Category Archives: SysAdmin

The Ins and Outs of Opting and Privacy

There has been another rash of security and privacy issues by major internet companies. Actually it’s more of an ongoing issue than it is a recent outbreak. And much of the ongoing trouble is related to a poor understanding of “opt in” vs “opt out” methodologies, and some pretty poor business choices in that area.

Keep Out © by Aaron Jacobs

Google (GOOG) just announced that wireless network owners can no “opt out” from its Wi-Fi geolocation map database. Many have greeted this as good news and responsible behavior on Google’s behalf. Others, myself included, view this as a classic case of a business doing essentially nothing to change it’s behavior, and then promoting the non-effort as a valuable security benefit to their customers and the world at large. Google believes that once you’re using any of their services, you’ve essentially opted in to anything they want to do. More on that in a minute.

Another consumer favorite, Facebook appears to be tracking 90 days of everything it’s users (and some suggest even former users) browse on the web. This is beyond just tracking what you’re doing inside Facebook itself. And there are also allegations over whether or not they actually are storing profile information about people who have not even joined Facebook. This is another company that believes in a policy of opting you in to anything they want and then letting you opt back out. They know that a lot of people aren’t savvy enough to understand, others too lazy, and others will never even be aware of the issues.

Verizon (VZ) tracks everything you do with your phone, so do pretty much all the cell phone companies. Recently Verizon started allowing people to opt out. Josh Constine at TechCrunch mentions that at least they don’t call it “Greater Choice” like Google does. But his take is everyone is saying “Why can’t we be evil too?”

Strangely enough, AT&T (ATT) takes the opposite move of letting people opt in. Pretty ironic for a company who’s logo resemble the Death Star, but commendable.

The problem with “opt out” is that it works well outside of privacy areas. It also works in areas where you have an explicit relationship. For example, if I create a Google account it will keep track of what I search, unless I opt out. Most companies that have web accounts work in this way, for example with their email lists. This is a very reasonable method – you contacted me, so you don’t mind if I contact you. You see this normally as little “send me your junk email” boxes. You can judge the company based on whether the boxes are clicked or empty by default on their sign-up forms.

The stakes for things like this are low – the worst case is that some web site sends me a bunch of junk email, and if they’re a responsible company, they’ll respond to my “stop that” request.

The difference with privacy issues is that the stakes are much higher, and the awareness is much lower. If someone decides that by using their website I agree to let them track my every move on the web, it’s unlikely that I’ll ever figure it out. And they may end up being privy to something I didn’t want to share with them. Opting people in by default to such things is unethical behavior at best. What’s the rational connection between me using your website and me giving you permission to spy on all my web activities? There is none of course.

In the case of the Google Wi-Fi mapping they’re collecting your data whether or not you have a relationship with them. This is one step worse than the Facebook issue. In this case they’re literally driving the streets of the world looking for Wi-Fi (we used to call this warchalking) and then adding you to a database. You may not even be aware they’re collecting your data. In fact, the odds that homeowners ARE aware are extremely small. And yet they’re using on opt out methodology, just to cover their butts. Which essentially means that they’re opting you in to something, without your permission, without your awareness. And they justify that because their company motto is “Do No Evil”.

The truth is that it’s a very questionable practice to collect someone’s information without their knowledge. If they want to build a database, then can simply switch to an opt in method. Instead of my changing my SSID if I happen to know that they might drive by someday, (which is inconvenient because I have to reset all the devices using my network, including frequent guests devices) they can go to a method where they only collect data from those who indicate willingness by changing the name. Instead of changing my SSID from “mynetwork” to “mynetwork_nomap” to opt out, I should be able to change to “mynetwork_map” to opt in. Anyone who doesn’t want it doesn’t have to do anything. Anyone who is unaware will not be unintentionally opted in. Anything less is not only unfriendly to consumers, it’s just plain evil.

Developing Clouds in the Forecast

These days everyone it seems like everyone has their head in the cloud. At least from an interest level that is. When it comes to actually using the cloud, they’re not necessarily ready for a real cloud deployment. The conversation usually goes something like this:

Clouds © by karindalziel
“Do you support cloud?”

“Sure, what did you have in mind?”

“We don’t know, but we know we want to do cloud at some point. Can you make your tools available to us in the cloud?”

“Yes, I can, what model do you want to use and will fit your security needs?”

“We can’t actually open our firewall, and we can’t share our source code outside the network. Maybe a private cloud…”

And it goes on from there. I’ve played this script over and over again. Lots of intellectual interest in cloud, but without any real understanding of both the issues involved as well as the benefits. Why on earth would you be switching to the cloud if you didn’t have some idea of what it was going to do for you? And yet people do it all the time.

Perhaps they are simply falling for the hype – cloud providers are claiming lower start-up costs, less overhead, better scalability and reliability, streamlined process, and cures for cancer. OK, I made that last one up, but it’s close. Seriously, a commenter to my piece on What Went Wrong with Static Analysis? said that all the potential pitfalls of static analysis are avoided if you simply use the cloud. As you’ve probably guessed, he worked at a company providing cloud services.

I don’t want to dive into a detailed list of what cloud can and cannot do at this point, although I may at a later date. But I do want to caution people to at least think about it. If someone says that the cloud will make your life better, ask them to explain how. If it makes sense, great. If not, beware of snake oil.

With that in mind, I want to talk about something that actually will make your life easier, namely a special kind of private cloud called micro cloud. This is an especially useful tool for software development that can make your life easier.

It’s not secret that I’m a VMware (VMW) fan. One of the aspects I like best is that it’s well suited for extreme scalability. You can start with desktop use, like running an alternate OS on your machine without having to reboot. Then you can push that onto an ESXi box in your server room when the virtual machine you were using unexpectedly becomes something useful you actually depend on. And ultimately you can push it off into the cloud as needed and scale it up as needed.

This is where the connection to software development comes in. One of the tedious pieces of getting a software project up and running is setting up the infrastructure. This is known as Application Lifecycle Management, or ALM. You need to have quite a few different goodies available, and while none of them are super complicated, it takes time to put the whole thing together. And then at some point you realize you either need another one, and have to do it again, or the one you have is tool small/slow for the team as the project has grown.

The list of necessary tools includes things like requirements management, project management, source control, compilers, development IDE, build management, continuous integration, testing, reporting, static analysis, code coverage, etc. Each of the items isn’t the complicated by itself. Putting them all together just takes more time than it should. In addition, it turns out the software developers really aren’t the best choice for system administrators, and don’t always deploy infrastructure in the way that you want. This is an excellent fit for virtualization.

Instead of putting together your software in an ad hoc way that has a tendency to grow like Frankenstein’s monster (come on, we know it happens to all of us) you can plan and coordinate between developers, architects, managers, and sysadmins. Figure out what kind of tools you’re going to need all the time, layout the requirements for them, and get the admin guys to build you up a virtual machine that has everything you want. Then test it, fix it, and from then on you can use use it over and over again.

Do it on a virtual machine rather than a physical one, that way when you need a new one for a new project, you can just stand up a new instance of the virtual machine. When you outgrow your hardware, scale it up on the back-end in the hypervisor. If you need to share geographically push it out to a cloud provider or data center.

Or…

You can use one that someone else has already built. If you have a small project and you don’t have security issues that preclude you putting your code outside your own firewall, there are a couple of pure cloud plays that have pretty much what you need. For example you could go to GitHub and use their tools. Or you can check out Cloud Foundry, which also uses Git as a source control system.

If you can’t put your source in the cloud for whatever reason, or if Git isn’t your cup of tea, then you should look for a micro cloud instead. This is a virtual machine pre-built that you can use on a desktop, or in your own server room or even scale it up to your datacenter. Again, you could do all this yourself, but if you can find one that has what you need, you can save a lot of time.

[Disclaimer]
As a reminder, I work for Parasoft, a company that make a variety of tools for software development, including an ALM virtual machine suitable for micro cloud. This is however my personal blog, and everything said here is my personal opinion and in no way the view or opinion of Parasoft or possibly anyone else at all.
[/Disclaimer]

With that behind me, let me relate a personal story. I was working on a personal project at home and wanted to setup a source control system. I happen to be an SVN guy, so I normally setup a subversion server and then use Apache to access it. The SVN install is quick and easy. Apache isn’t too difficult, but by the time you get HTTPS up and running with certificates and the WebDAV SVN connector going it can be difficult. Add to that the normal scenario that you don’t do it very often and it’s easy to forget the little things that will trip you up during setup. Need to say, I wasn’t looking forward to setting the darn thing up.

I started with using a VM like I always do, and as I was adding Apache and SVN to it, I got a feeling of deja vu. I knew of course that I had done it before, many times. Then I figured out why the deja vu. I helped create the VM for Parasoft that just happened to have everything I needed in it. So I download that VM, started it up on my desktop, and set the configuration for what I needed. Other than download time, total setup and configuration was about 20 minutes. Total time and frustration saved: a lot.

Micro cloud is a great way to not only handle your development infrastructure, you can also do tech support on specific environments, setup complicated QA, provide quick POC projects etc. This is one of the cases where it’s easy to see how cloud helps – it not only drastically reduces start-up time and costs, but leaves you in good shape to scale quickly and efficiently.

If there are clouds in your forecast, micro cloud might be the place to start.

An Apple a Day

© Copyright Hugh Chevallier and licensed for reuse under the Creative Commons Licence
I was sad to hear yesterday about the passing of Steve Jobs. He was a man with a vision and a dream and he certainly changed the way regular people interact with their computers. I’m sure Apple (AAPL) will survive, but he will be missed.

Thinking back about my own experience with Apple, I recall the initially painful move from the Microsoft (MSFT) Windows world. It can be a bit shocking at first if you;’re not prepared.

As people start to buy iPhones and iPads there is a migration occurring, not just in phones but it leads to buying a Mac for your next computer. A diaspora if you will from the Microsoft hegemony. Since I’ve been using Macs for about 10 years, people frequently ask me about making the move. I thought it might be helpful to encapsulate some of the questions and answers here.

SoftwarePurposeCostSource
Already on your machine (see list of all osx apps and utils)
Mailemailbuilt-inhttp://www.apple.com/support/mail/
Safaribrowserbuilt-inhttp://www.apple.com/support/safari/
iTunesmusicbuilt-inhttp://www.apple.com/support/itunes/
iPhotophotosbuilt-inhttp://www.apple.com/support/iphoto/
iChattext/video chatbuilt-inhttp://www.apple.com/support/ichat/
iCalcalendarbuilt-inhttp://www.apple.com/support/ical/
AddressBookaddressesbuilt-inhttp://www.apple.com/macosx/what-is-macosx/mail-ical-address-book.html
grabscreen capturebuilt-inhttp://www.apple.com/findouthow/mac/#capturescreen
terminalshellbuilt-inhttp://www.apple.com/macosx/what-is-macosx/apps-and-utilities.html#terminal
DVDPlayerdvd playerbuilt-inhttp://www.apple.com/macosx/what-is-macosx/apps-and-utilities.html#dvd
TimeMachinebackup/restorebuilt-inhttp://www.apple.com/support/leopard/timemachine/
DiskUtilitydisk format/partition/repair, make ISO imagesbuilt-inhttp://support.apple.com/kb/HT1782
Automatorscripting and automation, including GUI elementsbuilt-inhttp://www.macosxautomation.com/automator/
X11running X11 apps local and remotebuilt-inhttp://www.apple.com/macosx/what-is-macosx/apps-and-utilities.html#x11
FacetimeVideo chatbuilt-inhttp://www.apple.com/mac/facetime/
General Purpose Software
VMware Fusionvirtual machines $80http://www.vmware.com/products/fusion/
Yahoo messengerchat freehttp://messenger.yahoo.com/download/mac/
adiumMulti-chat (yahoo, msn, aol, irc, ...)freehttp://adium.im/
FirefoxWeb browserfreehttp://www.mozilla.com/en-US/products/download.html
ToastBurning disks$99http://www.roxio.com/enu/products/toast/titanium/overview.html
ishowufor recording demo videos$20 ($30 HD)http://www.shinywhitebox.com/home/home.html
Remote Desktopwindows terminal clientfreehttp://www.microsoft.com/mac/remote-desktop-client
SilverlightMicrosoft web graphics (like flash)freehttp://www.silverlight.net/getstarted/silverlight3/
Adobe Flashweb graphicsfreehttp://www.adobe.com/support/flashplayer/downloads.html
desktop curtainfor blanking your desktop for streamingfree http://manytricks.com/desktopcurtain/
iStumblerinformation on local wireless networks freehttp://www.istumbler.net/
Flip4Macwmv support esp. Quicktime player is freeハhttp://www.telestream.net/flip4mac-wmv/overview.htm/
System Administration
DiskWarriorhard drive repair $99http://www.alsoft.com/diskwarrior/
MacFuseextended filesystem support (ntfs, etc)freehttp://code.google.com/p/macfuse/
NTFS-3GNTFS write support (on top of mac fuse)free/paidhttp://www.tuxera.com/community/ntfs-3g-download/
NameManglerbulk file renamingtrial/$10http://manytricks.com/namemangler/
OmniDiskSweeperGraphical filesystem viewer - see where your disk is fulltrialhttp://omnidisksweeper.en.softonic.com/mac
fuguSFTP GUI freehttp://fugu.en.softonic.com/mac
CuteFTPFTP GUI$40http://www.cuteftp.com/cuteftpmacpro/
appcleanersoftware uninstall freehttp://www.freemacsoft.net/AppCleaner/
appzappersoftware uninstall free/$13http://www.appzapper.com/
carboncopyclonerfor duping disks, etc. make emergency backup diskfreehttp://www.bombich.com/
growlsystem notification freehttp://growl.info/
quicksilverapplication starterfreehttp://quicksilver.en.softonic.com/mac
betterzipFile compression free limited or $20http://macitbetter.com/
ez7z7z File compressionfreehttp://ez7z.leifertin.info/
letter openeropen winmail.dat files trial - $30http://download.cnet.com/Letter-Opener/3000-2367_4-99635.html
TimeTrackerTime Machine session backup informationfreeハhttp://www.charlessoft.com/
VisualRouteLiteNetworkハspeed and quality informationfree for non-business use http://www.visualroute.com/lite.html
Business Connections
shimoVPN client (Cisco + others) 1.x or 2.x (free vs E-15) http://www.chungwasoft.com/shimo/
MissingSyncBlackberry, Android, and other phone syncca $40http://www.markspace.com/
OpenOfficeOffice Suite (word, excel, ...)freehttp://porting.openoffice.org/mac/download/aqua-Intel.html
Microsoft OfficeOffice Suite (word, excel, ...)$149http://www.microsoft.com/mac/
iWorkOffice Suite (word, excel, ...)$79http://www.apple.com/iwork/
Developer Software
EclipseDevelopment environmentfreehttp://www.eclipse.org/downloads/
MyEclipseDev Env (fancy eclipse with db, ui dev, web, etc) $30-$160 http://www.myeclipseide.com/
vimgraphical vim - vi editorfree http://macvim.org/OSX/index.php
XMindMind mapping, flowcharting, org charts, proj mgmtfreehttp://www.xmind.net/
Video
PlexHome theaterfreehttp://plexapp.com/about.php
HandBrakeVideo transcoderfreehttp://handbrake.fr/
vlcPlays every video formatfree http://www.videolan.org/vlc/download-macosx.html
Graphics / Photos
gimpimage editing (requires X11)free http://gimp.lisanet.de/Website/Download.html
Music / Audio
Doug's AppleScripts for iTunesiTunes enhancementsfreehttp://dougscripts.com/itunes/
AudacityMusic / audio editorfreehttp://audicity.sourceforget.net

Hopefully the list will help you out. If you have other things you think should be there let me know. In the near future I’ll be covering apps for iPad/iPhone.