It’s amazing to me how many veteran IT gurus are unwilling to teach people new to the industry. I remember logging onto IRC chat rooms and seeing one person after another being degraded or insulted for asking valid legitimate questions. I was shocked to find that this was NOT the norm in the amateur (ham) radio hobby. In amateur radio culture, an Elmer is a person who teaches and nurtures the neophyte amateur radio operator. We NEED Elmers in IT.

I understand that there is a big difference between a “hobby” and an actual business profession. I also understand that some of these IT veterans see their job as just that, a job. For me, it is not just a job, my job IS MY HOBBY. Imagine that, a job that is so enjoyable that you actually WANT to do it. I feel that those who feel like me are the same people who are not opposed to teaching a newbie to my “hobby”.

So what can we do for these individuals who are not thrilled to be in the trenches with us? I tend to agree with books like Drive and the Strength Finder series; we need to let everyone do what they love. Telling a “it’s just a job” individual to teach a neophyte can be very challenging. The goal becomes finding what part of the “job” this individual actually enjoys. It will take some detective work to find the answer but with enough prodding you can find some passion in this individual. Please note, this will not always be a tech related skill. I had one individual who REALLY loved PowerPoint. Let me tell you, the 1 hour presentation this person gave was amazing. He was extremely well versed and even PowerPoint haters were upping their presentations after that presentation.

I think setting up a regularly scheduled teach a topic session can have many benefits for any IT department. It gives individuals a forum to talk about what they like, gives management an inexpensive training resource and helps enhance the skill of those attending. I recommend it as a topic of conversation at your next team meeting.

Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime. –Chinese Proverb

Working in IT can be stressful. Many technologists go unappreciated and are only noticed when something is not to the user’s liking. This creates a feeling of being undervalued. What can you do? Here is a small list of tasks that may help.

1. Create a daily log where you write at least ONE way you contributed to the success of the company. This is great for review time. It’s OK to repeat on several tasks since you can mention examples like “restored accidentally deleted files 60 times this year”.
2. Have a GREAT task list. This will work for this “what are you doing all day” questions? I recommend a ticket system like RT or some other type of sharable task list. My recommendation would be to read up on Thomas Limoncelli’s system in his book “Time Management for System Administrators“. It’s a must have for any tech trying to organize their to-do list.
3. Schedule a daily outage. What? Yes, schedule a daily ONE Hour outage. Why? It WILL HAPPEN, might as well schedule for it. If there isn’t an outage, make sure you have some task that will benefit the organization (e.g. study for certification).
4. Create a PANIC ROOM. This is the place where all employees know NOT TO bother you. For me, its normally been the 65 degree server room with its loud fans. Make sure to get a NICE, comfy chair in there and a computer you can use as a client. The PANIC ROOM is not just a place to run to in an outage but it can also serve as a small getaway when humans get antsy and annoying.
5. Grab a notebook during an outage. Start writing about the issue at hand. If it doesn’t help you flesh out a solution it will at least give you a moment to breathe and analyze the situation at hand. You are able to think clearly if you are more at peace. Taking these few moments may actually help you solve the issue faster.
6. Create a backup team. Who has your back? I once had a manager who was great at pushing users away from me. Since then I have always explained to my managers that I may need to call upon them to begin a buffer between me and the disgruntled users. Users respond better to upper management but if you only have a peer as a buffer, that may work as well. You would be surprised how grateful your peers will be if you volunteer to be a buffer for them. They are amazingly cooperative when you are deep in the hole.

These are just some of the tips that have worked for me. My goal is always to take a step back, breathe and attack the issues systematically. Having a plan helps a lot and I recommend you take a minute to hash one out that works for you. If you do so, everyone will think that you are a “go with the flow” kind of guy.

The boy looked at the digital horizon. Squinting; not with his eyes but with his mind. He was trying to make sense of it all. It’s almost in focus but not enough to make sense of it all. “Why can’t I see it?” Take a step backwards; no that makes it blurry. Take two steps forward, worse still. “Dammit, what the hell…?” Work it out. “It’s because I’m a kid, isn’t it?” In 10 years, maybe he’ll get it. No, maybe 5 considering he is top of his class. Ah, whatever; give it two years, he’s a genius.

He blinks and holds it hoping that it will give him some fresh new insight. He slowly opens his eyes. CRAP! The code looks more obfuscated than before.

http://en.wikipedia.org/wiki/Obfuscation

UPDATE: 5.9.1 seems to work without the need to manually compile libssh. Simply replace the libssh part below with

sudo apt-get install libssh-dev

Also, grab 5.9.1 using

wget -c http://freeworld.thc.org/releases/hydra-5.9.1-src.tar.gz

Wikipedia describes THC-Hydra as “… software … that uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different services.” Its useful for doing quick tests against your servers to make sure that your users are not using simple passwords. In pen tester speak, this is called a brute-force attack.

Here are the steps needed for installing it on the 32-bit version of Ubuntu 10.10 (Maverick Meerkat). Read more »

This week I learned to use a command line XML Toolkit called XMLStarlet. It’s pretty easy to use considering I was trying to create the same process in Java using XOM.

I’m a bit familiar with SQL Select statements and wanted something similar to that. XMLStarlet can use XPath statements which aren’t as powerful as SQL queries but was sufficient for my needs. It was a bit of a stretch but an hour or so at w3schools.com and I figured out the queries I needed.

Besides the XPath expressions, the general syntax is pretty simple.

I used the sel command to initiate a query. My XML data came from a series of web queries so I used the --net global option which allowed me to fetch entities over network.

I wanted the output to be a CSV file, so I opted for the -T global option which changes the output to text. I simply added commas by using -o ,.

XPath and XML queries seem to work by selecting a set and than calling the value of an element. The selecting was done using the -m option for “match” and the -v option for “print value”.

Here is what my command line options looked like:

xml sel --net -T -N wp="http://api.whitepages.com/schema/" -t -m /wp:wp/wp:listings/wp:listing -v wp:displayname -o , -v child::wp:phonenumbers/child::wp:phone/child::wp:fullphone -o , -v child::wp:address/child::wp:fullstreet  -n http:\\api.whitepages.com\enter_api_query_here

I ended up using some of my Java code and XMLStarlet together to meet the needs of this project. My next task is to incorporate my new found knowledge of XPath into the Java code I wrote. Let’s see what I learn next.

This is my second year in my son’s school PTA and I decided to make more of an effort this year. I was happy to be elected the acting CIO of this small group and decided that they need their own website. Here is my contribution to my son’s education.
Spring Valley Elementary School PTA Website

I recently needed to retrieve Biblical texts out of a few paragraphs.

My original text was something like this:

(John 14:30; Luke 4:6) ... “the entire inhabited earth.” (Revelation 12:9)

I jumped over to my text-editor’s Search feature to see if I can find a way to do this. I noticed it had a Search mode setting of “Regular Expression”. I immediately thought of XKCD and said “Everybody stand back. I Know Regular Expressions!”

OK, so I really don’t know regular expressions but let me tell you how I figured it out.
Read more »

Users are still known to use simple passwords. If you need to help convince someone of the importance of strong passwords, you can use a brute force tool to demonstrate what a good password list can do.

The first brute-force tool I ever picked up was THC-Hydra which supports all kinds of protocols like HTTP, HTTPS, VNC and IMAP to name a few. GMail is very popular in my circle of friends. Brute forcing a GMail account tends to be a very impressive parlor trick. The only issue is that GMail actually uses SSL IMAP and Hydra only supports clear-text IMAP. The solution: stunnel. Stunnel will encrypt your TCP connection inside SSL. Stunnel takes care of the encryption and Hydra takes care of the IMAP login attempts.

Read on to see a step by step how-to on setting this up on Ubuntu LUcid Lynx 10.04. Read more »

Wikipedia describes THC-Hydra as “… software … that uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different services.” Its useful for doing quick tests against your servers to make sure that your users are not using simple passwords. In pen tester speak, this is called a brute-force attack.

Here are the steps needed for installing it on the 32-bit version of Ubuntu Lucid Lynx 10.04. Read more »

OMG, Installing Metasploit on Ubuntu is SOOO easy now. I installed it all of 5 minutes by following the instructions at http://www.metasploit.com/redmine/projects/framework/wiki/Install_Linux.

Read more »