mail server, (likely sendmail), and spamassassin. The problem is those latter two are very daunting and quite bearlike in their configurations. I would need some good time to pour over the settings and how to get things working. Thankfully, I do understand SMTP and have done what would amount to first level support on a sendmail server before (bigger issues I would escalate to someone more experienced). Maybe someday I will move towards that route. I could always just leave my current Windows mail server up as backup.