Email Me
Musings for the Week of December 17
|
Email Me |
Musings for the Week of December 17
These are my musings for the week. Pull up a keyboard or mouse,
|
|
|
|
|
|
|
Monday, December 18 - As the World Spins Drunkenly...
Monday again... why can't we get together a petition to impeach Mondays? Just do away with them entirely?
Of course, then we'd all hate Tuesday...
Anyway, new column is up. Enjoy. It'd have been up yesterday, but my editor (me), publisher (myself), and I had a bunch of problems to knock out of it. I'm still not entirely happy with it, but it's much better than it was. And now it's back to work; I'm hip-deep in alligators right now, and they're all looking a little hungry. I may be back later, or I may not. We'll see...
Monday, December 18 - Later, Helpdesk Redux
I don't usually publish email, but John Doucette made an excellent point that I missed in this week's column on Helpdesk Management. Go read his email first, then my response below:
Excellent point. I use a slightly different method that's worked well for me, but then my helpdesk environments have all been fairly small offices with only a few technicians, usually with only one person "on shift" at any given time other than peak times. For that matter, the external helpdesk for iTOOL/Zanova used this method, but I wasn't directly responsible for it, so although I noted their method I somehow missed making the connection.
My method is to keep an extensive database of tickets, categorized as carefully as possible, with complete descriptions and notes by the administrators who handled the problem. Problem one is getting the admins to get into the habit of keeping those notes complete, but that's a fairly straightforward training issue. A good search engine (for this purpose I like either IIS/Index Server or a database and dynamic queries or stored procedures) helps find problems and solutions quickly, and as each administrator comes on-shift they see a summary page of tickets that have been submitted in the last 24 hours, both closed tickets and open tickets. Ideally, this allows communication at a level close to what you achieve by putting all the administrators in one room, but with the advantage that the administrators don't have to be together at the same time - the midnight-to-eight-am admins get the benefit of the eight-to-four admins, too. Of course, the reality is the communication isn't likely to get that high or stay at that level, but that's the ideal situation.
In any event, that's a good possible solution. I'll keep it in mind for the future.
I suppose now I need to think of a method of updating the column to contain the new thoughts... hrm. Tomorrow.
My day has been spent working on Windows 2000 servers for the office; the new software build server is a dual-700 Mhz PIII server, based on an IBM NetFinity 4500R server, with 2 GB of RAM and 130GB of SCSI disk space in a RAID5 array. The server's running Windows 2000 Advanced Server, and I turned it over to the other admin today to have the compiler and other build software installed on it. With the arrival of this system, one of the original servers for the office has finally off-loaded the last of its development duties; the engineers in the office are eager to put new tasks on it, but I'm being stubborn and cranky. That server is the print server for both floors of the office, the DHCP server for the entire local network, and is slated to be the backup server as well. I will not let the developers put anything else on that machine; one small "oops" and we lose our entire infrastructure, and it's not the developers who'd have to fix it...
In political news, I watched an interview tonight with Janet Reno on NBC. Interesting; it's easy to protest and complain about her actions as Attorney General, and forget that there's a 62-year-old woman in that office, working through Parkinson's and a LOT of public criticism. Perhaps she's simply an excellent actor, but I personally got the impression that she at least believes she's doing the right things. I disagree with many of those things, but at least she seems to be doing them from conviction rather than as a political play. As someone might have said, "they may be an SOB, but at least they're a sincere SOB." A few interesting comments on Waco, too.
And in the same episode of Nightline, observed between pages of a book, they did a profile of a British camera-surveillance system in London that matches faces in the crowd with a stored database of former criminals, "in case they've gone back to their old tricks". The system's running in London, but it's made by an American company, and there are rumors online of high-level interest in American law enforcement. Heck, why not just put a camera in every room of every house; after all, as quoted on TV, "if you've got nothing to hide then you shouldn't be worried".
So I guess I must have something to hide, they said so...
Tuesday, December 19 - Once More Into the Visio, My Friends
It's been a whole three months since I redesigned the home network, and, well, we can't have that, now can we? After my post last night, I got to thinking about the network design I have at home; although not bad for what I had to work with at the time, I've got a little more hardware now and a slightly different scope on things, so it's time to make some changes. This way please, hardhat area, if you trip on construction materials and kill yourself, it's your own fault...
Anyway, here's the game plan; PLUTO remains as-is, with the exception that I'll add another NIC; that's no problem, I have one around somewhere, I'm sure. However, I want to rebuild the OS on that box; there are some tweaks I've been planning to make, and although I *could* go through and make them manually, that's not the optimum solution; there's enough cruft on there from the original RedHat install that I'm not entirely sure what's on the box, even if none of the extra daemons and programs are running; I'd just as soon remove them and be done with it.
So instead, I'll start by rebuilding BRIGID. This box was originally intended as a firewall/router/VPN node for Keri's grandfather, but it isn't going to be needed; so instead, I'll leave the two NICs in temporarily, and build the box as a duplicate of PLUTO. Then I can swap PLUTO out for its makeover without disturbing the rest of the network. PLUTO will get loaded up with SuSe 7.0, just a bare-bones text-only system; essentially the kernel and essential system daemons, SSH, FreeS/WAN for VPN connectivity, and BIND 9. For the time being, BIND will be completely configured but only serving the inside network, but after the move to Seattle, that will change; I'm planning on DSL with at least 2 IPs, and when that comes online I'll host my own nameservers. Not that CentralInfo.net hasn't worked, but, well... they haven't worked very well. I'll leave a third nameserver (NS3) pointing to CentralInfo, and that will be enough. The second change involves the new NIC in PLUTO; ETH0 will be the outside interface, ETH1 the DMZ, and ETH2 the LAN. The DMZ is where the servers will be, and where all inbound traffic will be sent, if it's allowed at all. Similarly, the DMZ will not be able to send traffic into the LAN. Even if one of the servers is compromised, hopefully it'll keep the attacker out of the LAN.
Inside the DMZ, FORTYTWO will stay much as it is right now; I may not even bother changing the OS. The current Mandrake 7.1 install is working fine - why mess with it? If I do decide on the makeover, BRIGID will have Apache and CommuniGate installed and configured, and moved into place during the makeover; then when FORTYTWO s ready, BRIGID will be remade for the last time, to become HERMES. HERMES will be the main mailserver; however, lower-priority DNS records will act as failovers for both web and email; if HERMES is down, FORTYTWO will take over email, while HERMES will serve web pages if FORTYTWO is down. A few key-based authentications for scp and a pair of cron jobs will keep web and email content synchronized. (Sometimes I think my life is becoming one big shell/Perl script...) ANYA and THOTH, the laptop, will stay pretty much as they are, except that I'm going to kill the DHCP server; it served its purpose well for a while, but there's no longer any need for it since I rarely take my work laptop home anymore. As for ATHENA, well, that's not the box at home called ATHENA; that ATHENA will be renamed BRIGID and will go to Keri's uncle's family as a firewall and router. ATHENA is my new workstation, planned for sometime before the heat death of the Universe.
You'll note the presense of another server in the DMZ, MINERVA. MINERVA is a bit of a wildcard; I'm not really sure what it will be, just some vague notions. It may end up in the LAN, it may end up being combined with an existing server... I'm not sure. I've been doing a substantial amount of playing with MisterHouse, a Perl and X10-based home automation program. Actually, that's selling it short; it's a whole suite of tools and programs, including voice recognition and the ability to interface with far more than simply X10 devices. I've always wanted a Minerva/Athena/Dora (from Heinlein's Lazarus Long series) or, alternatively, Star Svensdotter's Archy (from Dana Stabenow's "Second Star"). It's not possible yet; it may never be; but I think I could create an unreasonable facsimile from MisterHouse, with the right scripting (there's that word again) and some careful thought. The hardware for it need not be great, although for the capabilities I'm thinking of it will need sound and graphics abilities. That will require more thinking...
And now, I've got to finish cleaning my cubical. Yes, that's right; clean it. I have no choice, a couple of the Big Bosses are coming in tomorrow, and Siebel has incredibly unreasonable notions of how a sysadmin's work area should look.
Wednesday, December 20 - Politics
I was reading the news this morning, noting with annoyance yet another raft of amendments tacked onto the final spending bill, when I came across a couple of references to H.R. 46. This is a bill that originally just created a class of medals to be awarded to police officers. No big deal, right? Well, our good ol' freedom-loving pal Senator Hatch created an Amendment. What's in the Amendment? The text of the amendment and an analysis of it is available at the link I posted there, but briefly, the amendment does the following:
Expands wiretapping to include "wire, oral, and electronic communications" of those suspected of computer fraud or abuse. As the analysis notes, we've come a long way from the initial planned use of wiretapping for serious crimes like treason, murder, kidnapping, and so on - crimes that were considered serious enough to warrant possible violations of civil rights, if it were the only way to catch the criminal.
Provide extra punishments for criminals who use encryption. I can't really comment on that; it goes in the same category as the "if you've got nothing to hide..." argument. All I can think to do for such people who believe that is kind and humane treatment by licensed mental health professionals.
Federalize juvenile computer crime cases. This one I can't figure out - how does it benefit the juvenile offender, the victims of the crime, or the court system to move these cases and only these cases from state court to federal court? What possible motive is there?
Now, the amendment itself angers me. It violates the spirit of the Fourth Amendment, it expands the ability of the government to invade the privacy of law-abiding citizens without really doing much to improve the government's ability to prevent crime, and above all, it's stupid. Does Senator Hatch really think he knows how to prevent or punish computer crime? If so, what are his qualifications?
Senator Hatch angers me, too; I mentioned the other day that although I disagree with Janet Reno, I can at least respect her; she seems to be sincere, and has for the most part openly stated her positions and reasoning. I can't say the same for Senator Hatch; he's trying to slip things by as amendments to "safe" bills. Why? If it's good for the public and the nation, why hide it? Why keep it a secret? Isn't he proud of his efforts to protect society? What is he trying to do that must be kept hidden from the very people he's trying to protect? Are we children, such that we must be protected and shielded without our knowledge? No, not according to the Constitution Mr. Hatch claims to serve. Is there some horrific evil that will defeat or damage us if it learns of the provisions of this amendment before it's passed? If so, it's escaped my attention - perhaps the Senator would care to explain it to me? Let's ask...
I don't think you can answer that question to my satisfaction. From the text of the amendment, which I have read in full, I think it is clear what your actions and your intentions are; and your actions as spelled out in that document make you no better than a common thief. Indeed, they make you worse, for while a petty thief may steal gold, you steal rights and freedom and privacy, which cannot be compensated for with gold. You may believe you are doing it to prevent crime; but surely, crime prevention is something of interest to the majority of the people in the United States, and in your own home state of Utah - so why must it be hidden? You may believe these provisions make it easier to find and punish criminals - in reality, Senator, the people you seem to be trying to catch, the truly damaging criminals, will never be caught with these provisions, and in the meantime, you will do incredible damage to the rights and freedoms of non-criminals, the people you are supposed to protect.
You may say that you, as a United States Senator, are in a position where you know better than we what is needed, and so you really are trying to serve us, but criminals and misguided people will create problems if this Amendment's provisions are made public. Senator, to many that argument may make sense, it may seem like a valid point - but Senator, you are wrong. The outcry against unpopular legislation is not the ranting of the criminal and the misguided, it is the voice of the people you are supposed to represent. To all appearances, you have forgotten that; you have forgotten that you are not a Senator to serve God, or the President, or to punish the wicked; you are a United States Senator to serve the People, all of them, not just the ones who think as you do.
I once heard someone suggesting that we limit government in the following way; we the people elect local officials, first. Then we elect our state representatives, by selecting as candidates those local officials we have already elected. Same for the state executives; governors selected by general election from the state's mayors. Federal government selected from state governments, also by general election. And while these elected officials serve in Washington, while they are working on federal legislation, they cannot be working on state legislation. While they are working on state legislation, they cannot be working on local legislation. And so on.
That's a good start, but it's imperfect. Better, I think, is to continue with the current system of elections - but to make five changes. Number one, eliminate all campaign contributions, federal, state, and local. We all complain about politicians being beholden to their contributors - very well, eliminate the contributors. Make the full financial records of elected officials public, too; let's invade their privacy as they would invade ours. Number two, limit the staffs of all officials; congressional representatives and senators to have no more than three full-time staff members, at least two of which must be residents of their district or state. Let those who represent us spend more time doing so, and less time raising the money they can't have anymore, anyway. Number three, require ironclad sunset clauses in every federal law; four years after enacting new legislation, that legislation will expire. You cannot simply renew legislation; you have to replace it. If the federal statute on murder expires, you must replace it with a new one, you can't simply reinstate the old. This requirement is retroactive, with all laws more than three years old expiring one year from the start date, all other laws expiring on their expiration date had this legislation been in place at time of passage. Number four, all federal departments - the FBI, the Treasury, NASA, the Pentagon - must have a size limit of no more than one-third of their current size. In addition, each department must offer a referendum, to be voted on in general election, justifying their existence. Failure to do so, or failure of the referendum, results in the abolition of the department. Congress may replace the department in regular session, but no employee or director of the original department may be retained, and the newly-created department's first referendum must take place in the next general election. Finally, Number Five, salaries for elected officials from the treasury are abolished; in their place, representatives receive payment according to the vote of the people of their district at the time of their election, from the funds of the treasury of their district or state. Citizens may vote for salary increases during the representative's term of office, but successive representatives may not inherit the salary of their predecessors.
Extreme? You betcha. But take a few minutes and think about what our government would be like. No more frivolous laws; too busy creating and implementing the truly necessary ones. No more parasitic politicians; serving as representative was originally intended to be a sacrifice, something to be done out of a sense of duty. Any truly bad laws go away, without the need to repeal it. No more bloated government offices. Perfect? No. There ain't no such animal; so long as we're talking about human society, government will continue to be human - noisy, somewhat foolish, inefficient, occaisionally cruel, and always imperfect.
But it's a start.
John,
There we go. It's a little cluttered, click the thumbnail to take a closer look; it's only about 17k, not bad at all.
Expands federal asset forfeiture by including computer-related crimes, and allows for the siezure of all personal property used to commit or to facilitate committing a computer crime. Oh yes, and they can do this on suspicion of the offense - no need for formal charges, much less get a conviction. What constitutes suspicion? I was once accused of being "a hacker" because I traced an attack on my network back to a certain address, and scanned it looking for information on the attack. Does that mean the cops can now sieze my computers, all computer-related books and papers, notes, and so on? By a strict reading of the bill, yes.
Senator, I am a citizen of this country. I am a registered voter in the state of Arizona. I am an adult citizen not invalidated by age, infirmity, or criminal conviction. I am a member of the people of the United States of America, one of those you are supposed to be in power to represent, to serve, and to protect, and I want to know - why are you hiding things from me, Senator? Are these the actions of an honest man, of a good man, of a protector of the people? No sir, they are not. So explain it to me; what horrific battle are fighting for us, that requires you to sneak and to skulk like a lying thief or murderer?