April 2013 Archives

https://blog.mozilla.org/it/2013/04/30/women-in-science-and-engineering-wise-computing-skills-boot-camp/

Software Carpentry is running a 2-day software skills boot camp in Boston, June 24-25th 2013, for women in science, engineering, medicine, and related research areas. Registration is $20.

Boot camps alternate short tutorials with hands-on practical exercises. You are taught tools and concepts you can use immediately to increase your productivity and improve confidence in your results. Topics covered include the Unix shell, version control, basic Python programming, testing, and debugging -- the core skills needed to write, test and manage research software.

This boot camp is open to women at all stages of their research careers, from graduate students, post-docs, and faculty to staff scientists at hospitals and in the public, private, and non-profit sectors.

Registration is $20; to sign up, or find out more, please visit the announcement at http://software-carpentry.org/blog/2013/04/announcing-wise-bootcamp.html. If you have questions, there is an e-mail link on the announcement page.

The slate of candidates for LOPSA board is up.

At "candidate night" here are the questions I'll be asking:

Question 1:

"I'd like to know about your experience with community-based projects. Please tell us about a project that you took responsibility for seeing through to completion. Please, only projects that are "done" or have reached a self-sustaining mode only. One or two sentences is fine. It doesn't have to be a project where you thought of the idea or even did all the work: just one where you assured it reached the finish line."

Question 2:

"Surprise! The day after the LOPSA election an anonymous donor gives LOPSA $10 million dollars. The only condition is that it has to be spent in the next 18 months. What should LOPSA do with it? (projects, not investment strategies)"

If candidates wish to include their answers to these questions in their candidate statements it would please me to no end.

If you haven't signed up for LOPSA-East, it is this coming Friday and Saturday, May 3-4, 2013 in New Brunswick, NJ.

I've finally finished my slides for my "Evil Genius 101" class. I'm very excited about this new class. I hear there are still seats left, but it is filling up fast.

To my NYC friends: you can take the train there. The station is 2 blocks away.

To my Linux friends: the Linux content is most excellent this year.

To my Windows friends: Steven Murawski himself is teaching PowerShell classes. Steven FREAKING Murawski! How can you NOT sign up for this?

To my security friends: The keynote is Marcus Ranum. The guy that wrote the first firewall software and, since then, has gone on to do all sorts of amazing stuff like Network Flight Recorder. You should also come to see his keynote because OMG ITS MARCUS RANUM WHY ELSE DO YOU NEED A REASON?

There's still time to register. You can also register "at the door" either Friday morning, afternoon, or Saturday night.

Don't forget:

Thursday evening: It isn't official but people hang out at the bar. It's fun and you will be recruited to help stuff the conference bags.

Friday evening: If you are only registered for Saturday you can still come to the Friday evening stuff. it starts at 5pm and includes the dinner, keynote and the other sessions that night.

http://lopsa-east.org/2013/registration/

A reader asked me:

What’s your opinion on merging “to-do” lists with issue trackers in The Cycle? I have a pile of To Do items which aren’t properly “issues”, and a pile of issues. I don’t want to duplicate tickets in the to-do list, but I’d like to look at one place to figure out what to work on next.

You are correct in that copying items from your ticket system to your to-do list leads to trouble. They aren’t synced and bad things happen. I have a n-hour to-do item each day called “work on tickets” (where “n” is 1 to 8 hours depending on the requirements of my job). During that time I focus on tickets, using the ticket system’s ability to sort and prioritize the requests. Some tickets require follow-up that is appropriate to track using your to-do list. For example if work related to the ticket involves calling someone on a certain date, putting that on the to-do list for that date assures perfect follow-through.

50 years ago today Martin Luther King, Jr published "Letter from a Birmingham Jail". It is a beautiful, moving, letter. Everyone should take a moment to read it.

(Search for a copy of the letter online here)

Many people read it without realizing the joke he put in the first paragraph.

Seldom do I pause to answer criticism of my work and ideas. If I sought to answer all the criticisms that cross my desk, my secretaries would have little time for anything other than such correspondence in the course of the day, and I would have no time for constructive work.

The joke, in case you missed it, is that he doesn't have a big office full of secretaries that manage his correspondence. Like most social activists he's on a shoe-string budget. The people he is replying to, however, probably do have such luxuries.

I often wonder if his intention was to open the letter with a subtle joke or the most polite "F- you" ever delivered in history.

Nearly a year later when he spoke at Drew University (I wasn't born yet, but I would attend that University 20+ years later) his speech also began with a joke. He quoted the great philosopher Bob Hope. I don't want to spoil the joke for you, so you'll have to listen it it yourself here: http://depts.drew.edu/lib/archives/online_exhibits/King/index.html

Instant Puppet 3 by Jo Rhett is 50 pages long and a delight to read. The ebook is available for $9.99 from Packt (pronounced "packed") at http://www.packtpub.com/puppet-3-starter/book

For those of you that are unfamiliar with Puppet: Puppet is a system for describing what the configuration of a machine should be and then the "puppet agent" will update a machine to have that configuration. If there is no work to be done, the agent does nothing. If you need to make a change globally you could, in theory, make one change to the description and soon every machine will be updated with the Puppet agent doing the right thing on each machine depending on what operating system it is running. This is called "Configuration Management" or ConfigMgmt or CM. Settings can be global or for a particular machine or anything in between. The hallmark of good CM systems is that you specify what you want ("Package foo version x.y.z should be installed") not how ("apt-get install foo-x.y.z"). CM systems are good for maintaining dozens or thousands of machines.

About the book:

Imagine you need to learn Puppet quickly and you have a friend that is a Puppet expert. Imagine that he or she has offered to sit down with you for a few hours and help you go from zero to a running configuration. This ebook is like having that experience in the form of a book. It starts with the fastest way to create a server, a client, and get them talking to each other. Now you use the system to move through a series of exercises that teach you all the rudimentary features that you should know: Installing packages, copying files, using templates to generate files, and so on.

To make the book so compact Jo employs a number of techniques. First, he assumes RedHat or CentOS. This makes the descriptions more concise and uncluttered by the distracting exceptions for other operating systems. If you don't use either of these OSs he has advice on how to apply what you've learned to a different operating system after you are done. Second he focuses on the knowledge needed to take you on the shortest path from no Puppet to a simple Puppet server with a few clients with some typical configurations. Third, he uses thoughtful examples that replace the need for pages and pages of verbiage. Lastly, he saves pages (and your time) by covering advanced topics with an overview, an example, and a pointer to where to learn more. The last section is a "Top 5" list of advanced features that you should be aware of. After reading the overviews and examples of each, you feel like you are conversant enough in the topic to know if you need this feature.

Earlier I said this is like having an expert walk you through the process in person. It is actually better than that. I can't imagine an informal in-person walk-through having such good planning. I mean... when I walk a person through something I always get to a point where I realize I need to backtrack a little! The ebook, however, is excellently planned. Each concept flows from one to the next linearly. Technical books often build a concept hierarchy that becomes a "house of cards": if you forget or don't understand one concept the entire house comes tumbling down. Instant Puppet 3 simplifies the concepts and avoids obfuscation resulting in an approachable learning experience.

As a result, the analogies are well-crafted and the examples are clear.

One particularly good analogy stood out. It can be confusing for a beginner to decide if a new policy should be put in the "site manifest" or in a "module". He writes:

The site manifest expresses what you want. The modules are like butlers and maids; components which implement policy without bothering you with the details. You will find that this approach enables you to do more, faster, and easier than ever before.

That analogy helped me understand the issue better and I've been using Puppet for a while!

As I said before, the examples are also well-crafted. They demonstrate what is needed at this point in the narrative rather than trying to show off every possible feature. (This is a major pet peeve of mine: authors that use examples to show how complex and configurable a system can be and end up confusing the reader with unrealistic examples. To be clear: this book doesn't have that problem.)

The book is not without faults. I found some editing errors but over-all it was well-edited. The author has already updated the errata page on the book's website.

I would recommend this book to anyone that needs to get up to speed quickly with Puppet. If you are managing more than 2 machines, you should be using a CM system: whether it is CfEngine, Puppet, Chef, Bcfg2 or anything else. If you choose Puppet, this is a great way to get started.

The book is compact and straight to the point. The ebook is available for $9.99 from the publisher: http://www.packtpub.com/puppet-3-starter/book

Tom

P.S. You can enter to win a free copy at the author's website: http://www.netconsonance.com/2013/04/win-a-free-copy-of-instant-puppet-3-starter-packt-publishing/

is brought to you by The Joy of Tech: http://tapastic.com/episode/3845

If you haven’t registered for LOPSA-East yet, what are you waiting for?

LOPSA-East (May 3-4, 2013) is the best regional conference for sysadmins this side of the Mississippi. It is much less expensive than national conferences because you can probably drive instead of fly. The same nationally known speakers you find at the big conferences travel to us instead of the other way around.

If you are signing up for my tutorials please remember that space is limited so please register soon!

I was thinking about why I like going to conferences the other day and it dawned on me that the answer is simple: I can ask the questions I can’t ask anywhere else. There are plenty of places I can ask questions: online forums, ServerFault, bulletin boards, mailing lists, and so on. However there are many questions that I can not ask online. First, online forums and chatrooms are archived and sometimes I don’t want my question public. The second reason I’d call “discovery”. I don’t always know which online forum is the most appropriate. At a conference you can strike up a conversation and learn about new resources. The third reason is embarrassment. I don’t want to look stupid in front of some unknown huge number of people online. At the conference you can talk to a speaker or just strike up a conversation with the people near you. It can be difficult to ask a question in a public forum when you are new. The same can be said for a senior sysadmin too.

Lastly, and I think this is the most important reason, in-person it is easier to ask a question that you don’t know how to ask. Online forums work best when you know exactly what you are asking for. Ever been “yelled at” online for asking a question “the wrong way” or for incorrect use of terminology? In person you can have a dialog that is exploratory. You work through any vocabulary issues along the way as you discuss the issue. I find that in this situation I usually learn more than just the specific question I was asking.

LOPSA-East is a very friendly conference. It is small enough that everyone feels comfortable striking up a conversation with anyone there. Yet, it is big enough that it has “critical mass” and gets really good presentations.

Hope to see you there!

Info is here: http://lopsa-east.org or click here to register.

LOPSA-East (formerly PICC) is May 3-4, 2013 in New Brunswick, NJ. It is easy to reach by car and train.

My friend Jo Rhett's new book is called "Instant Puppet 3 Starter". In 50 pages he gets you up and running with Puppet3. I haven't read it yet, but if it isn't good let me know and I'll kick his ass.

http://www.packtpub.com/puppet-3-starter/book

P.S. Just kidding. Jo could kick my ass any day. I'd find some other punishment. Luckily I won't need to because I'm sure it is a great book.

Remember that the submission deadline is Tuesday, April 30. Get those proposals in now!

If you are submitting a paper, it can be the full (draft) paper or it can be an extended abstract, 4-8 pages in length.

See the CFP page for more details.

Speaking of which... I have not yet submitted a proposal for an Invited Talk. What would you like to hear me talk about? Invited talks are usually 90 minutes (or 45 minutes for a half-session). What would you like to hear me talk about? (Post a comment)

Humans think in terms of mental models. In IT it is our responsibility to help them form accurate models as well as deal with inaccurate models that exist.

Humans use mental models of how things work to fill in context. If we are not given the model, we make one up. This made-up model may be unrelated to how things actually work, but if it is sufficient for us to get our job done then that's "good enough". I think this is evolutionary: we didn't know why the sun rose and fell, but we made up a model that included a god riding across the sky... a model that was good enough to deal with the fact that "night" and "day" alternate.

As sysadmins we often skip the step of helping users create that model then have an up-hill battle as we deal with users that have created their own, inaccurate, model. We see users do things that seem insane but are actually completely appropriate for the mental model they have created.

I saw a user plug two ports of his desktop ethernet switch into wall jacks so that he could get twice as much network speed. In his model, network bandwidth like electricity in a parallel circuit and this seemed like a reasonable way to get more bandwidth. Instead he crashed the network because he created an ethernet loop (this was before loop detection/prevention mechanisms were common).

When possible we must give users an accurate mental model. However, those opportunities are rare.

When we answer technical support questions we must be on the look-out for a user with a mental model that is inaccurate. It may have served them in the past but is insufficient for their current situation.

Years ago I was at a company that was changing VPN software. Announcement after announcement went out telling people that if they used the VPN they had to stop by the helpdesk to be switched to the new software. They were warned that the old VPN would stop working on a specific date. On that date, the helpdesk was flooded with users that couldn't understand why they couldn't connect to work. "Have you seen the emails about the old VPN being replaced?" "Sure, but I don't use a VPN."

In their mental model they didn't. The icon was called "Network Connect". Why would they pay attention to an email about "the VPN"? They never saw an icon or menu with the phrase "VPN" in it.

Who's fault was this situation? Hint: The user can't be blamed for not knowing that "Network Connect" is a VPN.

"Network Connect" was the icon they clicked that connected their laptop to the work network so they could access "work things." Their mental model was more like an on-off switch. When the switch is "on", web sites inside the company work. When it is "off", those sites don't work. The fact that they're still using the same web browser and other apps helped create this inaccurate model. The switch is turned on and things magically work; turn it off and things magically didn't. Their model didn't include encrypted packets. It didn't need to. In fact, during this we learned that many users were connecting to the VPN even when they were in the building. This, again, makes sense if "Network Connect" was an on switch that made internal services accessible.

This mental model mismatch contributes to a lot of the ills of corporate IT. In situations where people don't know I'm a sysadmin I often hear complaints about their company's IT department. Often I hear about the IT department doing bizarre things "just to make it more difficult to work here". It is a sad state of things that people feel that IT departments would do that. However with incorrect mental models so commonplace it makes total sense. Why would the IT department hide our websites unless a magic on-switch is flipped? What's to stop bad people from just having an on-switch installed on their laptops too? Now if enabling the VPN made their web browser display a "ah! this is an internal site! please wait while we connect through the VPN tunnel" message every time they accessed an internal website then the mental model would include some kind of tunnel analogy. Of course, that would be silly. Plus, the great thing about VPNs is that they are transparent to the applications.

The next time you send email to users consider, "What am I doing to create an accurate mental model?" and "What mental model might they have that I should play to?" When helping a confused user consider pausing to consider, "What is their mental model?" and either work within it or work to help create a new, more accurate, mental model.

2013-04-18 Update: Check out this article about the Strayer University scandal.

I’m frustrated with DeVry University, Kaplan University, Walden University, Ashford University, Colorado Technical University, Strayer University, University of Phoenix, Capella University, American Intercontinental University and other businesses. I do not encourage anyone to enroll in these “schools”.

Here’s how for-profit “schools” make money: They get students to enroll and help them get government-funded financial aide. The thing about financial aide is that the check gets sent directly to the “school”. The “school” deposits the check. There are no refunds. The student only has to attend one day of classes for this to be legit. So, after the first class students are worked hard in hopes they quit. It is much less expensive and much more profitable to teach a class where everyone has dropped out, especially if instructors are paid by the student. If by week 2 there are no students, you don’t have to pay the instructor anything.

This is not new. In the 1970s there was a big scandal when it was discovered that a number of schools were doing this. 30 years later regulations have been relaxed enough that the scam artists are back and they are back in a big way!

Any business that does this is stealing educational dollars away from students that could be attending actual schools.

What makes this so sick is that they attract poor and middle-class kids that want to make a better life for themselves. Instead they end up having to pay back a big loan to the government. If they are frustrated that they got nothing for their money, they don’t pay back the loan and enter the circle of doom one ends up in when you have a bad credit rating. Either way an innocent person that wanted a better life becomes trapped in the cycle of poverty.

The claim that these schools are “accredited” is a scam too. Any of these schools that claim to be accredited have found some loophole that lets them claim accreditation. For example, one school bought a university that went bankrupt. Accreditation lasts 10 years. Your entire university can burn down in year 2 and you still have 8 years of accreditation. If a for-profit buys a university that was accredited within 10 years of going bankrupt, the for-profit can claim it is accredited for the remaining years. Other for-profits have used lessor accreditations to be able to make this claim.

Sadly these for-profit schools are making big profits and divert a lot of that money into marketing. Good advertising can make a pig look like a prince.

If you are looking for a technical education I recommend looking into the 2-year programs in your area. Depending on where you are in the U.S. they are called community colleges, county colleges, or junior colleges. There are also non-degree programs online that are free or low cost.

If you do attend a school, whether for-profit or not, ask for a written document that shows their completion rate and per-pupil spending. Completion rate is the percent of students that graduate. A for-profit school has an inventive to get people to pay but then fail out. A for-profit school is “successful” if it is making a profit. A non-profit school judges itself on how well it teaches. It should pride itself on being able to see that the people that are accepted are guided through to graduation. “Per-pupil spending” means how much money is spent on each pupil. If you pay $20,000 and only $5,000 is spent on education, where is the other $15,000 going? It is going into the pockets of the executives that are running this scam.

Here are some articles you may find useful: - Students at For-Profit Colleges Earn Less, Study Says - Online Universities: Government Cracks Down on For-Profit Schools

Here’s a quote from the second article:

A motion filed in federal court claims that the school “concocted a scheme to fraudulently inflate revenues and boost profitability by exploiting well-intentioned and often lower-income students, including veterans of the U.S. armed forces, who were hoping to improve their qualifications and employment prospects,” adding that “students often withdrew early or failed to complete degree programs.”

Andy Lester, author of "Land the Tech Job You Love", has an excellent blog post up called Bad Tech Job Interview Questions (and How To Answer Them).

It is a good read whether or not you are interviewing. It has good advice if you are on either side of the interview table.

The 2013 USENIX Configuration Management Summit (UCMS '13) call for participation closes Friday, April 5, at 11:59p.m. PDT. In this interview, Chris St. Pierre, UCMS '13 Program Chair, answers questions about the CFP and what to expect at the event, which will take place during USENIX Federated Conferences Week, June 24-28, 2013.

https://www.usenix.org/blog/interview-chris-st-pierre-ucms-13-program-chair

[ This is a guest post from Dan O’Boyle, who I met at a LOPSA-NJ meeting. I asked him to do a guest post about this subject because I thought the project was something other schools would find useful ]

I’m a systems engineer for a moderately sized school district in NJ.  We own a number of different devices, but this article is specifically about the AcerOne line of netbooks.  I was recently tasked with finding a way to breath new life into about 500 of these devices.  The user complaints on using these models ranged from “constant loss of wireless connectivity” to the ever descriptive “slow”.  The units have 1 gig of ram, and our most recent image build had them domain joined, running windows 7N 32bit.  

These machines were already running a very watered down Windows experience.  I considered what the typical user experience was - They would boot the device, login to windows, login to Chrome (via Google Apps for Education accounts) and then begin their browsing experience.  Along the way they would lose wireless connection (due to a possibly faulty Windows driver), experience CPU and memory bottlenecks due to antivirus and other background windows processes, and generally have a bad time.  The worst part was I couldn’t see a way to streamline this experience short of removing windows.  It turns out that was exactly the solution we needed.

Chromium OS is the open source version of Google’s ChromeOS operating system. The project provides instructions on how to build your own distro and a fairly responsive development community.  Through the community, I was able to find information on 2 major build distributors - Arnold the bat and Hexxah.  Hexxah’s builds seem to get a bit less attention than Arnolds, so after testing both I decided to use one of Arnolds most recent builds.

The AcerOnes took the build without issue.  A few gotcha’s to be aware of are hard drive size, unique driver needs and method of deployment.  Before I describe those problems, I’ll need to explain a bit about our planned method of deployment.

Individual Device configuration:

Configuring the OS on one device took about an hour from download to tweaking.  After copying the build to a USB stick, I installed it to the local HDD of my AcerOne.  I noticed that the wireless card was not detected by default.  This is typically due to a driver issue, and can often be solved by adding drivers to the /lib/firmware directory.  With the wireless card up and running, I added flash/java/PDF/mp3 support with this script (Note that the script is listed to work with Hexxah’s builds but also works with Arnolds.  The default password on arnold’s builds is password.)

Deployment:

Finally, I was ready to try cloning my machine to distribution.  My first successful attempt was using Clonezilla to make a local Clonezilla repo to USB.  This was effective, but it wasn’t pretty.  To distribute this build out to multiple buildings I needed to boot the ISO created by clonezilla over PXE, and given that some of my AcerOnes had 2gig of ram, and some only had 1 many of the devices wouldn’t be able to load the ISO locally into RAM to perform the install.

The next attempt I made was using FOG.  FOG was able to capture the image and store it on a PXE server.  FOG boots machines into a small linux kernel, then issues commands through that kernel to perform disk operations.  This method would work even on my 1gig machines.  At this point I discovered the hard disk problem mentioned earlier. I had originally build my image on a 250gig HDD.  some of my machines only had a 160gig drive.  Even though the image is much smaller than that, (about 4gig) FOG felt that the smaller HDD wouldn’t be able to handle the image and refused to deploy.  This can be solved by ensuring that your build machine has a smaller HDD than any machine you intend to deploy to.

Final Deploy time:

Overall I was able to take the 1 hour configure time it took for me to setup 1 machine, and cut it down to about 5min for a technician in the field.  Stored information about the wireless networks I pre-configured on the master device seems to be in a protected area on the disk that FOG couldn’t read.  The end result is that a technician must image a unit, then enter wireless key information after it’s deployed.

The user experience on the new “ChromiumBooks” has been right on target so far. The devices boot in about 40 seconds. Most of that time is the hardware boot process. Once that is complete ChromiumOS still loads in under 8 seconds. Users are immediately able to login to their Google Apps for Education accounts and begin browsing.

The linux driver for the wifi cards seems to be more stable than the windows driver, and I have much fewer reports of “wifi drop offs”.

Overall, getting rid of windows has been great for these devices.

If you liked this story, or want to shoot me some questions feel free to find me at www.selfcommit.com.

RFC 6921 has been published today:

Abstract

We are approaching the time when we will be able to communicate faster than the speed of light. It is well known that as we approach the speed of light, time slows down. Logically, it is reasonable to assume that as we go faster than the speed of light, time will reverse. The major consequence of this for Internet protocols is that packets will arrive before they are sent. This will have a major impact on the way we design Internet protocols. This paper outlines some of the issues and suggests some directions for additional analysis of these issues.

What makes some April Fools RFCs so good is that they are scientifically accurate. Currently internet protocols do need to be able to deal with packets arriving out of order (it can happen for many reasons). However the situation where replies are sent before requests has not received enough study. This RFC has some excellent analysis of just that.

http://www.rfc-editor.org/rfc/rfc6921.txt

A book of all the funny RFCs though 2006 can be purchased at www.rfchumor.com. It is the perfect gift for the geek that has everything. It makes a great book to leave around the office or home for casual perusing.

You want to innovate: deploy new technologies such as configuration management (CfEngine, Puppet, Chef), a wiki, or standardized configurations. Your coworkers don't want change. They like it the way things are. Therefore, they consider you evil. However you aren't evil, you just want to make things better.

Learn how to:

• Brainwash your coworkers into thinking the big change was "their idea".
• Program people like you program computers: a flowchart for every personality type.
• How to fix that your "Stormtroopers can't shoot straight".
• Help your coworkers understand and agree to your awesome ideas.
• Convince your manager about anything. Really.
• Turn the most stubborn user into your biggest fan.
• Get others to trust you so they are more easily convinced.
• Deciding which projects to do when you have more projects than time.
• Make decisions based on data and evidence.
• Drive improvements based on a methodology and planning instead of guessing and luck.

LOPSA-East is May 3-4, 2013 in beautiful New Brunswick, NJ. Register for my class and other great presentations today!

The Early Bird Registration Deadline ends today! Save up to $197 by registering early!

Read it before they realize what they've done and take it off their website.