On the prehistory of Greek CERT(s)

Lately I find myself attending meetings where the need for a single coordinating body over the various efforts of computer / network / cyber security is stressed. Roll back 15 years:

Once upon a time (circa 1996) the GRNET-CERT was formed. It was nothing official, just three guys (me, Georgios Koutepas and Costas Troulos) and a mail alias. Since we had no funding and the legal landscape was non-existent our main focus was on trying to stop whatever incidents occurred. It seemed to work pretty well at the time. We even managed to find some funding and some of us attened FIRST‘s 1998 and 1999 meetings. With the emergence of the GRNET2 project GRNET-CERT was handed over to another institute for operations. Our interests had already shifted from (pure) incident response and we never really followed-up the national progress on that front.

In the meantime the Greek state responded to the void that was forming regarding the legal side of matters. And it did so in the wisest of ways that we are used to being treated to. It formed a multitude of authorities to cover the area, sometimes conflicting one another. Nature abhors vacuum, but as Rob Pike said “sometimes when you fill the vacuum, it still sucks”. There can appear types of incidents that might require reporting to three (or even four) different authorities with no clear roadmap on what one is expected to do if one receives conflicting guidance on subjects that at times require rapid response.

It is a saddening thought to see that the manpower and the resources exist (something that was not that obvious back in 1996), that people with skill, knowledge and willingness to work exist, yet the overall progress is kind of minimal.

Question for CISA holders: What is your CPE credit strategy?

ISACA informed last week that my application for CISA got accepted. I had passed the exam quite some time ago, but since no professional certification is particularly helpful in the Greek Public Sector I was reluctunt in applying. I finally made up my mind and now I need to dance the steps. So as the subject says, the question is simple:

– What is your strategy in earning CPEs ?

I’ve read the relevant ISACA provided information, but I am particularly interested in what CISA holders in Greece do to keep up. So if you can answer, or forward a link to this post to someone who can provide (even minimal) information / guidance, I would appreciate it.

“Yahoo.com hates us. Suggestions”

There’s an interesting thread (“Yahoo.com hates us. Suggestions“) over at the mailop mailing list. I’ve encountered almost every behavior from Yahoo! Mail servers that is documented there. Unfortunately the mailop archives are not open to the public, so you need to subscribe first.

In our case, when we deal with Yahoo! Mail delivery problems, it is almost always a case of infected machines (sometimes even a handful) sending spam …everywhere. So whenever we observe long delays while delivering to Yahoo! Mail or many many messages waiting to be delivered, we always seek for the infected. Thanks to feedback loops that are implemented by the (really) big email hubs, we also get early warning on such matters. As a matter of fact, Yahoo! Mail also runs a feedback loop, but it requires DKIM, and since we’ve stopped using DKIM (dkim-filter crashed frequently on our systems) we rely on the rest of the loops to be kept …in the loop. It seems to be working OK so far.

serverfault

New assignment for apprentice: Try to answer one question per day from www.serverfault.com

(Note: Asking questions also counts.)

System Administration requires a diverse set of skills that (still) most pick up on the job in a reactive way: Problem occurs, learn what is needed to solve it; if we like the subject dig deeper too. Serverfault is one of those places where people in the profession go for help. Reading questions and answers helps, but answering something helps more. Actually writing an answer (or a question) includes that extra effort that differentiates between it may be solved this way and it is solved this way. Plus there is a whole community that can correct in no time any errors in your answers. You do not even have to know the answer. Just pick up any question you find interesting enough and try to find an answer. The diversity of the questions asked on serverfault makes it virtually impossible to not find at least one (even remotely) interesting every day.

Just pick one. Any. Failure is an option. You do not have to be sysadmin1138 to answer a question, but you can surely become one.

Are “systems people” really necessary?

A good friend forwarded me a (handwritten) manuscript by E.W. Dijkstra entitled Are “systems people” really necessary? Giorgos pointed out that it might already be archived in the E.W Dijkstra Archive. As a matter of fact it is EWD1095 [handwritten version here in pdf].

It is a classic EWD document, straight to the point, properly impolite and asking the right questions. Great advice for career and personal growth.

The 15 seconds per day rule

@dtsomp wrote:

Damn, this ‘Rule of 200’ actually works. http://bit.ly/b3J1dL Thanx @hakmem.

There exists an even better rule which I’ve briefly mentioned before. I found about it via a comment made by John D. Cook:

I read somewhere that you can finish nearly any project if you work on it 15 seconds every day. The trick is “every day.” And if you do put in 15 seconds, you’re likely to put in more. Or more realistically, maybe you commit to 15 minutes a day. Same idea. Overcoming inertia is everything.

Usually when I fail to finish a project, it’s because I go for days at a stretch giving it *zero* time, not because I work consistently but progress too slowly.

The ΤΣΜΕΔΕ saga

Ευτυχώς αυτή τη φορά είχα μαζί μου το BeBook Mini…

On a side note, έμαθα πως εκτός από το www.tsmede.gr, το www.tsmede.eu υπάρχει και το www.etaa.gr

(previous) (next)

Adobe Digital Editions E_ACT_TOO_MANY_ACTIVATIONS error

After reformatting my desktop (and installing the world) I was bitten by the “too many activations” error while trying to register my Adobe-ID. I lost about an hour chatting to the web support staff, with no sucess. I resorted to Adobe forums, where Jim Lester provided a helpful answer:

Support through ADE is not offered via phone or Web Chat support. It is only offered through submitting a web case (http://www.adobe.com/support/digitaleditions – click on ‘Submit a web case’). Avereage resolution time for these cases runs about 3 days.

Note: you have 6 activations (for computers, and then 6 seperate activations for devices) and each time you reformat you lose your activation

I submitted my web case and in less than 24h I got a friendly email informing me that I was OK.

The Rule of 200

One can eat an elephant bit by bit, but sometimes defining the size of the bit helps too:

“The Rule of 200 works like this: my document word count must increase by 200 before I am done for the day, no exceptions.”

With minor variations, this can be applied to other activities too (like writing code, etc).

[via]

Being Geek

I finished reading “Being Geek” by Michael Lopp. I am sure that Panagiotis (one of my “Your People“) will appreciate it more than me. For the first 20 chapters or so I got increasingly bored (to the point that I switched to reading another book). Then in the middle the book changes pace and provides valueable advice on how to prepare yourself before delivering a presentation. The author argues that there exists no good advice on how to write a presentation, I urge people to read Tufte‘s work, or at least “The cognitive style of PowerPoint“. Then the book becomes boring again.

While the book tries to be a personal growth / career book, it deals so much with interdepartmental politics and intrigue that it is no wonder people work overtime. Their regular worktime is spent not on what they are supposed to work on, but on forecasting fault and making sure it is delegated to others. I’ve got two more issues with the book. First, either it is full of grammatical and syntactic errors, or it makes use of so many American idioms that it is difficult to be read by someone for whom English is not a native language.

Second, I am highly irritated by the liberal use of the word engineer and its interchangeable use for computer scientist and programmer. There are people who are none, one, two or even three out of three, but the terms are not interchangeable. My absolute worst was when the author implied that engineers are not good project managers. Oh really? An Engineer knows his science, understands deadlines, knows that has to deliver a withing the budget solution and can manage people. Sorry Rands, I have an army Engineers to prove this. For example, Civil Engineers do this for a living in Greece and in the process manage people (and teams of people) of multicultural, multilingual and varying educational backgrounds. The fact that one can engineer solutions, does not make one an engineer.

I should have listened to Ozan. So why did I buy the book? Kudos to O’Reilly for providing cool bargaining deals on their eBook offers! I bought it in a buy one, get one free offer. Then why did I recommend the book to @stsimb? The book is not without value. I simply found it hard and tiring to decipher it. On the other hand I know @stsimb for ~15 years and can understand that there exist books that he might like while in fact I definitely did not. Given that I read most of the book while in the bus, this was not a total waste of time.