The impending XP-ocalypse – Take Action!

November 17, 2013 3:19 pm

The November 2013 issue of CVu (link available to accu.org members only, sorry) has an article from Silas Brown (The Windows XP Threat: A Call to Action), calling people to do something about the problem we all will face when Microsoft stops issuing security updates for Windows XP after April 8, 2014.

The article has a little code snippet that will insert a time-left countdown and message on a website, asking people to replace the operating system on their PC with something other than Windows XP (since XP systems are quite old by now, Linux is suggested as the best alternative). I wanted to take action as well, so I looked around for a plugin to WordPress that I could use. I didn’t find one that was custom-written for precisely this purpose, but what came close was the Linux Promotional Plugin, which is aimed at anyone running Windows or Mac, and encourages them to switch to Linux.

I took some time to understand how the plugin code works (at a shallow level of understanding; just enough to be able to make changes), and found that it was pretty easy to make the changes I needed for my purpose. I even found a small bug while I was at it and sent a note about it to the original plugin author.

The plugin is now live on my blog and has the modifications I made. If you’re interested in using it, you can download the modified plugin, and re-use what you want. It might be useful to use a diff tool to see what changes I made. That might help you adapt the plugin to your own needs more quickly.

I used Internet Explorer’s “F12” Developer Tools to test my changes (modifying the user agent string). Here’s what people on Windows XP will now see when they visit this blog:

image

Silas points people to a Microsoft blog post for motivation, and quotes a particularly relevant passage, so I’ll repeat that here as well:

When Microsoft releases a security update…criminals will…identify the specific section of code that contains the vulnerability…develop code that will allow them to exploit it on systems that do not have the security update installed on them.  They also try to identify whether the vulnerability exists in other products…if a vulnerability is addressed in one version of Windows, researchers investigate whether other versions of Windows have the same vulnerability…the Microsoft Security Response Center…[releases] security updates for all affected products simultaneously…But after April 8, 2014, organizations that continue to run Windows XP won’t have this advantage over attackers any longer.  The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities.  If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP.  Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a “zero day” vulnerability forever.

Do not be the person who ignores this problem! Take action, whether that be replacing XP with Linux, finding someone to help you with that, or just taking the computer off the Internet!

Slack is to your organization as sleep is to your body

October 17, 2013 12:48 am

This is just to collect a few thoughts I had on June 28, 2013 to make them easier to find and refer to. This tweet started it: https://twitter.com/GeekTieGuy/statuses/350639064703176705

Here is what the next few tweets summarized:

Slack is to your organization as sleep is to your body: time to regenerate and be inspired by dreams and wake with new energy.

What happens when we deprive the body of sleep? We become manic, disoriented. We diminish our capability to be creative, we go insane.

What happens when we deprive the organization of slack? It becomes reactive, haphazard, brittle, overloaded, unable to think.

I recently led a session at Agile Open California with this same title. It was interesting to a few people, and I was sure I’d blogged my expanding tweets, but I apparently hadn’t. Fixed that now…

nVidia nForce 430 (MCP51 / RTL8201CL) and SME Server 8.0: working!

September 1, 2013 8:04 pm

Lately, my home network started showing more and more signs of aging. Accessing websites was erratic, whether via wired computers or wireless devices. WiFi clients (which for some reason have almost exploded in number over time) couldn’t reliably connect, causing shouts of “Daddy, the Internet is down!” with regular occurrence, coming from various bedrooms. Something had to be done. And what better time for that than Labor Day weekend!

The last time I had undertaken a similar venture was at the end of November 2006. Shortly thereafter I started preparing for the next time this would need to happen. Well, here we are… I had set aside a pretty neat “mini” system and found the necessary half-height network card for it (SME Server systems need two network cards to act as server/gateway on a network). I had even installed SME Server 7.5.1 in preparation for the eventual migration (the newest version at the time). Unfortunately I never found a way to make the on-board network card work, so the machine just sat on the shelf for a few years, until now.

 

Transferring data from the old system's drive

The trick to making the on-board NIC work was to grab the RHEL 5 driver from nVidia’s site. Extensive searches (based on the “Onboard LAN” information on the motherboard information page) led me to this thread, pointing me to an older version of the driver. From there it was just a small hop to the most up-to-date driver package. The trickiest part was getting it onto the new system’s hard drive before hooking it up to the network. I found a USB flash drive, FAT formatted it, copied the driver to it, and then got it mounted on the SME system. Quite a refresher on working with Linux command-line programs!

Once I had the driver installed (rpm –ivh nvlan-rhel5-0.62-1.25.i686.rpm) and the system restarted, I was able to run through the SME configuration with dual NICs to make the system a “dedicated server gateway”. I was a little worried that it might not pick up an IP address from my cable provider, but I just needed to restart the cable modem as well, and after one more reboot (I think), everything was back up and running. Luckily I had given the new system a non-colliding internal IP address way back when I set it up the first time. It was a snap to set the range of DHCP addresses to a non-overlapping set.

To complete setup, I had to re-create user accounts, ibays, domains served, VPN access, etc. I also needed to install the latest updates to SME Server 8.0 and the two “contribs” I consider essential to SME Server: AWStats and Sme8admin.

All that was left now was moving the data off the old system. I started out doing that over the network, but it became clear that the old system was truly on its last breath. So I decided to shut it down and hook the old drive up to the new system via the USB bridge you see in the picture above. There were about 20 GB to copy, so it took a while. Once it was done (including historical web server statistics data for AWStats), there was still some work with setting the right permissions on files and directories.

But now it’s all done, and the new machine is humming (quietly) in the spot where the old system used to live!

To round out this tale, here are the traditional “nostalgia” shots of the decommissioned hardware:

Note the power supply off to the side    A look inside the old system    Under the power supply    NICs in the back

One thing I had completely forgotten about is that I had put quite a bit of work into trying to make the old system as silent as possible. As you can see from the first picture, I had taken the power supply out of the system and put it on some pieces of vibration-dampening synthetic foam strips. In addition I had mounted the hard drive using various pieces of professional grade foam strips:

Green and yellow foam    Yellow foam and mounting pads

Luckily the new system was designed for quiet operation, so it didn’t need any extra work. It’s amazing how much quieter it is – I can hardly tell it’s on right now!

A surprise in the 2013 Scrum Guide?

August 4, 2013 10:45 pm

I was looking at the updated 2013 Scrum Guide, and because of some questions that have come up at work, I looked at how much time the guide suggests as the upper limit for various Scrum meetings.

The four larger meetings look like this in the scrum guide:

Planning: 8 hours per month
Review: 4 hours per month
Retrospective: 3 hours per month
Refinement: no more than 10% of available capacity

That last one was a bit of a puzzler to me. How much would that be if expressed in hours, like the other meetings?

If we call “a month” 30 days, and each day 8 hours, we end up with 240 hours per month. Translating to percent of time we arrive at:

Planning: 3.33%
Review: 1.67%
Retrospective: 1.25%
Refinement: no more than 10% of available capacity

Turn that back into hours on a two week sprint (80 hours) and you get:

Planning: 2.67 hours
Review: 1.33 hours
Retrospective: 1 hour

And the kicker (after subtracting the three meetings above from 80 hours, leaving 75 hours):

Refinement: no more than 7.5 hours, assuming “ideal capacity”

This was a HUGE surprise to me. Actually a happy surprise! I’ve heard over and over from scrum teams I work with that clarity on what to build is the biggest problem they need to work on. So the good news is that the official Scrum Guide recognizes that it’s okay to spend up to 7.5 hours or so (in a two week “ideal” sprint) on refinement activities, which to me include improving clarity on what to build. I only wish it hadn’t been expressed in %-of-time.