If you build it and no one shows up, do something else

There was a discussion on the mailing list about communications, and I chimed in with a “LOPSA sucks at communications”, followed by a little naive rant about how LOPSA should be using social channels. At which point Matt Simmons sniped me with a, “Hey, sounds like you want to help out!”

I had spent the last year or two trying to breath life into a network/sysadmin group in the geographic area near me. I really tried. I was unable to find a single person (in my geo area) who was willing to passionately jump in and help pull the sled in the tractor-pull. I learned a lot while trying (and I mean that in a positive way.) Anyway, I’m ceasing my efforts on a local chapter; I wasn’t spending a lot of time, but I’m going to use the little bit of time I was spending to . . .

Volunteer to help LOPSA!

Turns out that LOPSA has a functioning social media setup based around HootSuite. All that was really needed was another pair of hands to pull the levers and spins the knobs.

Hey, this monkey can do that! ook ook OOK!

…and, maybe there’s something you too can do to help LOPSA? :)

Update Feb 2015: LOPSA social media 9 months in.

Take back the Internet

This is not the Internet the world needs, or the Internet its creators envisioned. We need to take it back.

And by we, I mean the engineering community.

Yes, this is primarily a political problem, a policy matter that requires political intervention.

But this is also an engineering problem, and there are several things engineers can — and should — do.

~ Bruce Schneir, from Take Back the Internet

I’d venture that the vast majority of regular, everyday people working in technology related jobs are not actively trying to do evil. People go to work, make the best decisions they can and then go home. If that’s true, then it’s going to be nigh impossible to change the momentum of how things (e.g., NSA surveillance) are going. Because in order for it to change, we need to start thinking bigger.

Overwhelmingly awesome leads to success

People ask themselves two questions when considering joining a professional organization:

What can the organization do for me?
What does the organization do at large to benefit the profession?

LOPSA will grow if it is overwhelmingly awesome in its answer to either of those questions.

It’s in our nature (as people sure, but especially as pragmatic technology workers), to focus on the first question when we first encounter LOPSA. Unfortunately, it is very hard for a small organization to muster overwhelmingly awesome benefits that attract members.

Instead, LOPSA should do great things which are available to as many people as possible. LOPSA should be so awesome at benefitting the profession at large, that it becomes the de facto professional organization. Then people will join just so they can say, “I support LOPSA!”

LOPSA should make as much as possible of what it does, and provides, free and accessible.

Inspired to mentor

I was at LOPSA East 2014 last weekend.

Were you? No? oh. …sorry you missed it!

On Friday evening, John Boris led a “birds of a feather” (BOF) session (aka “birds of a feather flock together”) on LOPSA’s mentorship program. It’s a new-ish program within LOPSA where they try to pair people based on mutual interests and skill sets. In LOPSA’s own words:

Life-long learning is the key to success, and we all have knowledge and experience to share with others who hope to tread the path we’ve already traveled. The LOPSA Mentorship Coordinators match experienced LOPSA members that wish to be mentors with proteges that wish to learn from them.

We encourage two types of mentorship engagements, the first being a fixed-length project such as building a service like a help desk, monitoring system, storage solution, etc. The second type of engagement, freestyle, is more open ended and can include asking for advice on topics like budgeting, work relationships, career development, presentations, and so on.

inspired.

I’ve thought about mentoring, but have always felt under-qualified; Really, who am I to be telling people how to do things? But the discussion in the Mentorship BOF opened my eyes to the idea that I could be helpful by simply listening and giving feedback. As a mentor, one isn’t expected to know everything, nor even to strictly guide the protege’s learning.

Hmmm… Listening? THAT would be an excellent thing for me to work on!

I have signed up as a mentor, and LOPSA promptly offered me a selection of a few proteges who are currently seeking mentors.

anyway.

Hopefully, I’ll have more (and more interesting) things to write about this in the future.

Have you considered mentoring? Why not? :^)

Operable systems

Especially for complex, multi-purpose systems, the gap between how things are supposed to work and how they actually work can be quite large. (Ask any police sergeant about the difference between policing in theory and policing in practice!) A primary function of operators is to bridge this gap in ways that result in better rather than worse outcomes. The capacity of systems to be operated is what allows operators to perform this valuable function, sometimes called technical work.

~ Richard Cook, from Making Systems Operable

More and more I’ve been getting a lot mileage from this idea: Make things easier TO USE, rather than trying to fully automate (i.e., so I don’t have to use them.) One cornerstone to accomplishing that is creating “affordences“.

Heartbleed: For want of one nail, the kingdom is lost

The Heartbleed OpenSSL problem is big news ( http://heartbleed.com if you’ve been under a rock ). What’s wrong?

In short, Heartbeat allows one endpoint to go “I’m sending you some data, echo it back to me”. It supports up to 64 KiB. You send both a length figure and the data itself. Unfortunately, if you use the length figure to claim “I’m sending 64 KiB of data” (for example) and then only actually send, say, one byte, OpenSSL would send you back your one byte — plus 64 KiB minus one byte of other data from RAM.

Whoops!

~ Matt Nordhoff, from How Exactly Does the OpenSSL TLS Heartbeat (Heartbleed) Exploit Work?

So this one, tiny-looking problem brings our entire sand-castle Internet kingdom down. “Secure” web sites turn out aren’t necessarily secure. Worse, they haven’t been secure for some uncertain amount of time. So, anything communicated insecurely, during some uncertain time-frame… is, uh, possibly snooped, stolen, etc. The system admins have to patch the fix in, then redo site certificates, then everything everyone has put to/from those sites, (your login and password for example!) has to all be considered stolen/tainted and has to be reentered.

Bonus: it’s even worse than I’m making it sound: Try this on…

http://security.stackexchange.com/questions/55116/how-exactly-does-the-openssl-tls-heartbeat-heartbleed-exploit-work

http://security.stackexchange.com/questions/55097/can-heartbleed-be-used-to-obtain-memory-from-other-processes

Repercussions

If I were in government right now, I would be leery of starting another big software project. I’d also know that big software projects are going to be necessary as our civilization gets more and more complex. So, if I were in government right now, I’d be thinking about laws to regulate the Software Industry. I’d be thinking about what languages and processes we should force them to use, what auditing should be done, what schooling is necessary, etc. etc. I’d be thinking about passing laws to get this unruly and chaotic industry under some kind of control.

If I were the President right now, I might even be thinking about creating a new Czar or Cabinet position: The Secretary of Software Quality. Someone who could regulate this misbehaving industry upon which so much of our future depends.

Maybe that thought hasn’t occurred to them yet. Maybe. But how many more healthcare.gov debacles will it take before it does?

~ Bob Martin, from Healthcare.gov

Most people I’ve talked to, (who write software or do systems and network administration,) are in the “I have work to do” camp. They’ve no time to think about professionalization, or standardization, of their field. To which I say:

That’s cool; I understand. No worries! The government will eventually get around to ramming standardization and licensing down your throat. I’m sure that will work out well for us.

If you work in these fields, you should be paying attention. If you wok in network and systems administration, you should be paying attention to LOPSA and Usenix/LISA.

Update:

Feb 2014: Senate Steps Into the Data Breach Controversy