Wednesday, July 30, 2008

The Usual Subjects

Finding a good deal on pretty much anything is tricky nowadays. Fortunately, deal aggregators do most of the work for you. You'll often see Internet forum posts with a note to "check the Usual Suspects" for deals, coupons, etc. The big computer OEMs --Dell, Lenovo and HP in particular are noted for running big sales. These sites aren't just good for computer/electronic stuff, either. I've scored free magazine subscriptions and all sorts of cheap stuff.

Who are the usual suspects? I like to use these guys, in rough order of preference:
Special mention goes out to Woot. Woot.com only offers one random thing a day, but the deal is usually stupidly good. Shirt.woot.com offers one T-shirt a day -- designs vary, but it's $10, shipped. I highly recommend both.

Got any more? Post a comment and tell me about your favorite!

Monday, July 28, 2008

Gateway Ditches Direct Sales


It seem like so long ago, but once upon a time, Gateway was one of the darlings of the early direct-sales model. They were exceedingly competitive with the likes of Dell through the P2/P3 era and instrumental in the whole paradigm of ordering custom-configured computers first over the phone and later over the web.

Gateway, now a subsidiary of Acer, has floundered tremendously in the last few years. The idea of selling product directly and indirectly through Gateway Country stores floundered and they had begun selling through retail and e-tail channels.

This weekend, Gateway announced that they're giving up entirely on direct sales, and going to a 100% pre-configured, non-customized sales model. Last week, buying a pre-configured computer at 'retail' was just an option if you wanted a Gateway. Now, you get a choice of pre-configured systems and no more.

I'm going to call this one as a bad move, even if there are massive cost-savings that can be passed down to consumers. They're basically giving up on the business markets and high-end prosumer, leaving the low-margin "plain old computer" buyer.

Good luck, Gateway...

Sunday, July 27, 2008

Admin Tip: Cable Storage

You've probably accumulated a number of basic computer cables and need to keep a stock of stuff like DVI, VGA, Power, USB A-to-B, etc. Fortunately, most of these come in a standard 6'/2m size!

Get a coat rack or two-- depending on how much you need to store--and affix it to a wall or hang it behind a door at least 4'/2.5m off the ground. Loop the cables over each hook, looping halfway down the cable. Each hook gets its own type of cable. I can get between 25-50 cables per hook, but this will obviously vary with the coat rack you choose and the thickness of the cables.

If you keep Cat 5/5e/6 networking cable in bulk, you can use one hook for each length and/or color. The only problem here is that cables longer than 10' will end up being looped anyway, or they'll be too long for this method.

This is a real time saver in two ways: No more constant bundling cables for storage, and you can easily see and grab what you need when you need it.

Security Basics: Authentication and Authorization


A key pair of linked concepts, Authentication and Authorization are so fundamentally important to networked computing, yet often ignored as "assumed knowledge." The fact is that most networked operating systems handle Authentication and Authorization pretty well if configured properly, but I want to cover the basics in case there are any problems. Pay attention, there will be a quiz later!

Authentication is a process by which you prove that you are who you say you are. The most common form of authentication is a user password. In this case, you provide some piece of information only you and the computer know. If you have that info, you are (as far as the computer is concerned) who you say you are.

You have probably also seen biometric authentication systems like fingerprint scanners, and some of you may have seen Handheld Authenticators like the RSA/SecurID system. In the first example of biometric data, something you know is replaced by something you have-- and in the case of your finger, something hopefully you and only you have.

Two-factor authentication builds on the previous two concepts. You need something you have plus something you know. You the basic form at an ATM machine. To make it give you money, you need your PIN code and your card. A thief would need both rather than an either-or to get access to your account.
From an administrative standpoint, you may need to consider something like a SmartCard system or an RSA/SecurID system. For SecurID, you have a physical token/device (key fob usually) that generates one use-codes. You combine these one-use codes from the authentication device with a PIN number only you know. Instead of a password, you now have not only a two-factor password, but a one-time two-factor password!

The most common way for this to break down would be to share passwords or use shared accounts (accounts that aren't meant to be tied to a specific person and more than one person has the password.) For authentication to be reliable and secure, you must not have any situations where one person knows another person's password! If you just can't resolve this, realize that it's an insecure situation and work to mitigate the risk.

Authorization is the other half of this coin. Once a system can reliably tell that you are who you say that you are, now the system can give you permission to do what you should be able to do-- this is often revered to as user privilege or privs in admin-speak.

As an admin, you'll typically work within the specifics of your networked OS/system to grant and modify user privilege as required by your organization. Users should operate under the concept of least privilege. That is to say, that they should have the rights to do what they need to do, and not more than that. Granting them extra permissions is a risk that the users may engage in dangerous activities (installing spyware, snooping through HR payroll databases, etc.)

Your risk here is threefold:
  • You need a strong authentication system to ensure that you know who is logging in to your systems.
  • You need to be vigilant in that the IT group is setting up permissions properly, without any loopholes and obeying the principle of least privilege.
  • You need to guard against outside threats which will use exploits in the system to elevate their privilege beyond what they should have.
As you can see, these two concepts are tightly linked and important building blocks for all security concepts.

Friday, July 25, 2008

Sysadmin Appreciation Day

Did you remember to appreciate your Sysadmin? I'll take any chance I get. For the record, I "enjoyed" the day troubleshooting graphical issues with a Red Hat Enterprise 5 box and setting up an Open Directory installation. I didn't get any cookies, though...

Friday, July 18, 2008

Happy 40th, Intel


All the best-- 40 years is a few lifetimes in the tech industry. Of course, this wish comes with a fervent request that you not repeat the debacles of Netburst, RAMBUS and the FDIV bug. I will gratefully take a nice Wolfdale off your hands if you have one to spare, though!

Thursday, July 17, 2008

Hardware: Hector Ruiz out at AMD


AMD's former chief, Hector Ruiz has been replaced by Dirk Meyer as President and CEO. Will Dirk continue to tell us that crap smells like roses, or will we see a CEO who concentrates on the strengths that AMD has and turn the ship around? Time will tell...

Tuesday, July 15, 2008

Xbox 360: The E3 Bombshell

I'll preface my first gaming post by saying this: I'm an old school PC gamer-- old school enough to go back before the original PC took the gaming marketshare crown from the Apple ][ and Commodore 64/Amiga. I tend to prefer PC gaming as it affords me a high degree of tweaking/modding, I like the keyboard/mouse interface as a minimum standard and I like the immediacy of sitting right in front of the screen. I still bear Microsoft and the Xbox franchise some minor ill will for diminishing the former glory of the PC gaming market.

With all this in mind, the Xbox has scored a slam dunk this E3. Forget the Mii-alike avatars. Forget the media content and Netflix deals. Even forget the option to run from the hard drive. Those are the icing on the cake. The real meat here is that the update will handle standard widescreen monitors from 17" through 22" at native resolution.

I no longer have to invest in a different type of setup-- I can re-use the monitors I already have. Good HDTVs are expensive, but a $250 monitor isn't a bad way to go.

And let's not forget the games. The Xbox franchise has been hammering nails in the corpse of the PC for a long time, but it's polishing the hammer for the console market too. Let's be blunt-- The Wii competes for gamer time and dollars, but isn't playing the same games as the other 3 platforms. The PC is just the Xbox's poor stepsister from Microsoft's standpoint, so that leaves Sony. Sony is quintesentially Japanese. I own a PS2 primarily for Japanese Console RPGs-- the greats from SquareEnix, Bandai Namco, Atlus and the like. These are quirky and fun and things I can't do on a PC. Final Fantasy X was the king of that generation and the FFXIII franchise looks to be the king of the current generation. The loss of the main FFXIII game's PS3 exclusivity is an Epic Fail. It means that people (like me) with limited budgets on the fence as to which console is better for Japanese games will tend to go with the non-Japanese contender.

While there is still some pretty good exclusive PS3 content (Little Big Planet arguably the biggest now), Sony now has to move units based on more games that are non-exclusive. Luckly it holds the ace of being a great BluRay player in its sleeve.

The real news here is for the PC market. With Microsoft putting more genres of content squarely into the Xbox arsenal, it gets harder to resist. The ability to use existing/inexpensive high quality monitors is the cherry on top.

Monday, July 14, 2008

Admin Tip: The Cart

A general purpose cart is tremendously helpful for moving stuff around. Here are two tips to make your life easier if you can manage to get a cart:

Get a two level cart where the top level is completely flat without a lip. That makes sliding heavy equipment on/off much easier.

Get a cart with pneumatic tires. You'll thank me when wheeling that blade chassis across the parking lot.

Wednesday, July 9, 2008

Admin Tip: Status Whiteboard

This is a nice idea I've picked up over the years: Keep an employee status board on or near the door to the IT offices. This is just a simple whiteboard with key bits of information on the IT staff: When they're planning on being out of the office, Where they are in the office/campus, and how they can be contacted. For a staff that's running around a lot, this helps in tracking down people. When somebody calls in sick, just jot that down-- and nobody wonders where they are.

This is also a nice low tech solution that works for other stuff as well. You can put other stuff like on-call rotation info, important contact/escalation procedures or a high-priority daily task list. Putting it near the door encourages people to change their status whenever they step in or out.

Monday, July 7, 2008

Admin Basics: One, Some, Many

As I write this post, we're on the eve of a date Windows admins are painfully familiar with: Patch Tuesday. Microsoft releases scheduled updates on the 2nd Tuesday of each month and because of this predictable schedule, Admins can take all the actions necessary to ensure that these patches are delivered in a timely manner. I'll defer talking about patch automation until a later date, but for now I'll take this opportunity to talk about my first Admin Basics topic: One, Some, Many.

When taking any action on a computer, there's always some risk that the change you make will break something or have other unintended consequences. You can try to predict what will happen, and you can have rigorous testing, but the chances are that something may fail and that something may not be what you test for. When making larger changes, the chances of something going wrong are greater than for a trivial change.

This leads me to the concept of One, Some and Many. This ties nicely into patching, but applies to all system changes.

You know you're going to make a change. You know it might have negative consequences. You test it as best you can-- how can you limit your risk beyond that?

Simple: Push the change to a single system first and test. If it works, then the chances are reasonable that the change had no negative effects. From there, pick a representative sample of other systems and push that change to them... and wait. If none of the users report problems, you can then push out to a larger group. If you're running a very large group of systems, you may have several groups of "many" for various reasons. If you have a smaller number of systems, you can probably safely patch them all in one big group of "many." If you start to get failures, you can go back to the previous stage and test more rigorously with the new failure information.

Why do this?

1. Vendors can't test every possible scenario, and often patches, updates, and configuration changes are poorly tested.

2. While you have a responsibility to test changes, you will have a hard time testing every scenario. It's efficient to have some users test as well.

3. The risk exposure is lower: If users experience problems in the "some" phase, you've limited the number of people having problems and enhanced your ability to troubleshoot quickly. If nothing else, you can back out their updates and go back to the previous testing step.

If you execute the One, Some, Many strategy you can still make changes in a reasonable period of time but lessen the risk. It's a very bad feeling when you make a sweeping change and your users start screaming. This will help you not be that guy.

Wednesday, July 2, 2008

Welcome to Admin Anonymous

Welcome to Admin Anonymous! This blog is merely my humble attempt to chronicle, reivew and comment on technology from the experience of your humble author. I've chosen the name Admin Anonymous for a simple reason-- I'm a Systems Administrator who is passionate about technology, but for many reasons I can't comment on what I do on a day-to-day basis directly. From here, I can talk about technology trends, administration concepts, big-picture and very small picture issues. Expect my personal life to pop in from time to time as my interests are far from limited to the working side of computers.

In short-- this blog is me, and my opinions for all to read. Everything in it should be read as such. I hope you find some of it enlightening, amusing and valuable. Welcome!