Codeasaurus Rex

June 28, 2008

Howto: Access the SANS Webcast Archive

Filed under: Howto — Codeasaurus Rex @ 8:13 am

I fortunately stumbled upon the SANS Webcast Archive and have been making my way through the streaming media presentations as I prepare for a security certification exam. Some are outstanding (even if a few years old), and I’ll be posting about them here: they usually provide interesting explanations of important topics accessible to an IT generalist.

To access the Webcast Archive as well as the current webcasts, you must register for free with the SANS Institute at http://sans.org using the

 portal > create account

menu entry.

Once you are registered, login via the http://sans.org

portal > login

menu entry and then select the

resources > webcasts

menu entry. Then click on the Webcast Archive link and click on whatever presentation you’re interested in. You will be taken to yet another page where you’ll need to click on the “click here to proceed” button, but I usually uncheck the “share my info with sponsor” checkbox before doing so.

The presentations are usually sponsored, so the sponsor gets first crack at you. The quality of the advertising presentation is variable, but if I recommend a webcast it’s worth getting through so you can enjoy the main presentation that follows. There is usually a question-and-answer period after the presentation in which emailed questions are entertained, and the presenter’s answers to the questions often supplement the main presentation in useful ways.

The presentations can be accessed as audio with synchronized slides, though this of course ties you down in front of your computer. I just listen to the audio over a wireless headphone connection and go about my business at home while taking in the audio, and have never tried to view the slide part of a presentation. This way, I gain valuable IT background without having to dedicate time to it exclusively.

October 1, 2007

Attention Fellow Dinosaurs! COBOL is hot!

Filed under: Mainframer makeovers — Codeasaurus Rex @ 1:17 pm
Job Title   Company   Location   Post Date  
Cobol/400 Developers
   Bitech International LLC
   India
   10/02/07
  
VAXCOBOL, VMS
   SixSigma Soft Solutions
   India
   10/02/07
  
Openings CICS,Cobol,DB2,JCL
   SixSigma Soft Solutions
   India
   10/02/07
  
Cobol/400 Developers
   Bitech International LLC
   India
   10/01/07
  
VAXCOBOL, VMS
   SixSigma Soft Solutions
   India
   10/01/07
  
Openings CICS,Cobol,DB2,JCL
   SixSigma Soft Solutions
   India
   10/01/07
  
VAXCOBOL, VMS
   SixSigma Soft Solutions
   India
   10/01/07
  
Openings CICS,Cobol,DB2,JCL
   SixSigma Soft Solutions
   India
   10/01/07
  
Tandem COBOL Developers for a Fortune 500, $4 bi
   Askexim Services Private Limited
   India
   10/01/07
  
Openings CICS,Cobol,DB2,JCL
   SixSigma Soft Solutions
   India
   30/09/0

from

http://www.zdnetasia.com/techjobs/0,39064747,42026788p,00.htm

September 26, 2007

Cognitive dissonance

Filed under: General — Codeasaurus Rex @ 11:13 am

cognitivedissonanceimage

September 8, 2007

What we used to call systems integration is just system administration nowadays

Filed under: General, Mainframer makeovers — Codeasaurus Rex @ 2:01 pm

This morning I was reading a book on an open source CMS (Content Management System) called Joomla (Rahmel, Dan. Beginning Joomla!: From Novice to Professional. Apress, 2007. ISBN 1590598482). Joomla is a framework into which you insert website content, and the framework manages things like layout, user management, content submission, pre-publishing review etc.

As I read the third chapter’s section on troubleshooting, the following statements really grabbed my attention:

  • The multiple programs employed by a Joomla site have to integrate properly and “play nice” for the CMS to function properly.
  • Because of the multiple technologies involved in Joomla, it can sometimes be extremely frustrating to track down the source of a problem.
  • Since Joomla requires essentially four different servers to work together in order to function correctly, you may run into a variety of problems during installation.

It suddenly hit me as these sank in that configuring a non-trivial website nowadays is really what we used to call systems integration, an honorable (and once lucrative) calling.

Let’s look at what’s involved:

  1. You need to configure a webserver: Apache is the industry favorite, and its complexity and flexibility easily surpass that of yesterday’s mainframe transaction processing monitors. If it’s your baby, you have to configure it; if a hosting service provides it, you still have to know how to adjust to their configuration of it, and maybe even add to their configuration to make your stuff work.
  2. You need a database: MySQL is the zero cost-of-entry favorite and powers a lot of commercial websites and enterprise systems. Installing and maintaining a database used to require a DBA, but now you’re the DBA even if a hosting service is involved.
  3. You need something better than a text editor and an HTML cheatsheet: even Dreamweaver and FrontPage are no longer sufficient to put up a website any more. Unless you’re going to spend the rest of your life manually updating site maps, links etc., you need a CMS like Joomla. Large companies used to spend hundreds of thousands of dollars on CMS systems comparable in power to Joomla, but now you download, configure and administer Joomla and similar software yourself.
  4. Joomla and many other modern web apps require PHP: PHP is an open source hypertext preprocessor that competes with Active Server Pages and Java Server Pages for the task of server-side, dynamic webpage generation. PHP cuts across three other systems, bridging Joomla and HTML to the database while executing as a web server plugin: if PHP ain’t happy, ain’t nobody happy. Who’s responsible for PHP configuration problems that cross web server, database and CMS lines? You.

I remember putting out a certain amount of effort in the early eighties getting my mind around a mainframe transaction monitor, its client/server architecture, SQL and a couple of programming languages. This stood me in good stead for about ten years, and then all hell broke loose:

  • Interfacing with client PCs using a potful of techniques and technologies ranging from serial cables through Ethernet either directly or through a variety of middleware
  • Open Systems (AKA “Interfacing with Unix”)
  • Furry little mammals (PCs) raiding the nests of the dinosaurs (mainframes) and making off with their applications and budget
  • Programming Language Du Jour
  • Programming Paradigm Du Jour
  • TCO (Total Cost of Ownership) Wars
  • Thin Clients
  • Death of Thin Clients
  • Resurrection of Thin Clients and the Second Coming of the Mainframe

But I digress…

Many of us had to develop systems integration skills during while interfacing big iron with other big iron, and then big iron with minis and PCs. What hit me just now is that the same skills apply to modern technology, except that instead of worrying about

  • RS-232 versus current loop connections,
  • number of data, parity and stop bits and how parity is handled,
  • SNA? Token Ring? Ethernet? And if Ethernet, what flavor? etc., and
  • strange little ad hoc data communication protocols,

now we can put away the wire strippers and adjust

  • httpd.conf,
  • php.ini, and
  • many other knots of configuration data.

The important point here is that the thought process is pretty much the same: you have multiple systems, each complex in itself, interacting and requiring exact configuration to interoperate successfully. Things don’t install, or they install and they don’t work and then you need the same simplify the problem, divide and conquer approaches that worked twenty or more years ago, only in a more abstract space of malleable configuration settings usually stored in editable text files.

An unsettling corollary of all this is that the kids that keep modern software systems up and running need to master a considerably greater wealth of detail than us old folks were ever called upon to learn. Whether modern systems are as reliable is another question (though not addressed here). They are, however, orders of magnitude more capable when they are up and running: I know, because I have had my hand in some for a few years now.

What makes it all work, however, are the online forums where people post their difficulties and usually encounter immediate aid and comfort: without these support networks, a lot of modern software installations would never quite work right, if at all. And because the forums archive their posts and responses, you often need only moderate skill in searching the web to find that somebody already ran into your problem and that someone else already provided the solution. You only need to post a query if your forum search didn’t find the answer.

In summary, the indispensable, highly-paid systems integration skills of yesterday are pretty much expected of the average system admin today. Even worse, the average developer may not get very far without a considerable mastery of the same material unless he or she has chosen to specialize. Specialization, however, is a dangerous strategy in a world strewn with the corpses of yesterday’s technologies du jour. I think Marshall McLuhan nailed it years ago when he predicted that we would end up as hunter-gatherers of information. Welcome to my world.

August 27, 2007

Installing Firefox plugins with the Fedora Core 7 KDE desktop

Filed under: Miscellaneous tech tips — Codeasaurus Rex @ 1:44 pm

I finally figured out how to install plugins (as distinct from extensions) in Fedora Core 7 Firefox. If you’re not too clear on the distinction between plugins and extensions, welcome to the club. All I really know is that Adobe Acrobat Reader and Adobe Flash are plugins; extensions are different.

Anyway, to install these valuable plugins proceed as follows:

  1. Log on to your system as an administrative user. (You should normally work as a restricted, “normal” user so that if you stumble into a booby-trapped webpage, its malicious code will not have the power to wreck your entire system.)
  2. Navigate to Edit->Preferences.
  3. On the Main tab, select “Always ask me where to save files” and then click Close.
  4. Navigate to Tools->Add ons.
  5. Note that there is no mention of plugins in the dialog box; click on Get Extensions. This will take you to the Mozilla.org extension selection webpage.
  6. Click on the Plugins link. (Apparently “Add ons” can be either extensions, themes, dictionaries, search engines or plugins, so the Get Extensions link you clicked on in step 4 should have been labelled Get Add ons.)
  7. The Plugins link should take you to a page where you can install the Adobe plugins as well as some other things that may not be available in a Linux/Fedora Core 7 version. Click to install whatever interests you.
  8. From this point on, don’t cancel out if there are long pauses. Patience is a virtue when dealing with highly popular websites.
  9. I like to install the rpm (Red Hat Package Manager) versions. When you select or click on the rpm version link, Fedora will usually ask you if you want to open the file with the package manager; confirm that and the rest should go swimmingly (of sometimes slowly). If, however, Fedora pops up a dialog asking you if you want to open it with something that’s not the package manager, hold everything. If you are able to choose something like “package manager” or “installer” from a drop-down list, do that. Otherwise, you’ll have to spell out the exact path to the rpm program to get the downloaded rpm file to install correctly. In my Fedora Core 7 installation, the program is /bin/rpm. The reason I’m blogging this is that I experienced a considerable amount of frustration before figuring all this out, and would like to share the information.

Good luck, and I hope this advice helps.

June 30, 2007

link: The Aging Mainframer, by Craig Mullins

Filed under: Mainframer makeovers — Codeasaurus Rex @ 10:28 am

http://www.db2portal.com/2005/12/aging-mainframer.html

June 24, 2007

Web hosting: who do you trust?

Filed under: CRM, Security — Codeasaurus Rex @ 4:16 pm

Given the massive popularity of web hosting, I think it’s appropriate to enquire about the security of your data in a hosted environment. This is a hot topic with me because I resell web hosting of a popular CRM (Customer Relationship Management) software suite.

First of all, let’s dispense with the easy targets like “free” Google email which is really paid for with your privacy and “unstated or indefinite length of time for data retention, without clear limitation on use or disclosure”.

For details see

http://www.techcrunch.com/2007/06/10/google-rated-bottom-for-privacy/

http://www.law.duke.edu/journals/dltr/articles/2005dltr0014.html

http://news.zdnet.co.uk/internet/0,1000000097,39150936,00.htm

I’m more concerned here with the ramifications of running important parts of your business like CRM (Customer Relationship Management) and accounting on the web.

First of all, why would you do it in the first place?

The advantages are tremendous: multiuser access to your company’s operational data from any computer with a browser and internet connection, 24 hours/day, 7 days/week. Customer management software capabilities formerly reserved for large companies are now available at costs ranging from low to free. You can move a sale towards completion or solve a customer problem any time and virtually anywhere with the complete customer relationship history and contacts at your fingertips. By moving customer data out of Rolodexes and onto the web, more people in your company can instantly assess the state of your relationship with a customer and take appropriate action than when the information is held apart. Also, having all or at least most of the relationship data on the web minimizes the damage when a salesperson or customer service agent leaves: critical account knowledge remains with the employer as long as the web application has been kept up-to-date.

But what are the risks?

Do you trust your web hosting service? Let’s say the hosting service seems on the up-and-up, and has formally promised to keep your data private. If the web hosting service is a serious business service that you pay for and not merely a data-mining front like Google and Yahoo, that’s another point in its favor. Businesses that turn a profit have an important incentive to stay in business; courting disaster by selling customer data and risking employee blackmail or exposure is simply not sustainable. Although it’s not unknown for businesses to behave irrationally, one can have a reasonable expectation that the data privacy promises of paid web-hosting services will be matters of both policy and self-interest.

So much for integrity at the business level. But there is also the employee level: some employees are simply dishonest. Others aren’t normally dishonest, but may nurse a grudge against the employer and rationalize their destructive behavior, especially if there is a dispute about compensation and money is to be easily had for turning over customer data to an interested third party. As a matter of fact, this is the kind of fraud that makes the news nowadays: your data is most exposed when it’s in a honeypot like an account database containing thousands of other accounts with sensitive data like ID coupled with debit or credit card numbers . A laptop goes missing, or an insider simply copies and spirits away an entire database or a damaging portion thereof.

There is no completely effective defense against this kind of fraud. Time-of-sale fraud detection systems will aid prevention, and detection and punishment may deter but when unsuccessful the damage to a company’s good name can range from serious to irreparable. Notice, however, that the honey in our example is sensitive billing data, valuable enough to be stolen whether it is exposed on the Internet or protected behind a corporate firewall on the company’s intranet. This invites us to differentiate between what data is in danger by its very nature, and what data is vitally important to your company but only of marginal interest to criminals.

My claim is that there is a class of data that can be reasonably entrusted to a web hosting company, and customer relationship (as opposed to customer billing) data is often in this class. If you’re a small- to medium-size business, the details of your non-billing interactions with your customers are probably uninteresting to people looking to score data that will facilitate identity theft and credit/debit card fraud.

As a matter of fact, this is the line of reasoning that led me to put my personal CRM on the web. I liked the product so much that I am reselling a hosting service based on it with an emphasis on business continuity and training convenience as my differentiators.

This is important, because just as my customers will entrust me with the safekeeping of their CRM data, I have already entrusted my web host with the safekeeping of my CRM data. My web host claims over 100,000 domains hosted, so the goodwill it stands to lose if fraud should occur is a powerful incentive to police everyone there. I’d very much like to automate the billing, though in keeping with my own advice I’m hesitant to expose sensitive customer ID and billing data on hosting machines in unknown locations managed by unknown admins employed by a company I only know through the Web.

(Don’t get me wrong: so far I’m very impressed with the hosting service and with the promptness and quality of the support from the admins and have no reason to doubt the integrity of the hosting service and its employees, but one bad apple can spoil the whole bunch so I keep my sensitive data encrypted on a USB key!)

I’m currently looking for a billing service that will be big and established enough to have

  1. a reputation to protect fiercely,
  2. its own servers, professionally secured, and
  3. no need for me to store sensitive customer billing data on machines that I don’t directly control, or, even better, no need for me to store sensitive customer ID and financial account numbers at all!

There is always, of course, the option of hosting your own CRM. If your perceived level of risk is so high that you need to take hosting in-house, however, you’ll also want to engage competent IT consultants or staff to lock down the installation with technologies like Virtual Private Networking. I doubt that most small businesses will want to deal with the hassle, though, in which case keeping billing data strictly in-house while reaping the advantages of web-enabled Customer Relationship Management will be accepted as reasonable tradeoffs of convenience versus security.

Even better, keep ID theft-prone data out of your systems altogether by exiling it to a popular payments service that enjoys the general trust of your customers. If you’re a small- to medium-size business, your data becomes much less interesting to criminals, and shifting the burden of trust to a well-known financial intermediary removes an important customer barrier to trying out a new vendor: you.

The Mainframer, Retreaded

Filed under: Mainframer makeovers — Codeasaurus Rex @ 3:55 am

Another concern of this blog will be to share my experiences as a mainframer struggling to update his skills and remain relevant in the modern world.

Actually, the skills updating is not the hard part: the hard part is betting on the right horses. I recall numerous financial and knowledge investments in really cool software that I never recouped because they were either outmoded by hardware evolution or simply unable to get sufficient traction before I could profit from them. Here are some of them:

  • HyperPad from Brightbill-Roberts
  • the Paradox database from Borland
  • HyperCard from Apple (but boy, did I have fun with it for awhile)
  • the Vic Calliope (a 4/4 and 3/4 bass line + chord generator with variable tempo) from me (sold 1 copy on cassette tape, but had fun implementing it)
  • the SFDC (Shop Floor Data Collection) System on the Commodore 64 from me (no sales, the PC was already eclipsing 8-bit processing)

Eventually I wised up and started paying attention to the IT trade press and developer news, and refused to plow my time and dollars in products that didn’t promise to last long enough to provide some return on investment. Now I place a technology bet much as I would place a bet in the stock market, taking into account things like

  • Who’s backing it?
  • What’s the market for it, and what are its short, medium and long term prospects?
  • Do I have to learn a new paradigm, or is it just a novel repackaging of things I’ve dealt with before?

For example: I don’t know Java but I have noted that O’Reilly puts out many times more Java titles than it does C titles. I also got certified in administering the IBM WebSphere J2EE application and portal servers just to get an understanding of how Java enterprise apps are architected, though I’ve never written a Java program myself. If I ever snag a Java job, I expect to pick up the syntax and grok the class libraries without too much trouble because I’ve already encountered OOP on a Python project. I’m also keeping a wary eye on BPEL (Business Process Execution Language) because the kind of programming I’m used to doing may eventually just be an appendage of it.

Anyway, this retreading theme will figure prominently in the blog because it is important not only to me, but to other baby boomer friends of mine who will probably be working for another ten or fifteen years as well. We are mostly contractors, the migrant laborers of IT, following the crops from place to place and often separated from family.

Our situation is not unlike that of Tennyson’s Ulysses :


I cannot rest from travel: I will drink
Life to the lees: all times I have enjoyed
Greatly, have suffered greatly, both with those
That loved me, and alone; on shore, and when
Through scudding drifts the rainy Hyades
Vexed the dim sea: I am become a name;
For always roaming with a hungry heart
Much have I seen and known; cities of men
And manners, climates, councils, governments,
Myself not least, but honoured of them all;

I am part of all that I have met;
Yet all experience is an arch wherethrough
Gleams that untravelled world, whose margin fades
For ever and for ever when I move.
How dull it is to pause, to make an end,
To rust unburnished, not to shine in use!
As though to breathe were life. Life piled on life
Were all too little, and of one to me
Little remains: but every hour is saved
From that eternal silence, something more,
A bringer of new things; and vile it were
For some three suns to store and hoard myself,
And this grey spirit yearning in desire
To follow knowledge like a sinking star,
Beyond the utmost bound of human thought.

Point of departure

Filed under: General — Codeasaurus Rex @ 3:05 am

This is my entry point into the blogosphere.

To begin with, I intend to compare current web technology with the expectations ingrained in me by years of large, mission-critical systems experience. I’ll go easy, though, because I’ve also had my hand in sub-mainframe technologies going back to

  • CPM
  • Commodore 64
  • MS-DOS 2.0
  • CBASIC
  • Windows 3.0
  • Xenix
  • the 128K RAM Macintosh
  • CompuServe

and remember them fondly.

I also remember, although less fondly, the crazy early years of the World Wide Web when volumes of copy-and-mangle HTML with ransom note-typography spilled from the pens of budding Shakespeares only to emerge disfigured from the incompatibilities of the Browser Wars, and CGI programs ruled the Earth. Toy systems were deployed as business websites and keeled over during the first flush of success, while us pros wondered “Why doesn’t anybody seem interested in our knowledge of how to build large, scalable systems?”

Oh, well, the lessons of the mainframe era were ignored but eventually relearned although modulated by new technologies and their tradeoffs. This blog will start off by stacking some of these new-fangled techniques up against the Old Ways, especially some of the Old Ways that haven’t been much improved upon. (Feh!)

Well, I guess that pretty much pigeonholes this survivor of punched cards and teletypes, Codeasaurus Rex.

« Newer Posts

Powered by WordPress