Tag: Unix

Bash or ShellShock!

Bash!

Sounds like something out of Batman.

This however is no lighthearted matter.

Bash is a UNIX shell that has been exploited in a most dangerous manner.  Shellshock, a program “virus” written to take advantage of a Bug in Bash could be used to take over millions of computers world-wide.

I talk a lot about anti-virus software and why you should really buy the best that you can but, still, “day in and day out” I get computers that are infected with tens of hundreds of viruses.

“Free anti-virus software is not worth what you pay for it!”

Free software is not taken care of remotely as well as that which companies that take in revenue can afford programmers to keep on top of it.  Using free is foolhardy at best; and dangerous at worst.   Why?

Let’s say that your computer becomes infected but, not to the point to stop you from working with it, maybe it just slows it down a little.

Meanwhile, lurking within the bits and bites of software there is a Trojan waiting to be activated from some nefarious ne’er do well.  This person or people could use yours and millions of other computers to simultaneously attack systems in other countries, our country, and so forth.  They might target government systems or air traffic systems etc.  With so many computers attacking a system, it would most certainly bring it down.

My argument that I am trying to make here is this.  Every day we hear of new virus’s that are being released or discovered.  Using the “best” anti-virus software is not only a good idea for you but, it is also patriotic in that you really don’t want your computer to be attacking some government server.

Practice safe computing, use good anti-virus software and pay attention to your computer if it starts acting “wonky!”

Yes, “Wonky” is a technical term.. Ok, maybe not but, you know what I mean.

A trick that I do is run the little widgets that come with Windows 7 and 8 that display memory usage and CPU usage.  When your computer boots from a fresh installation take note at where those needles are setting during normal usage.  This is much like the gauges on your car.  When you are going down the road, you know where the temp gauge should be and where the RPM, voltage etc should be.  When they are acting “wonky” (not in their usual spot) you get it looked at.  Your PC is no different.

“Shellshock” is particularly dangerous in that it affects UNIX systems, Mac’s and even Smartphone’s that use the Android operating system.

A lot of servers run UNIX; this might explain the recent hacks pulled off against Home Depot, and nude pictures of celebrities being taken from their personal accounts on “The “Cloud.”

Some of these programs can go un-noticed and sit idle for years before someone notices them.  Generally when some “hack” is perpetrated than “White Hat Hackers” are called in to find out how.  Forensic computer guru’s who know what each and every little file in a UNIX system is for example, and what it should look like, size and usage, might be called in to see; “what is wrong with this picture.”

The days when your Mac and your Linux / UNIX system were relatively safe are gone.

Do your backups and test them.  No backup is complete until you test your backup!  Make certain that your anti-virus software is of good quality, and up-to-date.

 “Which is the best”

I know, I beat you to the punch.

First off, I buy my entire anti-virus software’s full price and am not in bed with anyone!

I have many different flavors as there is no silver bullet.

I use Esetnode 32 on my main system and, I use Trend Micro on my backup system.  I also use Norton on my laptop although I have seen way too many machines which run Norton infected.

As far as mobile and iPad and iPhone, I use Trend Mobile.

Having said this, please understand that there is no warranty expressed or implied by this blog.  For legal-ease, you should consider this and all my blogs “entertainment.”  There are no warranties of usability or anything else.

Isn’t it simply pitiful that we live in such a litigious world that disclaimers have to be put on “blogs?”

All opinions here are my own, unless otherwise stated.

Now go take on the day!

-Best

Windows 8 First Glance

Windows 8

Even as management, I still enjoy messing with new technology.  If there is a new gadget I must at least see it, but most probably have it.

Having said that I have a lab at the house with different Pc’s Routers and such that I mess with as time permits.  As time was running out to get a “cheap” copy of Windows 8 pro to evaluate, I bought one to put on a PC that was sporting “Vista.”

While I would compare Vista to ME as in the “not very well thought out” category, I have been happy with Windows 7 and 8 seems to be on equal footing.  I have installed 7 on several PC’s which were at their end of life cycle as they were dog slow with XP.  Windows 7 makes them viable once again.

Pro’s: runs well on 2 gig or ram with a 2.8ghz processor.  Machine indexed at 5.4 because the video card rates a 3.5.   All in all, the machine is responsive.  Windows defender is included but I am not sure how that compares to Eset Node 32.  My hunch is not to well.

Cons: One of the secrets of Microsoft’s success is its GUI.  Once you get the basics of “start and find the program” even the slowest grandmother can be sending e-mails in no time. 8 has the e-mail icon on the start page so that might even be better. Intuitive software is key to their success story.

After a few moments of playing with it, I had no issue doing what ever I wanted to do.  That is me; someone who can install UNIX and mess with it.  Since I have been doing this since DOS was 1.0 and before Good old Al invented the Internet (cough), I cannot judge adequately how others will perceive it.  It looks as though it would do well with a touch screen device.

Huge Con:  I added some memory to the machine and 8 promptly crashed.  It went into a loop of trying to repair itself and crashed again and again.  It would not even boot in safe mode.  With all of the normal tricks tried, I re-loaded 8 from scratch as it would not even let me repair it.

I am not sure if the additional memory which came from Crucial http://www.crucial.com/  has issues but, I had to remove it before I could even get the PC to go into the defective loop.  The Bios recognized the extra memory but, the machine did not like something about it.

I have used Crucial for years and have promoted them as their hardware scanner works well for the non-techie person and even for someone like me.  Anything to make life a little easier deserves to be supported.

As your mileage may vary, I would be interested in hearing your thoughts and experience with 8.

-Best to you and those that you care about.Image

Information Technology then and now

Information Technology then and now.

Having started in this industry when IBM Selectrics were the only game in town, I have seen many things come to pass.  I have witnessed the end of Greg Shorthand to dictating equipment to word processors and finally executives typing out their own letters and e-mails.

Back not so long ago an executive would dictate a letter to a secretary who would go type it up and return it to his inbox for his approval.  During this process he would change something and she would once again type it up and return it to his inbox.  This process could take the entire day to generate one letter.

The dictation machine came about; and the secretary with Greg shorthand know how, turned into a secretarial pool where somewhere in a smoke-filled room several typists, typed letters and submitted them in similar fashion.  The letter would be accompanied by the tape or in the early days a “dictabelt” or even a wax cylinder.

In the late 70s the word processor came about in the form of a typewriter that could save the keystrokes to a magnetic card.  When the letter came back for revisions the card would be placed into the slot on this huge box that sat on the floor next to the typewriter and the typist would hit “play” and the typewriter would come to life regurgitating the keystrokes until she got to the part that needed to be changed.

It wasn’t too long after that the true word processor was born in that there was a green screen and one typed much like I am doing now.  Editing was not near as simple as this, but it was a huge step up from the manual typewriter.

Before Bill Gates and Steve Job were household names, Xerox, IBM, and Burroughs, not to forget Unisys, Pitney Bows, and Wang, were the big boys.

No one expected that college kids in a garage with a rudimentary understanding of business would revolutionize the world with what we have today.

I met Steve Jobs while working for a company that had one of his creations for computers.  The NEXT computer which was a UNIX based computer that had a GUI that was semi user-friendly. The cases to these computers for whatever reason were crafted from magnesium and shaped like a pizza box or a Borg Cube however; the wiring of them regarding the keyboard and mouse are very similar to what apple is today.  Little did I appreciate at the time the man who started out his career as a techno-criminal by phone freaking, would be responsible for my Smartphone and my beloved iPad. For this alone I am eternally grateful.

As technology is an ever changing target the personnel also have to be malleable and willing to learn, grow and in some cases leave.

After I placed a pc on one secretaries desk and after she had been to training I walked by her one day to see her making a spreadsheet with a ruler and paper.  The PC and Lotus and the secretary were not working well together.

Technology is one part of the equation when it comes to business.  Finding and keeping the proper people is a challenge that can make any CEO’s head spin.

Through the years a niche market evolved from the early days of Novell.  Novell was one of the leading networking companies long before Bill Gates came up with a server OS.  I have worked with their products since ver 1.X.

Novell made a good name for itself early on.  They came up with the idea to “certify” hardware for their product.  The manufacturers of hardware would submit their hardware to Novell and pay them to evaluate their hardware and then put the “Novell stamp of approval” on it, which of course drove the price of their equipment up and made their equipment more in demand.

It wasn’t long after that, they came up with the idea of “certifying” people.  This certification process begat a whole new industry across the entire technological spectrum; the training and testing and certifying of people.

The problems with this are many, and the industry is fraught with deception.  Many people can take a test but cannot physically do the job.  Technology is forever changing which requires ongoing certification classes or CEC.  The cost is very high and the certification may be short-lived.

It did not take me long as I started making my way through the classes and certification process to figure out that this was simply a way for Novell and others to make yet more money.  In fact today there are certifications for damned near anything and everything.  The industry standard as a whole is some sort of certification.

While this may give a hiring manager some quantitative measuring stick to know if John Doe is who he wants to hire as a technologist; myself as a hiring manager, I can tell you that certifications were the last thing that I looked at.  As I worked my way up from the lowly support person to Director Level, I could and can speak intelligently about technology and I can tell if someone is full of….well crap.

The classes and certifications are so expensive that very few people will invest their own money to get them.  That means that some company paid for them.  Again as technology changes the weight of their certification looses validity much like a new car looses value, once you drive it off the showroom floor or in the case of technology, the next day.

Years ago I interviewed for company for a project management position.  I could talk about projects and milestones and task and deliverables all day long; without that certification this guy was not interested. My guess is that he had no idea what a project manager was and the certification was the thing that would do his job for him.  Keep in mind that I had been doing this before there was a class and the PMP certification did not exists.  I could in fact write a book on it.  I was doing this before Microsoft ever thought of MS Project.

When I hired project managers I would ask them to tell me about a project that they had done and I would look for certain details.  The certification was superfluous to me.  Can they do the job? Can they tell me how they can tell  the health of their project. Can they articulate themselves well, verbally as well as in writing? Do they work well with others?

Personnel can make or break a company.  As a troubleshooter not only do I have to determine if the technology is the right fit for the business but, I often have to figure out if this person is the best fit for this position at that company. The problems are indicative of the industry.  As the technology increases or evolves the personnel must change with it, and in fact embrace change because that is what this industry is, “change”.   Information technology is a very fluid dynamic field.  Unlike history or geology, computer science changes with the next program or hardware modification.

One of the issues that I see often is that the higher up the food chain, the more the person in that position does not fit.  When one gets up into the management area where titles are involved, the duties and responsibilities seem blurred.  When there is a failure, the high up individual always seems to have a way to have a subordinate fall on their sword rather than owning up to the fact the he or she is at fault and may need training, be repositioned within the organization or retire.  I knew this as the “Peter Principle.” Simply stated, as one stays within a company long enough he or she is promoted to a place where they can no longer function, as their skill set or intelligence is lacking.

One way to flesh this out is to insist on a root cause analysis of the failure.  Truthfully this should be done every time that there is a failure so future failures can be avoided.  Obtaining clients is an uphill battle, loosing them over an unnecessary screw up is simply not acceptable.

Too seldom will one ever see a CIO take responsibility for his lack of knowledge or forethought as his own ego will not permit him or her admit that, they may be the problem.

Teaching people to own their mess ups is something that we have lost with this new generation of kids coming fresh out of college and expecting a corner office.

I have worked for many CIO’s that were more interested in the bottom line than their job.  My guess is that their boss had incented them to save money so their actions were predicated on not what is best for the company necessarily but what do I have to do to meet my budget or come in under; so I get my bonus.  This is often done at the expense of the company and or personnel.  So in that light, I have decided to define what a CIO is.  See how closely this matches how you define your CIO or if you are one, does this fit?

One of the CIO’s that I know about did not even have a computer at home and when PDA’s were making the scene and everyone had one, he still used a pocket notebook.  This man was the very personification of Scrooge and had no business in that position, but like his boss they were both cheap to a fault and would look for ways to save a dime while costing the company thousands of dollars in lost productivity.  Why, lost productivity is not quantifiable if they never recognized it in the first place.  If on the other hand they had it and one removed it, than they would understand; much like cutting the internet off after they had incorporated it into their business model. This is a serious lack of vision.

So here is my definition of what a CIO is.

A Chief Information Officer (CIO) is responsible for providing the leadership, management and strategic technological direction that will enable the company to achieve its business objectives in a competitive environment. The CIO drives technology enabled innovation to improve the company’s performance and competitive advantage. The CIO champions innovation initiatives through a demonstrated ability to creatively apply emerging technologies to mature business processes in order to improve business performance. The CIO must strengthen the company’s core enterprise technological capabilities and leverage the expertise of third party suppliers and partners. The CIO should work closely with customers, partners, colleagues and other stakeholders to identify and maximize innovative opportunities to use technology to improve business processes and optimize performance.

While having a keen understanding of the business, the CIO should be able to sell his or her ideas to the board of directors, CEO and CFO explaining what the ROI is as well as the TCO.

In short the CIO must be a well-informed technologist with a good understanding of the business model as well as others in that industry and must be plugged into what is current and emerging in the market place to know when and what to explore.

In 30 years of Information Technology I have known one such person.  The rest were neither capable nor qualified to be where they were, they simply had good people around them or they were there because they knew someone.  While there is something to be said for surrounding yourself with people smarter than you are, the sad truth is if they are doing your job, than they are not doing theirs.

We live in an ever evolving world where technology is involved.  There is a term called LOAR.  LOAR stands for Law of Accelerated Returns.  Technology does not evolve linearly; in fact it evolves logarithmically meaning that it builds upon itself.  In the early 80’s we had a CPU that ran at 4.7 MHz and now 33 short years later we have laptops with multiple core CPU’s running 3 or more Gigahertz or GHz!  The technology in our smart phone is far superior to all of the technology that went to the moon in the 60’s!  In a few years your computer or smart phone may guess what you want to look up or what you want to do and start the process before you tell it to.  Advances in the next few years will be amazing and frightening at the same time; there is no going back.  Much like Pandora, once the box is opened we deal with what comes out.

One of the things that I happen to be very good at is going into a company which is having some sort of issues and fixing it.

As a troubleshooter, I often have to go into a company and look at how they are doing business.  What is their infrastructure like?  Were best practice standards followed then and now?  Is there a living document that defines all that is? Has someone like a programmer, been promoted into some management role when they have little or no management expertise?  (That is a common one)  What does your disaster recovery plan look like?  When was it last tested?

This is a very small example of the things that I look for.  When my deliverable (report) is examined by the principles of the company there is often to borrow a term from Bush II “shock and aw”.

Few CEO’s have any idea how tenuous a foundation that their data center is built on. Why, because they trust their CIO and ignorance is bliss.  Even the most astute CIO should have his data center, processes and procedures, looked over by an outside entity that has no dog in the fight.  An outside firm simply looks at what you are doing, how and why and balances that against best practice techniques.  These things often turn up in disaster recovery exercises which turn out to be a lot of ad-hoc work.  The company is better for it and it gives them some metric to measure their staff against.

While the word “Audit” dredges up some scary moments and thoughts the CEO should demand it!

The odds are good that the CEO and above consider information technology a necessary evil.  While it is most likely a cost center, the principles of the company would be wise to understand that without it for three days, the company may very well cease to exist! The marriage of technology and business is here to stay.  While the romanticized idea of a young pretty secretary taking short hand has some appeal, those days like the typewriter are gone.  With the evolution of sexual harassment rules and the overly litigious nature of things today, this is probably not a bad thing.   CEO’s should look at technology and those who maintain it as partners, because they are.

-Best