Cupfighter.net

With ever increasing complexity in the software stacks running on our systems, we are starting to take stuff that feeds us, like power and cooling for granted. Sure, on a global scale we have one of the most reliable power feeds from the net in the Netherlands. This is backed up by diesel engines and a fully redundant power grid inside our primary data center. To get the generated heat out, there’s a fully redundant cooling system in place.

So with all this power and cooling hardware in place, we’re protected against everything… right? Well think again, because the power grid and air conditioning systems are also controlled by…. software! A seemingly harmless software update to the ACU’s inside one of our suites caused a control valve to react in the opposite way its control software thought it was sending them, effectively shutting down cooling and causing a 10 degrees centigrade temperature rise in little over 30 minutes. These are the type of temperature rises which ultimately cause hardware to auto shutdown. In this case, the problem was cleared before reaching critical levels. If it hadn’t, we would have been able to transparently fail everything over to a remote location, since the typical infrastructures we build are based on a twin data center active / active concept.

This again proves that it doesn’t always have to be the often cited ‘plane crash’ which proves the point for building mission critical infrastructures, like our customer’s, inside multiple data centers. Actually, I don’t think there are any recorded events of an airplane crashing into a data center. Instead, something like the firmware controlling your ACU’s can jeopardize all equipment inside a single room or even an entire data center. Plan for failure and expect failure to come from unexpected sources.

All things considered, the twin datacenter active/active configuration is indeed too hot to handle!

I stumbled across this article about a clever challenge involving 10 red balloons. I read about it after following a link on a design studio’s Twitter posting. DARPA (Defense Advanced Research Projects Agency of the US government and creators of the internet back in the cold war days of the 1960s… read Bruce Sterling’s “A Short History of the Internet” written in 1993 if you have never heard of DARPA) took the 40th anniversary of the creation of the internet to pose the question: “Can any real world problems be solved by using the internet?” They came up with the DARPA Network Challenge.

So basically DARPA hid 10 red weather balloons all over the continental United States, and the challenge was to find them all, submit their latitude and longitude, and to find them first. Of course a team from MIT won the competition. How long did it take to find them? A month? A week? Just 8 hours and 52 minutes. How did they do this? By using social media and social networks of course.

Officially the DARPA Network Challenge states:

The DARPA Network Challenge is a competition that will explore the roles the Internet and social networking play in the timely communication, wide-area team building, trust and urgent mobilization required to solve broad-scope, time-critical problems.

So that’s all well and good, fun and interesting and such. But the thing that got me thinking, the thing touched on in the marketing website article was not the discovery of the (in advertising lingo) “big idea” a.k.a. the red balloons. But rather it was the MIT team’s process and approach to solving the problem that is the new “big idea.” The process invented by MIT’s team to rapidly assemble and task it’s newly formed “red balloon team” community worked, and it easily slipped into the operational ethos of bloggers, Facebook users and Twitter users (of course, having decided to donate the $40,000 cash prize to a charity probably helped too). The success of that process demonstrates to me (and DARPA who will interview the MIT team and it’s “community” of participants) the real value of social networks and the internet.

What the marketing website article is trying to say is that ad agencies used to be doing nothing but looking for the next “big idea” and then pitching it to their clients. But along came the internet and changed all that. There are plenty of these big ideas to go around, and depending on how immersed you are in all this social media/networking stuff, more and more of them are starting to come from end-users or consumers. Take the Swiffer for example, it was an idea suggested by a consumer responding to an initiative called “Connect and Develop” from Proctor and Gamble to gather feedback and ideas from their customers.

Crowd sourcing: No one is as smart as everyone.

This is one of the ideas that forms the center of the disruptive technology called the internet. We experience successive waves of change that are emanating from the fact that virtually anyone can publish their thoughts, ideas, images, and video for the rest of the world to find. And sometimes conditions conspire to allow a simple idea or thought to permeate the minds and hearts of millions of people in a near instant. Such things are often called internet memes.

The first wave that hits you is email. Everyone starts here and sees the value of being able to send and receive email. Even my parents have been hit by the power of this medium of communication. The next wave I think that hit was port 80 traffic: http protocols for websites and web pages. Then e-commerce as a wave of online shopping, followed by an MP3 wave (napster at first, iTunes music store now), and most recently by a youtube.com or video wave.

In each of these waves, traditional media entities have been deeply disrupted by the free flowing of ideas and assets. Email killed the telegram (Western Union decommissioned the service in 2006 after over 150 years of use) and is digging into postal service revenues since day one. The websites and webpages have largely up-ended magazines and newspapers so that printed editions are now becoming increasingly scarce. MP3s have both salvaged and savaged the recording industry. And in January 2009 YouTube.com recorded over 100,000,000 viewings per day.

So all of this will continue happening, the waves of disruption (disruptive to traditional thinking and doing at least) will keep on coming. Publishing will become easier, in all sorts of media. Access will be expanded to include more and more people. And our part in all of it, at least in my view, is to remember to try to step back and think about the process of change that is going on. The new ways we can solve problems using this incredible web of technologies and people addicted to them. That will remain a valuable skill and insight to achieve and maintain. Learning how to program perl is great, or some other language. But eventually perl won’t matter that much. We won’t need to pay so much attention to the underlying technologies of the internet because they will (rightly) recede into the background. What will remain will be pure freedom of communication and expression I imagine. And the possibilities at that point will be blinding. So don’t fret about the big red balloons, just try to keep being a curious, problem-solving clever monkey and you’ll always have interesting work to do.

My work as security engineer for Schuberg Philis often requires me to deal with the following situation. A customer of our requires us to facilitate a security assessment or the infrastructure we manage on their behalf.

More of often then not, the contractual agreements between assessor and client and client and service provider together with a “third party waivers” or similar documents do not cover everything that the three parties want to commonly agree upon. After reviewing quite a number of these documents, I decided to write a template agreement (which can be downloaded below) for exactly this situation. This document is not a replacement for the agreement between the client and the assessor, but as an additional agreement between all three parties.

Madison Gurkha and ITsec have both reviewed and contributed to this agreement and we will use it in our future dealings.

The agreement covers the following topics.

Read more…

Every now and then Microsoft Outlook decides to show its reminders in a strangely deformed reminder window.

Sorry what do I need to remember?

As allways Google was my friend and pointed me to this post.

The key is the value  WindowPos in this registry key: HKCU\Software\Microsoft\Office\12.0\Outlook\Options\Reminders

If you delete this key from the registry and restart Outlook the reminders window is back to its normal size.

When you install McAfee on Windows Server 2008, and probably Windows Vista also, you can get a lot of messages in your security log. Like this one:

Event ID 5156 means that WFP has allowed a connection. When most connections are allowed your security log will fill up very fast.

You can disable Object Access auditing but then you’ll miss other events which might be of interest. So, instead, let’s just disable Success Auditing for Filtering Platform Connections. It’s not possible to disable auditing subcategories with a policy or other GUI tool, but I found out that you can enable and disable specific subcategories with a special command-line tool: Auditpol.exe, which is included with Windows Vista and Windows Server 2008. I used the following command:

auditpol /set /subcategory:”Filtering Platform Connection” /success:disable /failure:enable

As you can see this disables Success auditing for the Filtering Platform Connection subcategory.

For more info check out this article:

http://msdn.microsoft.com/en-us/library/bb309058(VS.85).aspx

I know that wordpress has a built-in tag cloud, but when I came across the wordle.net generator, I thought it would be interesting to see how it differs (or not) from the tag cloud for cupfighter.net. I think it does differ, and not just aesthetically.

snapshot on September 27th, 2009

A silent disco was held on Saturday August 15th, 2009 at the Hacking at Random gathering in Vierhouten, Netherlands. There were two DJs playing, each on their own channel that you could listen to with the free wireless headsets. At one point I put the headset near the mic on the camera so that you could hear a little of the music, but it is more interesting to listen to the ambient sounds coming from the dancers (and the occasional comments of people standing nearby or the DJ asking everyone to “jump” or “wave your hands”).

The Silent Disco was made possible by Schuberg Philis.

I recently got my invitation to sign up for Google Voice (previously known as Grand Central) but was confronted with a couple of challenges. The first one being that the service is not offered outside the US yet. Since I’ve been living abroad for the last few years, I’ve gotten used to finding myself on the wrong side of the “geo-fence” that sites put up, using your IP address to determine whether you might be in the US or not. So to begin the process of responding to the invitation email, I needed to proxy my web browser traffic thru a server in the US (there are scores of anonymizing proxies and plain-old-vanilla proxies, but I’m lucky to have friends with computers with reasonably low latency ping times). Once that was done, I began the 4 step process of registering a phone number so that I could get on with finding out what GV can do.

So many choices for phone numbers, but fortunately they came up with an interesting combination of methods to choose an available number. You can search by zip or area code of course, and you can also search by text string. What better way to make your Google Voice phone number easy to remember or say to someone than to look for your favorite phrase or handle/call-name. Since physical location does not matter so much these days, why not pick a phone number that hails from “Pocahontas, Mississippi?”

The next challenge was a bit tougher, the service needs at least one phone number to ring you on when you get a call to your GV number. That number has to be a US number (due to the way calls are charged in the US versus Europe. [I found an interesting discussion about this and how it impacts the possibility of deploying GV in Europe.

With some blind optimism, I entered my US efax/j2 number, hoping that when they called it to request the two digit verification code currently displayed on my browser, they might provide an alternative method for me to verify that I own/use the phone number in question in their voicemail message. Nope.

So my options at this point were to either setup a Skype-in number for something like 15 euros for 3 months so that I could answer the automated GV phonecall, or ring a friend in the US, give his number and send him the verification code so that I could finish the registration process. You will correctly guess that I opted for the latter.

Finally I get to see the interface, check out the settings page, and read the little help buttons that explain exactly what the “do not disturb” checkbox does (this is something that I need to use of course, so that my friend does not get called each time I receive a call to my GV number). I have to say that there are only a few advantages to using Google Voice as an expat over simpler services like efax/j2. One of them, however, is pretty darn helpful. Voicemail transcripts. Although the technology still  has a ways to go before being 100% (most speech to text systems fail to get near 100% really, so who can blame them at this point), you certainly can get the gist of a message by reading the transcript. The transcribed words that the system is sure about are in black text, and the words which the system had doubts about are in a lighter shade of grey. And just like a karaoke machine, the highlighting of the message text in red underline as you listen to the audio voicemail message is kind of fun in it’s own right. What I’m not entirely sure about though is how or why the transcript engine/system decides that a transcript is not possible. The first GV voicemail message that I left for myself was marked “Transcript not available.”

Being the responsible beta user that I am, I immediately clicked on the feedback link to let them know of my question about the criteria under which a transcript might not be available. This took me to a nice little Google docs form for providing feedback. Ok, I’m game. A simple email form is not enough control over what folks put into the feedback, so I write up my question, I hit submit and get a cheeky little reply saying that an unexpected error occurred, they are rather embarassed about it of course, and that I can rest assured that geeks have been notified that the error took place. So much for my first interaction with the community of GV developers.

One more thing worth mentioning is the GV mobile application. Having a blackberry (or iPhone) means that I can (and did) download the GV mobile application, giving me the equivalent of visual voicemail for free on the service. This is nice. Of course if I want to listen to the voicemails, I need to download them first, but that is to be expected. The real time saving feature here is not necessarily being able to listen to my GV messages whereever I happen to be, but instead the sheer time saved by being able to see who the message is from and read the transcription in just a few seconds.

Oh and I suppose being able to send and receive SMS/text messages for free with my friends and family in the US is also a perk. They intend, I supposed, to eat some of Skype’s lunch in this kind of “messaging for free” model. I wonder if they plan to have an API exposed so that I can do this with a script? I admit that I’m not the real target audience subscriber for Google Voice, but I’m on board at the moment and am thinking that it has some nifty features (I didn’t even mention the widgets/gadgets that you can use where the person never knows what your GV number is… nice for security/anonymity).

Question: Anyone else trying to integrate GV into their point of presence without being in the US at the time?