“The trend in computer self-help literature these days seems to be: “Assume the user has the I. Q. of a potato.” We don’t do that.” - http://www.fnal.gov/docs/products/lyx/Tutorial.tex.html
I am working on an article pertaining on the concept of trust, nowadays. My aim is finding some metrics that could be somehow helpful, and it’s everything but easy.
The best definition I found is something that describes trust in terms of ability of a system to perform properly its tasks.
I just happened to remember my days back at the University, and the golden concepts they taught us:
then I had immediately some thought: how come a complex system, well designed, can have flaws and vulnerabilities? Well - a vulnerability it’s simply a symptom that either the design was poor, or the implementation was poor. In both cases, something went wrong. Back in the days I was a programmer, I double checked anything. I knew what flaws/problems were in the program, and how to solve them. I took a look at the known vulnerabilities in MS Exchange - it’s impressive it’s one of the most widespread MTAs, the more I see it installed, the more I dislike it. Anyway…
Anyway, this gives us a feeling of how the IT market is, nowadays - developers towards tight deadlines decided by brainless business people. The outcome of this suicidal policy is evident: developers don’t have enough time to write a good code, users pay for something that, best case, it’s nothing more than a beta version.
That’s the difference of the IT I studied and the one I see day by day… very motivating!
To all that lovely guys who had remarks about my English - I passed that IELTS thing with 7.5 out of 9. Kuess mich, fellfroschen!
I decided to quit with my Company - my time in UPC is over. It wasn’t that easy to say goodbye to several people - I thought I had to write them something, like a farewell - but it was kind of hard finding something meaningful and compatible with my style. I had friends, I had detractors - I guess it’s a price one pays to be independent… anyway I felt a pity I couldn’t know everyone. I guess my best farewell could be the Speech Bilbo Baggins held for his birthday:
“I don’t know half of you half as well as I should like, and I like less than half of you half as well as you deserve.”Now - what’s going to be the next step? Have some ideas, but no certainty. For sure, this Capacity Planning experience has been kind of funny, under certain expects. I had theories about the topic, I had the chance to prove them, and having a good result. When coming to storage usages, my model reached a 97.4 % accuracy ratio, in the worst case - and that’s a perfect result. Unfortunately, I didn’t have the chance to apply my model as I wanted to Performance Engineering - UPC’s fault, but ok. That was it. The boring thing about Capacity Planning is that you cannot really do it for a lifetime: its forecasting-related nature leads to a huge level of boredom: just to give you the idea - suppose you knew what’s going to impact your company’s infrastructure in advance for 2 years in a row… Anyway, it’s a good thing. I’ll formalize this thing here, sooner or later.
Another thing I had the chance to learn was ITIL. In principle, I found it interesting - as a framework for managing IT Services has good potentiality, but also a huge limitation: the mere fact that it’s all about best practices makes it a good basis on which you may want to found your IT Service Management - but it’s far from being a sufficient toolset per se. A Configuration Manager, for instance, shouldn’t only manage a CMDB… …And probably the concept itself of CMDB is too restrictive - it should be nothing but a view of a broader configuration related database, accessed also by other company entities (Release and Incident management, but also Procurement, for instance).
What else? ah - the big SOX scum. SOX is the short for the Sarbanes/OXley act compliancy framework. Besides all, it shouldn’t be a specific task, but a side effect of a good IT Security Management programme - otherwise the result is not cost effective (a good sox analysis can cost you also a working week of an employee, depending on the installed base, the risk assessment, the architecture of the infrastructure and last, but not least, the effectiveness of the controls) nor systematic and holistic as it should be.
In my next post (assuming I can be once again regular in posting), I want to give some important metric regarding these topics, for now - enjoy the summer… even thou here’s raining cats and dogs 
Last week literally flew away. Starting with the Dutch for beginners 2, moreover in another institute and with another (couple of) teachers was somehow challenging. On top of that, also new books: this is not a problem, if you don’t mind spending 75€ on something you already have. Sic transit…
Ford Transit Gloria Guida!
I have a small idea, which is all about courses, but first I want to speak about it to the vecchio pirata latitante (i.e. - andrew). Hopefully he’s interested. No big money out of it, but at the very least, there are good chances we can do something funny together. BTW - FTGG is just an embryonic code name it derives from the old Latin saying “sic transit gloria mundi” (the literal translation doesn’t really explain the concept, that may be summarized as “this is the way glory rises, shines and fall on this world”). You know what Ford Transit is, as for Gloria Guida, google is your friend :)
Other ongoing stuff: mathematical modeling of a network, graph theory, Wi-Fi and my secret dreams…
Another month flies away, I am still short on time, and well - this site is what is suffering more from this circumstance.
In short:
Work: It seems that capacity planning finally started working as I WANTED, meaning that the application I wrote and the methodology I designed are now operative. It will end up in a huge SAN reorg, for starters - I expect a huge storage saving as a side effect. The SOX Compliancy assignment: just boring. UPC is not mature enough for a structural approach to security; so… well, who, as a child, never tried the clothes of his/her father/mother? let the children play.
Projects: Nothing really new - I am following another Dutch language course, I plan to take the IELTS by the beginning of July, as, very likely, I will start with an MSc next September.
Private life: Ehm… it’s private - mind your own business!
I have been off a week… …and now I’d need another week off, to rest!
… other inspire! And Steve Jobs is probably one of the most effective communicators of the IT. Here’s the speech he gave to the students of Stanford University in 2005:
http://www.freerepublic.com
there’s also a video:
http://nl.youtube.com/watch?v=D1R-jKKp3NA
Thanks, Marianne
OpenBSD 4.3 song and lyrics are available on the official website at this URL:
http://www.openbsd.org/lyrics.html#43
The background story is quite impressive, it’s definitely worth a read. You can find it on the above page. I just quote an excerpt:
This is the man who presumes that he should preach to us about morality, freedom, and what is best for us. He believes it is his God-given role to tell us what is best for us, when he has shown that he takes actions which are not best for everyone. He prefers actions which he thinks are best for him — and him alone — and then lies to the public. Richard Stallman is no Spock.
These guys have guts -this is not the first time they prove it! In the past, as far as I can remember, Theo (de Raadt, the leader of this project), had sharp words regarding the Irak affair, which led to a not-so-subtle kind of retaliation… more on this here!
Now, it’s R. Stallman turn - unsurprisingly, I’d say… but read the whole story, it’s really interesting!
More resources:
and the last source, from the fingers of Stallman himself, is quite funny, if not weird. I mean, no problem, everyone has the right to any opinion, sure - but mamma mia - this one is ‘very prone to objections’, at best - fighting for ‘free software’ should start at a completely different level! Anyway….
Gurus can really be dangerous…
Today I read this post:
http://riskman.typepad.com/perilocity/2008/04/ok-leaks-tens-o.html
showing an amazing covert channel - it’s really worth the reading, so I won’t comment it.
I also wanted to keep a link to a relevant article for further quoting.