άνευ τίτλου

* Κολυμβητήριο ΟΑΚΑ, 2010/10/20 *

– Μα αν αφήσετε τα πράγματά σας στα αποδυτήρια, πως θα μπορέσω εγώ να ντυθώ;
– Α, αυτό δεν είναι δικό μου θέμα.
– Μα αυτό που κάνετε δεν επιτρέπεται!
– Και ποιος το λέει αυτό;
– Η ταμπέλα

ΟΑΚΑ, 2010/10/20

– Α να σας πω! Δε με ξέρατε και από χτες για να μου μιλάτε έτσι!
– ?!?!

Και επειδή η γαϊδουριά πάει σύννεφο, τα πράγματα τα άφησε εκεί.

On the prehistory of Greek CERT(s)

Lately I find myself attending meetings where the need for a single coordinating body over the various efforts of computer / network / cyber security is stressed. Roll back 15 years:

Once upon a time (circa 1996) the GRNET-CERT was formed. It was nothing official, just three guys (me, Georgios Koutepas and Costas Troulos) and a mail alias. Since we had no funding and the legal landscape was non-existent our main focus was on trying to stop whatever incidents occurred. It seemed to work pretty well at the time. We even managed to find some funding and some of us attened FIRST‘s 1998 and 1999 meetings. With the emergence of the GRNET2 project GRNET-CERT was handed over to another institute for operations. Our interests had already shifted from (pure) incident response and we never really followed-up the national progress on that front.

In the meantime the Greek state responded to the void that was forming regarding the legal side of matters. And it did so in the wisest of ways that we are used to being treated to. It formed a multitude of authorities to cover the area, sometimes conflicting one another. Nature abhors vacuum, but as Rob Pike said “sometimes when you fill the vacuum, it still sucks”. There can appear types of incidents that might require reporting to three (or even four) different authorities with no clear roadmap on what one is expected to do if one receives conflicting guidance on subjects that at times require rapid response.

It is a saddening thought to see that the manpower and the resources exist (something that was not that obvious back in 1996), that people with skill, knowledge and willingness to work exist, yet the overall progress is kind of minimal.

Question for CISA holders: What is your CPE credit strategy?

ISACA informed last week that my application for CISA got accepted. I had passed the exam quite some time ago, but since no professional certification is particularly helpful in the Greek Public Sector I was reluctunt in applying. I finally made up my mind and now I need to dance the steps. So as the subject says, the question is simple:

– What is your strategy in earning CPEs ?

I’ve read the relevant ISACA provided information, but I am particularly interested in what CISA holders in Greece do to keep up. So if you can answer, or forward a link to this post to someone who can provide (even minimal) information / guidance, I would appreciate it.

“Yahoo.com hates us. Suggestions”

There’s an interesting thread (“Yahoo.com hates us. Suggestions“) over at the mailop mailing list. I’ve encountered almost every behavior from Yahoo! Mail servers that is documented there. Unfortunately the mailop archives are not open to the public, so you need to subscribe first.

In our case, when we deal with Yahoo! Mail delivery problems, it is almost always a case of infected machines (sometimes even a handful) sending spam …everywhere. So whenever we observe long delays while delivering to Yahoo! Mail or many many messages waiting to be delivered, we always seek for the infected. Thanks to feedback loops that are implemented by the (really) big email hubs, we also get early warning on such matters. As a matter of fact, Yahoo! Mail also runs a feedback loop, but it requires DKIM, and since we’ve stopped using DKIM (dkim-filter crashed frequently on our systems) we rely on the rest of the loops to be kept …in the loop. It seems to be working OK so far.

serverfault

New assignment for apprentice: Try to answer one question per day from www.serverfault.com

(Note: Asking questions also counts.)

System Administration requires a diverse set of skills that (still) most pick up on the job in a reactive way: Problem occurs, learn what is needed to solve it; if we like the subject dig deeper too. Serverfault is one of those places where people in the profession go for help. Reading questions and answers helps, but answering something helps more. Actually writing an answer (or a question) includes that extra effort that differentiates between it may be solved this way and it is solved this way. Plus there is a whole community that can correct in no time any errors in your answers. You do not even have to know the answer. Just pick up any question you find interesting enough and try to find an answer. The diversity of the questions asked on serverfault makes it virtually impossible to not find at least one (even remotely) interesting every day.

Just pick one. Any. Failure is an option. You do not have to be sysadmin1138 to answer a question, but you can surely become one.

Are “systems people” really necessary?

A good friend forwarded me a (handwritten) manuscript by E.W. Dijkstra entitled Are “systems people” really necessary? Giorgos pointed out that it might already be archived in the E.W Dijkstra Archive. As a matter of fact it is EWD1095 [handwritten version here in pdf].

It is a classic EWD document, straight to the point, properly impolite and asking the right questions. Great advice for career and personal growth.

The 15 seconds per day rule

@dtsomp wrote:

Damn, this ‘Rule of 200’ actually works. http://bit.ly/b3J1dL Thanx @hakmem.

There exists an even better rule which I’ve briefly mentioned before. I found about it via a comment made by John D. Cook:

I read somewhere that you can finish nearly any project if you work on it 15 seconds every day. The trick is “every day.” And if you do put in 15 seconds, you’re likely to put in more. Or more realistically, maybe you commit to 15 minutes a day. Same idea. Overcoming inertia is everything.

Usually when I fail to finish a project, it’s because I go for days at a stretch giving it *zero* time, not because I work consistently but progress too slowly.

Adobe Digital Editions E_ACT_TOO_MANY_ACTIVATIONS error

After reformatting my desktop (and installing the world) I was bitten by the “too many activations” error while trying to register my Adobe-ID. I lost about an hour chatting to the web support staff, with no sucess. I resorted to Adobe forums, where Jim Lester provided a helpful answer:

Support through ADE is not offered via phone or Web Chat support. It is only offered through submitting a web case (http://www.adobe.com/support/digitaleditions – click on ‘Submit a web case’). Avereage resolution time for these cases runs about 3 days.

Note: you have 6 activations (for computers, and then 6 seperate activations for devices) and each time you reformat you lose your activation

I submitted my web case and in less than 24h I got a friendly email informing me that I was OK.