Author Archives: brian

quote for today

Here is my favorite quote for today, taken from the Standalone Sysadmin Matt Simmons:

“A mediocre specialist is not a specialist.  An expert generalist is a wizard.”

new time-waster: SimCity Buildit

I spend a lot of time on my iPad.  Probably more than I should.  I’ve tried to turn this little device into a productivity-based laptop alternative by adding a keyboard and a bunch of writing apps, but to tell you the truth what I use for more than anything else is playing games and keeping up on Reddit.

My latest way to kill a few hours of my day has been the free game SimCity Buildit.  SimCity, just like every other Sim-game, is a lot of fun that I really don’t have enough time to enjoy.  At least not enough to justify paying the full price for the game on my PC.  Buildit is a trimmed-down, no cost (unless you are fool enough to pay for stuff in-game) version that is a tremendous amount of fun.

City management is pretty easy, building residences and industrial buildings is simple and fun, and I’m just now getting to the part of the game where I can start playing with disasters. 

And yes, there is a Reddit for the game too.


research on monitoring and the modern sysadmin

This morning I’m working through a chapter in my book (the Operations Primer, tentatively) on monitoring and logging.  Something that is important to me to communicate in this chapter is how different a monitoring ‘solution’ is from what many people think they’re doing, but I want to do this without sounding snarky.  It’s tough.  

As a preview to what I’m writing, here’s a breakdown of what I think needs to be included in any comprehensive monitoring solution:

“A monitoring system should have the following characteristics:

Delivered from a system-neutral platform

100% available (or as close as you can get it)

Available based on sensible access controls and least-privilege security

Able to deliver information in a flexible manner

No system should be the exclusive source of monitoring information about itself


The actions performed by the system should include the following functionality:


Generating alerts based on conditions

Generating alerts based on heuristics

Resolving alerts manually

Resolving alerts based on conditions

Displaying performance metrics

Recording event history

Enabling a ‘maintenance mode’ manually or on a schedule

Launching utilities to perform common maintenance tasks


Other valuable characteristics of monitoring systems:


The admins who run the systems configure the monitors themselves . . .”

And that’s where I left off.  The next thing I planned to discuss was the building blocks of monitoring, such as SNMP, ICMP, and data sources, but the last thing I wrote in that list above made me stop and think.  The idea that admins should be in charge of configuring their own monitors is a lesson I learned myself while I was a SAN administrator trying to get help with using Zenoss.  Which I was not allowed to configure on my own.  This kind of lesson that was learned through pain and annoyance is exactly the kind of material I want to include in my book, so what other lessons have people learned out there?


This led me to stop writing and to start doing some research.  At 6:20am I’m not going to be able to bend the ears of too many of my colleagues, but the inter-webs have provided me with two videos from sysadmins who have a lot to say:


“The evolution of the SysAdmin & holistic monitoring for apps and servers” by Matt Simmons.  Provided by Solarwinds and requires registration.


“Monitoring Maturity: a 16 year journey and lessons learned” by Simon Finch at Nagios Con 2014



lost iPhones (and other iDevices)

So a recent issue at work caused us to check out the ‘oh crap I lost my phone’ features that iCloud gives us, and the functionality is pretty cool. This feature applies to any Apple device on which you’ve configured the ‘Find My . . .’ service. On Mac OS X this can be found in the System Preferences under iCloud, while on the iPhone or iPad it is the settings app, also under iCloud. Just enable the Find My iPad or Find my iPhone toggle.

Once this is configured you can go to, log in, and see where your devices are. iCloud will show you a nice big, green dot on a map to show where the device is, but that is not all.

From here you can have your device play a sound, which is the same annoying ring for each device, although it’s worth noting that for a MacBook the ring will not sound if the lid is closed and the machine is suspended. As a matter of fact, little will work, although the iCloud interface can alert you when the device is found. This will create a popup prompt on all your other devices when your missing devices is back online and able to report its location. When the device is ‘found’ you’ll also receive an email stating the location where it was found and the time.

In the case of the ‘play a sound’ feature, by the way, iCloud will also shoot you an email saying that it played a sound on the device.

What may be even handier in the event of a lost device is your ability to lock the device remotely for laptops, or even enter ‘Lost Mode’ for iPhones and iPads. In this mode the lock screen on the device will display a phone number (which you tell iCloud) and a brief message. This message stays in place until the device is unlocked.

Finally, iCloud has the ability to erase any of these devices remotely. This process seems kind of scary, but clicking on the ‘Erase iPhone’ button kicks of a series of confirmation steps which require you to enter your iCloud account password, and then a phone number and brief message that will be displayed once the erase is complete. It gets to work immediately, by the way. For an iPod Touch it took less than five seconds to start, and perhaps three minutes to complete.

So now you know what your options are with your iDevices. The cynical side of all of us can assume that each of these features is likely to make your movements (and perhaps your data) accessible to the NSA, but if you’re not a tinfoil hat wearer I think you should take comfort in having this many options in the event you lost one of your devices.

iCloud screenshot

Plagiarism: everything you should already know

Here are some things worth knowing about plagiarism:

The term ‘plagiarism’ refers to representing something you’ve written as original when it is in fact not.

Things that require citation include quotes, ideas, summaries, illustrations, and photographs.

When copying an exact phrase, sentence, or block of text from a source it’s not enough to cite it (and by that I mean including a link to your source or a mention of the author’s name in parentheses.) You must enclose the copied text in quotes to avoid plagiarizing the work.

It is possible to plagiarize yourself. Since plagiarism refers to misrepresenting something as wholly original, even using your own previous writing in a new paper will get you in trouble.

Plagiarism is illegal. Youngstown State University’s ‘Plagiarism FAQ‘ does a great job of discussing how different organizations approach the legalities of plagiarism, but the bottom line is that you could face both fines and jail time for plagiarism.

This is a big problem in education due to the ease with which students can copy material from electronic sources into their work, and the matter is not helped by the fact that many students are simply unclear on what this academic integrity stuff is all about. If you are a student who faces the problem of figuring out how to manage external sources for your papers the least you need to know is that it is incredibly easy to get caught. Services such as TurnItIn provide faculty with an automated means for precisely examining the authenticity of papers submitted for a class.

Here is a bit of information about the state of plagiarism today according to TurnItIn:

Plagiarism in Education

If you’re in one of my classes, don’t do it.  I hate to fail you for any reason at all, but the seriousness of plagiarism means each school with which I work has strict policies on handling it.  Failing an assignment is the least of the consequences you will face.

Mobile device security policies

I recently ran into a situation at work where a colleague of mine was traveling overseas and lost her iPhone. After the initial ‘oh crap what would I have done?’ reaction to this scenario I got thinking about the implications of mobile devices and information security. This doesn’t require a very high level of training in IT security to think through. Someone who has your phone in hand probably has access to:

  • Your contact information and the contact information of everyone you call or text
  • Your photos and personal experiences
  • Some browsing history
  • Your music
  • Your ability to purchase things through either the iTunes store or Google Play
  • Saved credential -based access to<
  • websites you frequent from your phone

How much of this would you be willing to give away?

Many people scoff at this loss since they have already wisely configured a passcode to prevent unauthorized use of their phone. This is great for keeping your nephew away from Angry Birds, but several methods exist for bypassing passcodes, depending on your model and operating system version. Dedicated phone intruders could skip these junior high approaches, however, and jump right in with tools designed for digital forensics like enCase or Sleuthkit.

By the way, if you think in terms of a hardcore attack of your iPhone data, keep in mind the possibility of someone attacking your iTunes backup of your phone, stored on the local disk of your computer. Even if you chose to encrypt that backup, it’s subject to brute force attacks. And it contains pretty much every single thing your phone holds. I happened to find someone’s paper on attacking mobile device backups and mobile devices themselves pretty easily on the web. Check it out at SMU.


Protecting a mobile device once it has been left behind in a taxi is pretty tough, so how should we protect ourselves in advance of this? Obviously using a passcode and encrypting things where we can is the bare minimum, but a broad mobile device policy seems to be the smart thing. This policy ought to include the following components:

To whom does the policy apply and under what criteria? (Are iPads included? Surface tablets?)
How is the mobile device provisioned under the policy? (Are technical policies pushed from a central resource? Is the device documented in inventory?)
What are acceptable uses of the device?
Under what conditions will the device be excluded from the policy?
What actions need to be taken in the event of a lost device?
What actions need to be taken when the device is de-commissioned?

The SANS Reading Room is one of my favorite places to go for academic discussions of stuff like this, and I was able to quickly find a paper there on the subject of mobile device policies in corporate environments. This is a very practical discussion of all the moving parts of such a policy, and does a great job of outlining the vocabulary and the process of getting something of this rolling. Nice work, Nicholas.

QOTD: Arthur C. Clarke

“Two possibilities exist: either we are alone in the Universe or we are not. Both are equally terrifying.”

― Arthur C. Clarke

Students: Don’t make these 10 mistakes

I’ve been teaching college classes for about fifteen years, but in all that time I’ve been a part-timer.  What that means is that I’ve never really had a strong affiliation with any one school, but at the same time I’ve never had distractions like conducting research or providing service to the school (read that as ‘belonging to boring committee’).  This has left me with plenty of time to focus on teaching and helping students succeed.

The following ten items are things that I have seen over and over again, and while I have worked very hard to be a fair and even-handed instructor, sometimes the way students handle themselves make it hard for me to want to help.  In an ideal world students would be guaranteed a fair shake in all things, but you need to acknowledge the fact that this is not an ideal world.  Students are at the mercy of their instructor’s moods and pet peeves, and there is nothing to be done about that.

What you can do, however, is avoid making the biggest mistakes.  Avoid doing the following, and you will have a better chance of succeeding in just about any class.


Email in anger.  There may be a number of frustrating things that happen throughout the term that send you into a rage.  Assignment directions may be confusing, you might not get feedback on things in a timely manner, and you may even be graded unfairly.  Whatever happens, however, do not let your emotions show in your written communications.  The first reason is that it is simply unprofessional, and written messages are too easily forwarded on to others for you to allow anything that shows you in a bad light to be spread around to your advisor, the dean, or other faculty.  Secondly, it is too easy for your instructor to say no to you, especially in online communications.  Instead of venting, calling names, and threatening to sue, you will have much better success by stating the facts, asking for a help, and being polite.  Keep in mind that your ultimate goal is to get a good grade, and sometimes you have to be a bit of a salesperson to do that.


Whine about your grade.  Just don’t do it.  Instead of telling your instructor how unfair the grading was or how useless the assignment directions were, ask for help.  Express a genuine interest in succeeding in the class and ask to be able to re-do the work or take the test over.  Some faculty are more particular about deadlines and being firm on grades, but many will be happy to let you re-submit an assignment if you ask to do so in the spirit of trying harder and intending to learn.  If life circumstances have contributed to your situation, it may be worth mentioning this to get a bit of sympathy for your case, but don’t push it.  Faculty hear excuses all the time, and even a legitimate excuse such as an illness or trouble at work can easily come across as a ‘dog ate my homework’ attempt to get out of a bad grade.  If you have an excuse, simply state what happened briefly and ask for some flexibility.  If your instructor doesn’t bite, thank them for their consideration and find other ways to succeed in the class.

Submit an assignment without your name on it.  Many people assume that if the file name they submit electronically includes their last name or if they’re submitting their work through an online dropbox then this means the instructor clearly knows who the work is coming from.  Sometimes faculty download a batch of class assignments and grade them all at once, and sometimes they even print your work out so they can read it comfortably on the bus or over a cup of coffee on their porch.  It is absolutely necessary for you to place your name somewhere – preferably at the top – on every document you submit for class. Besides, it is a commonly accepted matter of professionalism to include your name on a paper.

Change the margins and line spacing on a paper to make it seem bigger.  This is ugly, obvious, and makes your paper hard to read.  Word processors make it trivial to figure out how many words you’ve written, so messing with the formatting just makes it look like you’re trying to pull something hinky.  And it won’t work.

Ask for an extension after the assignment is due.  Whether or not an instructor chooses to accept late work is a personal choice, and it is worthwhile to find out at the beginning of the term if yours will do so.  Even if they say they won’t, it doesn’t hurt to ask if you find yourself in a tough position.  However, your request for an extension has to come before the assignment is due, and preferably a few days before.  If you wait until after the deadline all you’re doing is letting the instructor know that you’re lazy and want a break.  If you do it before the deadline then you’re demonstrating that you’re proactive and want to do well in the class despite whatever issue it is that is preventing you from getting the work in on time.  Also, have a reason.  Again, if life circumstances are getting in the way it’s worth it to mention this, but simply state the facts and move on.  Don’t expect sympathy.  Hope for it, but don’t expect it.

Wait until the last week of the class to worry about your grade.  The evaluation of student performance in any university class is a negotiation.  Throughout the term your work is being graded as part of a batch alongside your classmates’ work, and it is not your instructor’s job to look for every opportunity she can find to improve your grade.  If a paper is missing or a test was graded incorrectly, your instructor is not going to be the one to figure it out.  Throughout the term you should be monitoring your grades carefully, and when something doesn’t look right or if an assignment is missing you are the one responsible for bringing this up.   If there is a flat-out error there should be no problem with changing the grade, but even if there is something that you disagree on it is worthwhile to make your case.  Just don’t do it at the last minute when your instructor is facing a pile of final projects to grade and a ton of paperwork to complete.

Ask your instructor for help with your computer.  Even in technology courses your faculty are typically not the best resource to call on when your computer starts acting weird.  They don’t have the time to give your problems the attention you deserve, and therefore you may end up frustrating both your instructor and yourself pretty thoroughly before coming to a solution.  Your school has IT resources that you should learn about right away, so find the help desk number and call it.  Keep in mind though that if your computer problems are preventing you from doing your work you should definitely notify your instructor to make them aware of the situation.

Complain about all the writing / reading you have to do.  This is especially true for online courses, where the best way for an instructor to measure your performance is through written assignments, and the easiest way to get information into your head (although not always the best way) is to assign reading from a textbook or from articles.  Whether the class is online or offline, the written word gives you a chance to really demonstrate what you’ve learned.  You can tie together ideas, refer to things that have happened in class, and generally show off how big your brain is.  It’s also a good way for an instructor to tell if you didn’t get it.  Complaining about how much you have to do is futile, since no instructor is going to eliminate assignments just because you think there’s too much of it.  Further, your instructor is not going to have any sympathy because for any assignment you have to write, he has to read 20-30 submissions and try to grade them fairly.

Explain your rights as a consumer to your instructor.  It’s true that higher education is a kind of consumerism, since you are paying tuition in order to receive something in return.  What you’re paying for is not a grade or a good time, however.  You’re paying for a seat in a learning experience, and nobody in the university outside of the admissions office believes that ‘the customer is always right’ applies to teaching.  Don’t get me wrong – you do have the right to be treated fairly and to receive good instruction.  You do not, however, get to choose the terms under which that good instruction takes place.  Education is not entertainment, and there are many, many ways in which it can take place.  The tuition you pay supports an organization that works very hard to create knowledge and to find the right ways to deliver that knowledge to you. Students have to trust that organization to know what it’s doing.  You have the right to drop out and move on to another school, but you don’t have the right to demand that anyone change the way they run their class.

Copy and paste.  Of course I don’t have a problem with you using the copy and paste functionality of your computer to move text around.  What you absolutely should not do is use copy and paste as a means for writing your paper.  It is really, really easy to fluff up your paper by copying ideas from external sources, and it’s not too hard to make yourself feel better about this by re-arranging a few words so that things aren’t entirely word-for-word.  It doesn’t matter, because doing this will cause you problems.  There are four things you need to know:

  1. Your instructor can copy and paste too, and they will often copy passages from your paper and paste them into Google, quickly popping up your source and proving you to be a cheater.
  2. It’s not hard at all for an instructor to tell the difference between your style of writing and that of a professional writer.  Try grading a few hundred pages a term and you’ll also find that it’s easy to tell when a paper says something the student clearly would not say themselves.
  3. Copying and pasting text typically includes formatting marks, and when an instructor sees a paper changing fonts, colors, and text sizes mid-stream it might as well be title “This Paper Is Plagiarized.”
  4. The consequences are too great.  Remember that ‘academic integrity policy’ that was mentioned in the syllabus?  Faculty are trained very carefully in how to respond to instances of plagiarism and cheating, and many will jump at the chance to put that policy to work.  If you get a zero on the assignment, you’re getting off easy.  It’s not uncommon for students to fail a class entirely and even be booted from the school for plagiarism.  Wouldn’t be better to just do the best you can and accept the B or C if you aren’t totally comfortable with the material?