Journal of a Sysadmin

House vs Hammer, what is the house?

OK, it’s taken me less time to clue into this one then the “cloud computing” thing (wtf would have thought publishing an API for your online services would become a meme?).

Anyway to the point, what is the house? Perhaps the #first-house could be platform diversification, or maybe make that platform independence.

I’ve been in IT for a while now, and I always see the same thing: Vendor sells product, swears product is a one size fits all, product turns out to support one implementation of said protocol and that’s all.

Case in point, an unnamed by request organization purchases a product which the vendor states “supports LDAP”, unfortunately LDAP in this case only refers to Active Directory and not “LDAP” the open standard. Same vendor has vaporware which should “support linux and MacOSX as a web client” at some point in the future. Right, and they will support OpenLDAP and eDiirectory for their directory services too I bet. At least that’s what they will say to make the sale.

So what is the problem with this? It’s a free market so it should follow that the top product on the market is on top because it’s the best. Actually I believe the top of the market in the IT game is who can force themselves onto the most computers. Jobs products might be the next one on the top but I don’t know if that will change anything, Apple too has shareholders, and I don’t personally know him…

I’ve also been a FOSS advocate for a while now and the reason sometimes gets lost in the argument. If I use OSS I get the advantage of being able to open the wall of the house, fix the wiring and then contact the contractor to provide feedback on a better house the next time around. I can’t do that with close source. I’m not only a systems administrator and a programmer, but I’m also a troubleshooter. I need the ability to see what the product is doing to determine what the problem is. I also don’t want to be taken to court because I am caught tracing a program or sniffing a network packet… That’s an entirely different threat on the same subject though.

Back on the subject of platform independance, there’s the client side as well which is even more important to us as developers, maintainers, and administrators. If your goal is uptake of a service (and who would not want that) you can’t force your clients to use a service and require that they use a specific browser or client. Web is definitely the way and I think building platform independence is where people need to concentrate on before pushing forward.

What about technicians using iPhones or iPod Touches as the web client using safari and with Fring installed to leaverage your budding VOIP services which are SIP compliant. Tech support reps can go to the desktop, update tickets, close calls, and never have to come back to the office to update and get the next ticket. It’s 2008 after all, not 1998.

The house has to be open. Open standards, open source, open products.

So from my customer service POV that’s where I see it. I also see other far more impacting applications of this rule.

Cloud computing, pushing your data to the net and having the net feed you back what you want filtered out (in a rough overview-esq 1000 mile out kind of view).

Imagine if you put your data in but it’s now locked up in that vendor. Current contracts may lock you into that vendor and this makes your data immobile. In theory your vendor could raise their fees and you would have little to no choice in the matter.

Imagine you put your data in then the service breaks. So what if you have an SLA with the vendor and that the vendor has promised free service until the end of time, it’s your data, live data, data that has changed since you stored it and now it’s unavailable. If you ever need to have an open solution that has to be it.

Your SLA has to include an clause which allows you open access to your data at any time. Ultimately this does not have to include open source software but frankly I’d be hard pressed to put my data into something that I’ve never seen the source code to. Of course on a day to day basis companies trust all kinds of data to all kinds of software. I’ve never seen the source to Oracle but at least I know who manages the firewall and I know the security on the box because I manage it. I have a reasonable level of trust in the security of that data.

Then we start to run into secure computing, the security of that data which you push into the cloud which you hope is manged by open standards and hasn’t locked you into a specific vendor.

When web services meet cloud computing meet secure computing. OK, I can see this snowballing out of control.

The subject is huge and I can go on all day about it but I’m on vacation and have people to meet and errands to run in the physical world. =)

I just want to close by saying that before we rush headlong into the implementation I think there is a lot to be said for reviewing what we have, where we have been and out of that create a rough trail of where we want to end up.

House cleaning while the birds tweet

Two impressive moves for me today:

• I’ve obviously changed my journal theme, it’s only been the same for the past 5 years.
• I’ve signed up for a twitter account and am actually trying to use it, is it useful?

So, #1 was easy. I had to upgrade WP today anyway on 4 different journals (which took all of 5 minutes) and wanted to find a new theme so there you go. Hey, who’da thunk I could change…

#2 is odd. I’m trying to see if it’s going to add any additional value beyond following Jaime’s tweets. So far I’ve observed that the people who are at the top (timoreilly and timbray for example) are actually spouting useful stuff, for the most part and it makes you stop and think. This is good.

gtrend is actually kind of neat. Funny how the collective gravitates from one thing to the next in an amoeba like fashion, so I’m following that one if for nothing else entertainment.

I think though I see one bad thing about twitter, besides the entire time hole continuum thing: Twitter needs authentication, I can easily foresee a fake IDC tweet messing with the markets like the Apple/Jobs heart attack thing.

What I envision for twitter would be a simple to use (read automatically generated, uploaded, and managed) GnuPG pub/priv key signature to send each tweet into twitter. The signed messages would then be verifiable as being from the actual person. Maintaining a key ring with signed keys and a return key signing parties or even better, meetings where you share keys at the end along with your business cards (oh, my GnuPG finger print is on the back of the card so you can verify my tweets)?

Mind you, anyone running an insecure computing platform will not be verifiable because if you give me time and you use the machine I’ll control your actions. Also the nature of people is to give up information in the guise of being “helpful”, compromising their accounts in the process (at least 1% of receivers of a mail phishing attempt will divulge their account information). Of course on a scale of magnitude Aunt Bessie may give up information to phishers but her tweets won’t cause the apple stock to plummet but IDC authorized tweeters would know better and would know to not allow access to their private keys.

As it stands now we don’t know if that really is timoreilly or one of his staff (from reading some of his work though I’m thinking it may actually be him. If he doesn’t tweet for more then say, 12 hours can we say he’s dead?). Naturally having never met Tim (Mr. O’Reilly?) and likely I never will can I ever actually verify his GnuPG key except to download his pub key from a specific location?

Well, I put the new idea out. Maybe I’ll do something about it tomorrow.

Tags: GnuPG, O'Reilly, Twitter, wordpress theme