The trouble with cyberwar

The first time I read his opinion on cyberwar, I thought Bruce Schneier was going soft:

If we frame this discussion as a war discussion, then what you do when there’s a threat of war is you call in the military and you get military solutions. You get lockdown; you get an enemy that needs to be subdued. If you think about these threats in terms of crime, you get police solutions. And as we have this debate, not just on stage, but in the country, the way we frame it, the way we talk about it; the way the headlines read, determine what sort of solutions we want, make us feel better. http://www.schneier.com/blog/archives/2010/10/me_on_cyberwar.html

What he was essentially stating was that it is dangerous to frame our current struggle in terms of war. Initially, I very much disagreed, considering the agencies and utilities that are being cracked. But consider carefully the second half of his argument:

And so the threat of cyberwar is being grossly exaggerated and I think it’s being done for a reason. This is a power grab by government. What Mike McConnell didn’t mention is that grossly exaggerating a threat of cyberwar is incredibly profitable.

Uh oh. Now this is the kind of threat every citizen should take seriously. Would we have had a Cold War if we hadn’t had a Military-Industrial Complex? Good question, but the fact is we now do have an entrenched MIC. And it’s hungry. And will be fed.

Noah Shachtman makes a compelling case in his Washington Post article, “A crime wave in cyberspace,”
(http://www.washingtonpost.com/opinions/a-crime-wave-in-cyberspace/2011/07/21/gIQAYfbIUI_story.html)
that the major events online are criminal, and that the major players are few, and well-known. That makes taking effective action simple. (Definitely read the article.)

The only question is, why not do it that way? What motivation could our (political) leaders have for “building the mystery?” I hope Schneier isn’t right.

Virtualization with VMware Vsphere and View

C63136, VMware, vSphere View Design & Implementation, Section FZ1

Text

VMware Vsphere Design, Sybex

Objectives

To gain an introductory working knowledge of VMware virtualization, and clustering and VDI management applications including vCenter Server and View.

Course Outline

Day 1

Discuss virtualization and hypervisors

VMware Workstation vs. ESX vs. ESXi

The VMware stack:

Vcenter

Vsphere Client

Vcenter Converter

VMware Tools

View

View Agent

View Client

Hands On:

Register with VMware.com, download and install Vsphere Client.

Download and install ESXi on a physical host; use DCUI

Day 2

Using Vsphere Client

Managing and configuring the physical host (32)

Creating, managing, converting and configuring virtual machines (35)

Hands On:

Download and install Vcenter Server

Hardware requirements (50)

Vcenter design considerations

Types of virtualization (92)

Day 3

Networking (119)

Physical net

Virtual networking and vSwitches

Virtual Distributed Switches (VDSs)

Storage (145)

VM provisioning

Day 4

Building virtual machines (189)

VM storage

Clones, templates, vApps (224)

Hands On:

Build and prepare Windows XP and/or Windows 7 VDI VMs

Day 5

Datacenter design (237)

Affinity rules (251)

Hands On:

Download and install View, View Agent, View Client

Optimize VDI VMs

Day 6

Provisioning desktops with View

 

Resources

http://www.cio.com/article/686255/How_Desktop_Virtualization_Can_Help_IT_Manage_Consumer_Devices?page=1&taxonomyId=3112

http://www.computerweekly.com/Articles/2011/07/18/247308/Over-a-third-of-enterprise-servers-virtual-claims-virtualisation-penetration.htm

Corporate firewall a PITA? Here’s how to dodge it; Or, How to Get Your Business Hacked

Yeah, you can get designs for bombs on the Internet, too. Why should I be surprised that Wired magazine has a whole series of recipes for getting around that onerous corporate firewall at
http://howto.wired.com/wiki/Access_Blocked_Sites .

Find a public proxy, or if those are blocked, set up port forwarding, or set up a simple web proxy on your ISP account, or ….

Except that you are providing your computer as what we in networking call a “gateway” between the external Internet and your corporate network. And if you are doing this you are either a cracker, and deliberately malicious, or an idiot, and deserve to be fired and prosecuted. Because you are giving every hacker in the world a view into confidential, proprietary information.

So don’t be an idiot. But do watch out for people doing this.

(Thanks to the ever-present observer and tipster Herbbie.)

Prepping a Virtualization Lab

When the brilliant Denny Valliant and I were running the NewMexicoKids.org website for the State of New Mexico, it was a Coldfusion operation comprising a huge body of resources. And it was a vast resource hog. Keeping a single server instance up and running proved eventually to be impossible, particularly since numerous Chinese IP addresses seemed intent on penetrating by any possible means, nonstop, day and night.

We implemented a failover system using a Heartbeat script operation and a bastion host pair, turning one machine into five, including the data store server. It was nuts.

So we moved to a VMware implementation, ESX 3 at that time, and turned three strong 2U rack servers into virtual hosts. Each host proved capable of handling up to six virtual machines at a time, which was truly impressive. And this let us take advantage of some Java/Coldfusion clustering applications. It was an eye-opening experience. Suddenly a server failure simply was not such a big deal. Apache sticky sessions kept login sessions on one server, but if it failed, the user could simply log in again and be back up and running with no data loss. MySQL replication kept two data stores (at least) on line at all times. The physical hosts proved to be made of cast iron in this scenario, since the simple hypervisor they were running hardly ever needed attention.

Since them I and that site have moved on, but I am still deeply involved in cloud and virtualized computing. Recently I’ve been building out a set of machines to serve as a lab for a potential virtualization seminar — which hasn’t been easy.

First, I needed a 64-bit host machine with lots of RAM, one that was capable of running VMware ESXi 4, the latest version. This is no trivial requirement: several machines I tried simply could not run ESXi (which, by the way, my wife took one look at and promptly dubbed “E-sexy”). Finally, after careful consulting of the HCL, I bought an older AMD 64 dual-core, dual-processor 1U rackmount server with 8 GB RAM. Voila, my ESXi host. With only 8 GB RAM on the server, I wanted to reserve it exclusively for VMs for vCenter and vSphere to manage.

Then, for a very simple management interface, I needed a Windows machine to run the vSphere Client, available from VMware on a trial basis. This is no problem, though support for other OSs is slim to none. This machine, a Windows XP or 7 workstation with vCenter Client installed, is optional but very handy.

For more complex management, a domain controller is mandatory. The domain controller is a resource hog, so I wanted it to be a physical machine. Essentially any current version of Windows Server will do the trick. It must run AD and DNS, of course. I put together an AMD 64 machine with 4 GB RAM, and loaded it with Win Server 2008 and VMware Player so I could run other VMs, such as BackTrack.

Next, for the big management operation, I downloaded vCenter Server, which is the management operation that can move VMs between hosts to balance loads, as well as applying policies and reinstantiating VMs if they fail. And the vCenter Server also devours 3 GB RAM, so likewise I wanted it to be a separate physical host. This became a game of Catch-22: You must install on a 64-bit version of Windows, but not Vista. XP and 7 are OK. Also, vCenter Server won’t install on a domain controller, so this must be a different machine from the one above. But finally, I put together a Win Server 2003 Enterprise machine, AMD 64 again, 4 GB RAM again, and downloaded and installed vCenter Server. Done!

I’ll be moving forward with building out the lab and a curriculum for basic virtualization implementation. Beyond that, I’ll start working on a VMware View virtual desktop infrastructure, and a class for that as well.

Interested? Got questions? Want something different, like virtualization on your workstation? Drop me a line using the Contact Me link on the left.

How do you break into web development?

My students ask me: What programming language should I learn? What do I need to break into web development? Where’s the hot demand?

I usually ask them if they’ve already made a religious choice in terms of languages or platforms. If they haven’t yet, here’s what I suggest as a first-hand observer of the Albuquerque IT market:

Think more in terms of running like mad to keep up with what the market demands.

There is lots of demand for XHTML, Javascript, PHP, Python, etc., and will be for a long time to come. Definitely learn to look at this stuff and understand what’s going on.

The hot areas are: heavy-duty web platforms like Joomla!, Plone and OpenWiki; much lighter-duty small-site platforms like ExpressionEngine and WordPress; and mobile device development.

You need to understand some amount of code to work with the last (mobile devices). There are two ways to do handheld development: learn Java (for Android) or ObjectiveC (for Mac iOS). This amounts to suffering and agony, unless you’re a hard-core propeller-head coder. Or do an emerging style of mobile development that treats it exactly like web app development: Javascript, XHTML, back-end PHP. This area is burning, burning hot, if you’re already an experienced coder.

Perhaps the more designer-oriented platforms are ExpressionEngine and WordPress. Both of them are easy, and you can get great functionality while devoting your energy to designing custom sites.These are a great place to start.

People who have been at the game a while tend to gravitate to one or another of the heavier-duty platforms. Check out my Content Management Systems Overview in my Courseware area for some details and comparisons. And of course CMSs aren’t the only game in town; custom coding in take-your-pick of programming languages remains in substantial demand.

Welcome to the party. Hope you have a good time!

Pete Herzog’s ABZs of Cybersecurity

Z is for “Zen”
Take a breath and relax. Being safe isn’t hard to do. It just takes some getting used to, like tying your shoes or riding on the back of a flying dragon, things you probably are close to mastering by now. So don’t get frustrated by it. Just get into the habit of doing it and while you won’t notice you’re doing it, it will always be there for you when you do need it.
-“The ABZs of Cybersecurity,” https://www.infosecisland.com/blogview/15036-The-ABZs-of-Cybersecurity.html

The hardest part of security is not implementing it; there are plenty of recipes for that. The hardest part is getting people to LET you implement security. “I can’t live without my WeatherBug!” they cry.

What I’m really talking about is security awareness, as is Pete Herzog above. Though I start you at the end of his discussion, you’ll find it a fascinating read from the beginning.

The thing I find crazy about this business is that its all about selling security: discussing benefits, making presentations, offering good arguments. But the truth is that without executive buy-in, all efforts toward security are for naught. So check out one of the best “salesmen” of cybersecurity I’ve ever known. Then send those critical people a link. Print it, and save it for your next opportunity.

Because doubtless it will come. The next crisis, after all, is only a click away.

 

 

Adobe, Apple, Disney Pixar, Google, Intel, Intuit, Genentech, and Lucasfilm executives conspire to limit the pay of their employees

The uber-rich have been speaking to us with a forked tongue, decrying “taxing the job creators” while secretly colluding to suppress the pay of non-executives, and placing no bounds on the allowable greed of the executive class.

Mark Gibbs, esteemed columnist with NetworkWorld, about made me vomit with this:

Consider, for example, the recent revelations that a handful of major Silicon Valley firms — Adobe, Apple, Disney Pixar, Google, Intel, Intuit, Genentech, and Lucasfilm — conspired to limit the salaries of their top employees.

No, not the salaries of the top executives … d’oh, that’ll never happen. No, I mean the salaries of senior technical people; the people creating core systems and software. ….

Now, it’s not as if this kind of collusion is something new. Oh no, these guys had been caught doing this kind of stuff before. In 2010 the Department of Justice settled with Apple Google, Adobe, Pixar, Intel, and Intuit over a deal that essentially added up to a “no poaching” agreement. The companies had agreed to not cold call each other’s staff with employment offers. And that agreement went back at least as far as 2005! ….

[J]ustice doesn’t apply to corporations such as Google, Apple, Pixar, et al. Nope, they’re pretty much saying the same thing: “Yep, we did it but we’re so big, you can’t do much about it.” And they’re adding silently, “neener, neener, neener.” ….

And if and when the new suit is settled how much compensation will all of those employees shortchanged by the collusion get? My bet is none or damn close to none.
(http://www.networkworld.com/columnists/2011/052311-backspin.html)

Now see The Register’s story “Adobe, Apple, Google hit by wage-fixing case”
(http://www.theregister.co.uk/2011/05/05/apple_google_intel_sued/):

Six of Silicon Valley’s largest companies have been named in a class action suit seeking compensation for anti-competitive employment practices to which the companies have already admitted.

Late last year the Department of Justice reached a settlement with Adobe, Apple, Google, Intel, Intuit, and Pixar to stop them continuing their “anti-competitive employee solicitation agreements”.

The secret deals dated back to 2005: senior executives at all six firms agreed not to poach each others’ staff and not to cold-call. The DoJ ruled this was anti-competitive and to the detriment of employees.

A class action case has been brought by Siddharth Hariharan, a software engineer who worked at LucasFilm from 2007 to 2008.

The case claims that Pixar and LucasFilm had three agreements on recruitment practices. Firstly, the two firms agreed not to cold-call. Secondly, if someone from Pixar applied for a job at LucasFilm, then LucasFilm would inform Pixar. And thirdly if either firm made a job offer, the rival company would not try to better that offer.

This is “collusion,” or in other venues “criminal conspiracy.” And this is overt evidence that there really IS class warfare going on: and the Greedy Rich (I don’t mean all rich people, just the Greedy Rich) are conspiring to keep the pay of working people down, enabling the thin, thin layer of Greedy Rich to sock away mega-multi-millions of dollars.

Gee, it’s nice to be clear about this.

Introduction to WordPress

Course/Class Number: 58231/35114

Class Title: 58231 WordPress: Beginning, Section SFA

0. Pre-flight

Create a folder on your computer for your website.

Set up a site in Dreamweaver, using that folder as your web root.

Definition: Web root or webroot: The folder that contains your website.

1. Get WordPress

Download the latest version:

http://wordpress.org/

2. Install WordPress

Unzip into your web root.

Edit wp-config.php

Username:

Password:

Database name:

Server:

http://codex.wordpress.org/Installing_WordPress

3. Understanding WordPress

http://codex.wordpress.org/Main_Page

http://codex.wordpress.org/First_Steps_With_WordPress

4. Posting

Writing and managing posts

http://codex.wordpress.org/Administration_Panels#Posts

http://codex.wordpress.org/Posts_Add_New_Screen

5. Categories

The critical organizational hierarchy of your site

http://codex.wordpress.org/Administration_Panels#Categories

6. Comments

Enabling and moderating comments

http://codex.wordpress.org/Administration_Panels#Comments_-_Reader_Feedback

http://codex.wordpress.org/Comments_Screen

7. Administration

Take a walk through the Administration panels and areas

Administration Screens: http://codex.wordpress.org/Administration_Panels

Administration Tasks: http://codex.wordpress.org/Administering_Your_Blog

8. Presentation (Themes)

The details of how your site looks

http://codex.wordpress.org/Administration_Panels#Appearance_-_Change_the_Look_of_your_Blog

http://codex.wordpress.org/Using_Themes

9. Plugins

http://wordpress.org/extend/plugins/