Diary of a Network Geek

Simpler is always better.

As far as I’m concerned, the simpler things are, the better. My life gets complicated enough all on its own without me getting in the way and making things worse. As an example, within the same five years, I was out of work for one year, got divorced and survived cancer. I’m almost afraid to find out what God might throw at me next.
In any case, one of the more complicated things I’ve done over the years is manage remote users. Under the best of circumstances, it can be a real challenge. When you consider all the ways to do it and all the tools that exist to serve these folks, well, things can get out of hand pretty quickly.

So, you can bet I perked up when I saw this article over at TechRepublic: 6 Technologies to Enhance Mobile Workers and Take the Pain Out of Managing Them. I’m not sure I agree with all their choices, or how much pain some of them take out of remote user management, but it’s an interesting place to start.

I got a kind of Christmas bonus Friday.

So, Friday, after long resisting it, I finally cleaned up my office.
I had all kinds of junk there, most of which I threw out. But, there was this older iMac. It was in decent shape, outside of a temperamental wireless card. So, rather than get rid of it, I asked the boss if I could have it. Mac lover that he is, he was thrilled to give it to someone who’d appreciate it. And, I think maybe he thought he’d converted me to the Apple camp. He hadn’t, but now I have two versions of desktop Windows, Linux and OS X in my house. Not to mention Novell and Linux server systems. So, now, when someone asks me to convert files for them, format shouldn’t be an issue.

Now, that is what I call a Christmas bonus!

Um, pretty self-explanatory, actually.

Yeah, so um, I think the post title says it all. I took some old documentation and removed the incriminating information (ie. the original company name) and saved it as a template, of sorts. Naturally, this is a starting point and will need to be customized for your company. In particular, look at the e-mail policy closely. This company specifically did not back up e-mail files so that later someone couldn’t subpoena those old files in a legal action. And, yes, that policy was made because it happened once, but, no, I don’t know if that stood up to any legal testing.

Anyway, here are the files, zipped for your convenience: IT Policy Templates

Enjoy!

My laptop saved me.

As most of my regular readers know, my laptop really saved me when I was in the hospital getting my chemotherapy treatment. If I hadn’t had that, I might have just about gone crazy. For one thing, it kept me in touch with many of my friends via e-mail and blogs. For another thing, I was able to get some things done at work via that laptop and a secure, remote connection to our server. That wasn’t my intention when I bought it, but, still, it’s been a very good investment and I’m very, very happy to have made it. I’d even say it was worth going into a bit of debt to get it when I did. It was something I’d put off doing for… Well, for a very long time.

Anyway, if you’re thinking about getting a laptop, the upcoming Christmas season is as good a time as any. These days laptops go on sale just like all electronics do, at Christmas, after Christmas and at the beginning of the school year. But, with deference to the TechRepublic article from which I drew the main points, here are ten things to keep in mind when buying a new laptop:

#1: Operating system

#2: CPU#3: RAM

#4: Video card

#5: Ports

#6: Screen size

#7: Integrated wireless

#8: Integrated Bluetooth

#9: Track pad

#10: Battery life

So, if you’re taking advantage of the great sales at the last minute, keep that in mind.  And, if you’re in the market for a laptop, Microcenter is going to have some pretty great sales just after Christmas this year, it looks like.  They’ve always done right by me.
That’s NOT a paid endorsement, by the way.  They’ve just always done right by me.

Or, fired even.

Okay, so no one wants to get fired. (Well, that’s not quite true. I actually had someone ask me to lay him off once, but that’s another story.) Still, sometimes, market forces back employers into a corner and they have no choice but to “help employees find other opportunities to excel”. So, what do you do when that happens? Well, an article over at TechRepublic has several suggestions:

#1: Get everything the company owes you

#2: Get your resume updated and out the door

#3: Search company Web sites

#4: List your sources of income

#5: Prioritize expenses

#6: Don’t forget insurance

#7: Don’t burn bridges

#8: Avoid raiding your investments

#9: Get out

#10: Keep up with your debt

#11: Pay attention to your feelings

Thankfully, it looks like not only am I not getting fired, but I’ll be getting a reasonable “cost-of-living” raise this year.  But, with some of the stuff going on at Motorola, I thought my brother might make use of the tips.  (Yes, he reads the blog, too.)

Advice from your Uncle Jim:
"Denial is a powerful tool. Never underestimate its ability to cloud your vision."
   --Melody Beattie

Oh, I’ll never learn.

So, I read a lot of blogs. Not a big surprise, really, all things considered. One of the blogs I track is the Houston Chronicle’s TechBlog. Recently, they ran a post titled “Spy on your spouse’s online habits, go to jail“. Now, as a currently unmarried person, you may think I don’t have a dog in that fight, but, well, I kind of do. Allow me to explain.

See, about three years ago, my now ex-wife was cheating on me with her latest husband. (in fact, tomorrow, it will be three years to the day that I told her I “knew” what was going on and she bolted rather than face up to any problems we were having.) I was tempted to install spyware, or do other kinds of traces, on her communications. And, I think I would have been within my legal rights, since the computer was in my house and, technically, shared property. Now, I’m not a lawyer, obviously, but as part of my job, I do have to be fairly up to date on legal issues regarding computer security.
It’s unclear from the article whether or not the man in Austin who got four years for installing spyware on his wife’s computer had physical possession of the PC in question, but I’d imagine not. Now, I got confirmation of my suspicions by reading a raw mail file on a server I rented space on. The account was one I paid for, but my ex-wife foolishly used to tell nasty lies about me. (And, yes, also some uncomfortable truths, but they were mostly obscured by the rather outrageous lies.) At the time, my lawyer’s office agreed with me that it seemed like I was legally in the clear when I read the e-mail file. Though we didn’t actually have to test the law, in general, I would have been considered the rightful owner of the file in question, ergo, I had the right to read it.  And, ownership, to me, is the issue.  If I own the computer in question, don’t I have the right to install software on it that captures information?  In that situation, in a private residence, who has the right to expect privacy when using that machine?
In any case, I made comment and then, later, read some other comments on the post.
One person made some rather sweeping generalizations with which, naturally, I disagreed. A small, tepid debate ensued. The other commenter made comments about legality in an absolute sense, as in “…it is illegal to crack a password of another adult, for any reason, no matter where the software comes from – the guy is going to do 4 years in jail?” And, therein lies the rub. It’s NOT illegal to crack a password of another adult “for any reason”. There are, in fact, many legal reasons I’ve cracked passwords at work. For one, someone illegally locked files with a password to hold a company hostage. The company in question clearly had ownership of the password-locked files, but there was no way to recover the file without cracking the password. There are other examples, but any time someone starts talking in absolutes about the law, I know they’ve had no real experience with actual legal matters. A good lawyer can argue for a lot of exceptions to any law and, if they’re good enough, win. The fact that this guy is going to jail means that his lawyer couldn’t do that, if he even had anything more than a public defender. That’s all.
And, to me, the real question here is one of ownership. If I own the computer, I can install software on it to make sure it is being used the way I see fit. On the other hand, there is the question of a user’s expectation to privacy. If the user on the computer I own expects a certain level of privacy, for whatever reason, and hasn’t been informed otherwise… Well, let’s just say the law gets a little hazy at this point. Really, in most things legal, there just aren’t any absolutes. Ask a lawyer, they’ll pretty well tell you the same thing.
The other points that the commenter made about raising children and marital affairs leads me to believe that he is simply inexperienced or naive. When he wrote, “I guess how you raise your kids is your choice, unfortunately. None of mine have ever been in any trouble whatsoever so I will keep my ways going…”, it never occurred to him that his kids might be in trouble, but he hasn’t found out yet. Same thing about the state of his marriage.
Again, I’m not saying I’ve got the only answer, just that there isn’t any absolute answer to this whole issue. What’s more, he falls into the fallacy of ascribing meaning and intent to my disagreement that was not there. When he said that the better way to check up on your possibly cheating spouse was to have them followed by an “ex-cop”, I disagreed. Strongly. Being an ex-cop does not guarantee any level of success in trailing and catching a cheating spouse. And, while “pictures speak louder than words”, often, words from incriminating e-mail speak loudly enough.

Naturally, I don’t advocate breaking the law, but there’s a lot of question about where that threshold is in the digital world. And, simply trusting everyone you have a relationship with is, well, naive at best.

But, all that aside, I wrote this here because I had something left to say, but didn’t see the point of continuing the “discussion” over there.

Advice from your Uncle Jim:
"Everyone wants to live at the expense of the state. They forget that the state wants to live at the expense of everyone."
   --Frederic Bastiat

Two great tastes that taste great together.

It’s that magic time of year again, when I think about career paths and long-term goals and what I need to do to meet them. For IT geeks like me, that often means training and certification. They’re not the same thing, incidentally. Sometimes, I think IT staff forget that. I’ve taken far more training courses than I’m certified in! But, since getting the right certifications can help get you past the gatekeepers in HR, they are important. And, even more important is getting the right one. So, here are the Top Ten Hottest Certifications for 2008, according to TechRepublic:

1. MCP (Microsoft Certified Professional)
2. CCNA (Cisco Certified Network Associate)
3. MCPD (Microsoft Certified Professional Developer)
4. SCJP (SUN Certified Java Programmer)
5. CISSP (Certified Information Systems Security Professional)
6. Comptia A+
7. Comptia Network +
8. MCTS SQL Server 2005 (The Microsoft Certified Technology Specialist)
9. RHCE (Red Hat Certified Engineer)
10. Comptia Security+

I have to admit, I was pleasantly surprised to see so many CompTIA certifications in that list. Why? Well, in part because I have one already, the CompTIA Linux+, but also because I’d been planning on doing another one which is on the list, CompTIA Security+. The other reason I really like the CompTIA certs is because once you certify, you never have to take the test again to maintain your cert. Trust me, that’s a big, big deal to someone with a bunch of certifications!

The other thing that I was looking at the other day was the Dice.com Third Quarter IT Local Market Reports. These look at the hiring and general employment trends that DICE has seen over the financial quarter. You can probably find your major metropolitan area in there, or one close. I’m not sure how the whole country is doing, but, I’m pretty pleased with how things look in Houston. Always nice to know that there are jobs out there, just in case.

Anyway, I hope this helps some of my fellow geeks plan out their personal and professional goals for the next year. And, folks, if you haven’t been planning, why not?

Wish I’d found this sooner.

No, really, I wish I’d found and read Time Management for System Administrators a long, long time ago. This book was great! Some of the techniques in the book I already do, but I had to learn them the hard way. But, there were many more things that I either had never thought of, or hadn’t thought of in the context of time management or improving my personal efficiency.

For instance, I’ve used ToDo lists in the past, in fact, I’d started using one again recently. But, I’ve never looked at using them the way the author, Thomas Limoncelli, suggests using them in Chapter Five: The Cycle. The idea, in short, is to manage everything on your ToDo list today by either doing it, delegating it, or moving it to tomorrow’s ToDo list. No matter what you do with it, it gets managed and everything on today’s ToDo list gets dealt with, one way or another.
Another theme that Limoncelli harped on was, whichever way you choose to keep track of tasks and ToDo lists, it has to be a way that you keep with you. Either you learn to carry your organizer with you everywhere, or you have to adapt something that you do carry with you to hold the information you need. In my case, I decided to use the organizer functions on my cell phone. So far, that’s been working well for me.
After reading this book, I was also inspired to document my workstation imaging system in much more detail. Now, I have the start of documentation that can, essentially, replace me. This particular document is now detailed enough that just about anyone with a little experience on computers can setup our standard workstation with all the programs installed already. This way, if I ever end up in the hospital again, someone else can keep making workstations. I’ll do some more documentation of this kind and write some policies, too. In a couple of weeks, or months, I’ll have a fairly complete set of IT documentation for this company and I can customize it for any place I might work again. (And, yes, I might post some of it here for you all to steal.)
As part of that documentation, I started a network diagram. I had started this before using an old copy of Visio, but that wasn’t working too well. I got all obsessed with making the autodiscovery function work just right, and it wasn’t, but until I read what Limoncelli had to say about the value of a quick, simple network diagram that isn’t obsessively correct. After that, I grabbed a copy of Network Notepad, a freeware network diagram tool, and all the extra libraries. Then I spent a quick couple of hours getting used to the way Network Notepad works and creating the simple diagram. After using it a bit, I decided I really like it. It has some nice features, so it’s worth checking out. And, I’m going to use it to diagram my home network, too.
I’m still working on formalizing my life goals and implementing the stuff from the stress fighting chapter, but I am getting there. It was very much the right book at the right time for me. But, I do have to admit, if I’d found it sooner in my career, I might be doing better today than I am. Well, maybe not, but I’m glad I read it now.

If you’re a system administrator, no matter if it’s on a Windows network or Unix, or whatever, or, if you work on an IT helpdesk of any kind, get this book, read it and put it to use. NOW.

Advice from your Uncle Jim:
"It took me a long time not to judge myself through someone else's eyes."
   --Sally Field

This time, we’ll restore the image we made last time

mkdir /tmp/server
mount -t smbfs -o username=my_user_name   //server_name/share /tmp/server

Now, this assumes that you don’t have anything installed on the new pc yet and are working with just a blank, unformatted hard drive. First, I restored the partition table and the master boot record:
# sfdisk /dev/sda < /tmp/server/images/cad1r-sfdisk-sda.dump
# dd if=/tmp/server/images/cad1-sda.mbr of=/dev/sda

And then the partitions. Since I had several files produced by split for my primary partition, I needed to take them all, in the right order of course. Now, keep in mind that when we used split in the last post, it added “aa”, “ab”, “ac”, etc. to the end of the file name.

# ls -l /tmp/server

will help you check which files you need for the next step.

Now, again, this all assumes that you had a single partition on the original machine and are restoring a single partition. First, change to the directory where the images are:

cd /tmp/server

Now, we restore the image files with the command below. You’ll have to “cat” all the files in the image directory on the server. Notice the pattern of the file names? That’s what split did for us. Now, rather than do the work manually to restore them, I used a little bit of shell code and a variable reference to save you the need to type the names of all the files. Also, the little “-” at the end of the line does matter, so don’t forget it. Oh, and this command should all be on one line.

cat cad1-sda1.img.gz_a[a-z] | gunzip -c | ntfsclone --restore-image --overwrite /dev/sda1 -

Reboot into your new Windows XP clone.
It’s just like magic, isn’t it?

Hey, I get paid to be a geek, right?

So, I’ve been having some issues with my network and several Windows XP machines. In a nutshell, these machines seem to lose connectivity after approximately nine hours and fifteen minutes from the last restart. In other words, when my crazy-dedicated engineers work past their ninth hour, their machine slows to a crawl and eventually locks tighter than a Catholic school-girl’s knees. In any case, after weeks of troubleshooting this issue, I’ve come up empty. The best that I’ve got for these guys is either a) Don’t work such long hours or b) Reboot the machine at lunch.
In a further attempt to fully understand what is happening and at what level, I’ve gotten one of these machines and I’m going to install Windows 2000 on it. If we have the same issue, I know it’s hardware. If I don’t, I’ll be certain, within a reasonable percentage of sureity, that the issue is some arcane aspect of Windows XP. Either way, I should be closer to a real answer.

But, before I wipe my current experimental machine, I decided I wanted to back it up. Naturally, I turned to my old friend, Linux. A quick Google turned up a blog entry titled “Cloning XP with Linux and ntfsclone“. So, with a few modifications for my own environment, I followed the instructions there. Incidentally, I used the latest version of Knoppix as a boot CD.

First, open up a terminal/shell session and create a mount point with the following command:
# mkdir /tmp/server

Then, because my DHCP server didn’t give the Knoppix virtual machine the right DNS information, add your server to the /etc/hosts file.
Next, mount the network share that you want to dump the images on.
# mount -t smb -o username=administrator //server1/share /tmp/server

Check how your live CD sees the partitions you want to save with the following command:

# cat /proc/partitions
major minor  #blocks  name

8       0   78150744  sda
8       1   76211608  sda1
240     0    1939136  cloop0

I want to save that 80 GB disk sda, which has a primary partition sda1. First I saved the partition table and the Master Boot Record this way:

# sfdisk -d /dev/sda >/tmp/server/images/cad1r-sfdisk-sda.dump
# dd if=/dev/sda bs=512 count=1 of=/tmp/server/images/cad1-sda.mbr

and then the partitions:

ntfsclone -s -o - /dev/sda1   | gzip | split -b 1000m - /tmp/server/images/cad1-sda1.img.gz_

Note that this saved disk image in 1G files, in case the way I mounted the share to the network server didn’t allow for large files. Sometimes that can get tricky going from Linux to a Windows 2003 server and back, so I decided not to take any chances. It makes a mess of files, but at least it took the guess-work out for me.

Coming soon, the restore process! Keep an eye out!