Monday, October 12, 2009

it's the law (2 of 2)

ritter's second law of network administration: if you give a user something to click, they'll click it.

for all the complaints we make about them, users can be a resourceful lot. they seem to find all kinds of ways to get themselves into trouble, from making their desktop fonts so large that windows no longer fit on the screen to sticking a usb drive into the ethernet port on the side of a laptop and griping that the computer doesn't "see" the thumb drive anymore. it's this cleverness for getting themselves into a situation and their unwillingness to extricate themselves from it that leads me to my second law.

the problem is endemic: humans are attracted to something new and different. i have a ball-point pen that has a little blinking blue light on one end. i have no idea what purpose the cool blinking light serves, except that it made me buy the thing. users, too, will succumb to new icons, buttons, or anything that looks extraordinary, and they often end up sticking their mouse pointer where it doesn't belong.

the simple administrative solution is to hide things you don't want users to see. both windows and linux have policy tools that allow an administrator to remove features from the user's desktop, reducing the probability that they'll click the wrong thing. this is not a substitute for security: permissions and rights should still be configured to prevent a user from doing anything to the computer that's not in their job description. but if we can save just one harried help-desk employee the horror of a single clueless call, our work will have been worth the effort.

corollary to ritter's second law: all users lie.

as admins, we have all heard, "i didn't do anything. it just started acting like this." this is the silliest game we are forced to play. they know they're lying, and they know that you know they're lying. even though you're there to help them solve a problem they won't come clean and give you the information you need to fix it. while they wanly try to save face, you have to dig for the data that leads to a solution. the more they try to stroke their self-esteem to come across as "not dumb," the dumber they look. and the higher the position they hold in the company, the more indignant they become with you for giving them a "broken" system and not fixing it faster.

unfortunately, there is little we can do about this one. you can try the honest approach: let them know that you're there to help, that you know they're not stupid, that you just need to know what they've been doing on the computer to get it into its current state. you can even tell them that you'll find out eventually, so it would be better to just let it come out now. you may even add threats, like "if you can't tell me what you did to the computer, once i find out i'll have to discuss this with your superior to make sure it doesn't happen again." that might scare the pr0n right off of their hard drive.

or, just do your job, then go to the server room, lock the door and content yourself with fantasizing about doing unkind things to your users.

Wednesday, October 7, 2009

it's the law (1 of 2)

ritter's first law of network administration: an administrator at rest tends to stay at rest.

an administrator's day could easily be consumed with all the little, mundane tasks that are necessary to keep things running smoothly. backing up servers, reading log files, preparing reports on resource utilization, playing world of warcraft—it all really eats into one's time. that's why i formulated my first law of network administration. i noted that, as a network admin, when things could pretty much take care of themselves, i could relax and better savor the more fulfilling moments of my job, like reducing a user's disk quota or reading a user's more provocative email messages. here is a short alliterative list of tips to help you achieve network nirvana:
  • aggregate: duplicating work increases the likelihood that you'll introduce errors and inconsistencies into your network's security, which is a bad idea no matter how you slice it. instead...

    1. locate shared resources that have common security requirements in the same directory structure on your file server. set access permissions only once on the highest-level directory that these files have in common. use permission inheritance to ensure consistent security on all the files in the hierarchy.

    2. don't assign permissions directly to users. add users to appropriate groups and assign permissions to the groups. that way you need only add a user to a group to ensure that all the access they require is properly configured.

  • automate: do nothing by hand if possible, because hands can be so mistake-prone sometimes. learn a scripting language and write (or download and customize) scripts to perform common, repetitive tasks like reading log files and collecting report data. if you administer a windows network, you must learn powershell. it's available for windows versions from xp onward, and is the "wave of the future." if you administer a linux network, you must learn bash. if you manage a mixed environment, i strongly recommend that you learn python—it's sufficiently platform-independent and very mature, with a smörgåsbord of cool features built in.

  • alert: let your network tell you when there are problems. install a network monitor system that's capable of notifying you when your file and email servers run low on disk space, or when your web server stops responding. when you can address a problem before your users even know it's there, they'll come to respect your precognitive powers and revere you for the system superhero you really are.

well, that last one, not really, because they won't know there was a problem in the first place, right? but hey, we're geeks: we're good at fantasy. now roll a d20 to see whether your invisibility-from-lumbergh spell worked before he asks for those tps reports. again.

Thursday, September 24, 2009

um, you rub it and make a wish...

today i needed a lamp. that's an acronym that refers to a special kind of server, one that contains a server operating system, a database server, a web server, and a web development framework. most of the web servers you interact with on the internet today use a suite, or "stack" of tools like this. and i needed one.

now, i can build a lamp server from scratch: configure a base os; install a web service and database; install the web modules to access the database; install the web application framework; install the web modules to interface with the framework; and configure all the pieces to play well together. frankly, i can think of better things to do with my time, so i headed over to and downloaded their prebuilt lamp installer. boy, was i impressed! the installation was fast, painless, and almost hands-free. in less than twenty minutes i had a working server, ready to hand out interactive web pages.

the webmin administrative interface is really slick: a far cry from where it was when i last used it at the turn of the century (i like saying that.) it took me a couple of minutes of poking around to figure out how to add packages through webmin, which appears to be a necessity since the system didn't seem to recognize the things i installed "manually" using apt-get.

this product really exceeded my expectations. i could install and configure lamp servers all day like this. and considering that this is open source software that's easy on hardware resources, it would be a great virtual server solution and provide an impressive roi. maybe not as cool as rubbing it and having a genie pop out, but almost.

Thursday, September 3, 2009

i've looked at clouds from both sides now

i like saying buzzwords. not because i have any practical use for them, just because it's fun. it's entertaining when standing around at some quasi-professional gathering to work a phrase like "cloud computing" into the conversation. the other person's eyes glaze over, a little dollop of spittle forms at the corner of their mouth, and they become totally engrossed in whatever i have to say. i have become the subject matter expert, and they are now completely in my power. well, we all have our hobbies.

really, one of mine is finding new and innovative ways to do things. i ran across eyeos rather by accident, but was intrigued by the possibility of putting the whole os "in the cloud" on a local network. yes, it is reminiscent of the dumb term
inals and time-sharing systems of yore, but still, an operating system that runs in a web browser has some appeal.

now, i know that it's not the right call for everyone. i certainly don't have any practical use for this right now, myself. but it has got me thinking, and i l
ike that. it's also caused me to take an interest in php scripting, the heart of eyeos applications—and being motivated to learn something new is always cool.

'cause when we stop learning, we start dying.

Monday, August 31, 2009

small packges

i never was a fan of code bloat. i've written programs for dos in x86 assembler and for the palm os in c. i've had to deal with some pretty tight constraints, but i don't take space, memory or cpu cycles for granted. and i guess that's what bothers me about the current conventional coding wisdom that seems to be, "if you've got the space, use it." i think it unfortunate that what passes for acceptable code these days is poor planning and laziness on the part of some visual studio jockey who has no clue how a compiler even works—heaven forbid they ever have to compile and link by hand. i guess this is where i talk about having to write code in hex using only the dos debugger uphill both ways in the snow.

glad i'm not the only one that appreciates a dainty code footprint. analogx is the creator of some great and useful (and free) programs that pack heavyweight features into featherweight packages. in my classrooms, for instance, i don't waste time with microsoft's iis: the anaolgx simpleserver:www web server supports mime, logging, server-side scripting and multi-hosting, and it runs on any version of windows from win95 up. did i mention that the whole program is 630k? that's kilobytes, my friend. i've long believed that a web site should be capable of fitting on a 1.44mb floppy disk. how 'bout the server, as well?

the point is, there is no need for all this bloat. there is no reason an os should require a gigabyte of ram and 15 gigs of hard drive space. today's programmers are a lazy lot, it seems, but there are a few artisans out there who still know how to make good things come in small packages.

Friday, August 28, 2009

take your pc everywhere

we use firefox. it has great add-ons like zotero, a tool for organizing your online research, or full screen homestar runner so you can watch strong bad emails in all their glory. we use openoffice. it supports the open document format, it allows you to publish your documents as pdfs, and it's totally free—not to mention that it's the office suite that's used in the public libraries of our own and neighboring burgs. we also like vlc, which plays about every media format under the sun; audacity, a great audio editor; the gimp, every bit as good as photoshop but for one infinite-th the price (i.e. free); and we like to burn optical discs, check email, and so on.

the problem is, not everyone agrees with our selection of software tools. some draconian schools and offices deploy only one option for a web browser or an office suite, and don't give you any choices. many of these pcs offer no photo or sound editing software at all, and certainly don't allow you to burn a cd. and what about all those customizations you spent hours making so that your software will work for you rather than against you? they don't just magically follow you to work or school.

but they could.

enter portableapps, the project that takes great open source software and makes it portable: that is, it runs directly off a usb flash drive with no installation required. carry your favorite customized programs and all your data with you everywhere you go. plug your drive into a windows pc and, voila! there are all your apps. the portableapps suite includes a menu that runs in your system tray, so your applications are always at your fingertips. and portableapps also runs on wine, so you can run your apps on a linux or mac computer where wine is installed.

oh, and when you choose which programs to include in your portableapps system, make sure you grab the clamwin virus scanner—you should always check your thumb drive for nastiness after you've plugged it into a strange computer. you never know where that thing's been.

Monday, August 24, 2009

the tablet pc holy grail

for years i've wanted what i thought was a simple thing: a tablet pc running a unix system. unfortunately, the industry has failed to take notice of those of us who refuse to run the train-wreck-that-is-windows and provide us with a useful alternative. many linux aficionados have tried to take one of the readily-available systems and get this or that distribution to run nicely on it, but with proprietary drivers and a lack of manufacturer support, their efforts have met with varying degrees of (non)success. it seems that the tablet unix pc has become as unattainable as the holy grail, filthy english kiniggits and all.

then, i hear the rumor: apple is planning a tablet pc, possibly one that runs the freebsd-based os x ( let the drooling begin. now my dilemma is that i don't know if i can wait; the old macbook pro really needs to be upgraded, and i considered buying a new one last week, which would have guaranteed me a permanent place in the doghouse. but, maybe if i hold out just a few more months, i can tell that silly arthur king when he comes around looking for the grail that i've "already got one."