All posts by alphageek

Chromebook reviews and comparisons.

We’ve had the Chromebooks for over a year now, and I thought it’s time to look at Chrome as an actual viable daily laptop. And, surprisingly enough, it’s shone brighter than I expected. I’ve played with four models of them, and I have a Pixel being delivered today. (Verrry excited about that, too 🙂 ) We now own 4 C710’s (320GB spinners), 2 C720’s (a 2GB ram w/16GB SSD, one 4GB ram upgraded to 128GB SSD from the 16GB SSD) and the 64GB LTE Pixel. I’ve played with the Samsung chromebook, and a couple HP11s, and see some of the pros and cons that haven’t really been mentioned in many places, or at least not prominently.

Truth be told, I really like the “cheap” factor of the CBooks, and as a Linux junkie, I’ve made a living taking systems that would be considered obsolete and making them not just usable, but productive. I take pride doing things “on the cheap”. Many *nixers have two or three philosophies when given a task – they ask the following questions of themselves: Continue reading Chromebook reviews and comparisons.

SEO companies: What you can actually do to earn my patronage

I get hundreds of comment spam entries a day here at this little blog. I’m not looking to get more traffic- this is not a money-making blog, just a stream-of-consciousness thing. I post things as the come, and nobody really reads it. This is really, just for *me*, call me selfish.

The vast majority are comments like this:

Hi my name is Janette and I just wanted to drop you a quick note here instead of calling you. I discovered your <<Copy-paste entire 450-char link headers>> page and noticed you could have a lot more visitors. I have found that the key to running a successful website is making sure the visitors you are getting are interested in your subject matter. There is a company that you can get targeted visitors from and they let you try the service for free for 7 days. I managed to get over 300 targeted visitors to day to my site. Visit them here: <<Link deleted>>

…0r this:

What you said made a lot of sense. But, think about this, what if you added a little content? I mean, I dont want to tell you how to run your blog, but what if you added something to maybe get peoples attention? Just like a video or a picture or two to get people excited about what youve got to say. In my opinion, it would make your blog come to life a little bit. Follow me at <<Link deleted>>

…or this:

I love you blog! It has so many topics I like and much I like sometime. Maybe it could better? You love your topic so much. You are so smart and funny about your <<Copy-paste entire 450-char link headers>> So many people would love this topic more better if you helped. Click here for more! <<Link deleted>>

Ok, seriously, I get it. You really want people to pay you for SEO, because you realllllllly need the money. So much so, that many of you couldn’t afford remedial grammar classes, or at least a proofreader.

So, there’s a secret weird trick to use to get my business. Just one trick you could use, and I’d pay you for your help EVERY SINGLE TIME. What is it? Click here to find out!

Wow, it’s been almost a year since I’ve actually posted anything. Horrible…just horrible.

Well, not really horrible, just busy. It’s interesting that in the last year I’ve not actually even written much here, as I’ve just been too busy to even log in. In the past I was at least writting stuff, but not posting (see entries from ~Apr 2013 for more on that). Now, it’s been six months since I’ve written anything, publishworthy or not.

So, maybe it’s time for an update.

Workwise, I’m plenty happy here, but there’s alway room for improvement, of course. I’m still at Teradata, and have been for nearly two years now. The team here is small but committed, and focused, which is nice. Until about a month ago, I was *it* for linux support and virtual infrastructure (AWS and Openstack). Openstack has definitely been my focus.

Well, beginning of March we finally hired in a new guy, and I’ve been able to catch up on things that were falling behind.

My work here is getting a little flat, though. I need to either shake things up substantially, or think about moving on. Our setup is “on-the-cheap”, but I’ve always liked that in the past- doing things as cheaply as practical. Here,  we’re definitely doing that, but I’m not really expanding my horizons as much as I’d like.  Not enough of a probelm for me to be in any real kind of job search mode, but enough to think about it. Things cross my path that look interesting, and I’d seriously consider a decent offer. Especially anything that takes me out of the Deep South, maybe out West.

On the hobby fronts, Scouts and Photography dominate my time- flying has been sparse. In fact I haven’t been up since my last post here. Even as I type this I’m realizing how much my time has been limited.

Hopefully this will spark me to add content more frequently. I think it’s already encouraging creating more content outside of work.

 

Laters

Heartbleed for dummies: how it’s dangerous and how it works.

So, you’re hearing a ton about Heartbleed, aka CVE-2014-0160, on social media and news outlets. Most of you are going, “Meh, I don’t know what it is, so it can’t be THAT dangerous.”

Ordinarily, you’d be right, most bugs affect a very small population of specific users, and there isn’t much you can do about it as a layman. You can run anti-virus, and anti-malware, not open suspicious links, etc, etc. to avoid getting bitten. However, with this one, it’s a devilishly simple and clever hack, that you risk every account on every service you have, especially if you use the same password for multiple sites.

So here’s what Heartbleed is, and how it works, in layman’s terms.

This part is complete hyperbole, and just an example- I’ll explain in more detail once you have gotten the idea.

So. You have probably seen banks or some online service that link to your credit card or bank account that needs to verify your bank information. In this case I mean completely legitimate stuff, like say direct deposit verification, or refund info, etc….real world reasons to verify your bank account type stuff. One way they do this is to deposit a few cents into your account and have you tell them what it is, and then they withdraw that amount back out. It’s usually a semi-random amount less than a dollar, like $0.12 or $0.47…but could be up to $0.99. So in this analogy, Heartbleed would be a flaw in the way that works.

Let’s say a certain bank is old fashioned, and they do things with paper and cash and envelopes and such. If someone want to verify your account, they bring an envelope with a small amount of change in it, and deposit it to your account. The bank requires that the envelope contains: your name, account number, and amount inside the envelope. The envelope is handed to a teller, who reads off the info from the envelope and enters it into your account and hands the envelope to the banker to deposit it in the safe. The banker goes to the safe and opens the envelope, and places the change in the vault with all the other money. The next day the verifier comes back, and withdraws the same amount as entered by the teller. The teller pulls the change from his drawer, puts it into an envelope and again, puts your name, account number and amount inside it and hands it to the verifier.

 

Now….do you see the flaw? It’s subtle, and easily overlooked. The banker nor the teller ever verify the amount in the envelope is what was written on the envelope. So a trickster can write $0.99 on the envelope and put in a penny, and nobody ever sees the issue until someone does an audit. This is done thousands of times a day, hour, minute, even a second…you can see where this would add up to a bank robbery.

OpenSSL is like that bank. It’s job is not necessarily to protect your deposits, but rather your data. Any time you put a web address into a browser, and it has the httpS:// instead of http://, you are using a (supposedly) encrypted communication.

For a verrrry simple explanation of how this encryption works, think back to your days of being a second grader and using a decoder ring to send secret messages. (Or if you never did that, just imagine someone who did…because we really existed.)

In order to send a message, you and the person you’re sending it to have to share a way to encode/decode a message. Maybe it was the old A=1 B=2 Z=26, code, or maybe you actually devised a three step lost key cipher that used pages from library books and transcribed in Dwarfish runes. Either way, the gist was you and the other person had to know the secret code to decipher. With0ut that knowledge, anyone could find your messages, but be unable to read them. The web does NOT work this way. It sends plain text, so if someone puts a “packet sniffer” on the connection between you and the site that you’re going to, they can read every letter you type and see everything they send back. To prevent that “sniffing”, you have to use Encryption. That’s the whole point to SSL.

So, when you go to the banks webpage, or email, or FB, or whatever needs to be secure communications, you generally connect SSL. SSL disconnects after a few minutes if you don’t use it. That’s why you’ll get messages if you sit at your banks webpage too long after logging in. The heartbeat is simply: “I’m going to say a message, please repeat my message back to me to prove we’re both still awake.”

So, this is where the bug lives. The trick is like the bank teller scenario above. When a heartbeat is sent from your computer to the remote computer, you send a “packet”. That packet is essentially a file, with data in the file, and metadata describing the file. It’s kind of like the headers in your email- there’s the email itself, and the headers (aka metadata) describes who it’s from, roughly what’s in it, and how big it is. Here’s how the conversation goes, in computer-speak…

ME: Yo, gmail. (BTW, this message is only seven letters)
GMail: Hey there you! Would you like to read your email? (BTW, my message is 33 letters!)
ME: Sure do! (BTW, my message is six letters)
GM: Okay, I need your secret password. But don’t say it out loud…today we’re going to speak Klingon as our secret language! (BTW, this message is 93 letters)
ME: Qa’PlaH!(BTW my message is six letters.)

So at this point, the rest of everything we do is in Klingon, and unless you know a.) how to speak Klingon, and b.) that we’ve even decided on speaking in Klingon, you have no way of knowing what we’re saying.

Now, at the same time I’m speaking to gmail, thousands of other people are doing it, too. So our conversations are constantly being intermingled in the memory of the server. The server can’t *think* in Klingon, so things are stored as regular text. They’re all properly parsed and sent to the right person, so there’s never any security problems with how that works. The problem is that heartbeat check.

THIEF: Yo, gmail. (BTW, this message is only seven letters)
GMail: Hey there you! Would you like to read your email? (BTW, my message is 33 letters!)
THF: Not today. Just doing some testing. (BTW, this message is 28 letters long.)
GM: OK! (BTW, this message is two letters)
THF: Gmail, I’m going to send a heartbeat message in a second….when I do, just repeat back exactly what I said. OK? (BTW, This was 81 letters)
GM: OK! (BTW, This message is two letters)
THF: Heartbeat!!! (BTW, this message is …um, well….uh…514 letters. Yeah…that’s the ticket! 514 letters…)
GM: OK! The last 514 letters you sent me were: “HEARTBEAT!! >> <<user12363::lue. That was it. The boat was blu…>><<user524211::find my next email with boo…>> <<User64632::Pen1s enlargement! P1ll5! P3N1S P1lls!!…>><<user43567:: ame:janesmith@gmail.com password:superspyfarts: Login succ…….>><<: user424467::Bob, Alice, and Ted….>><<user63521::Boobies!All the boobies you can stand just click here!!1!…>><<user534143::Amazon receipt for Penis Enlargement pump for Jeff Gordon IV, at 101 Masker Ct, Zionsville, IN……>><<user000010:: Mr. Vice President, with all due respect, please remove your foot from my ass. It’s not…..>><<user0003::and can you believe what Jessica said about Clarissa!? OMG it was soo totally…>>”
THF:Excellent. Now…could you do that a million times in a row for me?(BTW, this message was, oh, let’s say a million letters)
GM: Can do!!!(BTW, this message was five letters.)

And viola- do this enough times, and you can get all SORTS of info. Passwords, bank account info, pictures that you only meant for a significant other, etc.

The fix is simply to make sure that SSL checks that the message sent was actually as big as it was said to be. An easy fix, but embedded so deep in the software that nobody recognized it as a threat. The thief here isn’t stealing pennies- they are stealing data. And then data can be used to steal dollars….by the millions.

So, long story short, you need to CHANGE YOUR PASSWORDS, on any site that used OpenSSL. Don’t know if you were exposed?

Mashable has a less than complete list, and

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
here is a site that can scan if a site is still vulnerable.

http://filippo.io/Heartbleed/

10 reasons to BAN technology from kids? I got your 10 reasons RIGHT HERE

Okay, so HuffPo posted a list of 10 Reasons your kid should be denied access to handheld technology because…..reasons. Here it is in all it’s glory.

I have so many issues with this article that I felt the need to individually break this down and respond. So here goes:

1. Rapid brain growth – This is by far the closest thing she has to a point. And it only really appies to children under the age of say…5. (Just to be as arbitrary.) OVEREXPOSURE is what is condemned by the CORROBORATION evidence that there is “decreased ability to self regulate.” Repeat after me: “CORROBORATION DOES NOT EQUAL CAUSATION.” I’d argue that the children more prone to be unable to self regulate would also have mitigating factors like genetics, and perhaps uninvolved parents.

2. Delayed Development Yes there are issues with kids spending all their time on videos and video games. We have known this since the iPad came out. Wait…since DVDs came out… I mean…since VHS came out. Wait…since Nickelodeon. Television.Radio programming. Picture books. Books. Since FIRE came out, okay? YES. Kids need physical stimulation to go along with mental stimulation, but giving a 3 year old your android tablet while they’re in the back seat of the car is NOT detrimental to their health.

3. Epidemic Obesity This is almost a good point. Yes, there is an obesity problem. Yes, TV is a problem, but again with the “facts” that are scary, but have no real relevance to the statement. The point here is that being fat is bad for you, but the reason given is TV and video games, not handheld technology. THIS IS THE SAME THING OUR GENERATION WENT THROUGH 20 YEARS AGO.  People are fatter. Yes people may even be less active than a generation ago (show me some actual documented and peer reviewed facts please, not just links to studies that you are extracting single line cherry picked quotes to prove your point.) Still, add less natural foods, soda, HFCS, reduced PE classes, less recess in school, people living too far away to walk anywhere, and you have an obesity problem, regardless of whether or not there are video games. (Interesting fact: kids who are not naturally athletic and are picked on by the more athletic kids will find something to do that they might be good at instead of suffering through ridicule at not being able to make a three pointer on demand. Weird, huh?)

4. Sleep Deprivation Point one:  made beautifully, and then fall flat. 60% of parents do not monitor their kids activity. THAT IS THE PROBLEM. THE GAMES ARE NOT THE PROBLEM. THE PARENTS ARE THE PROBLEM. Seriously? The afterthought of a point that kids are sleep deprived because of the games goes back to the first point: PARENTS NEED TO BE RESPONSIBLE FOR THEIR KIDS.

5. Mental Illness We live in an era where being a boy means you automatically have ADHD. Obviously technology is evil because we have scary numbers that we didn’t have before technology. Granted, The medical system is biased towards diagnosing everything it can as a disease, since we’re in a for-profit health system….but I’m sure that’s just a coincidence. This is a hyperbolic argument based in a small amount of fact, wrapped in FUD. (Nice job casually throwing in the “many on dangerous psychotropic drugs!” quip. Did you learn that from Fox News? Hint: that’s a strawman argument.)

6. Aggression Okay, you got me. GTA5 is definitely going to make your kid an asshole. Assuming you are the parent stupid enough to let your 5 year old play GTA5. Or even your 12 year old. Your 14 year old might play it anyway at a friend’s house, but again PARENTING. Minecraft is a great game and fosters creativity. Portal is a great puzzle game and physics simulator. There are as many positive effect of video games as there are negative ones. The trick is fostering the positives and filtering the negatives. Again, PARENTING.

7. Digital dementia This is just a repeated #5 with a second link. Still doesn’t make it true. Even worse, this phrase poisons the whole article. This is the heart of pseudoscience and instilling fear in people who the author is trying to convince to side with. It’s dishonest and disingenuous and does a disservice to the readers. Google digital dementia. Go ahead, I’ll wait.  There is no such thing except in articles on Fox, the Daily Mail, and dozens of “I’m a Mom so I know everything” blogs. More to the point, the places that DO describe “digital dementia” describe it as the brain not remembering things like phone numbers because we keep them stored in our phones. It has NOTHING to do with not paying attention, nor is calling it a mental illness helping the cause..

8. Addictions Based on the loosest possible definition of the loosest possible association, sure, there’s such a thing as Technology Addiction. After all, you’re reading this on the INTERNET. You must be addicted, else you’d still get all your news and opinions from the newspaper. If you want to buy in that parents are not paying attention to their kids because of technology, fine, put down the technology and join Technology Anonymous. For you rational people, don’t blame the phone on not paying attention to your kids. Again: PARENTING.

9. Radiation emission This is real folks. And there ain’t NOTHING you can do about it. Radiation is NOT SCARY. It’s simply a scientific principle of energy being spent and light, heat, radio (which is a form of light, btw), X-ray (also a form of light), gamma rays (still light), nuclear radiation (yup, light) all are simply dissipation of energy. There is a common fear of radiation because some forms can be dangerous, especially high energy waves like X rays and gamma rays, and even some fairly low energy, like ultraviolet (sunburns and skin cancer- maybe we should all live underground?) You are exposed to radio waves every second of every day. You are exposed to radiation every second of every day. You will receive more radiation, and harmful radiation at that, every time you ride in a commercial aircraft than from a lifetime next to a phone. (Flying above a large portion of the atmosphere exposes you to solar radiation.) LCD screens, phone transmitters, bluetooth, etc. do not cause ionizing radiation and DO NOT CAUSE CANCER. One doctor saying it does (or rather *might*) is not damning evidence. Society has had cell phones for 30+ years, and the first several generations were MUCH more powerful than the ones we carry now. If it did cause cancer we’d have an epidemic of cancer, and we do not, despite the fears expressed by news outlets. Cancerous brain tumor rates are flat, and have been for nearly 50 years. There are more cases, yes, but that’s because there ARE MORE PEOPLE. People are living longer, and the older you are the more likely you are to get cancer- that’s how cancer actually works. There are more diagnoses of cancer now because there is MUCH better screening and deaths from cancer are actually listed as cancer instead of “Natural Causes”. Has cancer increased in the last 50 years? Probably. But even if it has, it’s not epidemic in the people that have used technology the last 50 years as you would expect from this assertion. This one is ABSOLUTE BOGUS BULLSHIT from the fear mongers. (Oh, and check this out to learn more about radiation.)

10. Unsustainable I’m fairly certain that is one was added just to make a tenth entry. That or to help the people playing Buzzword Bingo. Unsustainable? Really? What exactly is unsustainable? The environmental aspect? The keeping up with tech is unsustainable? This makes absolutely no sense.

More to the point, here’s what’s really wrong with this: not only is this wrong, NOT being versed in technology at a young age is what’s REALLY unsustainable. If you want a job in the future, manufacturing is out, and technology is in. Even manufacturing needs to be versed in technology. The problem here is PARENTING. Not technology. Parents that let their kids do whatever they want, whenever they want to do it.

You want to be proactive? Teach your kids how to code. Teach them how to set up your network. Install an operating system (try a FREE open source one!) You don’t know how? LEARN. You’ll also discover you can keep up with what your kids are doing if you learn how to set up operating systems, learn about parental controls, or even learn how to set up OPENDNS on your home network, and filter bad sites or track what your kids are doing. Don’t just demonize the tech you don’t understand. And certainly don’t ban it. Moderation and parenting win in this world – book burning was soooo two centuries ago. E-book burning isn’t quite the same, and would still be just as stupid.

I am NOT SAYING free games and Tablets and Phones for EVERYBODY!!!!!

Kids need to go outside. They need to play. They need to go to bed at a reasonable hour. They need to do their homework. They need to eat their damned vegetables. They need reasonable limits on technology uses, and they need to be monitored, and THEY NEED TO KNOW THAT YOU KNOW WHAT THEY ARE DOING. Be the parent, and don’t have digital babysitters. I repeat DON’T HAVE DIGITAL BABYSITTERS. But don’t make your kid fall behind because you are too lazy to parent.

Hacked, but just a little…

TL;DR : I got hacked. Fixed it quick. Got cool new toys from the hacker in the process.

So…

One of the pages I hosted for some friends (a Cub Scout pack page that had long since expired…) had an unsecured file. Total oversight, it was an old version of WordPress and it left a password in plain text, for a user that had superuser mysql rights. That account was compromised, and that compromised the entire mysql db, obviously. So, I took down wordpress on this page to allow for cleanup. I am planning on moving this page to AWS in the very near future, but I just hadn’t gotten around to it.

Back in November, someone did a clever scan, and found it.  Clever, becaus ethe site isn’t even running.  The DN had long since expired with the registrar. I guess they got the IP from an old cache page or something.

They were sending out phishing scams for itunes.fr for a few hours. I shut it down, but in the process, found that the hacker had uploaded their hacking toolkit. So, long story short, I got some cool tools that I never would have found on my own to security test. Now I can run them against my servers and feel fairly confident that all my shit is squared away. And maybe have some fun at someone else’s expense 🙂

The dilemma of the post…

I am building up a plethora of posts that are sitting in my draft folder that I will probably never actually publish. They generally fall into two categories: angry rants that are simply stream of conscious things and never intended to post, or posts that I am really trying to share some coherent thoughts and at the end I look back and think “No one would ever want to read that.” And this post probably falls into the latter category, but I’m posting it anyway, dammit.

The real crux here is like Elaine’s dilemma: is this post ….”spongeworthy”? (For the 12 of you who don’t get that…google it. I don’t even like Seinfeld, but it’s a good reference.) I write stuff that is highly technical and would interest NOBODY, or fluff that I’m embarrassed to have published. I’ve got some short stories and things I’ve written that I’ve considered putting up here, too. But, again, it seems to be stuff I’ll hate six months from now.

I really need some good content, though, if this is going to be anything more than a personal diary- ‘more than a tweet, less than a livejournal’ entry doesn’t cut it.

So…moving on.

I left CS last month. I like the majority of the team, and the majority of the work, but I didn’t like the stress and political abuse that was bandied around everywhere outside of the immediate team. It got so that I just loathed going to bed at night knowing I would have to get up and go in the next morning. Serious dread.

So, I put my resume out again, and got several very quick hits. One in a DevOps roles sounded the most promising, and I’m now with TeraData- a company I’d barely heard of, but is a giant in the world of big data. (Pun came naturally. Sorry.)

I’m neck deep in Openstack, AWS, and CoLo and am actually enjoying it was more than I expected. Let’s see if it keeps, or I move on. It is a contract gig, so I do have some time to feel it out and make sure it’s a good fit.

 

Akismet, my new hero.

I finally got around to paying more attention to my blog. Updating the resume…adding a post or two…proofreading others to make corrections…looking into some new plugins for WordPress….etc.

One of the most annoying things to deal with was the comment spam. In three months I had accumulated 15,000 pieces of it. There’s only about 2,000 people who have actually visited my blog thus far. Ever. (Thanks, Google Analytics!) But, since I’m really not on here all that often (something I’m trying to improve on…) I really hadn’t paid attention to the spam. I have all comments require moderation, so they weren’t flooding my site- I just have to go on every couple of months, glance through the posted commented on to see if there are any real comments (there aren’t) and run a SQL command to manually clear the crap.

I would like to know if there are any actual comments in the future, and see if anyone has anything useful to say, or even a useless comment, but one that was made by an actual person instead of a bot quoting random sentences from random books in an attempt to look Turing-complete. Thus, I configured Akismet this evening, and it’s already flagged crap as spam and shuffled it off to the spam folder, which is much easier to empty- no SQL commands into the void.

So long story short, and I’m sure old news to the vast majority of bloggers, Akismet makes me smile just a little more than I was yesterday. Thanks, devs!

Spacewalk, PAM, and Centrify…oh, my!

So, I’ve been spending a good portion of the last six months designing a software distribution system, and looking for a good way to manage user access in an AD environment, where LDAP is fractured, at best. A few months ago, we were approved to procure Centrify as a provider of AD integration, so we could get rid (entirely) of winbind,  and samba related services.

Finally, we are approaching handover, and time to integrate Spacewalk is here.

Spacewalk does NOT integrate directly to Active Directory. Never has, probably never will. It will, however, authenticate to PAM, and PAM does have methods to authenticate to AD- mostly with winbind. Centrify is supposed to be the bridge between them, and Continue reading Spacewalk, PAM, and Centrify…oh, my!