Just one geek's opinions and epiphanies

DevOps, SysAdmin, or Something Else Altogether?


We all know the buzzwords, we here them everyday. Ok so SysAdmin is not a buzzword, but you get my point.

Who I Am, What I Do

The company I am working for hired me as a Software Engineer (a fancy way of saying PHP Developer). On the surface my job is to write code and handle problems with the code. Dig deeper and you will find that I actually do quite a bit more than just develop software.

I manage the configuration of our servers, the updates and maintenance of said servers. I work with the security team, and Ops and Helpdesk to get those machines in line with proper needs. I work with my development team to provide the services they need on the boxes. I am also in the R&D department, researching new technologies to make the jobs of my co-workers easier.

I do a lot. I am NOT a Software Engineer anymore, nope I am more along the lines of DevOps (Developer Operations). I am that guy who straddles the line between Developer and Systems Administration, but also handles the relationship with security, QA, the business needs, telecom, and I am sure I am leaving someone out.

Ideally I would continue on my path from Software Engineer to full time DevOps (Manager), and continue helping to create better environments and faster deploys for my team.

The Dilemma

My company is working its way to an IPO, and this introduces some problems for the continuation of my career path. The problem is that we have to become SOX (Sarbanes Oxley) compliant. One of the requirements for SOX is a separation of environments. Basically put, software engineers can no longer handle server details. We can't even touch the production servers.

On the surface, that sounds great for my career path. I can stop developing the software, and continue working on the continuous integration, the deployment scripts, the server architecture, the configuration management, and work on better tools to better support my team.

However, I find more and more that those roles are being taken from me, and handed off to what will eventually be called "Application Engineer".

The Opportunity

Our company is hiring Application Engineers. One of the developers on my team was actually approached by a local recruiter for the position (somehow they missed that he already works for the company). Long story short, the position pays more, and according to the description on the website, is more like what I want to be doing.

This position will be working in a 50/50 Linux/Windows environment. Experience dealing with COTS and proprietary software. This individual will have experience working with the QA and software development team and will be heavily focused on applications (configurations,management),Apache, IIS and code deployment.

Really the only problem I have with this, working with Windows. I haven't used Windows for more than a gaming machine in quite some time. I have latched onto the Open Source scene quite well, and I have really enjoyed it. I have grown accustomed to finding solutions, writing fixes, and configuring the hell out of my systems. The thought of working on out-of-the-box solutions just seems wrong to me. I want the customization. I want the challenge.

However, more pay, and more Systems Administration like work is up my alley.

At the same time one of our SysAdmins left the company this week. That position has been filled, by a very junior admin, but he is family to another admin and will be trained well in time. However, there are two other positions they are hiring for and I have considered those positions as well. Again, the only hang up being that I would be dealing with Windows environments.

To be honest, the Windows thing aside, I think I would like being a SysAdmin for up to 5 years, and then I would want to get back to being the middle man. The DevOps guy.

So what do I do? Do I apply for the Application Engineer position? Do I look at becoming an Systems Administrator? Or do I stay where I am, and force my boss to let me do more DevOps work?

i3 Config and xev


For those who find Gnome and KDE to be boring, try i3. i3 is a tiling window manager, which means it tries to use 100% of your screen realestate for your windows. I switched to i3 a few months ago when there was a pretty large bug in Gnome 3, and I didn't have time to wait for a fix.

Today I wanted to get a few things working in i3, that just hadn't before. The first (and arguably the most important) was volume control. I use a Lenovo ThinkPad T430. It has dedicated volume buttons. They however had no effect on the volume of my laptop speakers. So I wanted to fix that. So, how do you do that? Simple, you configure you i3 to bind the key and then run a command to adjust the volume. Easy right? Not really. Here is what was really envolved in such a task.

Configure i3: keybinding

Adding key bindings to i3 is simple, in your config file (either ~/.i3/config or ~/.config/i3) you add something like this

bindsym XF86AudioRaiseVolume exec amixer -c 0 set Speaker 5+

Let's talk about what that all means!

bindsym tells i3 to bind the key that follows. So we tell it to bind XF86AudioRaiseVolume to a exec, which executes a command.

But, where did we get the XF86AudioRaiseVolume value? From xev.

xev: x event viewer

Ok, I am honestly guessing at what the v means, but it is good guess.

If you open up a terminal and type xev into the cli you will get a couple things. The first is your cli will dump lots of data at you, the other is a mostly blank window. Move your mouse around in the white window, or press keys while your mouse is over that window and your cli will fly with changes. Press your volume up button and you should get some stuff that looks like this:

KeyPress event, serial 32, sythetic NO, window 0x1a00001, root 0x251, subw 0x0, time 1926937, (99,532), root:(1170,552), state 0x0, keycode 123 (keysum 0x1008ff13, XF86AudioRaiseVolume), same_screen YES, XLookupString gives 0 bytes: XmbLookupString gives 0 bytes: XFilterEvent returns: False

KeyPress event, serial 32, sythetic NO, window 0x1a00001, root 0x251, subw 0x0, time 1926937, (99,532), root:(1170,552), state 0x0, keycode 123 (keysum 0x1008ff13, XF86AudioRaiseVolume), same_screen YES, XLookupString gives 0 bytes: XmbLookupString gives 0 bytes: XFilterEvent returns: False

Here we can see the keysum 0x1008ff13, XF86AudioRaiseVolume, that tells the symbolic link to our key. Congratulations you can now identify key events in X!

amixer

So what is this amixer business? Well, that is bit harder to explain, but I will do my best.

The command we issue is:

amixer -c 0 set Speaker 5+

amixer is the commandline tool for adjusting alsamixer (Advanced Linux Sound Architecture).

First you need to identify your cards. Honestly, I need to learn this more, but the jist is this:

amixer -c 0 will show you all the mixer controls for card 0, depending on your setup your main soundcard might be a different number. Specifically I am looking for the Speaker control for my card. I know this from adjusting things in alsamixer. I will have to research more how to figure this out from the cli.

So the full command works like this:

amixer -c 0 set Speaker 5+

amixer, on card 0, set Speaker to whatever it is, plus 5 (I believe that is 5% more).

Volume down

I tied the other button (volume down) to the same command but backwards

amixer -c 0 set Speaker 5-

then I bind that to the appropriate key:

bindsym XF86AudioLowerVolume exec amixer -c 0 set Speaker 5-

More fun with sound control

I still need to figure out how this will work with headphones plugged in and compensate. I also need to make the mute button work. Wish me luck.

Getting Back to #GeekLife


Life has been hectic lately. To recap the last year, I started a great new job, have taken on way more responsibility in life than I should have, and I have fallen away from some of the things I really love to do, like blogging.

So I am attempting to make a go of it. For starters I am fixing my blog. I have updated Ghost, and I am going to use forever to make to run, well forever.

Then I am going to start writing more often. I know, I have made this promise before, but this time I am motivated. I have a silver bullet, I am adding a -f to my blog command. I am forcing myself to write something, even something mundane and horrible every day. No excuses.

The Plans

Last week I attended Open West Conference. It was amazing to see all the people come together for common goals. The common goal being the love and sharing of Open Source technologies. There were even some great talks that weren't actually about technology, but the managing and inclusvitiy of technology.

While at the conference I blew the dust off my Twitter presence and really knocked out a bunch of tweets. Nearly 100 tweets in just a few days. I got a lot of traction from those tweets too, so that was the first stoke of the flame.

I also talked to a lot of people IRL and realized I really like doing that, face-to-face. It has given me insight into things I want to try in the future.

I also did a lot of thinking about the technologies I am using at home, and how I could better utilize them to make things in my house easier, or more fun.

Finally, I remembered why I became a geek in the first place. To play, to learn and to understand. Don't just give me a wall of buttons, tell me what each button does, and why. So I am getting back at it, I am digging in and I am learning.

#geekLife

The New Net10


Well, Net10 is at it again. You may recall just a few months ago (June 2013) I informed some folks that truly unlimited data was available by switching to a T-Mobile SIM (the pink Net10 sims). Well if you are a power user like I am, then you are aware that policy has changed, again. There is no longer a truly unlimited plan. Don't bother calling Net10, they will transfer you to the completely useless "High Data Usage Line", which only informs you that you have exceeded your 2.5GB of data, and have been throttled, and won't be unthrottled until the end of your prepaid plan. It's crap.

What now?!

Last time we had a policy change at Net10 we simply had to change SIMs, well this time the game has changed. To get truly unlimited data you just have to, switch networks. Net10's website lays it out in black and white, there is not more truly unlimited from them.

The choices for data are now 500MB, 3.5GB, or 5.0GB of data. These plans drop in at $40, $60, and $75, respectively. What a joke! I would wager these prices are being mandated by their backing networks of AT&T and T-Mobile as their pricing comes right around that of the two backers.

To compare the prices, Tmobile has 500MB ($50), 2.5GB ($60), and an truly unlimited for $70. That is not a bad option really, but still, $70 for a truly unlimited plan is a bit crazy.

Back to SimpleMobile?

So my first thought was to go back to SimpleMobile, since that was the first MVNO I really cared to use, but I was quickly saddened when their pricing page showed they too were bucketing and throttling connections.

Simple's plans are now 1GB for $40, 3GB for $50, and 5GB for $60. That isn't heading in the right direction at all. Frankly, the $70 for truly unlimited at T-Mobile is looking pretty good. Let's keep looking.

Back to the MVNO list

Looking at the list of MVNOs out there (which has grown nicely in the last year or so), you would think more options would show up. Well you'd be right. Here are a few I have found:

ReadySim

Their plan is simple. 30 days for $55, and it is never throttled, but you are limited to 2GB of data. Then it is a hard off. Ok, that isn't really going to work for me. Let's try again.

35orless

Now this is a promising setup. The more users there are, the lower the monthly minutes price is (sitting at $30 as of this writing). Here is what it is all about:

A constant countdown that reflects next month's service rate based on the number of new customers in the current month.

Basically, the more people that sign up each month, the lower the next month costs. The good side is that it will never go above $35, but can go as low as $0 (not likely, but it could happen).

The drawback here is that data is an additional fee (well it comes with 500MB), but you can purhcase a 2.5GB ($15) bucket or an unlimited bucket ($25).

So for a fee of $60 or less ($35 + $25) you get unlimited data and unlimited minutes and text. All backed on T-Mobile. Well, that is $10 cheaper than T-Mobile. Sounding good to me.

Setup on 35orless is $35 (plus data) which includes shipping and the SIM. So you are setup and going as soon as you order.

So, just like that?

No, trust me, I did the due diligence here, and I have checked out a lot of MVNOs over the last 24 to 48 hours (since being throttled). This is a decision that seems sound, and I will of course keep abreast of the landscape that is MVNO land, because I continue to be contract free, and willing and able to jump to any provider available. Wish me luck.

The Future of Credit


NPR had a segment this morning about the recent Target hack, and how this could never have happened if the issuing companies (Visa, MasterCard, Discover, American Express, etc.) had update their systems in the US from magstripe to what is called "Chip & PIN" in Europe. The idea being that users in Europe have to insert their card so a chip on the card is read, and then provide a PIN that replace the signature of the current credit model in the US. This is all well and good, except they are forgetting a key component of this exploit, static data.

Magnetic Stripes

Magstripes have their own set of problems, they are static, they wear out, and ... they can be skimmed. The data on your magstripe is plain text. If you recall the Redbox fiasco a few years back, people put card skimmers on Redbox kiosks and as a user swiped their card they were also giving away the information on the card. Your card number and expiration date among other data is stored in that little strip.

What can we do to avoid skimming, and plain text? Encrypt the data on a chip!

Chip & PIN

As they are called in Europe the Chip & PIN card is basically a credit card where the magnetic strip is removed, and replaced with a micro chip that has to be read by the computer system. You can not simply skim this card because you have to willing put your card in a machine that reads it.

Basically this only replaces your signature with a PIN code. The static data on your card is still collected, the static PIN you enter is still collected and it is all bundled up and sent off to the bank to verify you are you, and you are allowed to use that card. Secure right? Wrong.

The Problem

As the Target exploit shows us even the Chip & PIN system would have fallen pray to this exploit. The reason is because the data is only encrypted on the card. Before the retailer can charge you they have to use a provided key set to decrypt the data and pass it along with your PIN to the bank. Because the data on your card is static, and your PIN is static, simply capturing the data on the card is enough to fake the presence of the card later. Insert the same static data, same static PIN, and the bank doens't know the difference.

A Solution

I am not all gloom and doom today. I have a suggestion, though I am sure the banks and retailers will ignore it because it is sure to be expensive. The solution: Two Factor Authentication.

a process involving two stages to verify the identity of an entity trying to access services

Let me give you a great example of how this works:

You head into retailer X and head to the POS with your goods. You hand them your credit/debit card, and they ask you to enter a PIN. Instead of pulling a 4 digit code from your brain, you pull out your smart phone and open your banks Authenticator app. You plug in your password and up pops a 6 (or more or less) digit code that is only valid for the next 60 (or less) seconds. You read the code on your phone, plug it in as your PIN and the transaction is done.

How is that any different than the static PIN? It isn't static anymore. Let's say the Target hack happens again at retailer X. You don't have to worry about your PIN being captured, because it will never exists agin.

Implementation

Obviously the biggest factor to any change in the way the system works is the change. Adding Two-Factor Authentication (TFA) will require the banks and retailers to change the way the credit game is currently played, but all for the better really.

First, banks and retailers will have to communicate in real time. There will be no more batching credit cards and running them through all together at night. The TFA PIN expires within minutes. It has to be verified in real time. This has the added bonus of reducing float fraud. Float fraud is when you leverage the time it takes for banks to lock your funds to over spend the funds. Real time transactions stops this practice.

Second, POS systems will have to allow for longer PINs to be entered into the system. Most TFA systems have 6 or more digits instead of 4. This is a simple change.

Third, and the most difficult really, is that banks will have to educate and prepare users with the right technology for the practice of TFA. Customer will have to be issued either RSA tokens or smart phone apps that keep track of the codes to be used. The cost of the tokens can be quite hefty, but if you were to offer customers the choice of a $10-20 RSA token or a free smart phone app, you can rest assured the smart phone app wins every time. Those without smart phones will complain to the cost, but when told their money would have been secure from the Target hack, they will gladly toss out $10-20 for the security.

The Pressure

Talk to your financial institutions today, find out what they are doing to make your money safer. Don't let your bank sit on their butts and be inactive to these matters. This is not a problem for just Visa and Mastercard to sort out, your banks are their customers and they need to demand more security for your money.