We live in a dangerous world. It should come as no surprise to anyone who is a Citizen of the Internet, that the risks of interacting with others on the ’net is a somewhat dangerous business. Riskier still, is operating a server, or entire network with direct connection to the internet. The number of denial of service and code execution exploits has risen dramatically in the last decade, unsurprisingly. The number of black-hat hacking attempts (to use “hacking” from the vernacular of the media - rather than it’s true, nobler meaning) has also risen....

I’ve been tinkering with Virtualisation quite a bit recently. For a new project, without an allocated budget, I was asked to provide some simple Virtualisation capability, to hold them over until they get budget approval, and can buy their own hardware. I managed to rescue a Dell R510 server from the scrap heap, only to discover that it contains a Dell S300 “FakeRAID” card, that’s not supported by Linux (so KVM, Xen et al are out)....

NEVER. That’s got that off my chest. eval() is possibly the most dangerous thing ever. It’s basically a way to execute arbitrary code from a string or variable. Here’s a few reasons why it’s dangerous. It leaves you open to injection attacks. In Javascript, eval() forces the engine to drop into Interpreter mode, which slows down your application, and it will remain slow, as there’s no opportunity for optimisation-level caching to take place....

Symptoms: Some clients are unable to connect to the internet. Some clients report a different IP address, subnet mask and default gateway, compared to others. Caveats: Without a managed switch fabric, this is considerably more difficult. Diagnosis: Allow a device to get an IP address from the rogue server. You might need to disable the main DHCP server to allow this to happen, as DHCP is a broadcast protocol, so it’s really a case of the early bird getting the worm....

I’ve had a Raspberry Pi for ages now.. I got one free courtesy of Paypal at their Charity Hack in late 2012, and our team (see photo, I’m there!) went on to use it to create the (World’s First?) Raspberry Pi based Wifi Hotspot. I’ve wanted to do something potentially useful, definitely interesting, and probably rewarding with it for a while. I’ve also recently acquired an Arduino with Ethernet Shield, so that’s also been on my mind for another hack platform....

This is the first in a series of Lightning Posts, short snippets that I don’t really have the time to write up into a full post, but they’re interesting nonetheless. Lightning Post 1: How to export DNS data from Microsoft DNS to a zone file. “Why’d you wanna do that?”, I hear you cry. Well, It’s entirely possible to use BIND (or PowerDNS, for that matter) as a DNS server instead of the integrated MS DNS service that’s bundled with Windows Server....

The tech interview process is broken. Fundamentally. About a month ago, I wrote about how I’ve had some terrible interview experiences over the last 6-odd weeks or so. I also just read this, and agree with everything said there. I think there’s more to say. I’m disheartened to find that these aren’t the exceptions, they’re the rule. The thing is, companies seem to have one type of interview, The Developer Challenge....

How many times have you found something at work that’s not quite how it should be? Perhaps you’ve got a server with “Green” drives in? Or a cheap unmanaged switch somewhere. Or something with a self-signed SSL certificate. Or a linux box instead of a router. Or a desk fan propped up behind a server, because otherwise it overheats. Or something with a big label above that states in large, unfriendly letters **“Do not unplug....

I’ve had enough interviews over the last few years to realise that there’s a few different styles of interviewing out there, and they all suck. There’s the “impossible question” style - Like The Barometer Question . There’s the shocking “group interview”. There’s the Phone Interview - where I usually end up going off on tangents, and talking for 50-90 minutes. There’s the technical challenge interview, which vary between awesome and terrible, depending on how they’ve been implemented....

I thought I’d have a play with AWS’s latest offering “OpsWorks”, and see if they’ve done us all out of a job. Well, kinda. OpsWorks is interesting. It’s basically hosted chef, with EC2 integration. The immediate “drawbacks” to some are that there’s only two supported distributions, Ubuntu 12.04 LTS and Amazon Linux. It’s also incredibly rough around the edges. It’s easy to sign up to, and it adds a service to the AWS management console....