War Stories: Unix Security

A different kind of war story this time: Unix security blunders. Old-school Unix-types will mutter about how much more secure Unix systems are than Windows, but that glosses over a lot. In a former life I worked as an HP-UX sysadmin, and I saw some shocking default configurations. I liked HP-UX – so much better […]

Continue Reading

Outsourcing Mistakes

Outsourcing is complex, and there are lots of ways it can go wrong, or simply fail to deliver. I’ve put together a list of things that I see going wrong with outsourcing arrangements. Of course it’s not exclusive! There’s a few different types of outsourcing. It might mean procuring a commodity service – e.g. IaaS, […]

Continue Reading

Juniper SRX-110H EoL

Somehow I missed this when it was announced, but the Juniper SRX-110H-VA is End of Life, and is no longer supported for new software releases. End of Life announcement is here, with extra detail in this PDF. Announcement was Dec 10 2013, with “Last software engineering support” date Dec 20 2013. This is now starting […]

Continue Reading

Wipebook – A Portable Whiteboard

It is a stereotype, but engineers really do like whiteboards. Problem is, you can’t carry one around with you. Plus there’s still a few unenlightened employers who don’t provide whiteboards. Enter the Wipebook, a spiral-bound notebook made of whiteboard-like pages: I normally carry a notebook for scratching out notes while talking to customers, sketching diagrams, […]

Continue Reading

iRules/Tcl – Watch the Comments

It’s pretty common practice to ‘comment out’ lines in scripts. The code stays in place, but doesn’t get executed. Perfect for testing, when you might need more debug output, or you want to run a slightly different set of actions. But you have to be careful when commenting out lines – it might catch you out, and […]

Continue Reading

Complexity vs Security

Many of the ‘security’ measures in our networks add complexity. That may be an acceptable tradeoff, if we make a meaningful difference to security. But often it feels like we just add complexity for no real benefit. Here’s some examples of what I’m talking about: Multiple Firewall Layers: Many networks use multiple layers of firewalls. If […]

Continue Reading
256px-FireIcon

War Stories: Cursed VLANs

I’ve written before about switch ports being permanently disabled. This time it’s something new to me: VLANs that refuse to forward frames. A Simple Network The network was pretty straightforward. A pair of firewalls connecting through a pair of switches to a pair of routers: Sub-interfaces were used on the routers and firewalls, with trunks […]

Continue Reading

Ops Work vs Project Work

There’s a constant tension between delivering new services, and running the existing services well. How do you figure out how to prioritise work between Operations tasks and Project work? Skewing too far either way leads to problems. Maybe the answer is in how we structure Operations tasks? Definitions Operations work: Dealing with outages, trouble tickets, support requests, […]

Continue Reading

Meeting Rules

Years ago a wise engineer gave me these rules for meetings: Never go into a meeting unless you know what the outcome will be. Plan to leave the meeting with less work than when you went in. Stick to those rules, and you’ll do well. OK, so maybe the second rule’s not so serious, but […]

Continue Reading
cloud-24864_1280

Cumulus in the Campus?

Recently I’ve been idly speculating about how campus networking could be shaken up, with different cost and management models. A few recent podcasts have inspired some thoughts on how Cumulus Networks might fit into this. In response to a PacketPushers podcast on HP Network Management, featuring yours truly, Kanat asks: For me the benchmark of network management so […]

Continue Reading