Tech's High Barrier to Entry for the Underprivileged

via Medium

[This is a placeholder for the moment.  I have thoughts on this but they need to wait until this evening since I have to be at work in 20 minutes.  For the moment read the article]

Fun in VMware land

This afternoon I was trying to deploy a VM and I was encountering a hardware problem moving from one platform to another (failed .ovf deployment – incompatible device backing specified for device ‘n’).  Googling I found that this error usually relates to a piece of hardware added to the vm, such as a serial port or cd-rom, that is not present on a newly created vm.  I also found out that there is no way to configure the vm to add that hardware before attempting to import an .ova file. 

Fortunately while banging my head against the desk in frustration I happened to notice that one of the respondents in the thread mentioned editing the .ovf file. 

This made me realize that the .ova file is really just a compressed file that contains the virtual disks (.vmdk) the xml configuration file (.ovf) and a .mx file.  More importantly it can be extracted using 7Zip.  I extracted the .ovf file and edited out the piece of hardware that I thought was causing the problem and placed it back in the compressed .ova file. 

This didn’t work because the .ovf needs to be at the beginning of the archive and I couldn’t place it there.  More head banging followed and then I thought about it an realized that vsphere can import the files separately.  I tried this and was told the file was corrupt.  A final round of smacking my head into the brick wall and I came up with my solution.

If you encounter this problem the following steps appear to work

1. Extract the .ova file into a folder using 7Zip 
2. Using notepad edit the .ovf file. 
3. Save the file (Save as  “XXXXXX.ovf” (XXXXXX being the original name) file type – All files) 
4. Open powershell and navigate to the folder containing the files and run the Get-FileHash utility   
      a. Get-FileHash –Algorithm SHA1 XXXXXX.ovf 
5. Copy the hash Open the .mc file and delete the old SHA1 hash associated with the.ovf file and paste in the one you just generated.  Save the .mc file in the same manner as in step 3.  
6. Open VSphere and import the .ovf file using the Deploy OVF option. 

Heaven Knows It's a F'ed Up World - What I am reading 1/27/2015

I don't really have much at the moment so lets open with a song that is currently heavy in my rotation:

Heaven Knows




Medium - The Way We Hire Is All Wrong -

The author starts out with the fact that 48% of new hires won't make it through the first year at their new job (apparently this is kind of a global statistic that applies across all companies).  From there she concludes that the current hiring process is wrong and a better paradigm is needed.  The one offered here is a 48 hour workshop where participants build a project and present it to a company or companies sponsoring the workshop.  They will then decide whether to make an offer.  The article kind of falls apart though when it turns out that this process doesn't work either.  Read the article for the details but it seems just as haphazard. 

Dark Reading - NSA Report: How To Defend Against Destructive Malware -

NSA's recommendations recap some strategies the NSA previously had published in its "Information Assurance Mitigation Strategies" report. Among the best practices in the latest report for preventing, detecting, and containing attacks are:

• Segregate network systems and functions so that if an attacker hacks in one area, he can't necessarily reach others

• Reduce and protect administrator privileges to minimize the damage if a bad guy obtains them

• Employ application whitelisting to prevent malicious code from executing

• Limit workstation-to-workstation communication to reduce the attack surface

• Run perimeter firewalls, application-layer firewalls, forward proxies, and sandboxing or other dynamic traffic and code analyses

• Use and monitor host and network logging

• Implement pass-the-hash mitigations

• Run Microsoft's EMET or other anti-exploit tools

• Employ antivirus reputation services to augment traditional signature-based AV

• Run host intrusion prevention systems

• Regularly update and patch software

Mostly commonsense stuff but since it has the NSA imprimatur on it it will be instantly discarded.

Slashdot- Coding is not the new literacy -

He further suggests that if anything, the "new" literacy should be modeling — the ability to create a representation of a system that can be explored or used. "Defining a system or process requires breaking it down into pieces and defining those, which can then be broken down further. It is a process that helps acknowledge and remove ambiguity and it is the most important aspect of teaching people to model. In breaking parts down we can take something overwhelmingly complex and frame it in terms that we understand and actions we know how to do."

Actually I would say that literacy should be the new literacy but that's just me.

And I guess we will close with another song -

Fucked Up World -

Stuff 1/24/2015

Just a general catch up since not much is going on at the moment.

About a month in and still very happy with the new car.

Trying to keep to the 4 resolutions I made at the beginning of the year and think up 3 more for a total of 7.

Messing with windows 10 and Linux a bit today.

I think I am giving up on Zuckerberg's book group.  The first book has been a loser so far and the second doesn't seem any better.  I have the feeling that this is one of those things where it isn't so much about expanding horizons and discussion as about making you a better person.  blech.

Draggin' the Line

So at work today we were talking about some bullshit thing or the other and suddenly I am thinking about Linda Vaughn - Miss Hurst Golden Shifter, and one of the best reasons to read Car Craft and Hot Rod Magazines in the late 70's,

 somehow that led to me humming "Draggin the Line" - unfortunately I couldn't remember the name of the song, the lyrics or the artist so I spent most of the afternoon humming with the damn tune stuck in my head.  Finally at 11 pm as I am watching a Two and a Half Men repeat the name and artist miraculously appear, my slow torture is over:




and now you the reader have deeper insight into the thought process of a low-grade moron.  Everyone wins.

Freakin' Holograms - What I am reading 1/22/2015

Ars Technica - Hands-on: Microsoft’s HoloLens is flat-out magical - 

It looked for every bit like the holographic projection we saw depicted in Star Wars and Total Recall. Except that's shortchanging Microsoft's work, because these virtual objects were in fact far more convincing than the washed out, translucent message R2D2 projected, and much better than Sharon Stone's virtual tennis coach. The images were bright, saturated, and reasonably opaque, giving the virtual objects a real feeling of solidity.

Here's the problem - It's Microsoft, the same company that was first with tablets and smart phones (OK I know that there were other companies that were making both but I am talking about the first out of the Google / Apple / Microsoft triad) that got blown away later because they entered the market too early.  I am curious to see who the folks at Twit.tv react given that they constantly are saying Microsoft doesn't innovate.

Also +Jeri Ryan - Holodecks,.. just saying.



Endgadget - When did Apple become the boring one? -

But let's briefly summarize what Microsoft, energized by the appointment of Satya Nadella as CEO almost a year ago, just showed us. An operating system that runs universal apps across PC, tablet, phone and Xbox One. Streaming games from your home console to any Windows PC or tablet. A voice assistant for your PC that seems like a prequel to Scarlett Johansson's AI in Her. HoloLens. I mean, HoloLens! Microsoft is promising to make the distant dream of functional AR a reality very soon. It even held people's attention while showing off a new enterprise PC.

I asked above what the reaction would be from Twit.tv, I should have said, "and other like thinkers", because I just saw it in the comments on this article - "These are half-baked technologies that will never go to market.  Apple is the true innovator"

Pando Daily - Microsoft begs consumers for another chance with free Windows 10 upgrade -

It’s too bad Microsoft is hedging its bets by offering it to consumers for free. Even if the company truly believes an extended trial is the best way for its users to become acquainted with Windows 10, and has nothing to do with Windows 8’s botched launch, the decision reeks of desperation. That’s more worrisome than anything else it could’ve done with this update.

I believe that Nathaniel Mott, a writer who covers start-ups and technology from New York, is wrong in his description of the free upgrade.  It is my understanding that if you upgrade during the first release year the upgrade is free.  After that you have to purchase an upgrade.  Either way it's interesting that Mott sees it as a sign of desperation.  I also find it interesting that no one did a fact check and clarification.

Slashdot - Moot Retires from 4chan -

and seeing how uptight some of the mods are the freewheeling /b/ days are probably over.

VentureBeat - Disposable employees may be tech industry’s greatest achievement -

These companies are making a choice. They’re deciding that it’s faster and cheaper to chuck people overboard and find new ones than it is to retrain them. The economics of cutting rather than training may seem simple, but it’s a more complex calculation than most people believe.

Firing people is not free. Back in 2010, I wrote a story about how Hewlett-Packard had announced 75,505 layoffs since 2002. As part of those cuts, the company had to pay $5 billion in severance pay. Since then, HP’s layoff count has climbed over 120,000 since 2002. It’s an amazing number for a company that remains profitable.

And how’s all that cutting working out? I don’t think anyone would argue HP is anything but still adrift.But severance is not the only cost. There are intangibles, like morale. And there are other fiscal costs, like the price of recruiting and orienting new employees. There is a cost in time and money when you have to train new employees in your internal procedures and culture, get their computer hooked up, help them find the toilets, etc.

Again, I blame the MBA mentality that only allows a company to look 3 months down the road. Well that and the fact that most people think hidden costs are not real costs.

Federal IT system security breaches increasing

via Ars Technica

New research out earlier Tuesday from George Mason University, however, calls into question how effective Obama's proposal would be. That's because the federal government's IT professionals as a whole have "a poor track record in maintaining good cybersecurity and information-sharing practices." What's more, the federal bureaucracy "systematically" fails to meet its own federal cybersecurity standards despite billions of dollars in funding.

...

The researchers pointed out that the federal bureaucracy has its own CISPA-style legislation. The Federal Information Security Management Act of 2002 (PDF) requires the bureaucracy to perform information sharing and to reduce risks. In short, FISMA provides funding to "provide a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets..."

Once again I go back to the idea that one of the reasons for this failure is that things have become too complicated to manage efficiently.  Until that changes this will be an ongoing problem.

What I am reading 1/19/2015

Ars Technica - ToleranUX: Satirical Linux fork mocks calls for open source diversity -

The ToleranUX page is chock full of exaggerated portrayals of feminism, both in describing the project's inspirations and in trying to apply fake feminist philosophy to the nuts and bolts of Linux development. (To wit: "ToleranUX is created to revolutionize the Toxic Meritocracy that permeates the FLOSS world that has proved itself to be the crux of divisiveness, the cause of the gender imbalance in IT, and the bane of True Equality.") We've picked a few of the page's most mocking sections to illustrate the fake project's viewpoint.

...

Without any official group taking responsibility for this page, and with imageboard screengrabs showing jokes about its creation, we believe FSF is as much of a mean-spirited joke as media critic Shanley Kane says it is.

It may be mean-spirited, and I may even agree with some of Ms. Kane's goals, but honestly this is one of the funniest things I have read in a long long time.  Last night on Facebook I posted a link to Valleywag's take.  It was just a tad angrier but I couldn't quite tell at who -

Valleywag - Now Some Assholes Are Taunting The Pro-Diversity People -

It is a nasty anti-female rip on people like ModelViewCulture co-founder and CEO Shanley Kane who have been criticizing Linux for being a boy's club. I honestly don't know why anyone, male or female, wants to belong to the Linux community, but maybe the issue is just that when some group, any group, says certain people aren't welcome, that's bound to piss people off.

Is he made at the Linux community, the people who made the site, #gamergate or just everyone in general?

Dark Reading - A Lot of Security Purchases Remain Shelfware -

Companies may be investing more in security, but many are either underutilizing their new purchases or not using them at all, an Osterman Research survey shows.

...

Osterman surveyed 172 small, midsized, and large enterprises from multiple industries and found this to be true with at least 30% of the respondents. In some companies, survey respondents said nearly 30% of all new security investments were not being used at all or were underutilized. One company surveyed said 60% of its security software was shelfware.

...

The most common causes for shelfware were all tied to a lack of IT resources, Shaul said. When asked to identify why they were not using their security controls more fully, respondents blamed IT for not setting aside enough time to implement security software properly. They also blamed the situation on a lack of people and an insufficient understanding of some security tools within IT.

I can empathize, but the problem goes deeper in my opinion.  The products are too damn complex and in most cases poorly designed so there is a huge learning curve and no time for it so you get it up and running as best you can and pray.  Then later when something fails the company may kick up some money for training or a consultant but at that point you are throwing good money after bad.  My philosophy is that if a reasonable person (me) with a reasonable amount of knowledge (again me) can't sit down and look at your product for 5 minutes and have a basic - BASIC- understanding of how it works and how to configure it then it is too fucking complicated and poorly designed.  I am not saying I should be able to master it at that point but I shouldn't have to read an 832 page manual or watch 27 videos to be able to get a basic configuration up and running.  Also companies need to quit hiding their training behind paywalls

Gizmodo - The NSA Saw Signs That the Sony Hacks Were Coming -

When the FBI blamed North Korea for the Sony Pictures hacks, some wondered how that finding had been made so quickly. Now, new interviews and documents reveal that the NSA had tapped into North Korean networks years before the attacks, and saw indications that such an attack may be imminent.

And once again when something appears in the news there is a convenient new Snowden document that just happens to be on point and links the NSA to whatever nefarious activity is occurring that day, and in a way that makes them look incompetent.  

The New Yorker - Pets Allowed -

An alpaca looks so much like a big stuffed animal that if you walked around F.A.O. Schwarz with one nobody would notice. What if you tried to buy a ticket for one on an Amtrak train? The alpaca in question was four and a half feet tall, weighed a hundred and five pounds, and had a Don King haircut. My mission: to take her on a train trip from Hudson, New York, to Niagara Falls.

“Ma’am, you can’t take that,” a ticket agent at the Hudson station drawled, in the casual manner in which you might say, “No flip-flops on the tennis court.”

“It’s a therapy animal. I have a letter.”

“O.K.,” she said flatly. “That’s a first.” 

I honestly don't really know what to say.  

My Crappy Book Thread 1/18/2015

Again crappy thread not necessarily crappy books -

As I noted last week Mark Zuckerberg has started a book club.  The first book was to be "The End of Power: From Boardrooms to Battlefields and Churches to States, Why Being in Charge Isn't What It Used to Be" (the second book was supposed to be posted 1/16 but already the two schedule has fallen by the wayside.) This book is described as a provocative examination of the relationship between dominant megapowers and insurgent micro-aggressors based on original research, but (and bear in mind I am only 25% of the way in) so far I don't see anything that strikes my as terribly provocative or original. The author accepts the dominant paradigms that a) the US is losing it's superpower status and b) China will replace it.

Personally I accept neither of those propositions (at least if we can get Obama out of office without a clone being elected).  Demographics are working against China as is it's coming economic collapse (again my opinion) and the US is still growing in terms of population which is a requirement to maintain economic dominance.  While the US has shortcomings it is much easier for us to overcome them than the Chinese under their system.

The author also accepts as fact that the US cannot exercise power based on the lessons of Iraq and Afghanistan.  Again I reject that conclusion.  Those wars could have had much different outcomes if we had not artificially limited ourselves.  Insurgencies and asymmetric warfare developed after we intentionally limited infrastructure damage in the name of "proportionality".  That will always result in failure unless you are willing to invest a generation in rebuilding the country (we weren't) .  If as was the case in Germany and Japan we had engaged in total war and then occupied the country after an extended period of warfare I maintain the outcomes would have been different.  We made the choice to artificially constrain our use of power.  (Not advocating a total war approach just saying that a combination of shortsightedness and artificial constraints led to the current situations in Iraq and Afghanistan and if we are going to engage in limited actions we have to understand the follow-on investment required).

The again I am a moron so what do I know?

Also reading -

The Warriors by Sol Yorick - What can I say it's the basis for on of the classic movies of the 70s but wow is it different.

Short thread I know but heopefully next week I will have more to say.  (or not depending on your viewpoint)