So it has been a while since my last on linux as my main box, I’ve really basically just been using Linux every day. After getting past some of the usability issues with DVDs, movies, mp3s, and other media, I’ve definitely settled into a nice rhythm with Ubuntu.

My biggest issue lately has been my external firewire drive which is NTFS. Since I run Ubuntu on my laptop, and laptops shouldn’t be tethered to anything except a mouse and power, I decided it was in my best interest to stop wrestling every 4 days with Ubuntu vs NTFS (which typically I did get to work…until unplugging and replugging the drive back in and trying to remount- Nautilus is very picky and whiney), and just plug the drive into something on my network that is on all the time and likes NTFS much more (Windows). I now quite easily just smbmount over the network when I want. The added benefit is my other systems can get on it now as well.

Other than that, I’ve become very happy with my Ubuntu installation, which is kinda illustrated by the fact that I’ve not booted into Windows on this laptop since the last update a few months ago. I do cheat, however, since I have other boxes including a slightly less-powerful laptop running XP, but I definitely give Ubuntu my daily tasks. The XP box is just there for misc things and other Windows programs. Heck, I’ve even taken much more to cygwin on all my Windows boxes.

Will I stick with Linux? Yeah, I will. The reasons remain the same, though:

1) Tired of paying for an OS license at home.

2) I want much more practice with foundational Linux tools.

3) I really like being familiar with a Linux box day-to-day in addition to just knowing how to use the apps. I feel much more flexible this way. (And it adds to my skillsets.)

Will I fully ditch Windows? Never. I have older machines that love my Windows 2000 installs. My other good laptop and gaming rig both have Windows XP. And as long as my job involves any semblance of Windows, I’ll do my best to keep up with it. And Windows will always remain my backup boot option.

My goals moving forward this year in regards to Linux:

1) Become intimately familiar with BackTrack. Also adopt a couple other Livecd distros for flexibility sake. Likely Auditor, Helix, Trinity, or something related… Livecds are just too cool when it comes to laptop use.

2) Become more practised with a wider range of tools for Linux. The only difficulty here will be delving outside Debian/Ubuntu-ready packages and tracking down my own dependencies with things not in Synaptic. I might just use an older laptop as a test bed so I don’t screw up my main box too badly. I might even look into FreeBSD.

3) Start getting familiar with running a Linux server and replacing Windows as my main server. I might look to something beyond Ubuntu for that, and might just run it from the command-line as well. This is definitely more of a “maybe by the end of the year” sort of goal.

One of the failings of blogging, especially its use for education, is how unsupportive it is to dialogue. Yes, there are comments, but once I leave a comment somewhere, it is a crap shoot whether I ever get back there to see any further dialogue or rebuts or agreement. Fire and forget, most of the time. Sometimes I’ll post a question and check back later, but mostly I don’t and mostly I just plain forget. I also don’t look at posts later on to see if what the author said was BS and spoken-to in the comments. I have to take posts largely at face value. How often have I posted on a Bruce Schneier topic that tends to have plenty of feedback, only to never look back at that particular comment thread again?

Forums promote repeated dialogue until a topic has run its course and slowly melts back down the priority list, replaced with newer topics. A regular reader/contributer can, in this way, watch discussions she may be interested in until they naturally conclude. Mailing lists are similar. IRC is somewhat the same way, as interaction and discussion occur right away. While those that idle don’t typically re-read old logs, at least discussions at the moment have some give and take.

Running one’s own blog is a bit of an exception, as here I tend to be able to see each and every comment posted, and thus have my full run of any dialogue. But how can one really capture this for readers? Email notifications on comment replies help, but only when one has already commented on a post. Anything not commented on gets no continuation. In that case, it behooves me to comment on every post on those blogs. Setting up an RSS feed for comments is another nice thing. Ha.ckers.org does this, but I have to admit there is no real kind way to present them. New comments on old posts get thrown into the middle of new comments on new posts, which really muddies the waters of trying to follow any sort of continuity. But for anyone who diligently reads the feeds, this can be an effective, if jarringly annoying, way to keep up. The author can re-post the articles based on comments and responses, but this just perpetuates the cycle until no comments are left (or all the readers have left!).

So what is one to do? Well, slowly I’ve been moving back into IRC and I want to get back into forums as well. Blogs have their high points, but unless one is a real fan of a particular blog and sticks around a lot, RSS feeds are just best suited to scatter-shot news posts and catching the latest releases in podcasts or tools than for real educational dialogue.

I think this is also why I maintain my blogs more like personal journals (and I prefer the term journal to blog), where the only real reader I’m looking to keep informed is me. Letting out my own ideas, thoughts, and otherwise documenting my own life and knowledge. *shrug*

I recently used a Christmas gift card to get a device that I’ve wanted even when they were twice the price I got it for: the Harman Kardon Drive+Play at $99 in Best Buy. This little guy allows me to plug in my ipod in the car and listen to it on my stereo system. Since my Infinity factory system does not support playing of mp3s off a data disc nor does it have any audio input options (either on the faceplate or even in the back), I can’t use the Drive+Play’s audio input, but I can quite happily use the FM tuner to get usually decent quality music. It is quite a lot better than no ipod or having to burn limited-length music cds. So now I have two dashboard gadgets, my RoadyXT XMRadio unit being the other.

What does this have to do with my blog? Well, while scrolling through my playlists on my ill-organized ipod (thanks to Linux and my collection growing well beyond the 20GB limits of my ipod) I saw a Podcast playlist but no Podcasts. While my work commute during the day is only about 10 minutes max, I still see the benefit to rekindling my habit of listening to more podcasts since I do like driving. So I’m going to see if I can get back on the wagon on a few choice podcasts and listen up more often.

As always, I’m also cleaning up some more external links from the menu and putting them here into a post so that I can reference them later if I ever need to. Someday I need to evaluate whether I want all those “resources” to remain here or be moved to the wiki.

Don Parker writes for WindowSecurity.com. While this sounds promising, the articles and writing seem more geared to a nearly complete newbie, with almost no indept analysis or contribution beyond the surface. OntheFirewall doesn’t really get updated much. I’m not sure who Sid Stamm is, so I likewise don’t know why I should keep him. And also removing Mr. Belva at bloginfosec, even though I look forward to seeing how virtual trust moves forward. It’s just beyond me right now since I am neither an analyst nor any sort of manager.

I am looking to get my Security+ certification this month. Is this cert below me? Yes, no doubt. Is it nonetheless good for my resume? Yes, again no doubt. And at a one-time cost of about $200, CompTia certs are a real no-brainer and if I ever get beyond them on the resume, I can just leave them out.

For the past couple weeks over lunch I’ve been slowly paging through the latest edition of Exam Cram’s Security+ Practice Questions. I’d buy the book, but I don’t think I need to. I just do a few dozen questions every day. I’m glad I did it this way too, because some of the questions are poorly worded and even more poorly laid-out. As an example, in the section Retention Policy, the answer to the single question in the section is, yup, Retention Policy. Great, I learned a lot there! There are frequent blatant mistakes as well, despite this being at least the 2nd edition of the book. The one I was using was a 2006 release.

In the end, though, I did learn enough. I learned that I need to definitely review the Cryptography domain of the material. I probably could have said I was weak in that section before paging through this book, but at least now I know I know the other sections pretty well. Hopefully by the end of this month, I will have at least taken the Security+ exam once (yeah, I know, I’ll likely pass but I don’t typically get my hopes up on tests, despite a very good track record with them from school/college).

The hidden benefit to this cert is it is, in my mind, a direct precursor to the CISSP which I also qualify for and should be getting sooner than later. Likewise, my weakest area in the 10 domains would be Cryptography.

The condition of a military force is that its esential factor is speed, taking advantage of others’ failure to catch up, going by routes they do not expect, attacking where they are not on guard. -The Art of War, Chapter 11: The Nine Kinds of Terrain

Sorry Dan, but I already played that game once. However, I will just add two more things. First, I used to have eyesight bad enough that it was measured in feet. My parents gave me lasik surgery as a Christmas gift a few years ago, and now I don’t need glasses. Second, I spent my first 2.5 years in college in the Environmental Science program taking chemistry, biology, calculus, genetics, physics classes.

This week will by my first week “on call” at my latest job. I’ve avoided the task for about 8 months now, but this week the pressure is on! One of the unfotunate aspects of this job is the apparent attitude of the rest of the team that I should have been born with all the knowledge needed to do this job. I find little as frustrating as being thrust into an important role where you either attempt to do things yourself at the risk of possibly affecting critical systems or wait for some decent training. While I don’t mind self-starting, I do mind when there are innumerable ways to build a server (anywhere from just setting it up and patching it to full NIST guidelines), but somehow I need to know the way they do it in-house from a cryptic checklist that makes sense only to people who have been through it multiple times. This has been my biggest frustration at this job, and one of four distinct reasons I won’t be staying entirely much longer. This morning I am figuring out how to put myself on call and get the necessary alerts on my phone.

I added a bunch of links to this page. While I still want to lower the number of total links, at least now my Google Reader list matches up with the links on this page. Not every site has support for an RSS reader, but at least now when I find something not updated in Google Reader or not really worth my time, I can remove it cleanly in both places and help manage my information uptake.

I have to continue poking away at and cleaning up links on this sight and in my rss reader that are not really worth my time.

I really hate to do this, but I have to stick with my gut. I like Bruce Schneier and his work. I think the world right now needs him; absolutely needs him. He is a necessarypundit. Ptacek put it well in predicting for 2007, “Schneier will not publish a single technical result this year, but I will read his blog anyways.”

I like his comments and his writing, and, as I said, the world needs him. But he basically keeps linking and saying the same things over and over. Yes, I know security is warped when it comes to the public and TSA. Yes, I know your commentors also have good responses and ideas. But I don’t need to read that every day or even every week. I really do get too much Schneier. I’m sure when he publishes very interesting things, I’ll hear about them from other places. (I also prefer his writing as opposed to short little posts that are just links elsewhere.)

I’m also currently evaluating the need for x number of IT/security analyst blogs. Quite honestly, analysts are quite a unique subsection of security bloggers:

– They tend to talk a lot and likely do very little. It is easy to make lists of best practices and give sage advice, but actually getting their practical advice into the reality of a business is a wholly different story.
– They tend to be right. All the time. If they speak it, you should believe it.
– They don’t typically reply on other people’s blogs. Instead, they reply on their own blogs to drive traffic back and forth between them.
– They are definitely a clique, where they all know each other, they all act like they’re friends, and they typically don’t listen to many people outside of that clique.
– Far too often they speak the obvious, make predictions that mean nothing right now, or repeat what others say (often within the clique).
– Have I mentioned that they rarely actually *do* things?

Yeah, I’m being pretty harsh and maybe a little bitter, but for me it all gets back to how I want to spend my time with blogs and research. Do I want to see the “Analyst Clique” repeat itself and argue with itself and pat itself constantly on the back in 5 places each day? Not really. I’m sure if I eliminated x-2 of the “Analyst Clique” blogs from my list, I’d still get all the important info linked back from those 2 I leave up, plus their commentary. Hopefully I can go through and remove some links this weekend. The hard part will be choosing one or two, because, despite my bitterness above, they all seem to write well, think well, and have some thought-provoking words here and there.

Yes, blogs are social networks, as are IM, IRC, and mailing lists. Michael over at MCWResearch tagged me. This means I’m supposed to reveal 5 things about me that few people know, and tag 5 other people to do the same thing. Well, I’m a party-pooper and typically delete chain mails so I won’t tag other people, but, I am a good sport so I’ll play along with the 5 revelations. Besides, it’s still technically “The Holidays” and I have a nice three-day weekend again. I will, however, post 5 links at the bottom that trace back the path this tagging has taken to get to me.

1. I regularly play World of Warcraft. I have a 60 warlock and 60 priest on Crushridge Alliance and a growing 30-something rogue on Terenas Horde. The warlock is my main and amassed 7/8 tier 2 and 1/9 tier 3 before I retired from high-end raiding about 5 months ago.

2. I used to get paid not only to play computer games, but to run online leagues and tournaments. I ran or helped run events for Quake 1, QuakeWorld, Unreal Tournament, some SegaNet stuff before they died, and even a live CPL event. I’ve also made money competing in events in Unreal Tournament ($2500 about 5 years ago in college). Sadly, little of this history is linkable anymore.

3. While you can see a picture of my car online, what you can’t see is my license plate (1NF0S3C or 1NFOS3C) or the black “hack the planet” sticker next to it.

4. I lost my virginity at ag…err, wait. I mean to say that I started authoring my own web site back in 1996 hosted at my alma mater Iowa State U. My college roommate and good friend taught me the ropes (i.e. he showed me how to View Source in IE and upload files to the server).

5. I don’t yet have the budget for a cat, but I do currently have some fish: 6 tetras and 3 corydoras. I plan to double the number of both after I clean up the tank a bit more and get rid of my snail problem. And I love to have bettas on my desk at work.

So, with that out of the way, I won’t pass the chain-letter on, but I will stick to the spirit by providing 5 links that led to me. MCWResearch got tagged by Michael Farnum. He got it from Ian Lamont who was sniped by Richi Jennings. And Richi was tagged by Ann Elisabeth Nordbo to start off this little 5-hit combo.

I typically make resolutions on my birthday as that is more meaningful than a new calendar year. But one late resolution I want to make came to me as I was migrating more of my posts over to this site, including a long list of tools that I’ve just never gotten around to looking at. For the past year or more I’ve been sponging up information like there’s no tomorrow, but I’ve been putting things into practice far, far less often than I should. And now that I have some spare systems sitting around, I need to put them to good use. So, I need to start doing and playing and tinkering with things and less just reading about it all. I’ve got the academic side of things down pat, and I realize that. Now I just need to do, make mistakes, screw up, fix it, move on, and overall learn stuff hands-on.

Of course, this has already begun now that I have upgraded my server and I have the infrastructure in place to keep my own notes on the things I try and experience. So I’m well on my way on this front, as long as life sees me still having enough free time to do things!

A lack of updates should be followed by a slew of posts after the first of the year. Right now I am porting over all my old Blosxom posts over to this site, flagging them to put in my “being built” wiki, or just removing them as I figure out how to best leverage my sites. I will say that I really enjoyed the simplicity of Blosxom, especially to use as a blogging/site tool without wanting a true database backend. It was very slick, simple, lightweight, and kinda fun to work with. Unfortunately, it is not quite as robust as a true CMS/blogger. Honestly, I think the worst part about it is just being locked into something a little different and non-mainstream. Over time, who knows if there will be new features or support, and I’d hate to find myself 4 years and 2,000 posts into the future with a huge migration project to something more mainstream.

Overall, though, Blosxom is awesome, and I hope someday I can possibly find a use for it.

I didn’t get to play with SpamAssassin yet, but I did get a lot of other little things accomplished this weekend in regards to my site. I installed hMailServer and ClamWin so that I could move my mail server over to the new box. In fact, I went a step beyond my plans and am using OpenSSL and stunnel to allow SMTP and POP over SSL so that I can check things remote from a wireless hotspot. I also moved my Ventrilo server over and did some housekeeping on my websites; busywork that I’ve been putting off for many months but that only needed to be done once to be done for good.

With all of that aside, I’m looking forward to SpamAssassin sometime this week or next weekend, and to work on my wiki site as well.

Every time I work on my sites, I get that familiar bug to learn up a new web language and get really good at it. I love reading people like Jeremiah Grossman and RSnake, guys whose web skillz I really respect and appreciate. But I do know that takes significant dedication and time, and I know that I can’t specialize in everything right now. Maybe someday I’ll have an opportunity to go down that road, either for my job or in my free time once I get other things under my belt. Anyone can learn web coding, but to do it well and know the little “expert” level tricks is definitely where I would want to be, and that takes significant time. Besides, right now, web technology is simply not securable anymore. Unless you want a fairly static site with little integration and scalability, security is just not possible these days.

As Adnan recently realized, I too am finding that I have too many links and news and blogs to read, which steals away my time. I am almost feeling like an analyst, talking and reading, but never actually doing anything. So I’m pruning some more links and RSS feeds. As usual, I’m posting the “death” list here, just so I can reference it again at some other later time.

I was going through this list and removing people and looking at sites, and it makes me kinda sad to remove some links and blogs, especially those to people who might still be around, but don’t post every day (or even week) or might make posts that I’m just not interested in. I got into using computers and stuff by being social online in AOL chat rooms, then later in IRC and forums. This culling of links saddens me because I know all of the authors and I share common interests and I love seeing how they present themselves online; in this sort of second world avatar image. Oh well, life goes on, and I hope it finds them all happy. Of course, with this huge list of outgoing links, someday soon I have a list of incoming links as well.

WBGLinks.net was originally a huge list of white, black, and grey hat links to many other topics and sites. It since has disappeared. Wintermute has also had little to say lately. Dam Kaminsky has excellent tools, presentations, and very creative ideas, but his blog is not the place to read them. He is easily Googled anyway. The guys at Checkmate only update once a month, and if they offer up something useful enough to read, I’m sure I’ll get linked to it from elsewhere. I always hoped TheSecure.net guys would come back and keep posting, but not only did they go on hiatus for a year, but their site is now gone.

Adminspotting had a fairly short, but informative life and is no longer updated. I’ve long hoped the author would post his new idea mentioned in the blog, but he has not. Maybe someday. Adminfoo’s provider seems to have had some data recovery/corruption issues which has left this site down a while now. Backups. Reading the linked host’s status page is pretty much a story all IT admins dread: corrupted data and customers getting upset. Oddly, HERT (hacker emergency response team) seems to be down or gone.

Nitesh isn’t around. The Microsoft Security Response Center blog is really not that useful, and when it is, other people link to it for me. Besides, with something as important as that blog could be, they will always be regulated from inside. OpenPacket.org is an awesome idea, but I suspect everyone who thinks so is just too busy doing other things as well. I’ll link it up if it ever truly opens. Arved has been removed. The Geekpit has been removed. I’m not even sure what Infosec Daily is anymore, but I think it aggregates other sources I already track and doesn’t look very pretty anyway. Insecure.org is not a news site and belongs under tools/resources. Of course, it’s already there! SecurityWonk has disappeared. Also removing SecuritySauce. Nepenthes is a tool, and didn’t belong here anyway. Kaosx has been removed. Jon Ellch’s site was never really meant as a news/blog site anyway.

Hopefully I can finish my one or two weekend projects I need to work on this weekend. Tonight will be spent playing Warcraft and Saturday night drinking, playing video games, and talking about hacking. That leaves Saturday afternoon and Sunday to work on getting a new mail server set up on my server along with a Spam Assassin install. I also need to point my new domain to this site and fix the inevitable pointer issues in my code.

I’m not really looking forward to Spam Assassin. While I’ve never done it before and really want to learn it, all indicators point to it needing a bit of work and babysitting to be worthwhile. Oh well, may as well start this weekend and slowly work on it, kinda like securing Apache and mod_security.

I’ll try my best to provide a report on here about my experiences with hMailServer and SpamAssassin on my Windows box.

I think I have my new “geek” blog ready to roll finally! The last step was to decide on a name for the site, and I settled on Terminal23 for my own reasons (nothing interesting, really). Now I can start porting over my Blosxom blog entries as needed, and get caught up on posting news and such. I really liked Blosxom for its simplicity and elegance. I would have stuck with it further, but I think I just wanted something new and I needed to update my blog application anyway on my personal site.

I do still need to get the wiki up and running, but that will take a bit more time and love. For now, this project has already exceeded my goals of being done by the end of this year.

Wow, it looks like I’ve gone an entire month without making a post here. That was certainly a quick month, and I do have a backlog of things and links and tools to look at and post about.

My reasons for the lack of posts is two-fold, really. First, I have been holding back on a lot of stuff since I really want to convert this space into more of a wiki-format. A wiki is much more appropriate for what I am using this site as. I had some issues last month in getting Apache 2 and PHP5 to get along, so I have to check and see if that was resolved.

Second, I’ve moved a lot of my more discussion-style technical posts to my main blog instead of here. I am not sure if that is how I will do it in the future, as all my own non-technical stuff is being diluted by the technical jargon that many of my family and friends know nothing about. Maybe I’ll load it all back here once I get the wiki up, and still have a sort of techie blog/news listing on the front page.

In the meantime, I hope to post some more things here anyway, regardless of the wiki progress.

One thing I try to be cognizant of as my career starts to move forward is what skills are going to be in demand in the future. I don’t want to be awesome in Windows XP, only to find myself someday outdated like so many Windows 98 admins. Not that I support Windows XP on a desktop level right now, but that is just an illustration.
A manager just emailed out an Excel document that has maps of our building and numbers pointing to all our conference rooms (about a dozen) because people tend to ask, “Where is such-and-such room?”
It occurred to me how appropriate this issue could be solved by a web developer who knows his stuff. Carve out a small section of an intranet, tackle the issue, code up a solution, present it, and voila, a one-stop web-enabled location so that people don’t have to save a tomorrow-oudated spreadsheet “hack” of a solution that might be located at some mysterious location on a file server that I may or may not have access to.
Web application coding skills are amazingly useful and awesome these days. And the work is rather exciting when you can focus down on it and really pursue it as a team that can teach each other. Gone are the days when any stay-at-home kid could pick up a few clients and create cheesy web pages using straight HTML. Now, real web design skills are in demand and needed, coupled with code that more and more resembles actual programming languages in operation, suitable to those who can think in that way (not just make pretty pictures in Paint and arrange them in tables with possibly some database backend code in php…). .Net, Java, Ruby, Python, Ajax.
In fact, before I was in IT I wanted to become a web developer. That was my idea when I switched my majors into MIS 2.5 years into college and graduated with thoughts of making web pages for a living. Thankfully, I’ve had opportunities elsewhere to expand myself, but I still appreciate web development.
Someday, a ways down the road, I can still see myself satisfying my coding bug and doing some more web coding and application coding. I would love to be able to just throw out a quick solution to problems using an internal web site. Given experience and practice, that kind of stuff is amazingly easy and simple to do (ongoing support is always the hard thing). And with web and application security the hot topic for the year in security, this makes sense from that viewpoint as well.
However, for now, I want to remain grounded and focused where I want. Right now I am directing my career towards networking and security, moving towards certifications and learning networking since it is still something I’m working on, plus learning Linux and more deep security topics and pursuits. I’ve also decided I want to make sure I know wireless security as a specialty, as I believe the future is in wireless and mobility. Web coding as a major focus has simply been pushed aside a bit for now…but someday I’d love to dive back in and learn the new stuff.
I must say, if an opportunity opened up right now in an exciting and competitively-paying (for junior level) company to start learning and participating in Ruby or Ajax development, I would seriously think about it.