VMUG Conference

I used to go to a lot more of the Kansas City VMUG meetings back before I became a consultant (and had more control over my own schedule) but when I saw there would be a full day event (and that the headline speaker would be Steve Woznaik) I made sure to block the day off on my calendar.

The conference was really well put together, kudos to the KC board members and everyone else involved with pulling it off. The atmosphere was described as “VMworld-like” and I’d have to agree.

In addition to Mr. Woznaik, there was a nice sprinkling of rock stars from the VMware community. @scott_lowe was there giving a presentation on how to be more organized (should have taken notes), @andreleibovici gave some interesting insights into the future of virtual end user computing, and Mr. Irish Spring (who goes by @irishyespring on Twitter but doesn’t tweet much) was there.

Irish Spring kind of sold me on VMware. Mid-2000s when I was just getting settled into my first real system administration job, I went to a presentation by Irish on (among other things) virtual desktop infrastructure. At the time, my position involved building desktop images for the university, and providing a big chunk of tier 3 support to our help desk and desktop support people. We’d just started to get our feet wet in virtualization the summer before, and prior to Irish’s presentation I’d never even considered virtualizing desktops. I came away from that meeting really jazzed up about VMware. I knew the issues our team was struggling with as well as the issues our faculty and staff struggled with when it came to computer labs. I went home and spent the rest of the evening essentially architecting and putting together the proposal to my boss that would eventually be Rockhurst University’s VDI project. This is the project that led to all the accolades and awards for me and the university. But that’s another story.

Irish, his energy and enthusiasm, rubbed off and made me go out and do some really great things. It was ironic that the center of his speech at the crowd was getting your head out of IT and into the business processes to see how you can use your knowledge to advance the business. (Before the business processes feel they need to come help synergize IT.) He spoke a lot about using the “big brains” we have to do more than just patch servers. IT people get to see the underbelly of the beast, and can do more than just be gatekeepers by helping to see things from the viewpoints of different stakeholders.

I couldn’t agree more.

AT&T Fun

I’ve had AT&T’s U-verse service since October 2009, the day we moved into our house. At it’s heart, it’s really a fantastic service offering… IPTV, whole home DVR, advanced DSL, all wrapped up into a nice package. But for the last 6 months I’ve been struggling with a lot of different issues ranging from broken DVRs, freezing TV signal to Internet connections that go away at random. While the issues have not been persistent enough to track down an exact cause, they’ve been frustrating.

The other day, after watching Face Off on HBO (for the first time, I know) and getting right to the climax of the movie, the whole TV signal froze and wouldn’t come back. It was 1AM and my wife was already sleeping, so I muted by frustration and went to be deciding to look into alternatives the next day.

Monday, I called up the two traditional cable providers in the area looking for pricing. Then, I hit Twitter with my plan:

Thinking of dumping AT&T U-verse for Surewest, anyone in KC area have any experience with them?

I actually didn’t get any responses from Surewest customers. What I did get was a little more surprising.

  1. A reply from Ron, a Surewest social media manager saying hi. Fairly standard stuff. (see here)
  2. A reply from an AT&T social media manager, asking for my phone number. This was a little more interesting. (see here)

I decided to DM my number to the AT&T manager, figuring what could it hurt? A little while later I get a call from a Jessica. She asks me what my issues are, and then vows to take care of them if I can wait a couple days while she follows up on them. I said sure, halfway thinking nothing was going to come from it.

Today I get a call from Diane in the “office of the President” of AT&T. Diane has obviously been talking to Jessica, knows what my issues are, and asks if I’ll stay on the line while they get one of their engineers on the line. Right before Diane hands me off to him (I neglected to write down his name) she gives me her direct phone number to contact her to follow up, and then the engineer runs some tests to see whats going on with my service. He schedules a tech to come up the same day and tonight that tech comes out and tests every line and piece of their equipment in my house.

Rick the technician ends up re-terminating some connections, and replacing my “Residential Gateway” (modem/router) with a model that within seconds proves it’s light years ahead of the previous version. We have a nice chat about networking, technology, etc. He leaves.

Where is this all going?

I’m consistently amazed with the level of customer service that a monolithic company like AT&T manages to provide for U-verse. Truth be told, this is not my first positive experience with them. Every time I’ve called their technical support for any type of issue, either with my setup or family who has the service, the people have always been friendly and helpful. They’re well trained, and for the most part seem to know what they’re talking about. Granted, they could invest in some better equipment, but I have yet to have an experience with one of their employees that put a bad taste in my mouth.

The fact that one of America’s largest corporations is monitoring their Twitter feed and pro-actively trying to correct issues that customers have, is really pretty awesome.

Customer service in America, on the whole, has gone to crap in the last 10 years. Ironically, it’s companies like AT&T with their advanced networks that can put an army of poorly trained and poorly paid people in call centers all around the world, that corporate America have used to reduce their bottom line. But thankfully AT&T themselves don’t seem to be following the trend they’ve helped create.

I need to call Diane back tomorrow and thank her. Now, hopefully the service will be stable enough that I don’ t need to even call for support again. If not, I know who to talk to.

Originally published at techvirtuoso.com on April 27, 2011.

Phone Stress

The boys who cried wolf (AKA The Wall Street Journal, et al) are all indicating that Tuesday will be the announcement of the long awaited iPhone 4 on Verizon. I hope they’re finally right.

Not because I’m going to switch, no, I’m actually pretty satisfied with my AT&T service, having been a customer for a long while before the launch of the first iPhone. I’ll just be glad when the noise makers and complainers can have another option. I hope that Verizon’s network works better for them than AT&T (although I kinda also hope it’s just as bad) so that they’ll shut up. I also look forward to another network getting some of the load so that my service will be even more reliable than it already is.

I can’t be alone in this thinking, if AT&T’s network is so god damn horrible across the entire country as the people in San Fransisco and New York make it out to be, no one would use it. Fact is, myself and millions of other subscribers made the choice to use it long before the iPhone. I even used to live down the street from the world headquarters of Sprint, and still used AT&T because I got better service.

I’m not discounting that there are people with horrible AT&T service. I’ve been places where that is the case, I know people who have this problem on a regular basis. It sucks, but chances are no has one forced you to use an iPhone this whole time.

I’ll also be glad when this golden phone finally does arrive, so we can stop obsessing about it. The phone will come out, AT&T’s subscriber numbers will slightly decrease, Verizon will see an increase, Apple’s profits will go up. The sun will still rise in the east and set in the west. Choice is good, but the tech world needs to stop treating this like we’re awaiting the second coming of Christ, and treat this like what it is, like what happens all around the world with the iPhone on multiple carriers. The same phone, on another network.

Originally published at techvirtuoso.com on January 9, 2011.

Gates Job

If you’re an Apple fanboy you already think Microsoft just rips off Apple’s ideas. However, David Milman at ComputerWorld has asked if it’s time for Bill Gates to pull a Steve Jobs and make a return to Microsoft?

Now granted, the departure of these two tech giants from their creations were under very different circumstances. Jobs was all but thrown out on the streets of Cupertino left to wander the scorched Earth through NeXT and Pixar. Meanwhile Gates stepped down from power at Microsoft leaving Steve Ballmer as CEO and later Ray Ozzie as CSA. Gates now spends his time unleashing mosquitoes on the unsuspecting public and convincing other super billionaires like Warren Buffett to give away their money.

And like when Jobs was removed from Apple, Microsoft has been on a decline since the departure of Gates. It’s stock has declined, it’s products have lost some of their edge (although a lot of that has changed with Windows 7 and Windows Phone 7) and their focus.

Some would argue that Ballmer should have lost his job after the failure of Windows Vista. I’m inclined to fall into that camp. But is Gates the best person for that job, again? Does Microsoft need fresh blood or does it just need its old blood back? We want to hear your thoughts.

Originally published at techvirtuoso.com on November 1, 2010.

Lazy Explorers

The number of businesses still using Internet Explorer 6 is painful to see. Coupled with the fact that all of them are on Windows XP or Windows 2000, it turns from pain into terror, especially when it comes to security.

For a lot of system administrators, the reasons to stay outweigh the reasons to upgrade. Websites that break, plugins that won’t load, old software that isn’t updated anymore. Trust me, I’ve been there. However, a lot of it boils down to lazy and poor practices of system administration.

Yes, you’re lazy and you’re bad at your job. Internet Explorer 6 was released in 2001. Yes, 2001, most of us don’t even drive cars that old, let alone unleash people on the “information superhighway” with a browser that old. It was designed at a time when security was not the issue it is today. It was designed to work on operating systems like Windows 98 and Windows ME. Would you let people use Windows ME on your network? No! So why are you letting them use a browser that was built for it?!

“But it’s not our fault, we don’t write the bad software, or the non-compliant websites.”

You’re right, you don’t. But you have the responsibility and the power to keep your network, and the rest of the Internet safe.

The replacement for IE6 has been out now for just under 4 years. Actually, the replacement for it’s replacement has been out almost a year. Meaning all you lazy administrators had two chances to migrate your systems over to an updated browser. Yes, you’re lazy. If you have applications that “require” Internet Explorer 6, the decision should have been made to dump them or upgrade them long ago. A line in the sand should have been drawn that said you were not willing to support such an old and insecure piece of software.

Why is this such a big deal? Because security threats targeting users of Internet Explorer 6 continue to threaten the security of the Internet, and of your own network. Just this week, Microsoft admitted that IE6 was one of the vectors used to attack companies like Google. Why is Google still using Internet Explorer 6? Or I guess a better question is, why is Google even using Internet Explorer at all, when they develop Chrome? Either way, it’s disappointing to see that a company like Google, who tends to be on the bleeding edge of updates, is doing something stupid like running a almost decade old browser.

The most recent threat, has no effect on users of Internet Explorer 7 or 8, even on Windows XP. Actually, Jonathan Ness over at MSRC Engineering put together a nice little chart explaining what browsers and operating systems are at risk with the latest attack vector.

The short of it, if you’re still running Windows 2000 on workstations, you should be fired. If you’re running Windows XP and Internet Explorer 6, you should march into your CIO’s office on Monday and demand that you at least figure out how to migrate to Internet Explorer 7 ASAP, meanwhile worry that your network isn’t the next one to be attacked by these unpatched exploits. If you’re running Internet Explorer 7, you should turn DEP on to prevent future threats, or see if migrating to Internet Explorer 8 is possible.

But really, for the small group who has already migrated to Windows Vista or Windows 7, enjoy your weekend.

To all my fellow sysadmins out there: Stop being lazy, and start securing your networks.

Originally published at techvirtuoso.com on January 16, 2010.

Local Admin

A recent email discussion over a education security listserv got me thinking about the topic of giving users administrator rights to their local machines. This is a common discussion that comes up about once every month or so, when ever someone new joins the group. The discussion usually starts by asking for methods of removing administrator access in environments where rights have already been given, and then nosedives into a long discussion about the ethical and practical reasoning behind it.

There seems to be two schools of throught about all of this.

  1. Lock the user out of everything that would prevent malware from being installed or the user installing software they’re not suppose to, at the expense of user frustration and IT time spent approving and installing software requested by users.
     Basically, the users are stupid and cannot be trusted. IT will have to monitor them.
  2. Give the user access to everything and let them install whatever they want, at the expense of user frustration and IT time spent removing software they’re not suppose to have and malware that have been installed as a result.
     Basically, trust the users and clean up after their messes when they don’t understand what they’re doing.

In an educational setting, specifically in higher education, you have a lot of competing interests. You’re a business, selling a product (education) and have to compete with other businesses (schools) to gain more customers (students) — therefore, security like what you’d have at any enterprise is necessary. However, you have a group of highly educated and often times very ego-centric individuals called faculty that feel they have a right to gain access to anything and everything in order for them to independently do their job without interruption from IT, or having to ask them for assistance. I would imagine it’s something like working with engineers, but in this case 95% of the people have no idea how to use a computer. Last but not least, the university is an ISP, providing Internet access to students and employees on their personal machines. But that’s a topic for a future entry.

The idea that users need administrative access to their computer or that they somehow have a right to it is wrong in my opinion. When I go into my office, I have services provided to me by other departments on campus that I do not have full control over. If I need a light bulb replaced in my office, do I have a key to go do it myself or do I just call Physical Plant and have them come over? Sure it’d be faster and probably easier for plant to just go take care of it myself. Just because you can give someone full access to a machine, and they’re used to it at home, doesn’t mean they should have that access at work.

I have full access to the thermostat at home (well, I take that back… my wife does… I’m just a user there too) but I can’t just go adjusting the HVAC system at work how I want.

We make as much software as possible that we’ve pre approved user-installable through Group Policy Software Deployment and soon though System Center once we have that up and running. Our staff maintains a repository of approved software installs that require us to do it, so when the user cannot do it themselves it only takes us a few minutes. If a user walks up to our support center, we can usually get the software installed on their laptop right away. We’ve given our Help Desk very easy to use remote access software and can usually get stuff installed for them within 24 hours, if not as soon as they call in or email.

Does malware still get installed on systems where users lack administrative access? Yes. Which brings me to another point.

You also need to look at the amount of damage that can be done in the time period where a user with administrative access disables anti-virus to install something, or even where the AV client doesn’t detect it and the user isn’t aware enough to see what has happened. A few years ago, the malware was about annoying the user or deleting files, but as it has changed to becoming a security breach where data can be stolen often without the user even seeing they’ve been infected.

My wife works for a multinational accounting services firm, where she and her co-workers have access to information that would probably make any hacker wet their pants with excitement. Yet, they have administrative access to their company issued laptops, since they spend most of their time outside of the corporate office. In one case, she told me where one of her co-workers went weeks with a system she knew was infected with porn-popups, yet was “too busy” to do anything about it, like take it into the office and let IT look at the system. Did she know better? Despite required company IT education and training, probably not. Did my wife? You betcha.

That infection may have been harmless, or just designed to generate traffic to your friendly neighborhood porn site, but would the next one be so lucky? Sure, you may put good AV on systems and monitor them daily, but they can’t catch everything. It seems like we should be fighting to do everything in our power to prevent this from happening, even if it means it’s more difficult for the user and IT. The risk of not doing so outweighs the easy of use.

Do your users have administrative rights? Why or why not?

Originally published at techvirtuoso.com on December 8, 2009.