March 2011 Archives

Signal boosting this one:



Survey expires on the 29th, so you probably have less than 24 hours from when I hit submit to fill it out.

What is it?

The Ada Initiative (http://adainitiative.org/) is a newly-formed organisation which aims to support and promote women in open technology and culture. We've just launched our first annual census -- a broad survey of open technology and culture participants -- to find out more about what projects and communities people are involved in, and how they feel about women's inclusion and representation in the field.

Not just for women! Men-folk can fill it out as well, as it's also asking about perceptions of openness in various places. The fields I tend to hang around in tend to be, ahem, dinosaur pits¹ , which I duly noted. Others, though, are more diverse². So please do look into this survey.

---

1: A seminar I attended on high performance computing had over 100 people in the room, only five of which were female, and three of whom were attached to the vendor doing the presentation. The ratio is about the same for storage-focused talks.
2:The general System Administrator field does have more women these days, this is a good thing.

(Now coming to you from the East Coast of the US)

One of the things that struck me during the Cascadia IT Conference was the impact of IPv6 on IP reputation services. I've blogged about this in the past, but IP reputation is a very key spam-fighting technique. DNS RBLs have been around for over a decade now and remain the free option. In the paid anti-spam realm, the big vendors manage IP reputation databases to determine whether or not an incoming connection is worth of their time, and usually provide better granularity than the RBLs do. The same applies to blog comment-spam, as it happens.

The DNS-RBL functions very simply:

1. A connection is made from the Internet.
2. The mailer/blog-engine performs a lookup of the IP in the black-hole list.
3. The RBL returns a value.
4. The mailer/blog-engine acts on that value.

In an era where Comcast is passing out whole /64's to end-users, which in turn means end users can have more IP addresses than are available on the IPv4 Internet, this one-to-one style of lookup breaks. Obviously, a one-to-one port of the IPv4 RBL code to IPv6 will be not nearly as effective as it is with just IPv4.

The solution is fairly obvious, start blacklisting subnets, but the code-changes are non-trivial. Right now a stock RBL can be made with BIND and a standard Zone file filled with A records. Classful IPv4 subnets can be blacklisted with wildcard DNS entries. The same can be done for IPv6 zone-files, but the granularity is a lot better. Of course, RBL-clients need to be updated to handle RBL-lookups with v6 addresses.

Which is to say, that in the IPv6 future, subnet will matter more than discrete IP Address for many things. This is one of the areas that everything that relies on IP addresses for access decisions will have to start taking into consideration (as well as the people who encode the rules).

Having just come off of a job-hunt, I have a better idea of what the market thinks a 10-year System Administrator should have for skill-set. This keys into my earlier post on Defining System Administrator and IT Scale Out. Contrasted with these posts, the 10-year sysadmin has some or all of the following. At least according to the job-market:

• A deep expert in at least one Operating System (100% of the time)
• Conversant in another OS (70% of the time)
• An advanced user in a second OS (20% of the time, a sub-set of the previous point)
  
• If $OS="Linux", a deep expert in at least one web-app stack (LAMP, nginx, Java, Tomcat, Websphere, etc) (90% of the time)
• Strong written communication skills (100% of the time, and almost those exact words)
• Strong oral communication skills (80% of the time)
• Project management experience involving large, expensive, or high visibility projects (70% of the time).
• Router and Switch configuration (70% of the time)
• Significant virtualization/cloud experience (80% of the time)
• Significant Storage Area Networking experience (50% of the time, mostly NAS/iSCSI)
• Significant scripting experience (70% of the time, even the Windows jobs)
  

"Strong oral/written communication skills" was on every single posting in some form or another. It is expected that the 10 year veteran has figured out how to talk to people and not just snarl grumpily at them. The 10 year veteran is also likely a multi-year veteran of budget battles, and that requires effective writing for a non-technical audience if not outright presentations-to-management.

The tricky part of the above is that if your job is with somewhere that is strongly siloed, the network admins are all across the hall and don't let you play with their toys and Project Managers are in their own division, getting the missing bits is nigh impossible. You can study all you want for project management, but employers want to know what projects you led and what their outcomes were. Networking is more tractable as there are certifications that can help convince employers you know what you're talking about; however, while certs may get you past the HR test, your actual experience will get you past the hiring manager.

Which is to say that it is entirely possible to be a 15 year veteran, but have a 7 year veteran's skillset as far as the job market is concerned.

An organization that is strongly siloed and desires decade-scale retention of their technical staff has a hard job. They'll need to either provide cross-training for their staff, or do something else to convince them that moving on is not in their interest. Government jobs are good at the later, since the retirement options are generally better to much better than their private-sector counterparts (though that may change after the great recession, time will tell). Of my five former co-workers, four of them are likely to be there until retirement. Allowing employee roles to shift dynamically as their skill-sets evolve is a great way to allow employees to change (since IT is change) without having to change jobs to do it.

And finally, this job hunt has proven the adage, "Linux is for web-apps, Windows is for internal-use web-apps and client-server." I found exactly one Linux job that didn't include massive web-app support, and it was for (really, really nifty) scientific computing.

On the OpenSuse factory list the question has been asked: Why do you still use Windows?

This generated a very long thread with the usual back-n-forth, but I figured I'd blog about why I'm still using Windows privately; work is another matter. In broad strokes there are three reasons:

1. There are some applications I want to use that don't exist on Linux, and also don't like to work in Wine.
2. There are still some devices that only work right with Windows software to unlock their features.
3. Gaming on Windows looks and works much better.
   

Neither of these are things the FOSS community can do much about. #2 can be helped by reverse-engineering the software on a per-device basis to make them work right, and there is quite a bit of guerrilla work on that right now. #1 has been a problem since version 0.01 and will be with us for quite some time, though there are some commercial options available that help fix it. #3 is a subset of #1, but is probably the most visible deficit to a pure-Linux environment.

Right now I'm solving the first two through virtualization, and the third by having a dedicated gaming machine. Like a console, but Windows, and a lot more expensive. My at-home Windows use is pretty small these days, an exception.

Work, as I said, is another story. While I was at WWU, I was a Domain Administrator with all the duties that entails, and that job is much easier if you're running native. My next job is more unknown, but I do know they have a Windows environment for one task, but I won't know the full extent of it until I get there (possibly late next week).

It's one of the few truisms of what we do. Give the industry five years and those people who have been treading water will be w-a-y back there. It's why continuing education is so important, both the on-the-job kind (I read manuals) and topic-specific training. It's why the recent IT certifications all seem to require some continuing-education to maintain the certification (no it's not just a scam to get your butt into a cost-bearing class).

It's also why the IT workforce is so highly mobile. I don't know how many peers I've heard say, "Pfft, I'd just quit and get a new job," in response to some horror story of bad IT management. It's also why drives to create IT unions are met with such withering scorn; one side effect of unions is that they get in the way of paying a person with god-like skills the god-like amounts of money they deserve, and they also make forcing stupid people to be mobile harder (sysadmins in general have a low tolerance for stupid, which is where our reputation for being grumpy trolls comes from).

This time it includes me.

My last day at WWU will be tomorrow. In the next couple weeks I'll be moving to the OTHER Washington, to work for a company with offices about a mile east of the White House. I'm not going to say who I'm working for until after I actually start there, but they are a night-n-day difference from who I've worked for before. They're a 20ish person start-up who was founded in 2004 and has been turning in profitable quarters. They also have a very interesting storage problem that I'm really looking forward to tackling.

This also marks the first time I'll be working in the private sector since 1996, when I was temping around just out of college. This also means that downtime is money, not just lost prestige and a lot of calls to the helpdesk. This is a decided change from what I've worked with before, and I'm looking forward to it.

What does this mean for the blog?

I'm not quite certain. I'll be blogging less about what I deal with on a daily basis since I'll be working on stuff that is most definitely a trade-secret. Exactly how much less remains to be seen. Working for a place where any interested citizen can request a detailed breakdown of what I did on any given day really frees a person to be wordy in public. Working some place where such things can only be compelled through a subpoena? Different.

But I'm still going to keep blogging. Some things I deal with are generic to the industry and are quite topical. Posts inspired by things I run into elsewhere on the Internet aren't going to stop.

There are going to be a couple weeks between tomorrow and when I start at the new job, which will be filled with uprooting my life and transporting it about 2800 miles. I'm likely to be a bit quiet during that period.

IT is change. Sometimes you have to make it yourself.

The historic 'rdesktop' product (located here) hasn't been updated in a while, and critically lacks support for a major new feature Microsoft introduced in 2008. Network-level authentication. This enhancement requires a login to even connect the RDP session. The rdesktop client hasn't been able to support this, so for my servers that I wish to RDP to I have to remember to turn that off.

Happily, the FreeRDP fork of rdesktop now has support for NLA. It's in the GIT repo, not the stable branch, but it is there. The next stable version should have support for NLA.

Yay!