Diary of a Network Geek

Oy, where to begin…

First of all, you may have noticed that the blog has been a little quiet this week. In fact, it’s been several days since there’s been a real post. Okay, there are several reasons for that.
Chief among those reasons is some personal family stuff that caused a bit of chaos around the house. It’s rather delicate, so I won’t get into it, other than to say, it’s a reminder that kids are like the ocean. You’re never sure what’s coming on the next wave and don’t turn your back on it, because the riptide can suck you under. But, that being said, the problem is being resolved, so, no worries.
The next thing is all the outsourcing rumours at work. I know, I know, I haven’t mentioned this before, but only because it hasn’t been out in the open. Now that it is, I feel okay with talking about it. There’s nothing solid yet, but today, HP is in talking to people about their job and how they do it. Sounds to me like they’re getting ready to make it happen, though the official word is that nothing is set in stone. Yet. Anyway, folks were talking about their “meeting with the Bobs” all day yesterday. Me, I’m just looking for the guy with the red Swingline. (Oh, wait, that’s me!)
So, the last thing is that I’m not going to be the last rat on the ship, for a change, and I’m out there looking. And, in fact, I have an interview with a “placement agency” today and, most likely, a job interview through them tomorrow. A Novell position with Linux. Less than 5 minutes from the house. That could be cool.

Well, I’ll keep y’all posted.

But, is that news?

Well, it was newsworthy enough for Australian IT to do this article on it. It seems there was a survey done and, in general, CIOs aren’t paying much heed to SCO’s claims. In fact, according to the study, which was done in Australia, SCO has generated quite a bit of enmity with their antics. Gee, what a surprise, eh? Anyway, although it doesn’t seem to be all that big a deal anymore, the folks “down under” are going ahead with their plans for Linux roll-outs. And, I have to admit, I don’t hear too many people quaking in their boots here in the States, either. Somehow, I just don’t see any of this saving SCO. I really think their case is going to backfire on them totally.
Well, only time will tell, I guess.

Yeah, I know Win2k.

And, today, I know it better than I’d like. This weekend I spent 21 hours moving a Windows 2000 file server/domain controller/IIS server/proxy to a new hard drive. At least I’ll get paid by the hour.
Okay, so you regular readers (you know who you are) know that I’m mainly a Netware/Linux guy. So, what am I doing working on Win2K? Well, times are tough, so Uncle Jim has to work at two jobs. The second job is a realtively small company that I consult for on a strictly after-hours, part-time basis. Most of the time, I don’t put in more than five or six hours a month, which makes it a nice supplement to my primary income. And, frankly, I took the job because I needed the extra experience on Windows 2000 Server and consulting. So, for months they’ve had a 16 Gig drive that has been on the edge of full and last month they finally got a new 70+ Gig drive in. Great, right? Not so much. See, I tried to use Ghost to get it moved over, but Ghost kept failing. It took me a month and about 20 hours to finally figure out that the drive was just way, way, way too fragmented for Ghost to deal with. That meant one thing: the old backup-and-restore method. Ugh.
Okay, so I’m figuring it’s going to be a four or five hour thing, right? Nope. The tape drive isn’t working for some reason and it takes me at least four hours to get that worked out. Then another hour or two for a full backup. Then, an hour or more to get Windows 2000 installed on the new drive and the backup software installed. Another hour to get the tape merged and a restore launched. So, then I reboot and ….. Blam! Error!!
Can you say “Security Account Manager initialization failed”? Does that seem like a problem? You bet it is! The error told me to restart in “Directory Services Restore Mode” to try and fix the problem. Sounds good. But, when I restart, it asks me for the Admin password before repairing and proceeds to tell me that I’m putting in the wrong password. Okay, so I start all over again. Guess what? Same problem.
So, since I still have the old hard drive in original condition, I hook it back up and go searching for an answer. I finally find that I have to do a special backup of the System State with a Microsoft tool, not my backup software (which claimed it was doing a System State backup), boot the new drive into “Directory Services Restore Mode” and do an Authoritative Restore to get the old Active Directory information onto the new Domain Controller. About this time it’s 10:00pm or so and I have hours of work to do. But, since I am, of course, Mr. Indestructable, who’s motto is “I only have so many hours on this planet and a lot to do. I’ll have plenty of time to sleep when I’m dead”, I push on. Better, I figure, to push and get it done than have to come back and waste a second day in this office.
Hours, and several redundant restore jobs, later, I get almost everything back up and running. At this point it’s around 3:00AM and I’ve already changed my watch. What else did I have to do while I was waiting for the restore jobs to finish? Now, as you might imagine, I’m a little fuzzy, so it takes me about another two hours to get all the Internet settings right again and confirm that all the required services are started and will restart at reboot. Finally, I decide I can head for home.
The ride home was, er, interesting. I don’t remember large sections of it and it’s about a 30-40 mintue ride with no traffic. There was only one drunk on the road at 6:00AM, but there was fog and mysterious “things” in the corner of my vision. In other words, I’m too old for this stuff. I was freaking seeing things from the fatigue!
Still, when I got home, I tested the remote connectivity and sent an e-mail off to the developer or their custom database application so that he can verify that everything is running okay. Then, it was off to bed for a couple of hours until the Sun just wouldn’t let me sleep anymore. And, I’ll be back to bed soon.

So, what did I learn from all this? First, always backup your Active Directory with the stupid Windows 2000, built-in backup tool and keep a copy around. Shoot, throw it on tape, too, while you’re at it! Second, if you must have a Domain Controller, have two. They like company. Third, do NOT believe the backup software vendors when they tell you that their product will backup the System State or Active Directory! They’re LYING to you!!
Fourth, I am way too old to play Mr. Indestructable anymore. If these people weren’t so dependant on me to keep them going, I never would have done a 21 hour stint at an office. The kicker is, now, I’m getting resistance to my charges! Yeah, isn’t that something? I bust my ass to save their’s and now they’re not real excited about paying me. Damn this is a thankless business. Of course, I have, as they say in the “family”, made my bones on Windows 2000 and Active Directory. Hell, I have a friend who used to be on the a Lead on the Microsoft Corporate Support team that didn’t think I could pull it off! He was shocked that I managed it at all, much less in 21 hours.

So, once again, we the unwilling, lead by the unknowing, have done the impossible, for the ungrateful.
Crap. I’m going to bed.

Novell is getting right on it!

Just a few months ago, Novell bought SuSE, the leading LINUX company in Europe. Well, now they’ve announced that they’re going to be letting loose some new versions of their distro. At least, according to this article on Wired News, they are. Frankly, all I can say is “Horay!!” I really hope Novell follows through on what they’ve started here. I know they have a whole section of their website dedicated to the Novell\Linux intersection.
I really, really like the idea of running Novell products on a Linux kernel. For instance, I can’t think of a better sounding e-mail solution for corporate envrionments than GroupWise on Linux. (Okay, I’m a little biased, but still….) I mean, this just sounds like a bulletproof setup to me. None of the hassles of Exchange/Outlook bugs, exploits, viruses or worms and the reliability of Linux. C’mon, let’s face it, Unix-based servers so very rarely crash that it’s almost a non-issue.
Now, if someone would just offer me a Novell job where they’re starting to use Linux…. Ah, well, a guy can dream, right?

I knew SCO and Micro$oft were in it together!

First, this article on AustalianIT added to the suspicions of the Open Source community regarding MicroSoft’s involvement in the campaign against Linux. I’d, personally, had always wondered if Chairman Gates hadn’t been encouraging SCO to pursue this very unwise course of legal action against Linux users. Well, guess what? Just yesterday, AustralianIT confirmed that there is, in fact, a link between SCO and Micro$oft!
Is it really paranoia when they are all out to get you? Micro$oft has been trying to kill Linux since it became a “blip” on the media radar, so it stands to reason that they’d help SCO down the path they took. Free enterprise, indeed. But, you know, I didn’t see any of this in the American press. Hmm, I wonder why that is?

Some tools for thought for security auditors…

Some time ago, I speculated on what a network “rescue” kit should contain. Well, the other day, I was cleaning up around the house and found an old copy of Information Security that had an article about security audits. They included a sidebar of suggested tools for performing an audit.
Some of them were fairly obvious: ping, traceroute(tracert), nslookup, and grep. Then they listed several free tools that were, well, a little bit more “robust”:
First, there was Nmap, which is an OS fingerprinting tool that is well-known to the Linux community.
Next, there was Crack, which is a well-known password cracker, as well as John the Ripper. There were two that I was not familiar with, namely which is apparently a BIND version checker. (That can be good to know, considering how many pesky security problems have been found with old versions of BIND/) And, finaly, ghba.c, which is a tool for extracting machine names and IP addresses for a class B or C subnet. (Those last two are actually links to source code that has to be compiled before it can be run.)

The article went on to talk about several commercial and Open Source scanners that check for security vulnerabilities. I won’t bother to mention the commercial ones, since they have big advertising budgets. But, I will list off the high-powered open source tools. I’m familiar with the first one, Nessus which has gotten very good reviews in several Linux magazines. The second one is a relative of SATAN, which got press right about the same time Linux really started to get going, Security Auditor’s Research Assistant (aka SARA). I’ve just started hearing about the next one, Whisker, which scans for CGI script vulnerabilities. That’s a nice one to know if you do as much CGI stuff as I have lately! And, finally, Hping2, which I’ve never heard of but seems to be a generic port scanner.

In any case, my point is that there are lots of tools out there that don’t cost a thing, but time, to use in your pursuit of a more secure environment. And, if you’re just reading this wonderint what a security audit is, or why it should be done, it looks like it’s time to get out there and start reading! (I’d start with a free subscription to Information Security magazine.) Happy hunting!

Yet another “legal action” from SCO.

Man, when the decision finally comes down from judge that these guys were wrong, and I firmly believe that it will, they’re going to be hip-deep in lawsuits from people trying to recoup their “licensing fees”. Yet, according to this article on Australian IT, they’re still at it! Now, it seems, they’re bringing suit against not only Autozone, but Daimler-Chrysler “to enforce the contract points agreed to by our end users,” according to Darl McBride, SCO’s chief executive. I just can’t believe that they don’t see how stupid this is. I guess because some folks actually paid their questionably legal licensing fees, they figure they can just keep rolling over everyone else. Frankly, I can’t imagine who’s doing business with them anymore. Oh, wait, maybe that’s the problem! No one was doing business with them, so they had to raise revenue, and…. Duh! I guess I get confused when people do things that seem willfully wrong, for lack of a better word. I guess it’s the Polly Anna in me. Oh, well, at least it generates some press for Linux. There’s no such thing as bad publicity, right?

No, not Linux bashing, actual penguins.

Okay, so here’s a mindless, little bit of fun that my wife found. It’s a penguin bashing game. The object is simple: as the penguins come down the tree, make the “yeti” bash them for distance. Left clicking both releases the penguin and makes the yeti swing its club. Distance is displayed when your penguin smashes to Earth in the snow. If you’re good, you can get distance and a “face-plant”. In any case, it’s mindless fun. (You do need the Flash plugin installed to run the game and there’s obnoxious sounds, so, if you’re at work, turn down the volume.)

Happy Friday!

This book ROCKS!

Ahem. I know this is only the “pocket” version of this book, but Essential System Administration Pocket Reference is the best system admin book I’ve seen in a long time. Now, I’m relatively new to Unix system admin, but I’ve knocked around the industry for over ten years now, so I know a thing or two about sysadmin work. Usually, what I look for in a reference guide is either something quick and simple or with miles and miles of depth. If I’m new to a system, or I only administer it as a backup or “once in a blue moon”, the quick guides suit me well. In this case, that was precisely what I was looking for in a Unix system administration guide. Essential System Administration Pocket Reference provides this to a “T”.
Without getting bogged down in lengthy descriptions or philosphical discussions of which tool to use when, this pocket reference lists the basic administration commands, beyond GREP (though it lists that, too!), with a short description of what it does. It’s easier to read than the MAN file, usually gives me few examples, and I don’t have to open a second terminal window to use it! Seriously, I really reccomend this guide to anyone new to Unix, including Linux, system administration. Or, like me, is getting back into it for the first time since, well, since the Dark Ages. It’s a great guide or refresher and it literally does fit in your pocket!

Let’s talk “license”.

It looks like SCO’s attempt to extort money for alleged proprietary pieces of Linux code is slowly failing. At least, according to this article on AustralianIT, which says that the Australian government is basically just ignoring them. They apparently got their Linux solution via IBM, so they just refer any issues to IBM. Which, frankly, makes sense. Besides, IBM is already bringing suit against SCO for, well, basically for being stupid, I think.

The more I read about stuff like this the more I think the way to go is Novell and SUSE. An integrated solution, right down to the desktop, that has a better, less expensive licensing program than Micro$oft and has global support. Seems like a better option to me. But, what do I know? I’m just a Network Geek.