netnerds.net

I'm kinda late on this but arstechnica reports that "Microsoft has opened the source code to the .NET Framework libraries under a read-only reference license. Developers who want to check out the source code need only upgrade to the newly released Visual Studio 2008 to gain access to it."

This is something I've always dreamed about -- learning by a large software firm's example. I can remember how disappointed I was during the first dotcom when companies would go down and take their source code and website designs with them. Woudln't it have been amazing if they would have donated their site templates to OSWD.org? As for the code, I realized the other year after looking at my own dotcom code, that the styles were probably pretty bad and not so good to learn from.

Check out Scott Gu's blog entry for more information on the libraries that are being opened.

I've been out of work for over two months, recovering from surgery to fix a severe repetitive stress injury. It started about two years ago when my workspace was setup poorly. I hyper extended my arm to mouse for about two months and it caused an inflammation that eventually lead to calcification. Somewhere along the way, that calcification lead to a tear in the rotator cuff and finally, a detached tendon. After the surgery and 20 staples across the shoulder, I was in an upper body brace for a month and now I'm in a sling. RSI doesn't play as you can see in the picture below:

I've mentioned this in several posts because it's extremely important to get the message out to all of you who spend 8+ hours a day on a computer to
1. Ask for a professional ergonomic evaluation of your workstation.
2. Keep your posture in mind when working and remind yourself to stretch in place or stand up and stretch hourly or half-hourly. If necessary, use schtasks in Windows:
schtasks /create /tn StretchReminder /tr "msg console Stretch!" /sc HOURLY
3. Reevaluate your workspace on a weekly basis to ensure you haven't accidentally slipped back into bad habits.

In other news.. while polishing up my resume for grad school, I read that accomplishments should be listed on a resume instead of (or in addition to) responsibilities. Keeping that in mind, there's a lot I'd like to add to my resume and thus, accomplish this year. Barring my shoulder doesn't impede my efforts to do so, here's my list of what I'd like to do and learn:

I hope to revisit this list at the end of 2008 and see how many goals I've reached. Don't fret -- I've got personal goals too, those are just kept in my personal analog assistant.

Oh and I'm currently reading a really useful O'reilly called "Time Management for System Administrators" and I recommend it to anyone reading this blog. It could have done without the Microsoft jabs, like most O'reilly books, but it's still really good overall. I'm finishing up that soon and it will be the first of the three or more technical books that I hope to read from cover to cover this year. Number two is Head First C# and I'm not sure about the third just yet. Any suggestions?

First and foremost, I'd like to wish netnerds.net a happy birthday!

I'm 10!

"NetNerds.net" turned 10 years old on October 22, 2007. I wanted to post that day but I got hacked and didn't want to post again until I fixed the problem. So how did I end up with the name netnerds.net? Well, I called my best friend Jenny and asked for name suggestions for a new computer company I was starting. Almost immediately, she came up with the name "netnerds" and I thought it was fantastic. Netnerds.com was taken and I was "stuck" with .net but as it turns out, I ended up strongly preferring netnerds.net anyway; it just makes more sense.

Being a poor/broke student, I phoned my dad and asked for $70 to register the domain at Internic. He obliged and I jumped on it. Three days later, I kid you not, I had an offer from someone else who wanted to buy the domain name. I refused and he wasn't happy at all -- he bought a similar domain and proceeded to DOS me over the course of the next few years. Recently, I actually found the Conceal Firewall (remember that?) logs for his attacks in 99.

Over the years, I've done so many different things with netnerds. It's been running a combination of SuSE and Windows since 98 or so. Before that, it was hosted at random places but when I moved to California on December 23, 1997, I brought it home with me where it stayed till I started colocating it in 2004. I got an @Home cable modem in early January '98 and started hosting my own DNS, mail, and websites and haven't stopped since. The guy who taught me about running DNS eventually ended up giving himself a rootshell and a backdoor on my little server. As soon as I figured it out, I shut down my crappy 486 Linux machine and purchased the book Practical Unix and Internet Security.

I dove head first in learning all about protecting myself. It's worked decently well; I'm even planning to get my CISSP in January.

So 10 years later, I got hacked again. I don't think it was anything too drastic on the system itself but the web and mySQL passwords seem to be compromised. Like most exploits, it happened because I was running outdated software. I didn't know Wordpress 2.0.2 was so exploitable.

The first strange thing I noticed was that someone created a Wordpress account, even though I explicitly disabled allowing users to create accounts. I logged into my admin panel to find out wtf but I kept getting a "database is out of date" error. Oh poo! So I checked my logs and found some unusual behavior. Dang, Gina. Now I know I'm hacked so what about backups? Well, I had a backup of my entire blog VM from days earlier but for some reason unknown to me, decided to delete it so restoring recent backups were not an option.

I wanted to find out more about the compromise so I replaced my hacked admin files with some old backups and was able to login. I immediately noticed that someone posted a secret entry titled "ris.jpg." I did a locate to find ris.jpg on the filesystem but nothing came up. Eventually, I would find it in /tmp and it looked really nasty. You can see a copy of it here: ris.txt. Notice the password upload calls to nst.void.ru. Ugh. In researching the guy's IP, it turns out it's likely a linkbot from Estonia. This guy got hit by him/it/her too.

I don't like to take any chances so I created a whole new VM from scratch. I exported only the comments and posts from my 3 hosted blogs and recreated everything else. This is why it took 14 or so days to bring the blog back to life. It would have been earlier but I'm still dealing with my RSI shoulder injury that recently and seemingly magically turned into a torn rotator cuff injury. It's going to require surgery so I'll be out of commission in December after I graduate from the University of San Francisco with a BS in IS Yay :D. Hopefully I can study for the CISSP during my downtime.

So the lesson I learned, Corey? Keep my stuff up to date, even on Linux. I've now got automatic updates setup in SuSE and I'm signing up for the Wordpress update mailing list. Oh and h0bbel, I did attempt to find a new blogging platform (including Habari) as you know but none were as mature, targeted and functional as WP. Plus, I kind of have to use WordPress, Matt Mullenweg has eateth my chicken-n-shrimp gumbo and stocked my fridge with Pumpkin flavored beer. It's only right

Hah! I bought an 8-bit tie the other day from ThinkGeek. It arrived, I sported it at work much to everyone's pleasure then I went home and took an action shot.

My smile in the picture looked silly but the tie was rockin so I 8-bitted my face and submitted it to ThinkGeek. I checked out the page today and there I are!

mosaic in the house

In other news, Microsoft is awesome (but y'all already knew that). I dropped by their SF office today to pick up some swag for a gathering I'm having and they gave me the coolest swag of my life -- some wine tools (thermometer, corker, uncorker thing, something else I don't know how to use) in a cherry wooden box w/ a gold placard that reads "SQL Server 2005." Receiving this gift comes at the perfect time too, I've been drinking wine like a fish since I moved to the Italian part of San Francisco a couple months ago.

Thanks, Microsoft. You are and will always be my favorite overlords.

Love,
Chrissy

Thanks to my favorite site on the planet, I discovered a new service called whos.among.us which provides a really cool AJAX based web stats app. The setup is very simple -- it only requires you to embed a picture on your website to begin tracking visitors. There's no setup or registration required. My favorite part is the Firefox plug-in that let's me see who's on my websites in real-time.

In order to "sign up", all you have to do is load their showcase page, click the widget you want and copy/paste the code into your website. The code generally looks something like this:

The easy setup does have one downfall -- what if you lose the above code and thus, lose your key? The key is important because it is used both in the URL of their stats site and in your Firefox plug-in, should you choose to use it. If you lose the super random key, you lose your stats (unless Google has a cache of your HTML).

As I e-mailed myself the 8-character code and saved the URL to delicious, I began to ponder. Because the key, in this case nff4aa4e changes each time the page is loaded, would it be possible for me to create my own 8-character key -- something that would be easier to remember than a random set of alpha-numerics. As it turns out, the answer is yes. I plugged in "netnerds" as my character key and my stats worked perfectly.

If you hover over the picture, you can see that the link points to an easy-to-remember URL: http://whos.amung.us/show/netnerds. My Cajun site uses something similar -- realcajun was one character too long so I deicded to go with mmmcajun. Someone should totally take kthnxbai while it's still available

This is driving me absolutely crazy. For the 80th time, I'm required to create a user and give it the sysadmin role. I *have* to do this because the software is business critical (Blackberry Enterprise Server, Interwoven DMS) and installs will fail without it. With some software, I can temporarily grant access the take it away once the installation is complete. With others (such as SharePoint 2007) I can temporarily grant the account Database Creator and Security Admin roles then remove that once the install is complete. However, with Interwoven DMS, if I attempt to give the account *every* role except sa, the software will fail to do anything. Using SQL Profiler, I can see that the Interwoven logs in, checks to see if its sa and if not, then it quits. I filed a bug with the vendor months ago but have not heard back.

To make matters worse, Interwoven pretended that other DBAs were able to get around granting the user sa access but then were unable to help me duplicate their procedures. Later on, Interwoven admitted giving the user anything other than sa access would break the app.

So .. I can't say no. All I can do is hope that their DB programmers are competent (which, if they require sa, are they really?) enough not to trash my servers or that filing bug reports will get the software vendors to fix the glaring security issues.

What do you do as a DBA when presented with this issue?

For those of you living in the Bay Area, SuperHappyDevHouse is going on today. I'll likely make a late arrival after I pick up my broken server in San Jose.

WTF is SHDH, you ask? "DevHouse is not a marketing event. It's a non-exclusive event intended for passionate and creative technical people that want to have some fun, learn new things, and meet new people. In this way, we're trying to resurrect the spirit of the Homebrew Computer Club. We also draw inspiration from the demoscene as one of the only intentional getting-things-done computer events in the world."

Last time I was there, I met the Chairman of the EFF and the guy who put the dot in dotcom, Brad Templeton.

Sweet

I also met a couple other people whom I now hang out on a semi-regular basis to drink (matt) and make pizza (ross). I Y the Bay Area.

While researching for a paper I have to write in class about hierarchical data in relational databases, I was reading Joe Celko's book Trees and Hierarchies in SQL for Smarties. In the intro, he mentions a really useful website for validating SQL-92, SQL-99 and SQL-2003. The site is nice enough but could really benefit from a bit of AJAX. If only I had the code behind the scenes, that'd be a perfect project for learning ASP.NET's AJAX add-on.

Today, I needed to net send a message to myself, but soon realized that it disappeared and is no longer supported in Vista. Then I found a a post on MSDN tipped me off to use msg instead. Msg is usually used for sending messages to terminal services users but, remembering that the console session has an ID of 1, I decided to try sending a message to the console user. As it turns out, msg 1 test worked both locally and remotely in Vista.

Then, I tried running the command on an XP machine, only to realize that XP's terminal services console ID was 0 and not 1. In order to msg the console in XP, I had to run msg 0 test. So what is session 0 in Vista? Well, according to the query session command, "services" use the ID of 0 in terminal services. Whoops. It appears that the best way for this to work across XP and Vista machines would be to use "msg console test" or "msg * test" or "msg username test". If you'd like to message remote machines, you can do so by pointing to a file that contains the names of multiple machines or by using the /SERVER switch ie. msg /SERVER:computername console "Message goes here".

If you need additional options or help, check out the TechNet article for more information.

Update: For those of you receiving the error message "error 5 getting session names", this appears to be a permissions error. Unlike "net send," you must be on the same Windows domain to send msgs to other computers. This is a good thing -- it means that msg is not prone to being abused by spammers.

I'd like to start this post with a warning: I'm only 29 years old but already have permanent damage to my shoulder caused by overusage while working/playing on the computer. Two years ago, I had to claim workman's comp because I was disabled for a few weeks, barely being able to even stand because of an excruciating pain in my shoulder - even gravity put too much pressure on it. I didn't know what was happening at first, I thought it just needed to "pop" but as it turned out, I had tendonitis/bursitis from repetitive mouse/keyboard usage. While the damage was permanent, the pain went away after a terribly painful cortisone shot was injected right into my shoulder. By that time, calcium had built up and I heard the needle crush right through it. Ugh, even with lots of Vicodin and some other topical pain killer, it was still unbelievably painful.

To stop the problem from recurring, I had my desk evaluated by an ergonomic specialist and ended up buying a new chair and a new keyboard tray. I also moved my mouse in closer to my body so that I wouldn't have to reach so far out. I got tips on how to sit, stretch, mouse, etc. I suggest that if you haven't had an ergo eval recently, ask your company to schedule one with a professional. The time I've invested at physical therapy, at the doctor's office, icing my shoulder, figuring out how to clean/cook with a bum shoulder, buying new backpacks, etc could have been avoided if I got into a healthy posture habit when I first started working on computers. So now.. I ice, take lots of ibuprofin and perform stretches.

Everyone, not just fools like me with bum shoulders, should stretch at least once an hour while on their computer. I'm pretty forgetful but even if I wasn't, I don't think its possible to remember to stretch every hour on the hour without some help. And this is where the command line task scheduling fun comes in.

Often times, I've scheduled tasks in both Windows and Unix from the command line using at. Today while researching creating a stretch task, I learned that Microsoft replaced at with schtasks and Apple replaced at with launchd. Works for me, Windows' at doesn't really support hourly tasks while schtasks does. Below is a scheduled task that I'm running in order to prevent further injury to my shoulder:

schtasks /create /tn StretchReminder /tr "msg console Stretch!" /sc HOURLY

Using this command, I've created a task to run once an hour which sends me a simple message that reads "Stretch!" You may wonder why I'm not using net send. The reason is that net send is no longer supported in Vista and msg is supported in both XP and Vista.

Here's hoping my shoulder gets better and yours never starts acting up.