At work, I have a Thunderbolt display, which is a very comfortable screen to work at. When I leave my desk, the VMWare guest transfers to the Retina display on my Mac. That is where the trouble starts. You can have VMWare give it less resolution or full Retina resolution, but in either case, the screen size changes and I have to move my windows around.
1) In the guest OS, set the display size to: 2560×1440 (or whatever works for your favorite external screen …)
I reported the following to the FBI, to LogMeIn123.com, to Century Link, and to Bing, and now I’ll share the story with you.
Yesterday, May 12, 2014, a relative was having trouble with Netflix. So she went to Bing and did a search for her ISP’s technical support:
Bing leads you to a convenient toll-free number to call for technical support!
She called the number: 844-835-7605 and spoke with a guy who had her go to LogMeIn123.com so he could fix her computer. He opened up something that revealed to her the presence of “foreign IP addresses” and then showed her the Wikipedia page for the Zeus Trojan Horse. He explained that she would need to refresh her IP address and that their Microsoft Certified Network Security whatevers could do it for $350 and they could take a personal check since her computer was infected and they couldn’t do a transaction online.
So, she conferenced me in. I said that she could just reinstall Windows, but he said no, as long as the IP was infected it would need to be refreshed. I said, well, what if we just destroyed the computer. No, no, the IP is infected. “An IP address is a number: how can it get infected?” I then explained that I was a network administrator . . . he said he would check with his manager. That was the last we heard from him.
I advised her that this sounded very very very much like a phishing scam and that she should call the telephone number on the bill from her ISP. She did that and they were very interested in her experience.
I was initially very worried that she had a virus that managed to fool her into calling a different number for her ISP. I followed up the next day, using similar software to VNC into her computer. I checked the browser history and found that the telephone number was right there in Bing for all the world to see. She doesn’t have a computer virus after all! (I’ll take a cloer look tonight . . .)
I submitted a report to the FBI, LogMeIn123.com, Bing, and Century Link. And now I share the story here. Its a phishing scam that doesn’t even require an actual computer virus to work!
As a SysAdmin, people ask me how much they need to worry over the heartbleed vulnerability. Here’s my own take:
Google were known to be vulnerable. They co-discovered the vulnerability and deployed fixes quickly. I like to believe they are analyzing the scope and likelihood of user password compromise and will issue good advice on whether Gmail passwords should be updated.
For everything else, my small opinion is “don’t panic.” Not every web site would have been affected. The Ops folks at each site need to patch their systems and assess the extent to which credentials may have been compromised, then take appropriate steps to mitigate compromised data, which might include asking users to set new passwords. But if they’re still waiting on some patches, then submitting a new password could actually put both passwords at risk.
For other important passwords, like your bank, check up on what they’re recommending that you do. If a site is important to you and they offer two-factor auth, go for it: that typically means that if you log on from a new computer they’ll text a one-time pin code to your mobile phone to double-check that it’s you.
I want to launch a service which has its own complex start/stop script at boot, and I want to launch it as a non-login user. So, I dig into upstart. The cookbook … is not a cookbook. So, here’s is my little recipe:
Here is a new phishing attack that made it through to Gmail about the domain name dispute around tjldme . . . ?!!
(If you are not the person who is in charge of this, please forward this to your CEO,Thanks)
We are a organization specializing in network consulting and registration in China. Here we have something to confirm with you. We just received an application sent from “Global Importing Co., Ltd” on 20/11/2013, requesting for applying the “tjldme” as the Internet Brand and the following domain names for their business running in China region:
Though our preliminary review and verification, we found that this name is currently being used by your company and is applied as your domain name. In order to avoid any potential risks in terms of domain name dispute and impact on your market businesses in China and Asia in future, we need to confirm with you whether “Global Importing Co., Ltd” is your own subsidiary or partner, whether the registration of the listed domains would bring any impact on you. If no impact on you, we will go on with the registration at once. If you have no relationship with “Global Importing Co., Ltd” and the registration would bring some impact on you, Please contact us immediately within 10 working days, otherwise, you will be deemed as waived by default. We will unconditionally finish the registration for “Global Importing Co., Ltd”
Please contact us in time in order that we can handle this issue better.
Registration Department Manager
4/F,No.9 XingHui West Street,
JinNiu ChenDu, China
Office: +86 2887662861
Fax: +86 2887783286
Please consider the environment before you print this e-mail.
I assume they’ll need a processing fee. I wonder if they munged toldme.com in an effort to avoid Phish filtering . . . ? The URL at the bottom is blocked by our firewall.
At long last, I retired my old T-Mobile G2. It was the last in a long line of phones I have owned for the past decade with a physical keyboard. (I think I owned every Sidekick up to the 3 before going Android with the G1 and the G2.) I like the ability to thumb type into my phone, but the G2′s old keyboard had long ago gone creaky, and it had lacked a dedicated number row besides.
Obligatory picture recently taken with my new computer telephone. Featuring a cat.
They don’t make nice smart phones with keyboards any more. Market research seems to indicate that the only remaining markets for keyboard phones are horny teenagers who need a cheap, hip Android-based Sidekick, and those legions of high powered business people who will never abandon their ancient Blackberries.
Anyway, the new Nexus 5 is here. The on-screen keyboard is okay slow and inaccurate. Like moving from a really fantastic sports car to a hovercraft piloted by a drunken monkey. I mean,the monkey-piloted hovercraft is undeniably cool technology, and I can eventually get where I need to go, but . . . its not the same, you see?
So, lets explore Voice dictation! It works . . . well, about as well as the monkey hovercraft, but with the added benefit that you don’t have to keep jiggling your thumb across the screen. But how do you do new lines and paragraphs? Where’s the command reference?
The other thing that excited me about the Nexus 5 was that on the home screen you can drag apps right up to “Uninstall” . . . unless they’re Google apps! “Way to not be evil,” I cried. Until a Google colleague pointed out that it was just a bit of UI funkiness on Google’s part, owing to the applications coming bolted into the UI, there is at least a method to disable them.
Anyway, this is useful knowledge that helped me to vanquish the Picasa sync thing that has been hiding images from the gallery for the past few years. I have another project where I’m testing out BitTorrent Sync to pull images off our phones and then sync a copy of the family photo archive back down to the phones. If that works out, I’ll write it up. I may pursue that further to see if I can’t replace Dropbox, which, unfortunately, does not (yet) offer any sort of a family plan. Also, if I can host my own data I needn’t share as much of it with the NSA.
Two weeks ago, I attended Atlassian Summit 2013 in San Francisco. This is an opportunity to train, network, and absorb propaganda about Atlassian products (JIRA, Greenhopper, Confluence, &c.) and ecosystem partners. I thought I would share a summary of some of the notes I took along the way, for anyone who might find interest:
At the Keynote, Atlassian launched some interesting products:
As time passes, the ticket gets crankier at you in real time about the SLA.
Jira Service Desk
Jira Service Desk is an extension to JIRA 6 oriented around IT needs. The interesting features include:
Customer Portal with integrated KB search
Real-time visibility of ticket SLA status
The first thing helps people get their work done, and the second is manager catnip.
Another feature for tight integration is Webhooks: you can configure JIRA so that certain issue actions trigger a hit to a remote URL. This is generally intended for building apps around JIRA. We might use this to implement Nagios ACKs.
I haven’t looked too deeply as this is a JIRA 6 feature, but Atlassian Connect promises to be a new method of building JIRA extensions that is lighter-weight than their traditional plugin method. (Plugins want you to set up Eclipse and build a Java Dev environment in your workstation… Connect sounds like just build something in your own technology stack around REST and Webhooks)
Cultivating Content: Designing Wiki Solutions that Scale
Rebecca Glassman, a tech writer at Opower, gave a really engaging talk that addresses a problem that seems commonplace: how to tame the wiki jungle! Her methodology went something like this:
Manage the wiki like it is a product: interview stakeholders, get some metrics, do UX testing
Metrics: Google Analytics, View Tracker Macro, Usage Macro
UX results at Opower revealed more reliance on Table of Contents vs Search (55%) and that users skip past top-level pages, so you don’t want to put content just on there
In search, users only look at the first 2-3 results before giving up
They engaged some users to track the questions they had and their success at getting answers from the wiki
The Docs people (2) built an “answer desk” situation where they took in Questions from across the company, and tracked their progress writing answers on a Kanban board
As they better learned user needs and what sort of knowledge there was, they built “The BOOK” (Body of Opower Knowledge) based on a National Parks model:
Most of the wiki is a vast wilderness, which you are free to explore
The BOOK is the nice, clean visitors center to help take care of most of your needs and help you prepare for your trek into the wilderness
The BOOK is a handbook, in its own space, with its own look-and-feel, and edits are welcome, but they are vetted by the Docs team via Ad Hoc Workflows
By having tracked Metrics from the get-go, they can quantify the utility of The BOOK …
(I have some more notes on how they built, launched, and promoted The BOOK. The problem they tackled sounds all to familiar and her approach is what I have always imagined as the sort of way to go.)
Ad Hoc Canvas
The Ad Hoc Canvas plugin for Confluence caught my eye. At first glance, it is like Trello, or Kanban, where you fill out little cards and drag them around to track things. But it has options to organize the information in different ways depending on the task at hand: wherever you are using a spreadsheet to track knowledge or work, Ad Hoc Canvas might be a much better solution. Just look at the videos and you get an idea . . .
The Dark Art of Performance Tuning
Adaptavist gave a presentation on performance analysis of JIRA and Confluence. It was fairly high-level but the gist of this is that you want to monitor and trend the state of the JVM: memory, heap, garbage collection, filehandles, database connections, &c. He had some cool graphs of stuff like garbage collection events versus latency that had helped them to analyze issues for clients. One consideration is that each plugin and each code revision to a plugin brings a bunch of new code into the pool with its own potential for issues. Ideally, you can set up a load testing environment for your staging system. Short of that, the more system metrics that you can track, you can upgrade plugins one at a time and watch for any effects. As an example, one plugin upgrade went from reserving 30 database connections to reserving 150 database connections, and that messed up performance because the rest of the system would become starved of available database connections. (So, they figured that out and increased that resource..)
tl;dr: JIRA Performance Tuning is a variation of managing other JVM Applications
Collaboration For Executives
I popped in on this session near the end, but the takeaway for anyone who wants to deliver effective presentations to upper management are:
As part of a project at work I’ve built some Jython code that builds iCalendar attachments to include meeting invitations for scheduled maintenance sessions. Jython is Python-in-Java which takes some getting used to but is damned handy when you’re working with JIRA. I will share a few anecdotes:
1) For doing date and time calculations, specifically to determine locale offset from UTC, you’re a lot happier calling the Java SimpleDateFormat stuff than you are dealing with Python. Python is a beautiful language but I burned a lot of time in an earlier version of this code figuring out how to convert between different time objects for manipulation and whatnot. This is not what you would expect from an intuitive, weakly-typed language, and it is interesting to find that the more obtuse, strongly-typed language handles time zones and it just fricking works.
We have a team in London. I have not yet tested it but as I understand it, once they leave BST, their timezone is UTC. I am looking forward to seeing if this understanding is correct.
As I understand it, I’m pulling the current time zone of the user, which changes when we enter and leave DST, which means that the local time will be dodgy when we send an announcement before the cutover for a time after the cut-over.
2) I was sending meeting invitations with the host set to the assignee of the maintenance event. This seemed reasonable to me, but when Mac Outlook saw that the host was set, it would not offer to add the event to the host’s calendar. After all, all meeting invitations come from Microsoft Outlook, right?! If I am the host it must already be on my calendar!!
I tried just not setting the host. This worked fine except now people would RSVP to the event and they would get an error stuck in their outboxes.
So . . . set the host to a bogus email address? My boss was like “just change the code to send two different invitations” which sounds easy enough for him but I know how creaky and fun to debug is my code. I came upon a better solution: I set the host address to firstname.lastname@example.org. This way, Outlook is naive enough to believe the email address doesn’t match, but all our software which handles mail delivery knows the old ways of address extension . . . I can send one invitation, and have that much less messy code to maintain.
from icalendar import Calendar, Event, UTC, vText, vCalAddress
# [ . . . ]
event = Event()# [ . . . ]# THIS trick allows organizer to add event without breaking RSVP# decline functionality. (Outlook and its users suck.)
organizer_a = assignee.getEmailAddress().split('@')
organizer = vCalAddress('MAILTO:' + organizer_a+ '+calendar@' +
organizer.params['CN']= vText(assignee.getDisplayName() + ' (' + assignee.getName() + ')')
You can get an idea of what fun it is to build iCalendar invitations, yes? The thing with the parentheses concatenation on the CN line is to follow our organization’s convention of rendering email addresses as “email@example.com (Full Name)”.
3) Okay, third anecdote. You see in my first code fragment that I’m building up text objects for HTML and plaintext. I feed them into templates and craft a beautiful mime multipart/alternative with HTML and nicely-formatted plaintext . . . however, if there’s a Calendar invite also attached then Microsoft Exchange blows all that away, mangles the HTML to RTF and back again to HTML, and then renders its own text version of the RTF. My effort to make a pretty text email for the users gets chewed up and spat out, and my HTML gets mangled up, too. (And, yes, I work with SysAdmins so some users actually do look at the plain text . . .) I hate you, Microsoft Exchange!
I’m building out a simple template system for our email notifications, so of course I want to support multipart, text and email. But, hey, we have some text fields in JIRA that can take wiki markup, and JIRA will format that on display. So, how do I handle those fields in my text and HTML message attachments?
So, some sample code to render the custom field “Change Summary” into a pair of strings, change_summary_text and change_summary_html, suitable for inclusion into an email message:
from com.atlassian.event.apiimport EventPublisher
from com.atlassian.jiraimport ComponentManager
from com.atlassian.jira.componentimport ComponentAccessor
from com.atlassian.jira.issueimport CustomFieldManager
from com.atlassian.jira.issue.fieldsimport CustomField
from com.atlassian.jira.issue.fields.renderer.wikiimport AtlassianWikiRenderer
from com.atlassian.jira.util.velocityimport VelocityRequestContextFactory
# Get Custom Field
cfm = ComponentManager.getInstance().getCustomFieldManager()
change_summary = issue.getCustomFieldValue(cfm.getCustomFieldObjectByName("Change Summary"))# Set up Wiki renderer
eventPublisher = ComponentAccessor.getOSGiComponentInstanceOfType(EventPublisher)
velocityRequestContextFactory = ComponentAccessor.getOSGiComponentInstanceOfType(VelocityRequestContextFactory)
wikiRenderer = AtlassianWikiRenderer(eventPublisher, velocityRequestContextFactory)# Render Custom Field
change_summary_html = wikiRenderer.render(change_summary,None)
change_summary_text = wikiRenderer.renderAsText(change_summary,None)
I like to virtualize my workstation using VMWare Workstation. Lately, my Ubuntu (kubuntu) 12.04 guest would exhibit really annoying behavior whereby it would insert lots of extra letters as I typed, seemingly at random.
How can I contemplate moving everything to the cloud, especially Google’s cloud, if services are going to flicker in and out of existence at the whim of Google’s management? That’s a non-starter. Google has scrapped services in the past, and though I’ve been sympathetic with the people who complained about the cancellation, they’ve been services that haven’t reached critical mass. You can’t say that about Google Reader. And if they’re willing to scrap Google Reader, why not Google Docs?
An excellent point.
I recall the first time I adopted a “cloud” service for my technology. It was Flickr. I had managed my photos with my own scripts for years. Others had installed Gallery, which always struck me as limited and ugly. Flickr was new at the time, and I really liked the aesthetic. But, upload all my photos there? They had just been bought by Yahoo. How long is Yahoo going to support the service? I still keep local archives of my photos, but I have thousands of photos shared on Flickr, and how do I know that all those captions, comments, geotags, annotations, sets and collections, that all that data might not one day go down with the slowly sinking-ship that is Yahoo?
What reassured me was the Flickr API. Worst case, I should be able to write a script to pull all that data to a local place somewhere and later reconstruct my online photo archive. If Flickr were going down, someone else would probably write that script better than I could. It is a grim thought, but at least when Flickr dies, there is an exit strategy.
It would be nice, though, if, when software was retired, especially cloud software, that it could be open sourced and available for the die-hard users to keep it running on their own servers somewhere. Admittedly, cloud services especially are vulnerable to further external dependencies . . .
You would think, though, that it shouldn’t take much effort on Google’s part to announce that a service has been retired, but they’ll keep it running indefinitely, at least until some point where the vast majority of the users had wandered on to more compelling alternatives. They still keep the Usenet archive around.
And, yes, I rely on Docs. This killing Reader fiasco sounds like an advertising ploy for Microsoft. I rely on Docs, but maybe Excel is a more trustworthy option for the long term . . . ?
If you are naming files on a computer, please use this format. The beauty is that if you list files in “alphabetical order” then these dates get listed in chronological order, because as far as a computer is concerned, the “0″ comes before “1″ and so forth. (And a year is more significant than a month is more significant than a day of the month . . .)
It is important to have that leading zero! Why? Because we have more than 10 months! Allow me to demonstrate:
If you are interacting with strftime() then what you want to remember is %F!
0-11:38 djh@noneedto ~$ date +%Y-%m-%d
0-11:38 djh@noneedto ~$ date +%F
0-11:38 djh@noneedto ~$ date +%Y%m%d%H%M # I sometimes use this for file timestamps but dont tell Randall Monroe
For my photographs, I have a directory hierarchy of %Y/%m-%B:
I have been excited to see what might come of Yahoo! with Marissa Meyers at the helm. I am really glad to see that, after years of stagnation, Flickr has been improving. Free food and smartphones for employees? Sounds swell. But the buzz now is that there shall be no more remote work. The only way to be productive is to come to the office and feel the buzz and bounce ideas off coworkers.
I am happy to point out that, while we don’t get free smartphones or free food, my employer does issue remote employees with a hardware VPN device that provides corporate wifi, and a videophone. And we are hiring.
In my experience as a non-management technical professional, there is some virtue both to working from home, and to working at the office. The office presents great opportunities for collaboration: working through ideas and solving problems. Working from home, for some people, provides an excellent space to focus on getting some work done without interruption. You can get more hours of productive work when your commute is shortened to a walk across the dining room, and when there’s no pressure to quit at a certain time to appease the demands of the train schedule or traffic.
For some people, there’s no place like the office . . . some people can do better work from home, some people do not. Managers and executives, the bulk of whose work is meeting with others to make collaborative decisions . . . it seems that they may take several meetings from home and when they get to the office they feel uncomfortable that the busy hum of productive creative energy isn’t located there. I believe that managers who can structure the working and communication practices of their teams to effectively collaborate and track work progress without requiring a physical presence have an advantage over those who can not.
I live near the office and frequently collaborate with my manager, so most days I make the trip in. Sometimes when I need to focus on a project, or work with a remote time zone, I’ll commute to the home office. I have been with Cisco for over five years, now. I spent one of those years in New York, and my tenure here would have been much shorter without the flexibility to telecommute.