From rsr at inorganic.org Fri Jan 9 17:49:33 2004 From: rsr at inorganic.org (Roy S. Rapoport) Date: Fri, 9 Jan 2004 17:49:33 -0800 Subject: Some Job Openings Message-ID: <20040110014933.GA28841@nag.inorganic.org> Job openings should go to baylisa-jobs, but I want to go on at some length about this situation because it's a little different and so I didn't want to violate the baylisa-jobs charter. Since almost anything goes on this list, I figured I'd mention it here. So first, a summary: fi.com, the company for which I work, has three IT positions open. They are: Trading Technology Support Analyst, http://recruit.fi.com/candidates/default.cfm?szCategory=jobprofile&szOrderID=204 Software Engineer 1, http://recruit.fi.com/candidates/default.cfm?szCategory=jobprofile&szOrderID=208 And a third one that's probably fairly similar to the SE1 position but hasn't been posted yet. In general, the difference between the two SE positions is that one is focused on support of our CRM application, Onyx, and as such ideally would involve someone who knows a bunch about sprocs and SQL (the M$ kind, unfortunately) and, ideally about Onyx; the other would be focused on support of our automated document management systems and would ideally have lots of knowledge of Cardiff, fileNet, and document management in general. Oh, and have some Python || VB || sproc knowledge. Why am I mentioning this here? Well, partially because if I refer someone to here (and they don't end up reporting to me -- we're not clear who these people will report to yet) I get some money out of the deal. Partially, it's because I know there are lots of people in our industry who are looking for jobs. At the same time, I didn't just want to drop a "here are the job descs, mention me as a reference" email to the baylisa-jobs list because this company is sufficiently different, in both good and bad terms, that I thought it'd only be fair to disclose more fully what kind of environment you'd be stepping into. With that said, and keeping in mind I'm going to try to avoid saying anything I wouldn't be willing to say to my CIO's face, here's the good, the bad, and the ugly: Bad: The company is about two miles south of 92 on 35. This means that you *WILL* drive to work. There's no public transportation. And there's pretty much one and only one way to get here (at least the last four crucial miles). We're high up on the hills, which means we often get fog and rain Because we're about six miles from the closest place that sells food (modulo vending machines), you're either going to bring your own or go in on one of 2-3 lunch runs daily. There's not a lot of "going out for an hour and a half to some restaurant with the coworkers going on" (especially given the relatively low grade of these positions). Management, in general, has never worked elsewhere and is prone to occasional amazing bouts of ... well, behavior that leads me to wonder what cave they grew up in. But IT is an important exception to that -- see below. The company, IMHO, doesn't all that much appreciate its employees, doesn't treat its employees well, doesn't trust its employees to any significant degree (I'm a senior software developer reporting directly to the CIO. I don't have remote access. At 8pm nightly, my ability to do anything on our network is interrupted until 6am the next morning. And the access I've gotten in the six months I've been here has been UNPRECEDENTED. I'm *ahead* of the curve). Despite the CEO's words that we're somehow all in this together, you're likely never going to forget that he owns the company and you're disposable. Again, IT is a huge and very important exception to that -- see below. We're Windows-only, for now. There are, actually, two UNIX back-end sytstems used for email, but the number of people allowed on them is measured ... well, it's a two-digit number. A binary two-digit number :). Assume there's no telecommuting or flexibility when it comes to comp days. Mandatory overtime -- hourly employees (and these guys are almost certainly going to be hourly) work 50 hours a week. Yes, you obviously get paid overtime for these 10 hours, though since it's a fixed number, they pretty much just work back from what annual salary they want to pay you, so it's not all that impressive (Did I mention the company's regard for its employees?). This company is not all that fond of paying high salaries. As an example, the CEO likes to mention that he makes $250K a year. I, by the way, make a lot less. Forgive me, that should be spelled "A LOT." Oh, the CFO? His wife. The president? An old high-school friend of his. Vacation is weird -- the official word is that you don't get paid vacation for the first year. What happens is that you get two weeks of vacation to use after every year you work there -- so if you leave after 364 days, you'll have gotten no vacation. If you leave after 365 days, you'll have gotten two weeks of vacation. Oh, and there's no accumulation of vacation time. Oh, and you get two weeks of vacation per year. Worked here a year? You get two weeks of vacation per year. Worked here for five years? Well, it's two weeks of vacation per year. Worked here for ten? ... You see where this is going. Good: Parking is easy, free, and plentiful It's never all that hot up here The weather never gets all that hot The view is breathtaking. The IT group here is, frankly, the most functional and pleasant group I've ever worked in. It's a very small group -- Aside from the Helpdesk and Infrastructure people, there are only twelve of us, and the longest reporting chain to the CIO is two levels deep (everyone either reports to the CIO or reports to someone who reports to the CIO). Our CIO is amazing. He's the single biggest reason why IT here is nothing like the rest of the company. He's relatively young, though with significant experience in financial IT. Huge open source fanatic (would love nothing more than replace every single desktop we have with a Linux box); still very technical, though he's managing to balance the management part with the coding he's doing; mostly development-focused. While our basic infrastructure is currently Windows-only, that's currently under review, and it doesn't mean we're trying to be an M$-only shop. Our choice for programming language is Python; our web servers are Zope, fronted by Apache. The internal issue tracking system we're deploying is RoundUP. We *heart* open-source. The highlight of my CIO's year, probably, was his attendance at the OSCon. More reasons why he's great to work for (directly or indirectly): He's one of the two best managers I've worked for (and I've worked for a whole bunch of them). Never loses his cool, always manages to deliver feedback in a constructive way, great sense of humor, a really wonderful nurturing guy. He's the reason why a bunch of us are here, and the reason why IT is quite unlike the rest of the company. If he left, it's likely a bunch of us would leave also. Thankfully, he's been very successful here -- he's got incredible cachet. The company is INCREDIBLY healthy. We've never had a negative growth year, despite being tied to the market and the last three years being what they've been. We've grown 25% this year, and the last official publicly-disclosable figure for our AUM is $17B. We're unique and do something that, IIRC, nobody else does. And, to the best of my knowledge, that's done without Enron-class accounting :) The people who work in IT here are some of the most cooperative, pleasant people I've worked with. There are 2-3 people who are a bit, uhh, gruff, but in general everyone's a sweetheart to work with. The hours are -- for some definition of the word -- really quite reasonable. Coming here from Macromedia where I could count on at least one weekend interruption has been a change. You come in at some time (for the trading support person, that's an obscenely early time; of course, I still think of 8am as obscenely early, but that's a different issue). You're going to leave at about that time+10 hours. You're not going to stay late, unless you for some reason want to (and you can't stay *that* late -- most people's net access expires at 8pm). You're not going to get called at home, or on the weekend. It's not one of those "sacrifice your life for the job" places. There you go. I cannot say enough good things about IT, but at the same time, there's no denying that IT works within an organization that I find ... distasteful. To whatever degree he can, our CIO protects us and makes this a pleasant tropical island in the middle of an ocean of depravity (give me a break, I'm not a writer), but when it comes to some company stuff (e.g. benefits), obviously he doesn't have all that much power. So ... there you go. If this sounds ambiguous, that's intentional. If it sounds like this place might be good for you, go ahead and apply, let me know you've done it, and mention my name in your application. If you have any questions, let me know. If you think this has been a waste of list bandwidth, my apologies. -roy From extasia at extasia.org Tue Jan 13 17:08:20 2004 From: extasia at extasia.org (David Alban) Date: Tue, 13 Jan 2004 17:08:20 -0800 Subject: [baylisa] SIG-BEER-WEST this Saturday 1/17 in San Francisco Message-ID: <20040113170820.A27839@gerasimov.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SIG-beer-west Saturday, January 17, 2004 at 6:00pm San Francisco, CA http://extasia.org/sig-beer-west/ Beer. Mental stimulation. This event: Saturday, 1/17/2004, 6:00pm, at the 21st Amendment Brew Pub, San Francisco directions: http://www.21st-amendment.com/location/index.html beer: http://www.21st-amendment.com/beer/index.html food: http://www.21st-amendment.com/food/index.html Coming events (third Saturdays): Saturday, 02/21/2004, 6:00pm, location to be determined Saturday, 03/20/2004, 6:00pm, location to be determined Saturday, 04/17/2004, 6:00pm, location to be determined Saturday, 05/15/2004, 6:00pm, location to be determined San Francisco's next social event for techies and their friends, sig-beer-west, will take place at 6:00pm on Saturday, January 17, 2004 at [1]21st Amendment Brew Pub in San Francisco, CA. [1] http://www.21st-amendment.com/21A.html 21st Amendment's [2]selection of beer includes their own delightful brews, and a fair selection of guest brews. They have a full [3]food menu and I can personally recommend the sweet potato straws and the grilled Monterey Bay squid. Festivities will start at 6:00pm and continue until we've all left. [2] http://www.21st-amendment.com/beer/index.html [3] http://www.21st-amendment.com/food/index.html Directions to 21st Amendment can be found on their [4]directions page. They're about a fifteen minute walk down 2nd St. from the Montgomery BART station. [4] http://www.21st-amendment.com/location/index.html When you show up, you should look for some kind of home made sig-beer-west sign. We will try to make it obvious who we are. :-) Note: Please look for the sig-beer-west sign, not for a particular person. sig-beer-west may have different hosts from month to month. Everyone is welcome at this event. We mean it! Please feel free to forward this information and to invite friends, co-workers, and others (all of legal drinking age) who might enjoy lifting a glass with interesting folks from all over the place. Can't come this month? Mark your calendar for next month. (Do it now before you forget!) sig-beer-west occurs on the third Saturday of the month. Any questions, comments, suggestions of things to do later on that evening, or new venue suggestions ... email the current [5]sig-beer-west Instigator. [5] extasia a.t extasia d.o.t org sig-beer-west FAQ 1. Q: Your announcement says "techies and their friends". How do I know if I'm a techie, or a friend of one? A: Well, actually, you don't have to be a techie to attend. You just have to be able to find the sig-beer-west sign at this month's event. That's it! Simple, huh? 2. Q: I'm not really a beer person. In fact I'm interested in hanging out, but not in drinking. Would I be welcome? A: Absolutely! The point is to hang out with fun, interesting folks. Please do join us. 3. Q: Is parking difficult in the city, like maybe I should factor this into my travel time? A: Yes. Note for January 2004: 21st Amendment is a fifteen minute walk from Montgomery BART. You may want to consider [6]BARTing and not worrying at all about parking. [6] http://www.bart.gov/ ______________________________________________________________________ sig-beer-west was started in February 2002 when a couple Washington, D.C. based systems administrators who moved to the San Francisco Bay area wanted to continue a [7]dc-sage tradition, sig-beer, which is [8]described in dc-sage web space as: SIG-beer, as in "Special Interest Group - Beer" ala ACM, or as in "send the BEER signal to that process". The original SIG-beer gathering takes place in Washington DC, usually on the first Saturday night of the month. [7] http://www.dc-sage.org/ [8] http://www.dc-sage.org/SIG-beer/ ______________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFABI1ePh0M9c/OpdARAgJwAJ4tzjYCNPVxfTKKo8te8wUlpsVeAQCfVUsL CHaqi46oXOySqAUg6zWPaG0= =/dYM -----END PGP SIGNATURE----- From star at starshine.org Thu Jan 15 13:38:39 2004 From: star at starshine.org (Heather Stern) Date: Thu, 15 Jan 2004 13:38:39 -0800 Subject: BayLISA tonight! 7ish pm Message-ID: <20040115213839.GC24305@starshine.org> NOTE new location --> Building 4, Town Hall. Permanent change :D That's right folks, our own Jim Dennis is going to talk about using Systrace effectively at BayLISA tonight. Not strace, but something like it - more like "fakeroot" on steroids - or a system call firewall, filtering out what calls are permitted and which are to be watched or logged. Sorry for you palm pilot types who plan ahead, I didn't mail earlier in the week. BayLISA meets on the Third Thursday every month, so "tonight" for those of you whose mail agents don't show arrival time in the headers, is: January 15th 7:30 pm arrive about 7 pm for snacks, announcments, chitchat Our location this month has moved, to a nicer and larger hall, and will be staying at the new spot. It's a little easier to describe the directions: Town Hall the larger auditorium in Apple's building 4 infinite loop Apple Campus, Cupertino near 280 @ De Anza exit As you come in on Mariani from De Anza, go around the back side of the loop; to me it seems like it is slightly closer from the left side of the Loop as you come in. For anyone who's wondering who the heck Jim Dennis is, that bushy bearded redheaded guy who can't stop talking about Linux, and is married to me, and is really active on some webzine thingy called Linux Gazette. You'd think he was famous for it or something ;P Tell your BSDish pals too; Systrace began as a netBSD/openBSD app. Systrace support involves kernel support, so some of that will be covered, too. . | . Heather Stern | star at starshine.org --->*<--- Starshine Technical Services - * - consulting at starshine.org ' | ` Sysadmin Support and Training | (800) 938-4078 kernel, n.: A part of an operating system that preserves the medieval traditions of sorcery and black art. From david at catwhisker.org Fri Jan 16 07:00:52 2004 From: david at catwhisker.org (David Wolfskill) Date: Fri, 16 Jan 2004 07:00:52 -0800 (PST) Subject: systrace and FreeBSD (followup on Jim's talk last night) Message-ID: <200401161500.i0GF0qu2024606@bunrab.catwhisker.org> A (very!) quick Google search on "FreeBSD and systrace" shows that as of last summer, Rich Murphey was porting systrace to FreeBSD. I may write to him a bit later, as I don't see a great deal of obvious evidence that he's been making much visible progress of late -- maybe he could use some help. :-} Peace, david -- David H. Wolfskill david at catwhisker.org If you want true virus-protection for your PC, install a non-Microsoft OS on it. Plausible candidates include FreeBSD, Linux, NetBSD, OpenBSD, and Solaris (in alphabetical order). From jimd at starshine.org Sun Jan 18 18:17:26 2004 From: jimd at starshine.org (jimd at starshine.org) Date: Sun, 18 Jan 2004 18:17:26 -0800 Subject: systrace and FreeBSD (followup on Jim's talk last night) In-Reply-To: <200401161500.i0GF0qu2024606@bunrab.catwhisker.org> References: <200401161500.i0GF0qu2024606@bunrab.catwhisker.org> Message-ID: <20040119021726.GA7169@mercury.starshine.org> On Fri, Jan 16, 2004 at 07:00:52AM -0800, David Wolfskill wrote: > A (very!) quick Google search on "FreeBSD and systrace" shows that > as of last summer, Rich Murphey was porting systrace to FreeBSD. > I may write to him a bit later, as I don't see a great deal of > obvious evidence that he's been making much visible progress of > late -- maybe he could use some help. :-} > Peace, > david Maybe you could ping him. -- Jim Dennis From david at catwhisker.org Mon Jan 19 10:55:11 2004 From: david at catwhisker.org (David Wolfskill) Date: Mon, 19 Jan 2004 10:55:11 -0800 (PST) Subject: Fairly rude surprise in logs this AM -- possible DoS attempt? Message-ID: <200401191855.i0JItBME057406@bunrab.catwhisker.org> I'm in the habit of reviewing the previous day's logs for my home DSL connection each morning -- mostly to get a feel for current trends (fads in spam and the like). One of the first logs I review is produced by the packet filter I use; a typical day has maybe 80 - 120 lines in it for a given day; maybe as much as a couple hundred lines. This morning, the usual quota was augmented by 83610 lines that were created during the period 13:03:28 - 16:47:15 yesterday (local time), each from 62.58.50.220, dsbl.zonnet.nl. (Note that there are certain packets that I drop silently.) I've sent a note summarizing the matter to abuse at zonnet.nl; we'll see what happens. Anyone else have similar experiences of late? Peace, david -- David H. Wolfskill david at catwhisker.org I do not "unsubscribe" from email "services" to which I have not explicitly subscribed. Rather, I block spammers' access to SMTP servers I control, and encourage others who are in a position to do so to do likewise. From wolfgang+gnus-baylisa at dailyplanet.dontspam.wsrcc.com Mon Jan 19 13:14:18 2004 From: wolfgang+gnus-baylisa at dailyplanet.dontspam.wsrcc.com (Wolfgang S. Rupprecht) Date: Mon, 19 Jan 2004 13:14:18 -0800 Subject: Fairly rude surprise in logs this AM -- possible DoS attempt? References: <200401191855.i0JItBME057406@bunrab.catwhisker.org> Message-ID: david at catwhisker.org (David Wolfskill) writes: > This morning, the usual quota was augmented by 83610 lines that > were created during the period 13:03:28 - 16:47:15 yesterday (local > time), each from 62.58.50.220, dsbl.zonnet.nl. (Note that there > are certain packets that I drop silently.) Could it be related to the new "bagel" microsoft-virus? The following article mentions that it tries to connect to remote web sites and also to port 6667/tcp. http://www.theinquirer.net/?article=13697 > Anyone else have similar experiences of late? Nothing that far out of the ordinary. Just the usual 500 per day of 137/udp and a few dozen random ports. -wolfgang -- Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/ The above "From:" address is valid. Don't mess with it. Gripe to your senators about spam: http://www.wsrcc.com/spam/senators.html From david at catwhisker.org Mon Jan 19 19:48:08 2004 From: david at catwhisker.org (David Wolfskill) Date: Mon, 19 Jan 2004 19:48:08 -0800 (PST) Subject: Fairly rude surprise in logs this AM -- possible DoS attempt? In-Reply-To: Message-ID: <200401200348.i0K3m80p058814@bunrab.catwhisker.org> >To: baylisa at baylisa.org >Date: Mon, 19 Jan 2004 13:14:18 -0800 >From: "Wolfgang S. Rupprecht" >Subject: Re: Fairly rude surprise in logs this AM -- possible DoS attempt? >Sender: owner-baylisa at baylisa.org >Could it be related to the new "bagel" microsoft-virus? The following >article mentions that it tries to connect to remote web sites and also >to port 6667/tcp. I didn't see much as far as poking at my Web server, and the target ports were all over the place (though all 83610 were TCP, vs. UDP); only 3 were to 6667/tcp. >> Anyone else have similar experiences of late? >Nothing that far out of the ordinary. Just the usual 500 per day of >137/udp and a few dozen random ports. 137/udp is one of those I don't even log (though I do get a count every 24 hrs., I don't tend to dwell on it). Only response so far from zonnet.nl was the auto-response. Peace, david -- David H. Wolfskill david at catwhisker.org I do not "unsubscribe" from email "services" to which I have not explicitly subscribed. Rather, I block spammers' access to SMTP servers I control, and encourage others who are in a position to do so to do likewise. From david at catwhisker.org Tue Jan 20 05:58:32 2004 From: david at catwhisker.org (David Wolfskill) Date: Tue, 20 Jan 2004 05:58:32 -0800 (PST) Subject: Fairly rude surprise in logs this AM -- possible DoS attempt? In-Reply-To: <200401191855.i0JItBME057406@bunrab.catwhisker.org> Message-ID: <200401201358.i0KDwWIj060565@bunrab.catwhisker.org> So -- I received an explanation for the portscanning I mentioned here: >Date: Tue, 20 Jan 2004 09:40:00 +0100 >From: "Richard Zuidhof \(ZON\)" >To: abuse at catwhisker.org >Subject: Re: Port scanning from 62.58.50.220 (dsbl.zonnet.nl)??!? >Your address was scanned to check if you have an open proxy. Because we >experience a incredible lot of spam from dsl and cable connections that >have open proxies we do a single test on each one that sends us mail. In >that way we find thousands of new open proxies every day. >Because your address has a reverse name that contains 'dsl' >(adsl-63-193-123-122.dsl.snfc21.pacbell.net) you were scanned. Sorry for >the inconvenience. >.... So, no harm done. It just caught me off-guard, to an extent. [In my response to Richard, I pointed out that I could understand the approach, to an extent; it just seemed to me that what was done was "overkill."] And I suppose that folks who don't actually try to use residential DSL (or cable, I suppose) connections for direct SMTP connections to sites unaffiliated with their ISP would be less likely to encounter such things. Peace, david (current hat: postmaster at catwhisker.org) -- David H. Wolfskill david at catwhisker.org I do not "unsubscribe" from email "services" to which I have not explicitly subscribed. Rather, I block spammers' access to SMTP servers I control, and encourage others who are in a position to do so to do likewise. From alvin at Mail.Linux-Consulting.com Tue Jan 20 07:25:54 2004 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Tue, 20 Jan 2004 07:25:54 -0800 (PST) Subject: Fairly rude surprise in logs this AM -- possible DoS attempt? In-Reply-To: <200401201358.i0KDwWIj060565@bunrab.catwhisker.org> Message-ID: hi ya david On Tue, 20 Jan 2004, David Wolfskill wrote: > So -- I received an explanation for the portscanning I mentioned here: if you didn't send the initial (complaint) mail to them ( zonnet.nl ), than they should not have been scanning you in the first place if they scanned first, their explanation doesnt fly ... it's odd that they scan the sender of emails ... what would be the point ? - are they collecting a list of open proxy ??? - why not make that "list of daily thousands of open proxy" available so that we all can use it as an rbl, since they've already verified its an open proxy and they received "spam" c ya alvin > >Date: Tue, 20 Jan 2004 09:40:00 +0100 > >From: "Richard Zuidhof \(ZON\)" > >To: abuse at catwhisker.org > >Subject: Re: Port scanning from 62.58.50.220 (dsbl.zonnet.nl)??!? > > >Your address was scanned to check if you have an open proxy. Because we > >experience a incredible lot of spam from dsl and cable connections that > >have open proxies we do a single test on each one that sends us mail. In > >that way we find thousands of new open proxies every day. > > >Because your address has a reverse name that contains 'dsl' > >(adsl-63-193-123-122.dsl.snfc21.pacbell.net) you were scanned. Sorry for > >the inconvenience. > > >.... > > So, no harm done. It just caught me off-guard, to an extent. From baylisa at az0.altern8.net Tue Jan 20 09:09:57 2004 From: baylisa at az0.altern8.net (Vince Hoang) Date: Tue, 20 Jan 2004 07:09:57 -1000 Subject: Fairly rude surprise in logs this AM -- possible DoS attempt? In-Reply-To: References: <200401201358.i0KDwWIj060565@bunrab.catwhisker.org> Message-ID: <20040120170957.GB42404@anarchy.com> On Tue, Jan 20, 2004 at 07:25:54AM -0800, Alvin Oga wrote: > On Tue, 20 Jan 2004, David Wolfskill wrote: > > > So -- I received an explanation for the portscanning I mentioned here: > > if you didn't send the initial (complaint) mail to them ( zonnet.nl ), > than they should not have been scanning you in the first place Try http://dsbl.zonnet.nl/ and http://dsbl.org/howitworks#how. > it's odd that they scan the sender of emails ... > what would be the point ? > - are they collecting a list of open proxy ??? Yes. Lots of dnsbls operate this way. > - why not make that "list of daily thousands of open proxy" > available so that we all can use it as an rbl, since they've > already verified its an open proxy and they received "spam" Zonnet does explain their methodology. I will avoid discussing the validity of their rationale, because that is just a rat hole. -Vince From rsr at inorganic.org Tue Jan 20 09:28:00 2004 From: rsr at inorganic.org (Roy S. Rapoport) Date: Tue, 20 Jan 2004 09:28:00 -0800 Subject: Fairly rude surprise in logs this AM -- possible DoS attempt? In-Reply-To: References: <200401201358.i0KDwWIj060565@bunrab.catwhisker.org> Message-ID: <20040120172800.GA8846@nag.inorganic.org> On Tue, Jan 20, 2004 at 07:25:54AM -0800, Alvin Oga wrote: > if you didn't send the initial (complaint) mail to them ( zonnet.nl ), > than they should not have been scanning you in the first place Yeah. Not to mention there shouldn't be hundreds and hundreds of tests -- just one port 25 test. > it's odd that they scan the sender of emails ... > what would be the point ? > - are they collecting a list of open proxy ??? > > - why not make that "list of daily thousands of open proxy" > available so that we all can use it as an rbl, since they've > already verified its an open proxy and they received "spam" Actually, RR does something similar to this -- testing senders of email to make sure they're not open relays. And they don't advertise their results either. Frankly, one reciprocal test feels like it's OK for me -- if I'm trying to send something through your system, I feel that you have the right to try to send something through mine. Tens of tests are not OK, and preemptive tests are not OK either. As for advertising ... look, obviously, it'd be a nice thing, but I can see a whole bunch of reasons not to, including legal liability, support headaches, and becoming a DDoS target. And frankly, testing for open relay is a lot more palatable to me than the "send us your IPs" folks. -roy From rsr at inorganic.org Tue Jan 20 09:32:59 2004 From: rsr at inorganic.org (Roy S. Rapoport) Date: Tue, 20 Jan 2004 09:32:59 -0800 Subject: Fairly rude surprise in logs this AM -- possible DoS attempt? In-Reply-To: <200401191855.i0JItBME057406@bunrab.catwhisker.org> References: <200401191855.i0JItBME057406@bunrab.catwhisker.org> Message-ID: <20040120173259.GA9792@nag.inorganic.org> On Mon, Jan 19, 2004 at 10:55:11AM -0800, David Wolfskill wrote: > This morning, the usual quota was augmented by 83610 lines that > were created during the period 13:03:28 - 16:47:15 yesterday (local > time), each from 62.58.50.220, dsbl.zonnet.nl. (Note that there > are certain packets that I drop silently.) I call "shennanigans," David, and I call "shennanigans" on their explanation that they're proxy-testing you. Either they're lying or they're horribly misconfigured and rude. Either way, they're not playing nice. RR designed its systems so it would test a sender at MOST once a week. That test would involve one, and only one, SMTP connection. There's nothing else you need to do to verify whether or not something is an open relay. Anything else is them rattling the door on your house trying to see if you're using a good lock -- MAYBE they're making sure you're not a crackhouse, but it's far more likely that they're casing the joint. IMHO. -roy From alvin at Mail.Linux-Consulting.com Tue Jan 20 16:22:40 2004 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Tue, 20 Jan 2004 16:22:40 -0800 (PST) Subject: Fairly rude surprise in logs this AM -- possible DoS attempt? In-Reply-To: <20040120172800.GA8846@nag.inorganic.org> Message-ID: hi ya roy On Tue, 20 Jan 2004, Roy S. Rapoport wrote: > On Tue, Jan 20, 2004 at 07:25:54AM -0800, Alvin Oga wrote: > > if you didn't send the initial (complaint) mail to them ( zonnet.nl ), > > than they should not have been scanning you in the first place > > Yeah. Not to mention there shouldn't be hundreds and hundreds of tests -- > just one port 25 test. yup.. list of open relay tests and list of open relays and other blah http://www.Linux-Sec.net/Mail/OpenRelay/ PaladinCorp does a good job of online web-based open relay tests > Actually, RR does something similar to this -- testing senders of email to > make sure they're not open relays. am assuming rr referenced here is reverse dns entries having or not having rr does not mean they are open relays or not ?? and rr is not needed to be a legit mail server ( of all the odd things ot leave off the stmp rfc, it should be but oh well, 30 yr old ideas ) > And they don't advertise their results either. thats what makes it all fishy, and that they scan to test for openrelays > Frankly, one reciprocal test feels like it's OK for me -- if I'm trying to > send something through your system, I feel that you have the right to try > to send something through mine. Tens of tests are not OK, and preemptive > tests are not OK either. :-) or an excuse after the fact ... after having scanned the victim ( site under tests ) am assuming david did NOT send any email prior to them scanning his servers c ya alvin From alvin at Mail.Linux-Consulting.com Tue Jan 20 17:00:17 2004 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Tue, 20 Jan 2004 17:00:17 -0800 (PST) Subject: RBLs - Re: Fairly rude surprise in logs this AM -- possible DoS attempt? In-Reply-To: Message-ID: hi ya roy/david.. and for the fun of it ... i went to check ... nothing from zonnet.nl but .. on one itty-bitty mail server .. p90 w/ 48MB of mem ... root# grep -i rbl /var/log/mail.log | wc -l 16034 ( its using sendmail w/ rbls ) -- that is like 100x too many ... oh well ... ( all rejected .. hopefully filling up the spamming server's ( bounced mail bucket c ya alvin From rsr at inorganic.org Tue Jan 20 17:08:29 2004 From: rsr at inorganic.org (Roy S. Rapoport) Date: Tue, 20 Jan 2004 17:08:29 -0800 Subject: Fairly rude surprise in logs this AM -- possible DoS attempt? In-Reply-To: References: <20040120172800.GA8846@nag.inorganic.org> Message-ID: <20040121010829.GA24529@nag.inorganic.org> On Tue, Jan 20, 2004 at 04:22:40PM -0800, Alvin Oga wrote: > > Actually, RR does something similar to this -- testing senders of email to > > make sure they're not open relays. > > am assuming rr referenced here is reverse dns entries Sorry, that's what I get from mixing my audiences -- in some circles, "RR" is taken to mean RoadRunner, though obviously that's not here. Sorry :) -roy From lanning at lanning.cc Tue Jan 20 11:29:51 2004 From: lanning at lanning.cc (Robert Hajime Lanning) Date: Tue, 20 Jan 2004 11:29:51 -0800 (PST) Subject: Fairly rude surprise in logs this AM -- possible DoS attempt? In-Reply-To: <20040120173259.GA9792@nag.inorganic.org> References: <200401191855.i0JItBME057406@bunrab.catwhisker.org> <20040120173259.GA9792@nag.inorganic.org> Message-ID: <55530.192.55.4.36.1074626991.squirrel@192.55.4.36> > I call "shennanigans," David, and I call "shennanigans" on their > explanation that they're proxy-testing you. Either they're lying or > they're horribly misconfigured and rude. Either way, they're not playing > nice. > > RR designed its systems so it would test a sender at MOST once a week. > That test would involve one, and only one, SMTP connection. There's > nothing else you need to do to verify whether or not something is an open > relay. I believe you are mixing up "open relay" with "open proxy". Open Relay = mis-configured MTA (MS Exchange, etc...) port 25 Open Proxy = mis-configured TCP Proxy (WinGate, etc...) port any > Anything else is them rattling the door on your house trying to see if > you're using a good lock -- MAYBE they're making sure you're not a > crackhouse, but it's far more likely that they're casing the joint. > > IMHO. > > -roy > -- END OF LINE -MCP From david at catwhisker.org Tue Jan 20 20:32:14 2004 From: david at catwhisker.org (David Wolfskill) Date: Tue, 20 Jan 2004 20:32:14 -0800 (PST) Subject: Fairly rude surprise in logs this AM -- possible DoS attempt? In-Reply-To: Message-ID: <200401210432.i0L4WEoM063385@bunrab.catwhisker.org> >Date: Tue, 20 Jan 2004 16:22:40 -0800 (PST) >From: Alvin Oga >To: "Roy S. Rapoport" >cc: baylisa at baylisa.org >Subject: Re: Fairly rude surprise in logs this AM -- possible DoS attempt? >Sender: owner-baylisa at baylisa.org >> And they don't advertise their results either. >thats what makes it all fishy, and that they scan to test for openrelays I'll point out here that my correspondent, in a portion of his response which I elided from my message to baylisa@, invited me to make use of their RBL service. (I thnked him for the offer, and indicated that I'd research the means by which the list was maintained before making a decision.) >> Frankly, one reciprocal test feels like it's OK for me -- if I'm trying to >> send something through your system, I feel that you have the right to try >> to send something through mine. Tens of tests are not OK, and preemptive >> tests are not OK either. >:-) >or an excuse after the fact ... after having scanned the victim ( site >under tests ) >am assuming david did NOT send any email prior to them scanning his >servers Actually, it seems that I probably did: I no longer save spam itself, but I do log some information about it. And what I have logged shows that I probably sent mail to abuse at zonnet.nl around Sun Jan 18 12:51:36 2004. The message would have been in re: spam vectored via dslam36-32-59-81.dyndsl.zonnet.nl [81.59.32.36]. Peace, david -- David H. Wolfskill david at catwhisker.org I do not "unsubscribe" from email "services" to which I have not explicitly subscribed. Rather, I block spammers' access to SMTP servers I control, and encourage others who are in a position to do so to do likewise. From holland at guidancetech.com Wed Jan 21 06:31:52 2004 From: holland at guidancetech.com (Rich Holland) Date: Wed, 21 Jan 2004 09:31:52 -0500 Subject: Fairly rude surprise in logs this AM -- possible DoS attempt? In-Reply-To: <200401210432.i0L4WEoM063385@bunrab.catwhisker.org> Message-ID: <20040121143202.8AF8588@jester.pobox.com> David Wolfskill wrote: > Actually, it seems that I probably did: I no longer save spam itself, > but I do log some information about it. I save it in case I ever need to retrain my Bayesian filters. So far they catch upwards of 95-98% of the spam with zero false positives and I have to review maybe 3 messages a day it's not able to classify. > And what I have logged shows > that I probably sent mail to abuse at zonnet.nl around Sun Jan 18 12:51:36 > 2004. The message would have been in re: spam vectored via > dslam36-32-59-81.dyndsl.zonnet.nl [81.59.32.36]. That'll teach ya. :-) -- Rich Holland (913) 645-1950 SAP Technical Consultant print unpack("u","92G5S\=\"!A;F]T:&5R(\'!E Folks with flexible schedules might be interested in attending this workshop in San Jose. Mmmmm, crunchy-- embedded Linux and real-time fun! :-) -------- Original Message -------- Subject: Real-Time & Embedded Computing Conf. -- Complimentary Invite for Jan 29 Date: Wed, 21 Jan 2004 09:22:29 -0800 From: Heather Petty To: Dear Strata Rose Chalup, We are hosting a one-day Real-Time & Embedded Computing Conference on Thursday, January 29th at the DoubleTree Hotel in San Jose from 8:00am-3pm. We invite you and your colleagues to be our guests. The Real-Time and Embedded event is Complimentary for each guest (sponsored by the RTC Group and the participating companies). It is specifically designed for software and hardware engineers, project managers, R&D, Directors of Engineering, designing for military & aerospace, telephony and datacom, industrial control, instrumentation, embedded appliances and more. Mr. Rick Lehrbaum of LinuxDevices.com will be our luncheon keynote speaker, in addition to numerous technical breakout sessions throughout the day from companies such as Motorola Group, Microsoft, Green Hills Software, Wind River plus several industry (exhibitor, please see the attached pdf for more detail. The exhibition will run alongside more than 24 open-door breakout sessions for guests to talk face-to-face with the vendors' technical experts. As I mentioned, the event is hosted with free parking, free registration to all exhibits and sessions, and we also serve a buffet lunch at noon for everyone. Please extend the invitation to your associates on our behalf; they are more than welcome to attend as well. For the most current information please visit www.rtecc.com < http://www.rtecc.com > Thank you for your time. I hope to welcome you and your colleagues at the Best Western Greenwood Inn on Thursday, January 29th. Heather Petty ~ The RTC Group, USA ~ 949.226.2027 -- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** ========================================================================= -------------- next part -------------- A non-text attachment was scrubbed... Name: Real-Time & Emb Computing Conf Invite.pdf Type: application/octet-stream Size: 181026 bytes Desc: not available URL: From alfw at slac.stanford.edu Thu Jan 22 10:42:27 2004 From: alfw at slac.stanford.edu (Alf Wachsmann) Date: Thu, 22 Jan 2004 10:42:27 -0800 (PST) Subject: CfP: AFS Best Practices Workshop Message-ID: **************************************************************************** Call for Papers and Participation AFS Best Practices Workshop March 24-26, 2004 at Stanford Linear Accelerator Center, Menlo Park, CA http://www-conf.slac.stanford.edu/AFSBestPractices **************************************************************************** Purpose of the Workshop: * Bring together AFS novices and AFS experts * Learn about AFS tools * Learn about AFS best practices Target Audience: * People interested in AFS * AFS administrators: novices and experienced Workshop Format: * One day tutorial "Introduction to AFS and its Best Practices" on March 23. * Invited Talks: * Derrick Brashear: News from the AFS Developer's Front * Phil Moore (Morgan Stanley): AFS at Morgan Stanley * Rodney Dyer (Univ. of North Carolina): AFS on Windows * Contributed talks (30-45min) Possible Topics include, but are not limited to: * AFS best practices (volume naming, directory hierarchy, volume sizes, ...) * AFS weaknesses (locking, ACLs on files, ...) * AFS performance tuning (client side, server side) * Benchmarking AFS * AFS server scaling and HW recommendations * AFS service monitoring * IBM AFS to OpenAFS Migration experiences * AFS and Kerberos 5: * How to install a new cell from scratch * Migration from kaserver to MIT Krb5 * Migration from kaserver to Heimdal Krb5 * AFS related tools (AFS Perl, Java API, scripts, ...) * AFS and backup (scripts, amanda, TSM, ...) * Delegation of AFS administration * AFS on non-Unix platforms * Commercial support for OpenAFS Please register your talk and your participation under http://www-conf.slac.stanford.edu/AFSBestPractices Late registration fees will apply after February 29, 2004. Please send questions to AFSBest-Workshop at slac.stanford.edu From jimd at starshine.org Fri Jan 23 12:28:17 2004 From: jimd at starshine.org (jimd at starshine.org) Date: Fri, 23 Jan 2004 12:28:17 -0800 Subject: CfP: AFS Best Practices Workshop In-Reply-To: References: Message-ID: <20040123202817.GC29028@mercury.starshine.org> On Thu, Jan 22, 2004 at 10:42:27AM -0800, Alf Wachsmann wrote: > **************************************************************************** > Call for Papers and Participation > AFS Best Practices Workshop > March 24-26, 2004 at > Stanford Linear Accelerator Center, Menlo Park, CA > http://www-conf.slac.stanford.edu/AFSBestPractices > **************************************************************************** > Purpose of the Workshop: > * Bring together AFS novices and AFS experts > * Learn about AFS tools > * Learn about AFS best practices Alf, I would count as an AFS novice. However, I've been a Linux sysadmin for many years, and I've read about AFS for several years. I'm curious about it. I'm also one of the editors for the Linux Gazette (http://www.linuxgazette.net) I'd like to see if we can get an article on OpenAFS done for one of our upcoming issues --- perhaps in time to attract some more people to this workshop. I'd love to see AFS get some more widespread attention and momentum --- 'til it's truly an alternative to NFS for average small to medium sized offices. So, do you have any suggestions on who might write or co-author such an article for us? -- Jim Dennis From jesse at boldandbusted.com Sat Jan 24 18:02:04 2004 From: jesse at boldandbusted.com (Jesse Adelman) Date: Sat, 24 Jan 2004 18:02:04 -0800 (PST) Subject: "Strong Scripting Skills" - a definition? Message-ID: <20040125020204.14252.qmail@web60707.mail.yahoo.com> Hi, all. This may be a question whose answer is "If you have to ask, you don't have them." ;) I'm a Linux/*NIX sysadmin, and I've seen always seen positions that require "strong scripting skills". I've scripted tasks to automate them, using Bash, Perl, Bourne, and others. I know my way around CPAN. But, I know that there are many others with better scripting skills than me (like, for instance, the authors of "UNIX Power Tools" or, say, "Perl Cookbook"...). So, how will I know when I can say with confidence that I have "strong" scripting skills? Is there a standard out there? I've been working with Linux for years, and I just got my LPI Level 2 cert, but I don't want to treat that like MCSE's often do (i.e. bragging about the cert without really knowing how good, or poor, they are). Thanks in advance for your advice! Jesse Adelman http://resume.boldandbusted.com/ ===== -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Jesse Adelman http://www.boldandbusted.com/ (just resume now) -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ From fscked at pacbell.net Sat Jan 24 21:14:09 2004 From: fscked at pacbell.net (richard childers / kg6hac) Date: Sat, 24 Jan 2004 21:14:09 -0800 Subject: "Strong Scripting Skills" - a definition? In-Reply-To: <20040125020204.14252.qmail@web60707.mail.yahoo.com> References: <20040125020204.14252.qmail@web60707.mail.yahoo.com> Message-ID: <401350A1.2060707@pacbell.net> > > >how will I know >when I can say with confidence that I have "strong" scripting skills? > [1] If you can teach your interviewer(s) something that they did not know, you can say you have strong scripting skills. Note that this definition is relative to your interviewer's skill level. [2] If you have source code that you don't mind showing others, doing something serious that they lack, and your readers can understand it, you have strong scripting skills. Extra points if they did not know that they needed it until you walked into the room and started talking. Extra points if it runs on their computers without tweaking. Extra points if it can be downloaded from the Internet and demo'd during the interview. [3] If you have scripting skills that span several shells and can talk knowledgably about past projects using them all, you probably have strong scripting skills. [4] If you have scripting skills that span several scripting languages and can talk knowledgeably about the differences between interpreted and compiled code, know who Kernighan and Plauger are, and can quote from The Element of Programming Style ... you probably have strong scripting skills. All that having been said, you will occasionally run into anal programming types who spent some time at college poring over shell source code, and whom think they are better than you. They will be eager to prove it to you; they might even be right. You probably won't want to work with them, anyway, and they probably need to spend a few years writing production shell scripts for a living to get that ivory tower polish off them; keep moving and don't look back. (Live365 comes to mind ...) Remember that there are thousands of programmers out there who taught themselves shell programming; don't feel bad about what you don't know, but do feel sorry for the people you meet whose superiority does not allow them to raise others to their level of education. I have heard of people whom represent themselves as adept at shell programming, whose jaws drop when you ask them, 'Which shell?'. So care is indicated. Regards, -- richard -- Richard Childers / Senior Engineer Daemonized Networking Services 945 Taraval Street, #105 San Francisco, CA 94116 USA [011.]1.415.759.5571 https://www.daemonized.com Jesse Adelman wrote: >Hi, all. This may be a question whose answer is "If you have to ask, >you don't have them." ;) I'm a Linux/*NIX sysadmin, and I've seen >always seen positions that require "strong scripting skills". I've >scripted tasks to automate them, using Bash, Perl, Bourne, and others. >I know my way around CPAN. But, I know that there are many others with >better scripting skills than me (like, for instance, the authors of >"UNIX Power Tools" or, say, "Perl Cookbook"...). So, how will I know >when I can say with confidence that I have "strong" scripting skills? >Is there a standard out there? > >I've been working with Linux for years, and I just got my LPI Level 2 >cert, but I don't want to treat that like MCSE's often do (i.e. >bragging about the cert without really knowing how good, or poor, they >are). > >Thanks in advance for your advice! > >Jesse Adelman >http://resume.boldandbusted.com/ > >===== >-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >Jesse Adelman >http://www.boldandbusted.com/ (just resume now) >-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > > From alvin at Mail.Linux-Consulting.com Sun Jan 25 02:56:29 2004 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Sun, 25 Jan 2004 02:56:29 -0800 (PST) Subject: "Strong Scripting Skills" - a definition? In-Reply-To: <20040125020204.14252.qmail@web60707.mail.yahoo.com> Message-ID: hi ya On Sat, 24 Jan 2004, Jesse Adelman wrote: > Hi, all. This may be a question whose answer is "If you have to ask, > you don't have them." ;) I'm a Linux/*NIX sysadmin, and I've seen > always seen positions that require "strong scripting skills". I've i think "the proper definition" is, can you do the task at hand for the budget in $$$ and time they ( randomly or intelligently ) allocated for the properly defined task and that someone else can maintain it for years or that you know they are pulling !@#$% out of thin air c ya alvin From michael at halligan.org Sun Jan 25 03:06:28 2004 From: michael at halligan.org (Michael T. Halligan) Date: Sun, 25 Jan 2004 03:06:28 -0800 (PST) Subject: "Strong Scripting Skills" - a definition? In-Reply-To: Message-ID: I think it's more of an issue as to how you approach things. When I think strong scripting skills, I think an admin who wants a solution rather than a fix. Somebody who makes it a point to automate everything, and create strong, reproducable solutions rather than just typing in commands time and time again. > > hi ya > > On Sat, 24 Jan 2004, Jesse Adelman wrote: > > > Hi, all. This may be a question whose answer is "If you have to ask, > > you don't have them." ;) I'm a Linux/*NIX sysadmin, and I've seen > > always seen positions that require "strong scripting skills". I've > > i think "the proper definition" is, can you do the task at hand > for the budget in $$$ and time they ( randomly or intelligently ) > allocated for the properly defined task and that someone else > can maintain it for years > > or that you know they are pulling !@#$% out of thin air > > c ya > alvin > > -- ------------------- Michael T. Halligan Chief Geek Halligan Infrastructure Designs. http://www.halligan.org/ 2250 Jerrold Ave #11 San Francisco, CA 94124-1012 (415) 724.7998 - Mobile From alvin at Mail.Linux-Consulting.com Sun Jan 25 04:09:16 2004 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Sun, 25 Jan 2004 04:09:16 -0800 (PST) Subject: "Strong Scripting Skills" - a definition? - 3am In-Reply-To: Message-ID: hi ya michael On Sun, 25 Jan 2004, Michael T. Halligan wrote: > I think it's more of an issue as to how you approach things. When I think strong > scripting skills, I think an admin who wants a solution rather than a fix. Somebody > who makes it a point to automate everything, and create strong, reproducable > solutions rather than just typing in commands time and time again. yuppers... sometimes "good skills" allow you to fix other peoples mistakes in code or logic or bugs or boundry conditions or "tasks" - "weak skills" wont be able to take over other peoples prior work - whether its cheaper/better to rewrite or keep going with what they have is a separate ball game of analysis not all things can be automated, one has to do it manually the first time - writing of the new scripts/apps that are not yet automated - testing that the apps does what it supposed to be doing - testing the tests for normal vs abnormal operation one of my trick questions for "i have strong scripting/programming skils": show me how many different ways can you write code for "hello world" ? or more complicated "examples" to find their skill levels ( a flow chart and explaination can be done for bigger tasks ) everybody usually puts down the alphabet lists of programming languages they know... or once knew c ya alvin From jimd at starshine.org Sun Jan 25 05:36:40 2004 From: jimd at starshine.org (jimd at starshine.org) Date: Sun, 25 Jan 2004 05:36:40 -0800 Subject: "Strong Scripting Skills" - a definition? In-Reply-To: <401350A1.2060707@pacbell.net> References: <20040125020204.14252.qmail@web60707.mail.yahoo.com> <401350A1.2060707@pacbell.net> Message-ID: <20040125133640.GB5187@mercury.starshine.org> On Sat, Jan 24, 2004 at 09:14:09PM -0800, richard childers / kg6hac wrote: >> how will I know >> when I can say with confidence that I have "strong" scripting skills? The phrase is clearly ambiguous and subjective. I've taught classes in shell scripting. I once had an interviewer put up a wretched fragment of shell code like: kill `ps wax | grep "foo" | grep -v "grep" | awk '{print $11}'` ... and ask me to explain what was "wrong with it. I pointed out that I wasn't sure which field number the PID was in in that ps output format, and I always check with 'ps -$FLAGS | head' before code anything like that. (That was the answer he was looking for). Then I went on to explain the UUoG (useless use of grep, squared by the extra one with the -v), the non-portability of the ps flags (in any scripting), the risk that some unintended matches might occur from the unanchored regex (i.e. "foo" might occur in the arguments list of some process that was not actually a "foo" process, other than the aforementioned useless grep), and even that the use of command substitution can usually be eliminated with a pipeline into xargs or a while loop. I then wrote a fragment of about the same length that addressed most of those issues using only bash/Korn built-ins (other than the ps command): ps wax | while read pid x x x cmd args; do [ $cmd = foo ] && \ kill $pid; done (He picked his jaw up off the table and declared that I knew much more about shell scripting than he did and recommended me for the position). (Nitpick: in ancient versions of Bourne shell the [ and kill commands would also be externals). Personally I don't think this displays much expertise in shell scripting. To me this example is trivial. I agree with Richard on the point that some interviewers can be outrageously arrogant (dripping with geeky testosterone) about "scripting" (and programming skills in general). It's one of those areas where *some* interviewers might engage in a sort of pissing contest to show how clever they are. Another area where this is likely is when you see phrases like: "strong security skills." My suggestions: Try to be reasonable objective about your skill level, but err on the daring side. Feel free to describe your skills as "strong" (or at least "solid") if you honestly believe they'll be "good enough" for the job at hand. Be modest and understated about it. Any appearance of bragging is likely to work against you. If you're relatively modest about it, then you're less likely to pull the trigger on any hidden testerone squirt gun; and you can gracefully defer to his (or her) superior expertise if "shots" are fired. Often grace under this sort of pressure is a more valuable job skill then the technical expertise in any event. Obviously any stories you have about interesting scripts you've written, especially any that have been published or used in production are compelling. (For instance: the first awk script I ever wrote, the one for which I taught myself the basics was about 70 lines long, written in a couple days and formed the core for regression testing and competitive analysis for the McAfee anti-virus products for a couple of years. It was later ported to Visual BASIC by one of their programmers who said he retained the design "almost line for line"). Don't let the discussion get too involved during an interview. It's not you're job to give them a free programming session and the interview situation is not conducive to quality coding. It's alright to gloss over the details. In fact it's incumbent upon you to do so. However, don't try to conceal a lack of expertise with the glossing. (Typical glossing: you can point out where you'd practice defensive coding by checking return values without trying to code up the exception handling in your example; you can point out cases where you'd look up the exact arguments or output/parsing formats just using psuedo-variables in your psuedo-code. You should point out potential portability issues. For example, I'm perfectly happy to say that I don't remember which field number the command string is going to appear in in a given 'ps' command. It's a trivial detail that I can check as I'm typing --- and it can be different from one system to another anyway. It's even okay to say something like: I remember that there's an argument for GNU ps that controls the exact output format and strips the header line --- it's better for scripting like this and I'd have to read the man page and fuss with it interactively to use it). Be aware of the limitations of scripting. Sometimes the best answer, in practice as well as for an interview, is to say: "that task is not appropriate for a shell script" (though almost anything can be done in Perl :) ). It's even reasonable, in some cases to say: "I'd look for something that already does this on Freshmeat, or CPAN or Google." Another example, perhaps facetious, is if they ask you to do a binary search of a sorted text file on a Linux system; it's quite reasonable to point out that mainstream Linux distribution commonly include the 'look' command which already does this. You can ask if they still want you to describe such a script as an academic exercise --- to demonstrate your understanding of how to perform a binary search. I've seen cases where the proposed scripting assignment was a trick question and the desired answer was: use "foo"; I recall the old "autopasswd" expect script was one that came up a few times --- for setting a large number of new account passwords at once. My solution has been something like: while read name pass; do useradd -m $name; autopasswd $name $pass; done < newaccounts.txt (Which I routinely use when teaching LPI courses, to create a set of throwaway accounts on the class server for exercises). As for "which shell" I typically presume they want Bourne/Korn/bash and will happily refer to "csh Programming Considered Harmful" if asked to write a sample in csh. (I'll also point out that I can struggle thorugh a csh script if pressed, but only with lots of experimentation and reference because I consider its syntax to be quirky). Last suggestion: avoid useless and flowery cleverness. It's clever to use commands like: cc -o foo{,.c} ... but anything that makes the interviewer scratch his or her head to wonder *why* you did that when there was a more straightforward way -- will work against you. > [1] If you can teach your interviewer(s) something that they did not > know, you can say you have strong scripting skills. Note that this > definition is relative to your interviewer's skill level. > [2] If you have source code that you don't mind showing others, doing > something serious that they lack, and your readers can understand it, > you have strong scripting skills. Extra points if they did not know that > they needed it until you walked into the room and started talking. Extra > points if it runs on their computers without tweaking. Extra points if > it can be downloaded from the Internet and demo'd during the interview. > [3] If you have scripting skills that span several shells and can talk > knowledgably about past projects using them all, you probably have > strong scripting skills. > [4] If you have scripting skills that span several scripting languages > and can talk knowledgeably about the differences between interpreted and > compiled code, know who Kernighan and Plauger are, and can quote from > The Element of Programming Style ... you probably have strong scripting > skills. > All that having been said, you will occasionally run into anal > programming types who spent some time at college poring over shell > source code, and whom think they are better than you. They will be eager > to prove it to you; they might even be right. You probably won't want to > work with them, anyway, and they probably need to spend a few years > writing production shell scripts for a living to get that ivory tower > polish off them; keep moving and don't look back. > (Live365 comes to mind ...) > Remember that there are thousands of programmers out there who taught > themselves shell programming; don't feel bad about what you don't know, > but do feel sorry for the people you meet whose superiority does not > allow them to raise others to their level of education. > I have heard of people whom represent themselves as adept at shell > programming, whose jaws drop when you ask them, 'Which shell?'. So care > is indicated. > Regards, -- Jim Dennis From alvin at Mail.Linux-Consulting.com Sun Jan 25 16:14:45 2004 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Sun, 25 Jan 2004 16:14:45 -0800 (PST) Subject: "Strong Scripting Skills" - a definition? - sunday In-Reply-To: <20040125133640.GB5187@mercury.starshine.org> Message-ID: hi ya jim it's sunday... time for some fun On Sun, 25 Jan 2004 jimd at starshine.org wrote: > I once had an interviewer put up a wretched fragment of shell code like: > > kill `ps wax | grep "foo" | grep -v "grep" | awk '{print $11}'` > > ... and ask me to explain what was "wrong with it. I pointed out that > I wasn't sure which field number the PID was in in that ps output > format, and I always check with 'ps -$FLAGS | head' before code > anything like that. (That was the answer he was looking for). Then "ps waxu" has its pid in $11 "ps wax" has its pid in $5 ... if foo is named " ThisSillyApp", one needs "grep -i" if foo is an argument for another-app, one needs to watch out for the other's command options that happen to be "foo" if multiple instances of foo is running, you might be sol and/or kill might kill all ( 2-n ) instances of "foo" which is good and bad... bad if it was intended for "kill particular-sshd" other times it's good, "kill all-hung-mozilla" (or hung konqueror) too many pipes in the above ... bash barfs on "|" commands cmd="ps axuw | grep sshd " echo "$cmd" $cmd -- sometimes doesnt work .. depends I break out each pipe'd command separately in bash scripts ( think i'm missing an old trick someplace ) more importantly.. did one test that it returns a valid pid -- always check that pid is non-zero and valid .. before killing do you want kill -HUP or kill -SIGHUP or kill -9 what if kill doesnt kill it cause foo is stuck or still being used.. why not simplify it after verifying the pid is correct kill `cat /var/run/app.pid` kill ` pidof foo ` killall foo sometimes grep -v grep is needed, sometimes not... i donno why some greps does it differently and always test it afterward to verify it did what its supposed to in the script ( check the return val or other means to double check ) and the above ps options line is not portable to multiple *nix c ya alvin From lanning at lanning.cc Sun Jan 25 17:07:41 2004 From: lanning at lanning.cc (Robert Hajime Lanning) Date: Sun, 25 Jan 2004 17:07:41 -0800 (PST) Subject: "Strong Scripting Skills" - a definition? - sunday In-Reply-To: References: <20040125133640.GB5187@mercury.starshine.org> Message-ID: <38075.192.168.128.30.1075079261.squirrel@192.168.128.30> > sometimes grep -v grep is needed, sometimes not... i donno why some > greps does it differently Actualy, this is caused by a race condition. ps -axuw | grep foo | grep -v grep | awk '{print $2}' | xargs kill Each seperate command gets fork()ed and exec()ed with the pipes setup between them. Now, the question is, will the "ps -axuw" initialize and read the process table before or after "grep foo" is exec()ed. If before, then "ps -axuw" will not have "grep foo" in its listing. If after, then "ps -axuw" will have "grep foo" in its listing. -- END OF LINE -MCP From rsr at inorganic.org Mon Jan 26 08:21:13 2004 From: rsr at inorganic.org (Roy S. Rapoport) Date: Mon, 26 Jan 2004 08:21:13 -0800 Subject: "Strong Scripting Skills" - a definition? - sunday In-Reply-To: <38075.192.168.128.30.1075079261.squirrel@192.168.128.30> References: <20040125133640.GB5187@mercury.starshine.org> <38075.192.168.128.30.1075079261.squirrel@192.168.128.30> Message-ID: <20040126162112.GB14844@nag.inorganic.org> On Sun, Jan 25, 2004 at 05:07:41PM -0800, Robert Hajime Lanning wrote: > > > sometimes grep -v grep is needed, sometimes not... i donno why some > > greps does it differently > > Actualy, this is caused by a race condition. > > ps -axuw | grep foo | grep -v grep | awk '{print $2}' | xargs kill > > Each seperate command gets fork()ed and exec()ed with the pipes setup between > them. > > Now, the question is, will the "ps -axuw" initialize and read the process table > before or after "grep foo" is exec()ed. If before, then "ps -axuw" will not > have "grep foo" in its listing. If after, then "ps -axuw" will have "grep foo" > in its listing. I have to admit that maybe my standards are low -- too low -- but my definition of "strong scripting skills" can be most easily explained by the answer to this question: Given a complex task in the command-line environment, do you know how you'd automate it? I'm not looking for an explanation of the difference between "ef" and "waxu" for ps. If you can say that your 'kill-by-name' command would have a ps | grep | awk | kill then you've got almost-strong-enough skills, though that's an often-enough used example (and problem) that most people have thought about it before. I find that people with strong scripting skills (my definition of the world) are the sort of people who aren't going to be going "holy cow, how do I get *that* done?," but are the sort of people who can say "yeah, it'll probably take chaining these commands together." If they don't know the exact syntax -- whatever. That's what man pages are for. Oh, and portability is for, umm, heterogeneous systems. It's not required (and if you're not designing for a heterogeneous system, I tend to think it can be a bad thing). -roy From dannyman at toldme.com Mon Jan 26 09:04:17 2004 From: dannyman at toldme.com (Danny Howard) Date: Mon, 26 Jan 2004 09:04:17 -0800 Subject: "Strong Scripting Skills" - a definition? - sunday In-Reply-To: <20040126162112.GB14844@nag.inorganic.org> References: <20040125133640.GB5187@mercury.starshine.org> <38075.192.168.128.30.1075079261.squirrel@192.168.128.30> <20040126162112.GB14844@nag.inorganic.org> Message-ID: <20040126170417.GO75862@ratchet.nebcorp.com> On Mon, Jan 26, 2004 at 08:21:13AM -0800, Roy S. Rapoport wrote: [...] > I find that people with strong scripting skills (my definition of the > world) are the sort of people who aren't going to be going "holy cow, how > do I get *that* done?," but are the sort of people who can say "yeah, it'll > probably take chaining these commands together." If they don't know the > exact syntax -- whatever. That's what man pages are for. > > Oh, and portability is for, umm, heterogeneous systems. It's not required > (and if you're not designing for a heterogeneous system, I tend to think it > can be a bad thing). That's when they dimly recall: uname=`uname` if [ $uname == 'Linux' ]; do psargx = fghfghfgh elsif [ $uname == 'Solaris' ]; ... (Sorry, I haven't shell scripted much in the past few years, and even then I spend most of my time looking up the appropriate is-it-sh-or-csh-thank-G!d-it-aint-ksh syntax.) -danny From alvin at Mail.Linux-Consulting.com Mon Jan 26 10:53:01 2004 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Mon, 26 Jan 2004 10:53:01 -0800 (PST) Subject: "Strong Scripting Skills" - a definition? - sunday fun In-Reply-To: <20040126162112.GB14844@nag.inorganic.org> Message-ID: hi ya On Mon, 26 Jan 2004, Roy S. Rapoport wrote: > Given a complex task in the command-line environment, do you know how you'd > automate it? "how to automate" is not necessarily good or bad ... how would you "test it" ( error conditions, boundry cases, etc ) ( what will make it break ) is my criteria for "strong skills" everybody's different on what they want... others might want well documented and properly commented code :-0 > I'm not looking for an explanation of the difference between "ef" and > "waxu" for ps. If you can say that your 'kill-by-name' command would have > a ps | grep avoid partial matching> | awk | kill then you've got almost-strong-enough > skills, though that's an often-enough used example (and problem) that most > people have thought about it before. the above would fail if they didnt test for multiple instances of the app they're killing ( say a specific hung sshd ) > I find that people with strong scripting skills (my definition of the > world) are the sort of people who aren't going to be going "holy cow, how > do I get *that* done?," holy cow types are okay ... shows honesty .. and hopefully they have a holy cow for us/hiring managers too > Oh, and portability is for, umm, heterogeneous systems. It's not required > (and if you're not designing for a heterogeneous system, I tend to think it > can be a bad thing). hey danny,i think different systems ( hpux, sgi, slow-r-us, *nix, linux ) sometimes uses different flags for uname too "uname -s" is what i start from ( and more testing ... ) hey jim ... any more trick interview/class questions ?? hehehee :-) c ya alvin From windsor at warthog.com Mon Jan 26 14:52:32 2004 From: windsor at warthog.com (Rob Windsor) Date: Mon, 26 Jan 2004 16:52:32 -0600 Subject: "Strong Scripting Skills" - a definition? - sunday In-Reply-To: Your message of "Mon, 26 Jan 2004 08:21:13 PST." <20040126162112.GB14844@nag.inorganic.org> Message-ID: <200401262258.i0QMw1T06853@warthog.com> On Mon, 26 Jan 2004 08:21:13 PST, verily did "Roy S. Rapoport" write: > On Sun, Jan 25, 2004 at 05:07:41PM -0800, Robert Hajime Lanning wrote: >> >>> sometimes grep -v grep is needed, sometimes not... i donno why some >>> greps does it differently >> Actualy, this is caused by a race condition. >> ps -axuw | grep foo | grep -v grep | awk '{print $2}' | xargs kill >> Each seperate command gets fork()ed and exec()ed with the pipes setup >> between them. >> Now, the question is, will the "ps -axuw" initialize and read the >> process table before or after "grep foo" is exec()ed. If before, then >> "ps -axuw" will not >> have "grep foo" in its listing. If after, then "ps -axuw" will have >> "grep foo" in its listing. > I have to admit that maybe my standards are low -- too low -- but my > definition of "strong scripting skills" can be most easily explained by the > answer to this question: > Given a complex task in the command-line environment, do you know how you'd > automate it? > I'm not looking for an explanation of the difference between "ef" and > "waxu" for ps. If you can say that your 'kill-by-name' command would have > a ps | grep avoid partial matching> | awk | kill then you've got almost-strong-enough > skills, though that's an often-enough used example (and problem) that most > people have thought about it before. I always thought "grep foo | grep -v grep | awk '{print $2}'" script fragments existed only because the scripter didn't know how to write "awk '/foo/ {print $2}'". To me, "strong scripting skills" has the implication of "knows many tools that ship with unix/unix-like OSes, fairly well". So with that, not only would they need to know a little about awk, but they'd need to know why ps(1) isn't portable and how to work around it. Rob++ ---------------------------------------- Internet: windsor at warthog.com __o Life: Rob at Carrollton.Texas.USA.Earth _`\<,_ (_)/ (_) "They couldn't hit an elephant at this distance." -- Major General John Sedgwick From lanning at lanning.cc Mon Jan 26 16:51:58 2004 From: lanning at lanning.cc (Robert Hajime Lanning) Date: Mon, 26 Jan 2004 16:51:58 -0800 (PST) Subject: "Strong Scripting Skills" - a definition? - sunday In-Reply-To: <200401262258.i0QMw1T06853@warthog.com> References: Your message of "Mon, 26 Jan 2004 08:21:13 PST." <20040126162112.GB14844@nag.inorganic.org> <200401262258.i0QMw1T06853@warthog.com> Message-ID: <27550.192.55.4.36.1075164718.squirrel@192.55.4.36> > I always thought "grep foo | grep -v grep | awk '{print $2}'" script > fragments existed only because the scripter didn't know how to write > "awk '/foo/ {print $2}'". Then again it would be: awk '/foo/ {if (!/awk/) {print $2}}' Things are not always as easy as they sound. :) This, of course, assumes (very badly) that you don't want to kill an awk process. -- END OF LINE -MCP From pmm at igtc.com Mon Jan 26 18:07:15 2004 From: pmm at igtc.com (Paul M. Moriarty) Date: Mon, 26 Jan 2004 18:07:15 -0800 Subject: "Strong Scripting Skills" - a definition? In-Reply-To: <20040125133640.GB5187@mercury.starshine.org> References: <20040125020204.14252.qmail@web60707.mail.yahoo.com> <401350A1.2060707@pacbell.net> <20040125133640.GB5187@mercury.starshine.org> Message-ID: <20040127020715.GA10406@igtc.igtc.com> jimd at starshine.org writes: > On Sat, Jan 24, 2004 at 09:14:09PM -0800, richard childers / kg6hac wrote: > > > >> how will I know > >> when I can say with confidence that I have "strong" scripting skills? > > The phrase is clearly ambiguous and subjective. I've taught classes in > shell scripting. > > I once had an interviewer put up a wretched fragment of shell code like: > > kill `ps wax | grep "foo" | grep -v "grep" | awk '{print $11}'` > Hey! Somebody's stealing my question! Actually, the use of grep in this pipeline is quite valid. I have had people tell me the -v optiion was for verbose (I shit you not. And these were people representing themselves as senior sysadmins). I also use the question to see if people know why "grep foo" shows up in the output of ps (many don't). You also left off the last pipe which I believe is |xargs rm. Again, a lot of people are unfamiliar with xargs. You can get 6 good questions out of this. Granted, if I had interviewed you and you replied with your alternative, I would have been quite impressed. This quesion was derived in 1989 or 1990, I forget which. Most systems support killall these days. :) - Paul - From pmm at igtc.com Mon Jan 26 18:10:07 2004 From: pmm at igtc.com (Paul M. Moriarty) Date: Mon, 26 Jan 2004 18:10:07 -0800 Subject: "Strong Scripting Skills" - a definition? - sunday Message-ID: <20040127021007.GB10406@igtc.igtc.com> oops... make that |xargs kill From windsor at warthog.com Mon Jan 26 19:03:28 2004 From: windsor at warthog.com (Rob Windsor) Date: Mon, 26 Jan 2004 21:03:28 -0600 Subject: "Strong Scripting Skills" - a definition? - sunday In-Reply-To: Your message of "Mon, 26 Jan 2004 16:51:58 PST." <27550.192.55.4.36.1075164718.squirrel@192.55.4.36> Message-ID: <200401270308.i0R38uT12606@warthog.com> On Mon, 26 Jan 2004 16:51:58 PST, verily did "Robert Hajime Lanning" write: > >> I always thought "grep foo | grep -v grep | awk '{print $2}'" script >> fragments existed only because the scripter didn't know how to write >> "awk '/foo/ {print $2}'". > Then again it would be: > awk '/foo/ {if (!/awk/) {print $2}}' > Things are not always as easy as they sound. :) Sure they are, until you think too much about it. :-) Your example would replace: grep foo | grep -v grep | grep -v awk | awk '{print $2}' .. and not the original code fragment. > This, of course, assumes (very badly) that you don't want to kill an awk > process. This is a good point, actually. In the name of "safety checking", you've introduced an assumption that may have broken the original intention. We did not define the parameters under which this code fragment operates. Rob++ ---------------------------------------- Internet: windsor at warthog.com __o Life: Rob at Carrollton.Texas.USA.Earth _`\<,_ (_)/ (_) "They couldn't hit an elephant at this distance." -- Major General John Sedgwick From benjy at feen.com Mon Jan 26 23:02:26 2004 From: benjy at feen.com (Benjamin Feen) Date: Mon, 26 Jan 2004 23:02:26 -0800 Subject: Someone to rack boxes in SF? Message-ID: <20040127070226.GC75091@ratchet.nebcorp.com> A small firm I know has a project coming up: they need to add 20 1U machines to a small compute farm. They should be taking delivery of the hosts within the next two weeks, and they want to have them in production as quickly as possible. I'm scouting around for someone who would be able to do a quick, neat job of installing a rack, running cable, and racking the hardware. They can handle everything from the OS on up -- they just need someone to deal with the physical install. I would expect it to be a single [long] day of work. This is in San Francisco; any recommendations or interest? Thanks! Benjy -- Benjamin Feen benjamin(AT)feen.com http://www.monkeybagel.com From alvin at Mail.Linux-Consulting.com Mon Jan 26 23:47:13 2004 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Mon, 26 Jan 2004 23:47:13 -0800 (PST) Subject: Someone to rack boxes in SF? In-Reply-To: <20040127070226.GC75091@ratchet.nebcorp.com> Message-ID: hi ya benjamin On Mon, 26 Jan 2004, Benjamin Feen wrote: > A small firm I know has a project coming up: they need to add 20 > 1U machines to a small compute farm. They should be taking delivery > of the hosts within the next two weeks, and they want to have them > in production as quickly as possible. I'm scouting around for > someone who would be able to do a quick, neat job of installing a > rack, running cable, and racking the hardware. They can handle > everything from the OS on up -- they just need someone to deal with > the physical install. I would expect it to be a single [long] day > of work. when we install 1Us.... we can usually rack'um and install about 40 boxes in about 2-3 hrs... including net boot... any boxes that failed, is a separate issue for debugging later ( good parts, good assy, good specs should not result in any ( failures of a single box - too many times, the led wires is backwards :-0 - the so-called "5 minute install" everybody likes to see but hard to do .. :-0 - am saying 20 machines is 2-3 hrs of work at most with careful tie-wrapping the cables too .. and it's bad NOT to install/boot the boxes at the time of (rack) install ... too much effort to track down afterward, why that one box didnt boot or work properly - we "do everything" or none :-) - why doesn't the outfit that sold the 20 1Us come out and install it ?? ( they already made their huge bundle of of pennies by making the sale fun stuff... c ya alvin From jorjohns at cs.indiana.edu Tue Jan 27 00:07:33 2004 From: jorjohns at cs.indiana.edu (Jordan Johnson) Date: Tue, 27 Jan 2004 00:07:33 -0800 Subject: "Strong Scripting Skills" - a definition? - sunday In-Reply-To: <27550.192.55.4.36.1075164718.squirrel@192.55.4.36> Message-ID: Robert Hajime Lanning wrote: > >> I always thought "grep foo | grep -v grep | awk '{print $2}'" script >> fragments existed only because the scripter didn't know how to write >> "awk '/foo/ {print $2}'". > > Then again it would be: > awk '/foo/ {if (!/awk/) {print $2}}' Better still... awk '$n ~ /foo/ { print $2 }' # where n is the proper field I was surprised to not see that in the awkish examples flying by... jmj : Jordan M Johnson - jorjohns @ cs . indiana . edu : If I were a bug, I would want to be a true Renaissance bug. From lanning at lanning.cc Mon Jan 26 18:44:59 2004 From: lanning at lanning.cc (Robert Hajime Lanning) Date: Mon, 26 Jan 2004 18:44:59 -0800 (PST) Subject: "Strong Scripting Skills" - a definition? In-Reply-To: <20040127020715.GA10406@igtc.igtc.com> References: <20040125020204.14252.qmail@web60707.mail.yahoo.com> <401350A1.2060707@pacbell.net> <20040125133640.GB5187@mercury.starshine.org> <20040127020715.GA10406@igtc.igtc.com> Message-ID: <61333.67.117.89.42.1075171499.squirrel@67.117.89.42> > This quesion was derived in 1989 or 1990, I forget which. Most systems > support killall these days. :) whoa... dangerous... I dare you to use that command on Solaris... :) -- END OF LINE -MCP From lanning at lanning.cc Tue Jan 27 07:55:08 2004 From: lanning at lanning.cc (Robert Hajime Lanning) Date: Tue, 27 Jan 2004 07:55:08 -0800 (PST) Subject: "Strong Scripting Skills" - a definition? - sunday In-Reply-To: References: <27550.192.55.4.36.1075164718.squirrel@192.55.4.36> Message-ID: <43509.192.168.128.30.1075218908.squirrel@192.168.128.30> > Better still... awk '$n ~ /foo/ { print $2 }' # where n is the proper > field > > I was surprised to not see that in the awkish examples flying by... root 24570 1 0 Oct 31 ? 0:10 /usr/local/apache/bin/httpd -DSSL defang 7665 212 0 07:03:02 ? 0:14 /bin/perl -w mimedefang.pl -server This is the problem with choosing a field. Hint, look at the process start time. This maybe avoided with options to ps, I haven't looked. This is "ps -ef" on Solaris. The Linux "ps auxw" and "ps -ef" the start time would be "Oct31", so, it is not an issue there. -- END OF LINE -MCP From dannyman at toldme.com Tue Jan 27 13:00:48 2004 From: dannyman at toldme.com (Danny Howard) Date: Tue, 27 Jan 2004 13:00:48 -0800 Subject: "Strong Scripting Skills" - a definition? - sunday In-Reply-To: <43509.192.168.128.30.1075218908.squirrel@192.168.128.30> References: <27550.192.55.4.36.1075164718.squirrel@192.55.4.36> <43509.192.168.128.30.1075218908.squirrel@192.168.128.30> Message-ID: <20040127210048.GA18230@ratchet.nebcorp.com> On Tue, Jan 27, 2004 at 07:55:08AM -0800, Robert Hajime Lanning wrote: > > > Better still... awk '$n ~ /foo/ { print $2 }' # where n is the > > proper field > > > > I was surprised to not see that in the awkish examples flying by... > > root 24570 1 0 Oct 31 ? 0:10 /usr/local/apache/bin/httpd -DSSL > defang 7665 212 0 07:03:02 ? 0:14 /bin/perl -w mimedefang.pl -server > > This is the problem with choosing a field. Hint, look at the process > start time. This maybe avoided with options to ps, I haven't looked. > This is "ps -ef" on Solaris. The Linux "ps auxw" and "ps -ef" the > start time would be "Oct31", so, it is not an issue there. That looks like a job for cut(1). -d -- http://dannyman.toldme.com/ From lanning at lanning.cc Tue Jan 27 13:37:41 2004 From: lanning at lanning.cc (Robert Hajime Lanning) Date: Tue, 27 Jan 2004 13:37:41 -0800 (PST) Subject: "Strong Scripting Skills" - a definition? - sunday In-Reply-To: <20040127210048.GA18230@ratchet.nebcorp.com> References: <27550.192.55.4.36.1075164718.squirrel@192.55.4.36> <43509.192.168.128.30.1075218908.squirrel@192.168.128.30> <20040127210048.GA18230@ratchet.nebcorp.com> Message-ID: <46373.192.55.4.36.1075239461.squirrel@192.55.4.36> >> root 24570 1 0 Oct 31 ? 0:10 /usr/local/apache/bin/httpd >> -DSSL >> defang 7665 212 0 07:03:02 ? 0:14 /bin/perl -w mimedefang.pl >> -server >> >> This is the problem with choosing a field. Hint, look at the process >> start time. This maybe avoided with options to ps, I haven't looked. >> This is "ps -ef" on Solaris. The Linux "ps auxw" and "ps -ef" the >> start time would be "Oct31", so, it is not an issue there. > > That looks like a job for cut(1). > > -d That is also based on field count. I think we are defining new depths of what a "rabbit hole" is. :) -- END OF LINE -MCP From dannyman at toldme.com Tue Jan 27 14:38:39 2004 From: dannyman at toldme.com (Danny Howard) Date: Tue, 27 Jan 2004 14:38:39 -0800 Subject: "Strong Scripting Skills" - a definition? - sunday In-Reply-To: <46373.192.55.4.36.1075239461.squirrel@192.55.4.36> References: <27550.192.55.4.36.1075164718.squirrel@192.55.4.36> <43509.192.168.128.30.1075218908.squirrel@192.168.128.30> <20040127210048.GA18230@ratchet.nebcorp.com> <46373.192.55.4.36.1075239461.squirrel@192.55.4.36> Message-ID: <20040127223839.GC18230@ratchet.nebcorp.com> On Tue, Jan 27, 2004 at 01:37:41PM -0800, Robert Hajime Lanning wrote: > > >> root 24570 1 0 Oct 31 ? 0:10 /usr/local/apache/bin/httpd > >> -DSSL > >> defang 7665 212 0 07:03:02 ? 0:14 /bin/perl -w mimedefang.pl > >> -server > >> > >> This is the problem with choosing a field. Hint, look at the process > >> start time. This maybe avoided with options to ps, I haven't looked. > >> This is "ps -ef" on Solaris. The Linux "ps auxw" and "ps -ef" the > >> start time would be "Oct31", so, it is not an issue there. > > > > That looks like a job for cut(1). > > > > -d > > That is also based on field count. What inferior OS are you running? [...] The options are as follows: -b list The list specifies byte positions. -c list The list specifies character positions. [...] On FreeBSD, which tends toward the vanilla, you can 'cut -c -20,40-' or whatever. It is kind of overshadowed by its more powerful brethren, but sometimes you just want to cut by character position. And as Unix commands goes, it has such an unusually straightforward name. -danny From rsr at inorganic.org Tue Jan 27 14:50:57 2004 From: rsr at inorganic.org (Roy S. Rapoport) Date: Tue, 27 Jan 2004 14:50:57 -0800 Subject: "Strong Scripting Skills" - a definition? - sunday In-Reply-To: <46373.192.55.4.36.1075239461.squirrel@192.55.4.36> References: <27550.192.55.4.36.1075164718.squirrel@192.55.4.36> <43509.192.168.128.30.1075218908.squirrel@192.168.128.30> <20040127210048.GA18230@ratchet.nebcorp.com> <46373.192.55.4.36.1075239461.squirrel@192.55.4.36> Message-ID: <20040127225057.GA26163@nag.inorganic.org> On Tue, Jan 27, 2004 at 01:37:41PM -0800, Robert Hajime Lanning wrote: > >> defang 7665 212 0 07:03:02 ? 0:14 /bin/perl -w mimedefang.pl > >> -server > >> > >> This is the problem with choosing a field. Hint, look at the process > >> start time. This maybe avoided with options to ps, I haven't looked. > >> This is "ps -ef" on Solaris. The Linux "ps auxw" and "ps -ef" the > >> start time would be "Oct31", so, it is not an issue there. This is why, when I had to do this on solaris, I wrote my own program that just accessed the /proc filesystem. Actually, it was really rather anti-social. It: A) nice -20'ed B) Killed the right processes (most of the time :) ) C) Exited. In other words, my answer to "how would you script this?" was "no." :) -roy From david at catwhisker.org Wed Jan 28 05:04:55 2004 From: david at catwhisker.org (David Wolfskill) Date: Wed, 28 Jan 2004 05:04:55 -0800 (PST) Subject: More firewall weirdness -- apparent spoof attempt Message-ID: <200401281304.i0SD4tMJ013917@bunrab.catwhisker.org> I'm rather behind on mail, so if this has been brought up, I apologixe. But in yesterday's packet-filter log, I saw a couple instantiations of something I don't recall having seen previously. I've taken steps to block (& log) such things earlier in the rule set, because I see no possible useful purpose for the pattern in question. Here are the raw log entries (long lines; sorry): Jan 27 08:46:20 janus /kernel: ipfw: 60000 Deny UDP 62.193.123.122:666 63.193.123.122:1026 in via dc0 Jan 27 08:46:20 janus /kernel: ipfw: 60000 Deny UDP 62.193.123.122:666 63.193.123.122:1027 in via dc0 ... Jan 27 22:17:11 janus /kernel: ipfw: 60000 Deny UDP 62.193.123.122:666 63.193.123.122:1026 in via dc0 Jan 27 22:17:11 janus /kernel: ipfw: 60000 Deny UDP 62.193.123.122:666 63.193.123.122:1027 in via dc0 [For those unfamiliar with FreeBSD's ipfw log format, the source IP:port is on the left; the destination IP:port is on the right. The "60000" is the rule number that cause dthe logging to take place; "Deny" is what happened to the packet. The stuff toward the far right indicates which NIC was involved and the direction the packet was going when it got to that NIC.] Now, the IP address of the packet filter's Internet-facing NIC is 62.193.123.122, and the NIC's designation is dc0. Rule 60000 is my catch-all "log & drop" rule. So the good news is that these things were dropped (& logged) anyway. But this is fairly clearly a "this shouldn't happen" situation, unless I'm missing a fairly valuable clue (in which case, I'd appreciate the clue). So now my new first rule says "packets inbound from dc0 that claim to be from my external IP address get logged & dropped immediately." I'm sending this out for a couple of reasons: * to be clued in if I'm missing something; * to let my colleagues know about this particular form of traffic, which looks to me to be a probe, if not an attack that is intended to be low-level enough to stay "under the radar". Peace (anyway), david -- David H. Wolfskill david at catwhisker.org I do not "unsubscribe" from email "services" to which I have not explicitly subscribed. Rather, I block spammers' access to SMTP servers I control, and encourage others who are in a position to do so to do likewise. From windsor at warthog.com Wed Jan 28 08:45:21 2004 From: windsor at warthog.com (Rob Windsor) Date: Wed, 28 Jan 2004 10:45:21 -0600 Subject: scripting around ps(1) (was: "Strong Scripting Skills" - a definition? - sunday) In-Reply-To: Your message of "Tue, 27 Jan 2004 14:50:57 PST." <20040127225057.GA26163@nag.inorganic.org> Message-ID: <200401281650.i0SGopT07566@warthog.com> On Tue, 27 Jan 2004 14:50:57 PST, verily did "Roy S. Rapoport" write: >>>> defang 7665 212 0 07:03:02 ? 0:14 /bin/perl -w mimedefang.pl >>>> -server >>>> This is the problem with choosing a field. Hint, look at the process >>>> start time. This maybe avoided with options to ps, I haven't looked. >>>> This is "ps -ef" on Solaris. The Linux "ps auxw" and "ps -ef" the >>>> start time would be "Oct31", so, it is not an issue there. > This is why, when I had to do this on solaris, I wrote my own program that > just accessed the /proc filesystem. Actually, it was really rather > anti-social. It: > A) nice -20'ed > B) Killed the right processes (most of the time :) ) > C) Exited. > In other words, my answer to "how would you script this?" was "no." :) I decided rather early that ps(1) isn't portable and worked around it. This decision has worked quite well for me. :-) The biggest issue in scripting against process name is the problem of silly processes that futz with their name in the kernel process table. sendmail and screen come to mind. But back to ps(1) issues... Here's a code snippit from my home-brewed "nkill" ksh script. I only set it up for NetBSD/Solaris since those were the two OSen that I needed it on. It's easy to tweak for a new OS, as you can see. I'll tweak it for RedHat (7.x and ES 3.0) soon. :/ ==== OS="`uname -s`" # [...] if [ "${OS}" = "NetBSD" ]; then PSFLAGS="-axo pid,command" ONEPSFLAGS="-xu -p" elif [ "${OS}" = "SunOS" ]; then PSFLAGS="-eo pid,comm" ONEPSFLAGS="-f -p" fi # [...] KILLPROC=`ps ${PSFLAGS} | awk .....` for PROCESSNUM in ${KILLPROC} ; do ps ${ONEPSFLAGS} ${PROCESSNUM} | egrep -v 'TIME' | cut -c'1-80' [ -z "${DEBUG}" ] && /bin/kill ${SIGNAL} ${PROCESSNUM} done ==== The entire script is at ftp://ftp.warthog.com/pub/warthog/scripts/nkill. Before you cronies start pointing out issues in my script, I acknowledge that there are some gross inefficiencies, and multiple awk lines could be consolidated into one (see my earlier comment about "looking like C code"). :-) (you should see my .profile!) Rob++ ---------------------------------------- Internet: windsor at warthog.com __o Life: Rob at Carrollton.Texas.USA.Earth _`\<,_ (_)/ (_) "They couldn't hit an elephant at this distance." -- Major General John Sedgwick From vraptor at employees.org Wed Jan 28 12:20:43 2004 From: vraptor at employees.org (vraptor at employees.org) Date: Wed, 28 Jan 2004 12:20:43 -0800 (PST) Subject: Social Hacking [was: "Strong Scripting Skills" - a definition?] In-Reply-To: <46373.192.55.4.36.1075239461.squirrel@192.55.4.36> Message-ID: This may be too "job-seeker" oriented for the general BayLISA list, but I think it's generally applicable in the abstract. And I'm using "hack" in the classic sense, not the media-misappropriated sense. On Tue, 27 Jan 2004, Robert Hajime Lanning wrote: >I think we are defining new depths of what a "rabbit hole" is. :) I'm never surprises me when geeks take a question that's really about a social issue--"How can I represent myself as a competent scripter without over-inflating expectations of my skill set?" and turn it into a syntax or technical semantics festival. (Particularly ironic in this case, since I recall one respondent's mantra as a boss: "don't use technology to solve a social problem." You know who you are. ;-) To my mind, this penchant to dig into the syntax/technical semantics misses the real need geeks have now, more than ever: hacking corporate culture and culture in general. It's a buyer's market these days. So I'd like to hear some more geek social/cultural hacking stories and techniques, be they engineering your self-presentation, sussing out the true inquiries underlying the interviewer's questions, or better ways to deal with the bureacracies. I'm sure all of us could use some new tools to put in our bag of tricks for dealing with clients/bosses/ co-workers (and maybe even spouses/SOs :-). To my mind, a good example was Jim's story of turning the interviewer's ps pipeline question onto it's head, thus demonstrating Jim's understanding of the depth of the system rather than his memory of syntactical minutae. My own "hacking" has lately focused on revising my understanding of successful resumes (having taught tech writing in the late 80's, I knew I was out of date). If enough folks are interested, I can post some brief comments regarding resume tuning. Or, perhaps some "rules" I coined for myself from dealing with HR at a past job. =Nadine= -- N. Nadine Miller vraptor at employees.org From holland at guidancetech.com Wed Jan 28 06:46:06 2004 From: holland at guidancetech.com (Rich Holland) Date: Wed, 28 Jan 2004 09:46:06 -0500 Subject: pop mail cleaner Message-ID: <20040128144617.ADBB4AE@jester.pobox.com> My provider had a major network outage that lasted 16 hours or so. When they came back online, their backbone had been reduced from an OC3 to ISDN speeds or thereabouts. While the servers were up, it made fetching mail via POP nearly impossible, as I had 300+ messages in the mailbox and my POP client (which shall remain nameless) attempts to download ALL messages, marking each for deletion as it goes, and when it's got them all, then closes the connection which allows the server to delete the messages from the mail store. My problem was that with the really poor bandwidth, the POP client would timeout (often after grabbing 250+ messages) and the connection would be severed. For the better part of the day, each time I'd connect, I would re-download 10-200 of the same messages I'd already gotten. To get around this, I hacked together a quick command-line pop client that lets me basically browse my pop mailbox, deleting single messages or a range of messages. I can download the headers in batches of whatever size I want. For example, to wade through my 300+ messages, I connected up and grabbed headers for 10 msgs at a time. I'd review the From/Subj lines and delete all the spam and mailing list stuff I didn't care about, then commit the change (which really just disconnects & reconnects). This way I was able to pare the queue down to about 80 messages, which my silly GUI client was able to handle without choking. I'd be happy to chare the command-line driven client if anyone wants it; it's now part of my permanent toolkit "just in case" it happens again down the road. The code is < 200 lines and basically wraps the Mail::POP3Client module from CPAN. Cheers! Rich -- Rich Holland (913) 645-1950 SAP Technical Consultant print unpack("u","92G5S\=\"!A;F]T:&5R(\'!E Message-ID: david at catwhisker.org (David Wolfskill) writes: > Jan 27 08:46:20 janus /kernel: ipfw: 60000 Deny UDP 62.193.123.122:666 63.193.123.122:1026 in via dc0 > > Now, the IP address of the packet filter's Internet-facing NIC is > 62.193.123.122, and the NIC's designation is dc0. Rule 60000 is > my catch-all "log & drop" rule. So the good news is that these > things were dropped (& logged) anyway. Looks like some hack using a UDP packet with a forged source address of your interface. I see similar nonsense in my logs, minus the forged source address. Jan 28 05:17:36 capsicum ipmon[287]: 05:17:35.980390 tlp0 @100:2 b dialup-64.156.39.12.Dial1.Denver1.Level3.net[64.156.39.12],666 -> sonic.wsrcc.com[208.201.233.172],1026 PR udp len 20 574 IN Someone is probing local ports 135/udp and immediately after that 1026/udp and 1027/udp. The probes always come from 666/udp. I wonder if they were trying to hit the nfs/rpc daemons and just missed because they move around a bit. Or is this another MS port that leads to a buggy daemon and we should get our candles and flashlights ready because there is going to be another major power failure somewhere? -wolfgang -- Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/ The above "From:" address is valid. Don't mess with it. Gripe to your senators about spam: http://www.wsrcc.com/spam/senators.html From jxh at jxh.com Wed Jan 28 15:20:32 2004 From: jxh at jxh.com (Jim Hickstein) Date: Wed, 28 Jan 2004 17:20:32 -0600 Subject: pop mail cleaner In-Reply-To: <20040128144617.ADBB4AE@jester.pobox.com> References: <20040128144617.ADBB4AE@jester.pobox.com> Message-ID: <2147483647.1075310432@waste.jxh.com> > The code is < 200 lines and basically wraps the Mail::POP3Client module > from CPAN. Oh! Interesting. I always just TELNET to port 110, but I do it enough (barely) to remember how. Apropos your mail provider's reliability, please excuse this plug for my own business: http://www.imap-partners.net/ . IMAP isn't so easily fooled as POP by "new" messages, and you can blow away your clients and try new ones at will. (And you can TELNET to port 143 -- whee!!! -- but this takes more practice.) And if we had an outage that long, we would probably fall on our swords, after refunding most of your money. From lanning at lanning.cc Wed Jan 28 10:56:58 2004 From: lanning at lanning.cc (Robert Hajime Lanning) Date: Wed, 28 Jan 2004 10:56:58 -0800 (PST) Subject: "Strong Scripting Skills" - a definition? - sunday In-Reply-To: <20040127223839.GC18230@ratchet.nebcorp.com> References: <27550.192.55.4.36.1075164718.squirrel@192.55.4.36> <43509.192.168.128.30.1075218908.squirrel@192.168.128.30> <20040127210048.GA18230@ratchet.nebcorp.com> <46373.192.55.4.36.1075239461.squirrel@192.55.4.36> <20040127223839.GC18230@ratchet.nebcorp.com> Message-ID: <40440.192.55.4.36.1075316218.squirrel@192.55.4.36> > > What inferior OS are you running? > > [...] > The options are as follows: > > -b list > The list specifies byte positions. > > -c list > The list specifies character positions. > [...] > > On FreeBSD, which tends toward the vanilla, you can 'cut -c -20,40-' or > whatever. It is kind of overshadowed by its more powerful brethren, but > sometimes you just want to cut by character position. And as Unix > commands goes, it has such an unusually straightforward name. Gah! Open mouth, insert foot. Yes, you are right. (I use Slackware Linux, Solaris, and on occasion AIX.) I don't use cut that often, and didn't defer to the man page. So, you would count character positions for each platform? As the columns are not the same everywhere. This is why I was mentioning something about new depths of a rabbit hole. :) You actually have to write a fairly complex script to have portable usage. Complete with all exception handling. Like using awk, when searching for grep. And using grep, when searching for awk. One liners are usually only good for the specific situation and should be used only when the side effects are understood. Like Linux/*BSD users should not (as root, at least) use killall when on a Solaris box. You have to know to use pkill. "killall" kills ALL processes on the box, and is used for shutdown. I have been guilty of this mistake, once. It was a while ago, but luckly it was on my own workstation, not a production server. -- END OF LINE -MCP From holland at guidancetech.com Wed Jan 28 15:31:36 2004 From: holland at guidancetech.com (Rich Holland) Date: Wed, 28 Jan 2004 18:31:36 -0500 Subject: pop mail cleaner In-Reply-To: <2147483647.1075310432@waste.jxh.com> Message-ID: <20040128233144.3A863FD@jester.pobox.com> Jim, Thanks for the offer. My provider charges me < $100/year for 500M storage, unlimited email, and unlimited bandwidth. Their NOC is staffed 24x7 and this is the first outage they've had while I've been a customer (not quite a year yet). When I called to find out what was going on, the person I spoke with (within 5 minutes) knew what was going on, who was working the problem, and the ETA for a resolution. While I'm not happy with the outage, I am happy with their support in this bad situation -- to be able to field calls from all their customers that quickly, _and_ have a clue when they do so, was nice. When I called my previous provider up to get an ETA on their (frequent) outages, I'd usually get a response of "Oh? It's down? Let me look... yeah, you're right. We'll get on that right away..." and usually 2-3 days later things would start flowing again. That provider was "free" so I guess you get what you pay for. :-) Anyway since I use this mostly for mail and a bit of web stuff, the delay isn't mission critical, as long as things queue. It was just an annoyance... I whipped up the pop frontend because I was tired of telnet'ing to port 110 and doing 'top 1 10' to see the messages, then 'dele 1' to delete 'em, one at a time....and having the connection die after doing that a dozen or so times (and my commands had scrolled off the screen, so I was keeping a piece of paper with the messages I wanted to kill on it.... heh) This little bugger lets me say: > bs 20 # batch size = 20 messages / fetch > g # get next block of messages > l # display all the headers I've downloaded > d 1 2 10-15 17-90 # delete the specified msgs > c # commit the deletion > g # get the next batch of 20 [...] # you get the idea Much easier than keying in those long pop commands repeatedly, only to have the connection die after manually deleting a dozen messages. :-) Rich -- Rich Holland (913) 645-1950 SAP Technical Consultant print unpack("u","92G5S\=\"!A;F]T:&5R(\'!E -----Original Message----- > From: Jim Hickstein [mailto:jxh at jxh.com] > Sent: Wednesday, January 28, 2004 6:21 PM > To: holland at guidancetech.com > Cc: baylisa at baylisa.org > Subject: Re: pop mail cleaner > > > The code is < 200 lines and basically wraps the Mail::POP3Client module > > from CPAN. > > Oh! Interesting. I always just TELNET to port 110, but I do it enough > (barely) to remember how. > > Apropos your mail provider's reliability, please excuse this plug for my > own business: http://www.imap-partners.net/ . IMAP isn't so easily fooled > as POP by "new" messages, and you can blow away your clients and try new > ones at will. (And you can TELNET to port 143 -- whee!!! -- but this takes > more practice.) > > And if we had an outage that long, we would probably fall on our swords, > after refunding most of your money. From david at catwhisker.org Thu Jan 29 06:48:58 2004 From: david at catwhisker.org (David Wolfskill) Date: Thu, 29 Jan 2004 06:48:58 -0800 (PST) Subject: More firewall weirdness -- apparent spoof attempt In-Reply-To: Message-ID: <200401291448.i0TEmwdl018809@bunrab.catwhisker.org> >To: baylisa at baylisa.org >Date: Wed, 28 Jan 2004 08:27:04 -0800 >From: "Wolfgang S. Rupprecht" >david at catwhisker.org (David Wolfskill) writes: >> Jan 27 08:46:20 janus /kernel: ipfw: 60000 Deny UDP 62.193.123.122:666 63.193.123.122:1026 in via dc0 >Looks like some hack using a UDP packet with a forged source address >of your interface. Yup. >I see similar nonsense in my logs, minus the forged source address. I'm pretty sure I've seen that before -- it was the forged source address that caught my eye this time. >Jan 28 05:17:36 capsicum ipmon[287]: 05:17:35.980390 tlp0 @100:2 b > dialup-64.156.39.12.Dial1.Denver1.Level3.net[64.156.39.12],666 -> > sonic.wsrcc.com[208.201.233.172],1026 PR udp len 20 574 IN >Someone is probing local ports 135/udp and immediately after that >1026/udp and 1027/udp. The probes always come from 666/udp. And I don't even bother to log traffic to udp/135 -- I just silently drop it. (When I'm looking for a needle, I wannt to reduce the size of the haystack, not increase it. Got a match? :-}) >I wonder if they were trying to hit the nfs/rpc daemons and just >missed because they move around a bit. Or is this another MS port >that leads to a buggy daemon and we should get our candles and >flashlights ready because there is going to be another major power >failure somewhere? Dunno; that's one of the reasons I thought posting might be worthwhile. [Sorry about being a bit sluggish with responses; I've been fairly busy of late.] Peace, david -- David H. Wolfskill david at catwhisker.org I do not "unsubscribe" from email "services" to which I have not explicitly subscribed. Rather, I block spammers' access to SMTP servers I control, and encourage others who are in a position to do so to do likewise. From jimd at starshine.org Thu Jan 29 18:36:05 2004 From: jimd at starshine.org (jimd at starshine.org) Date: Thu, 29 Jan 2004 18:36:05 -0800 Subject: Social Hacking [was: "Strong Scripting Skills" - a definition?] In-Reply-To: References: <46373.192.55.4.36.1075239461.squirrel@192.55.4.36> Message-ID: <20040130023605.GB30465@mercury.starshine.org> On Wed, Jan 28, 2004 at 12:20:43PM -0800, vraptor at employees.org wrote: > This may be too "job-seeker" oriented for the general BayLISA list, > but I think it's generally applicable in the abstract. And I'm using > "hack" in the classic sense, not the media-misappropriated sense. > On Tue, 27 Jan 2004, Robert Hajime Lanning wrote: >> I think we are defining new depths of what a "rabbit hole" is. :) > I'm never surprises me when geeks take a question that's really about > a social issue--"How can I represent myself as a competent scripter > without over-inflating expectations of my skill set?" and turn it into > a syntax or technical semantics festival. (Particularly ironic in > this case, since I recall one respondent's mantra as a boss: "don't > use technology to solve a social problem." You know who you are. ;-) Yes! > To my mind, a good example was Jim's story of turning the > interviewer's ps pipeline question onto it's head, thus demonstrating > Jim's understanding of the depth of the system rather than his memory > of syntactical minutae. I intended my story to focus on the interview dynamic rather than the technical details. I tried, in that interview, to gauge the level of detail that would: * answer the question * demonstrate a degree of technical expertise * be professionally appropriate to the situation and percieved requirements of the why in which such a command or script would probably be used. That last point was, in many ways, the most important. If I'd launched into a two hour lecture demonstrating all the potential portability issues, exploring obscure corner cases, expounding on structured exception handling and "code re-use" issues --- if I'd "geeked out" (as we've been doing on this list, for recreational purposes) --- then I suspect I wouldn't have gotten the job. By the same token I would hesitate to recommend or hire someone who did "geek out" in an interview. (Luckily I don't do much hiring nor interviewing). I'm not bashing anyone on this list. This discussion is fine for *this* context. When you're in an interview and you're asked technical questions, keep the answer reasonably brief. You're not there to teach, You're not there to solve their technical problems nor to write production quality scripts for them. You're definitely NOT there to prove your technical superiority over the interviewer. You're there to assure the interviewer that you are the best person for the job. (If you inadvertantly do prove to have more domain expertise than the interviewer, it can be a bonus; so long as it was done in a professional way and also demonstrated the ability to prioritize and suit your answer to the context. Just remember that it's not the goal). Incidently I didn't mean for my anecdote to sound like bragging. I've met people who are much better with shell scripting than I am. I still read through Tom Christianson's "csh Scripting Considered Harmful" with awe! I've still never gotten the knack of capturing *just* the stderr into a variable while discarding or redirecting stdout elsewhere doing tricks with 4>& this other weird redirection hacks. -- Jim Dennis From chuck+baylisa at snew.com Thu Jan 29 20:44:40 2004 From: chuck+baylisa at snew.com (Chuck Yerkes) Date: Thu, 29 Jan 2004 23:44:40 -0500 Subject: "Strong Scripting Skills" - a definition? In-Reply-To: <61333.67.117.89.42.1075171499.squirrel@67.117.89.42> References: <20040125020204.14252.qmail@web60707.mail.yahoo.com> <401350A1.2060707@pacbell.net> <20040125133640.GB5187@mercury.starshine.org> <20040127020715.GA10406@igtc.igtc.com> <61333.67.117.89.42.1075171499.squirrel@67.117.89.42> Message-ID: <20040130044440.GA10728@snew.com> Quoting Robert Hajime Lanning (lanning at lanning.cc): > > > This quesion was derived in 1989 or 1990, I forget which. Most systems > > support killall these days. :) > > whoa... dangerous... I dare you to use that command on Solaris... :) I did that once. Once. From fscked at pacbell.net Fri Jan 30 07:28:53 2004 From: fscked at pacbell.net (richard childers / kg6hac) Date: Fri, 30 Jan 2004 07:28:53 -0800 Subject: The Illiterati (was Re: Social Hacking [was: "Strong Scripting Skills" - a definition?]) Message-ID: <401A7835.1050105@pacbell.net> vraptor at employees.org wrote: >... I'd like to hear some more geek social/cultural hacking stories and >techniques, be they engineering your self-presentation, sussing out >the true inquiries underlying the interviewer's questions, or better >ways to deal with the bureacracies. I'm sure all of us could use some >new tools to put in our bag of tricks for dealing with clients/bosses/ >co-workers (and maybe even spouses/SOs :-). > > Speaking directly to Nadine's implied question; how does one diplomatically, tactfully, yet meaningfully maintain a high level of technical communications with people who hate to read and write, and maybe think, too? People who, maybe, need everything translated into PowerPoint cartoons, before they can give it their (apparently limited) attention? Put another, more diplomatic, way ... how do you deal with managers who want short one-line emails? Where did this idea - that things can be expressed in single sentences - come from? Haven't these people ever heard of paragraphs ... chapters ... section headings ... indexes? My guess is that it was born in some management seminar on time management; it was slavishly copied by the subordinates ... and frequently quoted, as a put-down, to their subordinates, all the way to the lowest rungs of the mighty corporate ladder. In many ways it makes good sense ... if one reads slowly, that is ... or doesn't like to read, or write, in general. Such characteristics are generally associated with people whom we might charitably describe as illiterate. Are these people illiterate? I'm not being derogatory; I ask the question sincerely. How do these people achieve these positions of power? Is there some sort of conspiracy? Yes .... but it is a conspiracy of circumstances ... with more duncery, than skulduggery. The fact is that the owners of a company are inevitably non-technical. This lack of technical expertise often translates into a (usually well concealed) suspicion towards someone whom -is- technical. When technical failures occur, the explanations delivered are rarely to the satisfaction of management. This tendency towards dissatisfaction leads directly towards replacing the technical management, or the technical management resigning, in search of friendlier people to report to. When the time comes for the manager to be replaced, the owners and executives vastly prefer to have someone like themselves reporting to them. This leads directly to what we shall call an ossification of the technical management, with literate people being replaced with slightly less literate people. This process can and usually is applied successively to each layer of management, downwards, from where it starts, until there is no one left in the IT department but people whom are adept at summarizing complex technical situations into one-line summaries, usually something like "I fixed it", and maybe one or two clueless, serially abused, and seriously burnt-out technical staff. Because there is (in worst case scenarios) no understanding of the problem on either side, the situation is ripe for misrepresentation, finger-pointing, and fraud. (It's also ripe for consulting and outsourcing opportunities.) *Note*: I am not referring to people whose technical expertise is lacking, but whose desire for understanding is still alive. This is not about a lack of technical literacy; it's about an ability to receive and generate large amounts of information in an increasingly complex society, in general, and in increasingly complex business organizations, in particular. I recently suggested to a VP of IT that things charged so quickly that a yearly IT budget simply wasn't possible, any more, for many organizations. (How much data will -you- need to back up next year?) He got a thoughtful look on his face ... and I suspect he'll repeat it to the board. Maybe this idea needs to be aired more widely. Imagine if you were a car owner, and you went in to the shop to pick up your car, and the owner said, "I fixed it; that'll be $500." You'd have some questions, right? You'd think poorly of a shop where you asked to speak to the owner, or the manager, to get a better idea of what had happened ... and s/he said, "I don't know what they did, but they fixed it, 'cuz it's not happening no more, right?". You might hesitate to return there, fearing the consequences; and surely you'd wonder if they -had- fixed it, or if they'd just tapped the engine with a ball peen hammer until the noise stopped, in some voodoo imatation of engineering. And you might suspect worse; although a certain percentage of such voodoo engineers might be sincerely trying to help you, using the best technology available (to them), this state of affairs would quickly attract much more vicious and predatorial types, whom would unhesitatingly take maximum advantage of every situation they were involved in where a lack of understanding afforded an opportunity to manipulate the perceptions of all involved, to their own direct benefit. (Hence the term, 'perception manager', as a derogatory reference to managers of technical resources ... whose collective reliance upon managing -perceptions-, instead of technical issues ... and consequent refusal to put things in writing [IE, use email to create business records of business decisions] ... are probably the single greatest threat to business integrity, today, bar none.) (Investors, take note.) (We manfully resist the urge to draw parallels between this metaphorical situation and certain dot-com related events your author is acquainted with. Perhaps others will fill the gap. :-) Regards, -- richard -- Richard Childers / Senior Engineer Daemonized Networking Services 945 Taraval Street, #105 San Francisco, CA 94116 USA [011.]1.415.759.5571 https://www.daemonized.com From vraptor at employees.org Fri Jan 30 11:18:06 2004 From: vraptor at employees.org (vraptor at employees.org) Date: Fri, 30 Jan 2004 11:18:06 -0800 (PST) Subject: The Illiterati (was Re: Social Hacking [was: "Strong Scripting Skills" - a definition?]) In-Reply-To: <401A7835.1050105@pacbell.net> Message-ID: On Fri, 30 Jan 2004, richard childers / kg6hac wrote: > vraptor at employees.org wrote: > >>... I'd like to hear some more geek social/cultural hacking stories and >>techniques, be they engineering your self-presentation, sussing out >>the true inquiries underlying the interviewer's questions, or better >>ways to deal with the bureacracies. I'm sure all of us could use some >>new tools to put in our bag of tricks for dealing with clients/bosses/ >>co-workers (and maybe even spouses/SOs :-). > >Speaking directly to Nadine's implied question; how does one >diplomatically, tactfully, yet meaningfully maintain a high level of >technical communications with people who hate to read and write, and >maybe think, too? People who, maybe, need everything translated into >PowerPoint cartoons, before they can give it their (apparently limited) >attention? You may interpret my question that way, but in fact, that was not the intent of my request. I've been a communicator and teacher of technical communication for far longer than I've been a systems administrator. I've also been a manager and a team lead, so I've seen the other side of the fence. My request was exactly as asked--I'd like to hear some "social hacking" stories, successful or unsuccessful, so we can all derive benefit from them. I'm experienced enough to know that I can always learn something new, and benefit from others' successes and mistakes. >Put another, more diplomatic, way ... how do you deal with managers who >want short one-line emails? [...snip speculation on how "they" got that way] >Such characteristics are generally associated with people whom we might >charitably describe as illiterate. Are these people illiterate? I'm not >being derogatory; I ask the question sincerely. "These people" are not illiterate, nor are they ignorant. They are *overwhelmed*. Recall the age of most managers (esp. 2nd tier and above). These folks have little to no experience before the age of 20 with computers. Unlike the youth of today who can "surf" the TV and give you a plot summary of the three shows they've been sifting through in the past 30 minutes, these 2nd/3rd/4th tier management types were not brought up in a multi-tasking environment. Also consider the increase in the number and types of tasks a manager is required to deal with today versus ten years ago. Computers have actually increased the number of tasks (in my mind) a manager is required to deal with. I'm thinking about the HR paperwork increase over the last couple decades, the "down-chain" shift of budget development responsibility, inter-/intra-company projects, keeping up with HR law, new coaching and management techniques, plus learning new technology at least in a general sense. It's an ugly race that has no finish line. As a manager I was prepared to rely on my team to come up with the "right answer" and keep me informed in a general way, as I ran interference for them. But as the senior SA, I also had to be prepared to get my hands dirty, too, which meant keeping up with them in addition to my managerial tasks. And do the latter without usurping my team or giving the impression to my manager that "I couldn't let go." Quite the juggling act. I learned a lot, not the least of which was more respect for the workload of a manager. Therefore, it's my belief that managers want things distilled to a succint answer, so they can deal with it efficiently. "TMI" applies: literally, they can't deal with "too much information", because they have too much already. This may also explain the "incompentence" of perfectly capable and intelligent managers--their stress threshold has been crossed. Geeks of the same age as the 2nd/3rd/4th tier management types are generally flexible and adaptable. Each group's gravitation to the roles they are in--geek/engineer, or manager, administrator, etc.--is generally a result of the psychological and personality traits. As we have seen here on the list, geeks tend to go the down into the minutae rather than summarizing/highlighting/being succint. Rather guaging the audience, and adapting the message appropriately (e.g. as in Jim's interview story), geeks just keep digging into the message teasing out the nuances, spiralling downwards into more detail, relevant to the task at hand or not. Geeks like information--in fact, in many cases, they crave it, and prefer it over action and decision. The "rabbit hole" tactic, while useful in some circumstances, undermines us when dealing with management, because it's contrary to their expectations. As a teacher of communication, it's my viewpoint that the responsibility for being understood lies with the person giving the message. Therefore, it is up to the geek to adapt his/her message to the audience it's being given to, be that audience management wanting a status report, the HR person trying to configure their email client, or the other systems administrator to whom you are handing off the problem. I constantly remind myself "audience analysis" because I know my geek tendencies will bite me on the butt if I'm not careful. I also attribute the generally poor, IME, networking skills that most geeks have partially to our tendency to rabbit hole on technical topics and avoid talking about the elephant in the room. "Who do you know that might have info useful to me in my job search/quest for more clients?" Think about your other positive geek traits and how they undermine your social networking skills. Regards-- =Nadine= -- N. Nadine Miller vraptor at employees.org p.s. As for your conspiracy comments, I do believe that America is suffering from a general "dumbing down" as a result of changes in education over the past several decades. But, that's a political discussion that is not on-topic for this list. From rsr at inorganic.org Fri Jan 30 12:22:08 2004 From: rsr at inorganic.org (Roy S. Rapoport) Date: Fri, 30 Jan 2004 12:22:08 -0800 Subject: The Illiterati (was Re: Social Hacking [was: "Strong Scripting Skills" - a definition?]) In-Reply-To: References: <401A7835.1050105@pacbell.net> Message-ID: <20040130202208.GA23434@nag.inorganic.org> On Fri, Jan 30, 2004 at 11:18:06AM -0800, vraptor at employees.org wrote: > My request was exactly as asked--I'd like to hear some "social > hacking" stories, successful or unsuccessful, so we can all derive > benefit from them. I'm experienced enough to know that I can always > learn something new, and benefit from others' successes and mistakes. This may be more 'social' than 'hacking', but two examples that feel relevant to me: A) CURIOSITY I got my current job because a friend of mine mentioned to the CIO that I was cool (n' stuff); the CIO visited my website and saw my media library, and decided that anyone who was this into Pratchett had to be worth talking to. So, despite not having an actual open position, he invited me to spend some time talking to him. Anyway, we were talking about the problems and advantages of being a generalist and toward the end of the long discussion (it was scheduled for an hour, it ended up being about an hour and a half), he asks "Oh, by the way, I have an HTML form that I want to auto-submit after a certain time period has passed. Can I do that with Javascript?" I have no Javascript on my resume. I don't claim to know Javascript. So obviously, I replied with "Oh, yeah." Followed with "I mean, I should let you know that I don't actually know how to do this because I've never actually done Javascript programming, but based on what I know of the language it should be possible. I'll look it up and let you know the details." He sort of waved his hand and told me not to worry about it, to which I countered that it'd bug me if I didn't know the answer. Later that evening, when I sent him my thank-you note, I included a code fragment and a link to an HTML form I threw up that did time-expiring auto-submission. B) FRUSTRATION My job title here is 'Senior Software Engineer.' I also manage a few lower-level software engineers (two SE2s and one SE1). I also am one of the four people who manage the strategic aspects of our infrastructure, though the actual day-to-day infrastructure stuff (we need a server, stat!) is done by the infrastructure group. There's been tremendous friction occasionally between INF and DEV because, well, they're not perceived as being all that competent. Anyway, two things happened at the same time that were causing our top two SSEs (me and my friend) to want to bang our heads into the wall: 1) Replacement of a dev server that's been malfunctioning for about six weeks now has been dragging, with "next week" promises week after week after week. Finally, on Tuesday, we got a meeting notification request from INF for a meeting at the end of the week to discuss the specs of what we wanted (despite feeling that they could just send us the specs in email for us to approve); Unfortunately, the head of INF (my counterpart) was claiming that his boss (AKA my boss, AKA the CIO) wanted us to actually meet for a sit-down on this topic. 2) INF wanted us to fill out a template covering lots of detail FOR EVERY SINGLE APPLICATION IN OUR ENTERPRISE. By next Friday. And didn't tell us what it's for (when we asked "is it for ? ? ?" We got "yes") or what it's for (again, one of those 'yes' questions). What I *FELT* was that Infrastructure should be nailed to the walls with rusty nails because they were A) Stopping us from doing our work by not giving us robust hardware; and B) then requiring us to fill out a whole bunch of information on the basis of what seemed like a whim. What I *DID* was talk to my CIO, the bridge between them and DEV, with a message that was basically "Hey, I'm frustrated because these things are happening and I don't think I understand why they're happening. Can you help me figure out what I'm missing?" Which 1. resolved the dev server issue by going back to them and saying "No, he doesn't want a meeting, he just wants our OK -- email it to us;" and 2. helped us understand that what INF cares about for these apps is just space requirements because they're trying to do space planning. Well, OK, that's a very different sort of situation (in the original concept, we'd have had to fill out this information for apps that are meant to be used as code, whereas here it's only for apps that actually use space -- like databases, logs, etc). For a while now, I've found that approaching things from a "I'm not sure I understand this. Could you help me, please?" rather than a "WHAT THE FUCK ARE YOU TRYING TO DO HERE, YOU FUCKING STUPID MORON?" approach is helpful in resolving these sorts of things. Unfortunately, all too rarely I still *think* "What the fuck ... " :) -roy From rflii at speakeasy.net Fri Jan 30 13:18:36 2004 From: rflii at speakeasy.net (rflii at speakeasy.net) Date: Fri, 30 Jan 2004 21:18:36 +0000 Subject: The Illiterati (was Re: Social Hacking [was: Message-ID: Three cheers to Nadine. This was very well put. When I first moving up of the ranks, I was told when making presentations that each slide had to have less words as the salary of the audiance went higher. Why? Because they have more issues than what I was working on and the expectation of their people was to either make the right recommendation, resolve the problem, or present options to executive level issues. If you couldn't summarize then you were perceived to not be the top in your position by lack of confidence or technical ability and your exit interview was closer than previously thought. As I became a manager and spent less time with my own group and more with other orginizations in the company, I had to rely on my staff to do their job and give me confidence through distinct status of proejcts and issues. If they had a problem and needed direction, it should have been requested before the status meeting. If they start rambling, I presume they have gone the "rat hole"; to me this describes a more narrow and maze like picture. Now to present a story that Nadine wanted.... I work for companies that use co-location and hosted services. It is amazing to me that supposely educated IT people do not lock their workstations when they leave their desk. One of my directs was really sloppy about this. One day when I knew he had left for lunch a good 15 minutes before, I went by to drop off a note. His workstation was not locked and his e-mail wide open. The company uses a co-lo service that will take an e-mail as the sole authentication for a security request. So I sent an e-mail requesting that the primary contact be changed from the staff member and that he be removed from the access list; which basically was the website showing bandwidth usage. The request was accepted and executed. Now this was a "success" of social engineered hacking on two accounts. When the staff member returned from lunch, he went merrily along the day. The next morning he went to get the bandwidth usage reports from the previous day, he found out through calling the vendor that he no longer had access. Coming to me with an angry disposition asking why, I told him he was probation from any secured information for a week. For that time he was not able to do his job, instead he did desktop support and read alot. He did learn the lesson and started to lock his workstation every time he left his chair. He also started questioning the co-lo vendor about their security. Ron Leedy > -----Original Message----- > From: vraptor at employees.org [mailto:vraptor at employees.org] > Sent: Friday, January 30, 2004 07:18 PM > To: 'richard childers / kg6hac' > Cc: baylisa at baylisa.org > Subject: Re: The Illiterati (was Re: Social Hacking [was: "Strong Scripting Skills" - a definition?]) > > On Fri, 30 Jan 2004, richard childers / kg6hac wrote: > > vraptor at employees.org wrote: > > > >>... I'd like to hear some more geek social/cultural hacking stories and > >>techniques, be they engineering your self-presentation, sussing out > >>the true inquiries underlying the interviewer's questions, or better > The "rabbit hole" tactic, while useful in some circumstances, > undermines us when dealing with management, because it's contrary to > their expectations. (Tons of stuff removed) > Regards-- > > =Nadine= > > -- > N. Nadine Miller > vraptor at employees.org > > > p.s. As for your conspiracy comments, I do believe that America is > suffering from a general "dumbing down" as a result of changes in > education over the past several decades. But, that's a political > discussion that is not on-topic for this list. > > From jesse at boldandbusted.com Fri Jan 30 19:36:41 2004 From: jesse at boldandbusted.com (Jesse Adelman) Date: Fri, 30 Jan 2004 19:36:41 -0800 (PST) Subject: Strong Scripting Skills Message-ID: <20040131033641.15748.qmail@web60703.mail.yahoo.com> I know it's a bit late, but I wanted to thank everyone for your answers to my questions about defining (or interpreting) what "strong scripting skills" would mean or imply. The response made me feel both confident and humble, and gave me some really good guidance on teasing out its meaning both from the context it is within, as well as approaches to determining what it means when I talk with the prospective employers. Oh, and the tangential scripting exercises were also very entertaining and enlightening. And, while this is OT, I must say that within the last two weeks, I've been quite encouraged to see that the market for *NIX Admins (at least in the Bay Area) seems to be returning to life with a vengeance. I'm actually getting cold calls from recruiters again, Craig's List has come to life, and, while the "boom" will probably (thankfully?) not return for the near future, at least there's a pulse. Best wishes to you all, Jesse Adelman SF, CA Resume: http://resume.boldandbusted.com/ ===== -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Jesse Adelman http://www.boldandbusted.com/ (just resume now) -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ From vraptor at employees.org Sat Jan 31 09:44:04 2004 From: vraptor at employees.org (vraptor at employees.org) Date: Sat, 31 Jan 2004 09:44:04 -0800 (PST) Subject: The Illiterati (was Re: Social Hacking [was: In-Reply-To: Message-ID: On Fri, 30 Jan 2004 rflii at speakeasy.net wrote: >Three cheers to Nadine. This was very well put. Thanks for the compliment. >make the right recommendation, resolve the problem, or present options >to executive level issues. If you couldn't summarize then you were >perceived to not be the top in your position by lack of confidence or >technical ability and your exit interview was closer than previously >thought. In tech writing classes, when we teach the portion on reports, we always talked about the "executive summary" at length, why it was there, and what the reasoning behind it was. As you "go down the chain" the interest in a technical report, if it's pertinent to the reader, gets broader and broader. Execs just want to make sure you've done your homework--did you consider the "outliers" and risk factors, do you have a solution (or two) that fit the bottomline as they see it. If the solution conflicts with their picture of the bottomline, then you better be prepped for a microscope and back up your conclusions. I think some of the "backlash" against IT spending in the last couple of years stems from IT people eliding the real costs of their projects in getting the OK from execs through either a) ignorance/incompetence or b) being fearful of the microscope and taking the easy way out by saying one thing and "going over budget" later (trying to) shift blame to vendors/consultants/contractors. Execs, having been burned by this, decided to put IT on the back-burner to see if the whole thing would collapse as predicted--and it didn't. I figure that execs will be more suspicious of their IT staff's claims in the future, and will turn on the microscope from the beginning. >As I became a manager and spent less time with my own group and more >with other orginizations in the company, I had to rely on my staff to >do their job and give me confidence through distinct status of >proejcts and issues. If they had a problem and needed direction, it >should have been requested before the status meeting. If they start >rambling, I presume they have gone the "rat hole"; to me this >describes a more narrow and maze like picture. To my mind, this is the picture of a good boss. (Maybe we will work together some day. :-) The only thing I'd add is "depending on the maturity of the team". The majority of my team were in their first professional jobs, so those team members required more attention to get them to be proactive and and more coaching on communicating with clients, each other, and me. >Now to present a story that Nadine wanted.... [snip "how to demonstrate the need for security" story] While I was hoping for some stories going the other way (i.e. up the chain) or some better ideas for "geek networking" strategies, that's definitely a story to file away for manager/team lead use. Sometimes folks need a demonstration to wake them up to reality. Thanks for your comments and the story. Best regards-- =Nadine=