September 5, 2012 2:00 PM
Posted by: Denny Cherry
, Social Commentary
, SQL Server
Back on August 28th another ITKE poster wrote a blog post titled “The elephant not in the room” in which they talk about how if you want to work in IT in the future you better plan on working at one of the big cloud providers or you better be a programmer. I’ve got one simple response to this.
While it is true that a lot of companies are moving SOME services to the cloud, most companies are not looking at moving every service to the cloud. Even if they wanted to move everything to the cloud so that Amazon, Rackspace, Microsoft (Azure), etc. could handle the managing of the servers there are some things which will simply never sit in the public cloud. Here’s a short list to start with…
- Medical Data (there’s this thing called HIPAA that requires you know who has accessed the data)
- Confidential data
- Any customer data from companies in Europe
- Most legacy applications which contain personally identifiable information
There are also plenty of services that IT provides that simply can’t be replaced by the cloud. This includes things like:
- Network infrastructure at the office
- DHCP, DNS, Authentication, etc. services at the office
- Telecom Services
- File Servers
- Account provisioning in what ever applications are running in the cloud
Even when services are moved to the oh so magical cloud there are still plenty of non-code things that need to be done by someone who works for the company who’s application will be hosted by the cloud.
- Virtual Machine Architecture (remember when Amazon’s EC2 had that little problem with some of the groups going offline?)
- Application deployments (separation of duties is still a SOX requirement when applications are in the cloud)
- Disaster Recovery planning (realistically how would the business have reacted during that EC2 outage?)
- Disaster Recovery testing (if you plan for a disaster and don’t test the plan, you’ve got nothing useful.)
- Scaling applications (not everything automatically scales like they marketing material says)
- Moving applications from one cloud provider to another (if I can save $10 a month by moving from EC2 to Rackspace for example, why shouldn’t I)
- Database Index Tuning
- Server Patching
On top of all of that, there’s other risks with moving everything that runs a company into the cloud. Now that you no longer own the servers you can’t control what the other servers are running on the physical hardware. So if that tier 1 application that requires millisecond response time isn’t getting it, there’s basically nothing that you can do. And what happens where there’s an internet outage at the office and your employees can’t access the software they need to do their jobs? Suddenly the savings of moving that tier 1 application to the cloud wasn’t the greatest plan.
Now there are definitely benefits to moving SOME application and services to the cloud, but the thought that everything will move to the cloud and if you want to stay employed you better learn how to write application code, is total crap.
August 22, 2012 3:00 PM
Posted by: Denny Cherry
, Windows 8
As I’m as MSDN subscriber I was able to download Windows 8 from the MSDN website on August 15th and get it installed. At this point I’ve upgraded all three of my machines so I wanted to give you a review of what I like and don’t about the new OS. Before I go on I’m not going to bitch and moan about the new start menu (or lack of a start menu). I’ve been using Windows 8 as a beta or test version on at least one machine for months now, and I’ve been using only the Windows 8 beta versions for about 6 weeks so I’m used to the new start menu. Once you get all the useless icons that you’ll never use off of the start menu (by right clicking on them and then clicking the “unpin from start” button at the bottom) it makes things a lot easier.
Do keep in mind as you read this, I’m not a PC gamer, so I’m not pushing my systems to 100% all the time. I’m a normal IT worker so I’ve got a bunch of pretty random apps installed but I don’t push the systems to their limits at all. Also I’ve got SSD drives in all the machines so the disk speed isn’t a bottleneck.
The first thing that you’ll notice with Windows 8 when you log in is that the interface has changed a bit from the beta versions and Windows 7. The default theme is more “metro styled” with white borders around all the applications instead of the more translucent borders that there were in the Windows 8 beta and preview releases.
From a day to day usability perspective I haven’t really had any problems with Windows 8. I got really lucky on the driver side of things as both my laptops and my desktop were fully supported. I’m still waiting for HP to get around to getting updated drivers but that isn’t suppressing. As Hyper-V is now a feature of Windows 8 you can simply create a Windows XP Virtual Machine (you’ll need a Windows XP license and install media for this) to install the HP scanner software (for example) so that things like your HP scanner work. Windows 8 did a great job of finding my network printer and installing and configuring it automatically for me.
All of the things that I need to do on the machine I can do easily. There’s a few annoying things to get used to, like you can’t hit the Windows key on the keyboard then control panel as it isn’t there any more. The easiest thing to do to get into the control panel is to open My Computer then click the computer tab at the top, then click the “Open Control Panel” icon.
Most of the old keyboard shortcuts from Windows 7 and earlier still exist. In fact there’s a list of keyboard short cuts available here.
So far I haven’t really had any major application compatibility issues to speak of. The big annoying one was the Cisco VPN installer (big shock I know) which would either crash, or crash the machine (usually the machine). The fix was pretty easy, just run the installer in Windows 7 compatibility mode. After that there’s a registry key that needs to be changed manually to get it to work (talked about here). The key that needs to be fixed can be found at HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CVirtA. Change the DisplayName key to either ”Cisco Systems VPN Adapter” or “Cisco Systems VPN Adapter for 64-bit Windows” (depending if you have a 32bit install or a 64bit install).
The only other issue that I’ve run into so far is that the VMware vSphere management tool doesn’t allow me to view the desktop of the virtual machines as there’s some conflict probably with Visual Studio (which is a requirement of the full SQL Server 2012 tools). So far I haven’t been able to find any solution to this problem in the long term. Some have reported that reinstalling vSphere fixes it, but that hasn’t worked for me yet.
The other applications which I use on a daily basis have been working pretty smoothly. Things like the Windows VPN, IE, FireFox, SQL Server Management Studio, Office 2010 and 2013 beta, QuickBooks, Skype and VMware Workstation all appear to be working together without an issue at all.
One thing that I have noticed is that when copying files between machines is much faster when doing Windows 8 to Windows 8. So doing things like backing up my VMs from one machine to another is very quick.
When it comes to battery life I’ve had a pretty good experience. It seems like Windows 8 is less CPU intensive than Windows 7 was so my battery lasts a little bit longer than it did with Windows 7.
Windows 8 has a really nice file transfer dialog box (shown below) which makes it a lot easier to figure out what’s going on with file transfers. If you start up multiple transfers they will all be stacked into one window, instead of having lots of different windows one for each transfer.
Over all I’ve been pretty happy with Windows 8 (I must be as I upgraded to it on day 1). Give it a try. I admit that the start menu and other changes will take a little getting used to, but there’s no way around them as I’m guessing that they aren’t going anywhere any time soon.
August 19, 2012 12:46 AM
Posted by: Denny Cherry
, The Ada Initiative
, Valerie Aurora
This was reposted from The Ada Initiative http://adainitiative.org/2012/08/defcon-why-conference-harassment-matters/ written by Valerie Aurora. They get all the credit for this, not me.
This weekend was DEFCON 20, the largest and most famous hacker conference in the world. I didn’t go to DEFCON because I’m a woman, and I don’t like it when strangers grab my crotch.
Let’s back up a little bit. DEFCON is a stellar computer security conference, attended by famous computer security experts, shadowy government “spooks,” creative hackers of all sorts, and the journalists who write about them. I first attended DEFCON in 1995 as a gawky 17-year-old. DEFCON 3 was just a few hundred computer security experts wearing black leather jackets and milling around in a ballroomat the Tropicana Hotel in Las Vegas.
The author’s first DEFCON badge
That weekend I learned about Kevin Mitnick getting hunted down by the FBI, war-dialing for modems, and the existence of the Internet. I met a guy with long red hair named Dan Farmer who had written a program called something like EVIL, or SATAN, I wasn’t sure which.
I was so inspired by the fascinating, brilliant, frequently leather-clad people I met at DEFCON 3 that I became a computer programmer. I still have my first DEFCON badge, a cheesy purple and white laminated number with only my first name – at age 17, I wasn’t about to to give my full name to a conference full of hackers!
Fast forward 17 years to DEFCON 20. Every time I read about something cool happening at DEFCON, I wanted to jump on the next flight to Las Vegas. But I didn’t, because of my own bad experiences at DEFCON, and those of people like KC, a journalist and student in San Francisco who wrote about attending DEFCON 19:
Nothing could have prepared me for the onslaught of bad behavior I experienced. Like the man who drunkenly tried to lick my shoulder tattoo. Like the man who grabbed my hips while I was waiting for a drink at the EFF party. Like the man who tried to get me to show him my tits so he could punch a hole in a card that, when filled, would net him a favor from one of the official security staff.
Or the experience of one of my friends, who prefers to remain anonymous. At a recent DEFCON, while leaning over to get her drink at the bar, someone slid his hand up all the way between her legs and grabbed her crotch. When she turned around, the perpetrator had already disappeared into the crowd.
My own stories from DEFCON seem tame compared to what these women went through, but I couldn’t take the constant barrage of sexual insults and walked out halfway through DEFCON 16, swearing not to return if I was going to be harassed like that again.
Unfortunately, DEFCON isn’t unusual among hacker conferences. Similar stories about Black Hat, HOPE, CCC, and others are also common. Sexual harassment at other computer conferences often appears unintentional, but at hacker conferences it’s often clear that the perp is doing it on purpose, and enjoying the hell out of it. As a woman, it’s hard to justify attending a hacker conference when I can go to an academic computer conference and get treated like a human being most of the time.
Why harassment matters
At this point, some of you are thinking, “Well, if DEFCON is so bad for women, women just shouldn’t go. Who cares?”
As KC puts it, “Defcon is also many wonderful things. It is a fantastic environment to learn, network, and connect with friends old and new.” There’s a reason that I attended DEFCON five times before I quit. DEFCON and other hacker conferences are popular for all the reasons that conferences exist at all: learning new things, meeting people in your field, improving your reputation, finding jobs, and making new friends.
I’ll start with the most obvious benefit of attending DEFCON: jobs. Did you know that Twitter is recruiting computer security experts at DEFCON? So are Zynga and the NSA:
Twitter, Zynga, and the NSA are only a few of the companies and government agencies that consider DEFCON prime recruiting ground for experts in all sorts of areas: network security, operating systems, robotics, surveillance, electrical engineering, intrusion detection, and anything that communicates via electromagnetic waves. When companies recruit at DEFCON, and women aren’t at DEFCON, both the companies and the women miss out.
But how do you become qualified for a computer security job in the first place? Computer security isn’t very well documented, or taught in any depth in most universities. After my first DEFCON, I knew to sign up for the DEFCON mailing list, read the 2600 magazine, and check out a copy of the UNIX Systems Administration Handbook from the computer center library. When I got a computer account at my university, I logged into the UNIX workstations instead of the Windows machines because I knew UNIX was what hackers used. I poked around UNIX until I found files I couldn’t read and commands I couldn’t run, and then I started reading manuals to understand why. I eventually became a worldwide UNIX file systems expert – all because I went to this obscure little conference in Las Vegas in 1995.
For those women who work or want to work in a computer security related field, conferences like DEFCON are the best chance to meet influential people in the field. Take Bruce Schneier, a professional speaker and the author of “Applied Cryptography” (known outside computer security for coining the term “security theater” to describe TSA security measures). I met Schneier at DEFCON 6, when I made a joke that he reused in his talk a few minutes later. The DEFCON speaker list is a who’s who of modern digital glitterati – and in a strange twist of fate, now includes the Director of the NSA.
Giving the right talk at DEFCON can make your entire career and net you dozens of offers for jobs, contracts, and book deals. DEFCON is good for hands-on learning too: For example, every year teams of security experts compete in contests like “Capture the Flag” to show off their skills and learn from each other.
Finally, everyone at DEFCON benefits from more women attending. Women “hackers” – in the creative technologist sense – are everywhere, and many of them are brilliant, interesting, and just plain good company (think Limor Fried, Jeri Ellsworth, and Angela Byron). Companies recruiting for talent get access to the full range of qualified applicants, not just the ones who can put up with a brogrammer atmosphere. We get more and better talks on a wider range of subjects. Conversations are more fun. Conferences and everyone at them loses when amazing women don’t attend.
When you say, “Women shouldn’t go to DEFCON if they don’t like it,” you are saying that women shouldn’t have all of the opportunities that come with attending DEFCON: jobs, education, networking, book contracts, speaking opportunities – or else should be willing to undergo sexual harassment and assault to get access to them. Is that really what you believe?
Is change coming to hacker conferences?
Back to KC:
I know I’m not alone in being frustrated with the climate at Defcon. Last year at Deepsec in Vienna, I met a fantastically intelligent woman developer who flat out refused to attend Defcon because of interactions like those listed above. I can think of countless other women I know in the tech industry who are regular Defcon participants and speakers who are just as fed up with this crap as me. I wonder why we’ve all been so polite about such an unhealthy atmosphere.
KC stopped being polite, and started doing something about the sexist atmosphere at DEFCON: she created the Red/Yellow Card Project. She got the idea from a joke a rugby-obsessed friend made after she complained about sexism at DEFCON, suggesting that she hand out red and yellow penalty cards to people making sexist comments. She designed and printed the cards and distributed them at this year’s DEFCON, with mixed reception. Some people vehemently objected, but others loved it. DEFCON founder Jeff Moss offered to pay for the printing costs of the cards.
How the Ada Initiative is changing conferences
The cards are a hilarious way to raise awareness of the problem of brutal sexual harassment at DEFCON and similar conferences. Unfortunately, it will take more than raising awareness to make hacker conferences safe for women. That’s one reason why I quit my cushy computer programmer job and co-founded the Ada Initiative, a non-profit supporting women in open technology and culture. Our scope includes open source software, open hardware, and open data – all of which are major parts of hacker conferences like DEFCON.
The Ada Initiative’s first project: an example written policy that bans harassment at conferences, sexual or otherwise, of people of all genders. Organizers for literally hundreds of conferences have adopted some form of this policy, including open source software conferences from Linux to Python to Git, the world’s largest Wikipedia conference, Wikimania, and a plethora of others including gaming cons, open video conferences, science fiction conventions, and even skeptic/atheist meetups.
The policies aren’t just empty words; several conferences have enforced their policies successfully. Many conference organizers have told us that they had record women’s attendance after they adopted a policy aimed at reducing harassment (and often higher overall attendance as well). One conference organizer said that the first year they worked hard to invite 30% women, everyone enjoyed the conference so much more that they’ve done it every year since. When women feel welcome at a conference, everyone enjoys the conference more.
A call to action and a challenge
We’re waiting to hear about the first hacker conference to adopt a specific, enforceable, well-planned policy protecting women from harassment – and then we’re going to promote the hell out of it. Will it be HOPE? CCC? DEFCON? Whichever hacker conference is first will get dozens or hundreds of new attendees, women and everyone else, too. If you want this to be your conference, and you want help designing and implementing a policy, email us at email@example.com.
Updated to add on August 6, 2012: BruCON, a computer security conference in Belgium, is the first conference to meet our challenge! BruCON 2012 will be in Ghent, Belgium, on September 24-25, 2012. See their policy here and keep an eye out for related posts on our blogs. We will continue to update the list of computer security and hacker conferences with specific, enforceable policies preventing harassment on the Geek Feminism wiki.
If you’re not a conference organizer, you can help too! We’ve created a list of actions to take to support policies preventing harassment at conferences, all field-tested for effectiveness. To name just a few, you can publicly request a policy by blogging or tweeting, organize a community petition asking for a policy, and when speaking, make your appearance contingent on a policy.
Finally, if you like the work that the Ada Initiative is doing, you can support us by joining our announcement mailing list or donating to support our work for women in open technology and culture (we’re a tax-exempt non-profit charitable organization supported by donations).
 The precise meaning of the word “hacker” has been the subject of furious debate for at least 30 years. Suffice to say that in this post it does not mean exclusively “person who breaks into computers” and it includes people who experiment with computers and hardware for curiosity’s sake.
 Kiwicon is a hacker conference that has a (hilarious) Code of Conduct:
Kiwicon attempts to be a relatively informal conference where all members of the hacking community can come together over one weekend. Individuals intent on sprinkling fetid douchenuggets over the ice-cream sundae of anyone else’s enjoyment may incur penalties, reprisals or sanctions at the discretion of the Crue. In other words, the Crue reserve the right to kick you out, own your boxen and publicly shame you if you’re being an idiot.
However, our (rather extensive) experience with harassment at conferences is that policies don’t work unless they are specific about what isn’t allowed, for many reasons. Often the people doing the harassing believe that their behavior is acceptable at that conference, so unacceptable behavior has to be spelled out or people will keep doing it. Plus, specifically listing unacceptable behavior is often enough to stop it from occurring at all. People who are nervous about attending the conference can’t tell what the organizers consider harassing behavior and don’t know whether the organizers will back them up. Finally, it’s simply inconsiderate to tell your attendees that they can get kicked out of a conference if they behave badly – and then not give them some idea of what you consider bad behavior. See the example policy guide for more details.
Additional reading can be found at the original author’s post.