Is it just me or are all the cool kids using Mac’s these days? I’ve not used a Mac since primary school - we’re talking mid 80’s!

I’m eager to give TextMate a whirl and see if I can produce code at half the rate of those guys in the screencasts. I’ll soon get the opportunity since I recently accepted a job at a Mac shop!

(some who made the switch aren’t entirely happy).

I’ve spent too many hours this week porting the company database from MySQL 3.23 to 5. This was probably a bit more painful than it needed to be because we’ve not upgraded MySQL versions… ever.

The biggest hurdles were manipulating the SQL dump file (we had to dump and re-import due to MyISAM changes between versions) and leaving MySQL 5.0’s server mode as STRICT (as recommended by the installer).

Manipulation of the dump file (which was 13GBs) really made it stand out how modern programmers don’t necessary think about resources (or don’t have to with memory managed languages). I guess with the ample resources of most desktops for day-to-day operations its easy to see why. However, trying to load a file of this size made every Windows text editor I tried, fall over (either loading or saving).

In the end I chopped the file into 1GB chunks and edited those with gVim. In hindsight I should have split by line number and not by filesize.

Although it was the easy way out (and we should have updated our SQL), changing the mode to mysql323 saved us a LOT of work. Few application changes were required, the main one was for a replication issue. Replication would stop on certain CREATE TABLE statements where a default value was specified on integer auto_increment columns (gotta love legacy application code!).

When running our system on my dev machine with PHP 5.1.4 and MySQL 5 it did feel ’snappy’. I think this was probably more psychological than anything else.

With the recent news of Blue Security closing down after being dDoS’ed into the 1980’s, I can only sigh welcome relief my employer’s plans to move into dDoS mitigation never took off. Few people are qualified to move into this market but even less people recognise this fact!

People who want to take on “the internet bad guys” either 1) have to really know their stuff or 2) be sufficiently p’ed off with spam / spyware and have enough money to throw at the problem - calling Mr. Gates (and even he’s not managed to sort out the spam issue as promised).

I believe my company definately fell within 3 - the “don’t know enough” camp. I can safely say this because I set up a fair bit of the system!

It was a half baked concept (not mine) to re-coup some of costs of our £30k DoS protection system for our primary business, not the best reason to launch such a service.

Ironically Blue Security were flanked by spammer’s nuking their DNS hosts, this is exactly the weak point I highlighted in our own system but was assured ours could handle such an attack. I think this would have been an optimistic assumption given the size of the attack still bombarding Blue Security as I write this… it’s even reported Proxelic (their dDoS mitigation service) had trouble coping.

It’s a depressing outcome to see the bad guys win!

Not long now until I move positions from being a primary support developer to an in-house developer / Linux server admin / security guy. It doesn’t sound like much but I’m looking forward to dropping the day-to-day support element. When you’re deep in thought fixing a problem, a random support call about something completely off topic really begins to piss you off when it’s the 4th one that hour.

Food for thought:

The competent person is the last one you want to promote, because who then would get the work done?

Competent workers get promoted to be supervisors. Supervisors supervise less competent people and by doing so, less competent people become more competent, while supervisors are allowed to get even more competent.

The problem is the incompetent supervisors. Those supervisors are quick to detect competent workers, they fire them as soon as possible, because they can get replaced by them. Therefore all workers under incompetent supervisors are incompetent.

Taken from the Peter Principle, interesting reading.

I’m not a fan of early mornings, and I just had two in a row. That said this week has past reasonably quickly. On Thursday I attended a Sec-1 Applied Hacking & Intrusion Prevention course. It was a very broad one day course providing a taster of all the common security threats affecting most businesses, kudos to our instructor/lecturer, he REALLY knew his stuff.

There are some ‘hands on’ lab sessions where we got to have a go at using exploits and tools to ‘hack’ *shudder* an outdated Win2k server machine. Unfortunately, at the end of the course I couldn’t help but feel it wasn’t quite worth what was paid for me to attend (> £100/hr).

It opens your eyes to the ease with which you can penetrate an unpatched machine though. It also demonstrated how knowledgeable (and bored) elite black hat hackers are to find these exploits in the first place.

I’ve always hated the term hacking, the word instantly reminds me of the glamourised image movies always portray - which couldn’t be further from the truth. Real life hacking for anyone but your immature adolescent / hardcore socially inept nerd is extremely arduous and boring.

Why am I attending such courses? Well it seems the company I work for want to move into DDoS or Distributed Denial of Service. Can’t say I’m comfortable with this decision given the companies combined security knowledge; mine included.