Today, I received an enquiry from an instructor and student regarding cloud computing. The question was, “Our students are eager to experience cloud computing. When are we going to think about cloud computing?” This is an excellent question, and one that many of you may have, so I thought I would address it in the public forum of this blog.

We have a philosophy and process of constantly reviewing and changing the IT program to adapt to new industry trends. We are aware of the current trend of centralization of services and cloud computing and our current curriculum incorporates training to prepare students to learn these technologies. Five current courses are on server technologies:

IT255 Operating Systems II

NT272 Networking and Security

IT333 Network Application Services

DB321 Database Administration

WD350 Web Servers

IT moves very quickly, and new trends emerge faster than we can write and get new courses approved. However there is an existing mechanism in the IT curriculum to adapt even more quickly. Specific content of some courses can be adapted. For example, the IT capstone course, IT415, is an excellent course in which instructors and students can collaborate to ensure that the most recent trends are addressed. In this course, students work in teams to develop a solution. I believe that this would be an appropriate course for student teams to develop and implement their own cloud computing solutions.

Additional courses or changes to the existing courses may occur in the future, but regulations that bind us prevent us from disclosing details of our plans to students or the public until our plans are approved by our governing bodies.

Students and instructors are highly encouraged to always describe their needs and give their opinions on how they think we could improve the IT curriculum, since we use such statements as evidence when we seek to make changes.

Kindest regards,

Mark Renslow

Network Dean of IT

Are certain “kinds” of people right for IT jobs? In the US there is a strong IT stereotype. Can we explain this with a test? What are the effects of the stereotype? What benefit can be gained by understanding the link between personality and profession?

Recently an inquiry came to me from a graduate student at another institution. The student was asking for my help in gathering evidence to confirm his theory that certain personality “types” from the Myers-Briggs Type Indicator (MBTI) test may be better suited or more successful in an IT curriculum or in IT jobs. I rejected the request immediately.

At Globe schools, all of our students presently take an exam called Insights, which is similar in methodology to the MBTI. In fact both tests are based upon the personality theories of  Carl Gustav Jung. Insights is used in our curriculum to draw attention to different communication styles and provide students with a framework to use to adapt their communication to people who have various styles. Similarly the MBTI was created to classify personality types so that therapists could help their patients understand how to successfully interact with people, and do other things like select appropriate careers.

However, care should be taken to not over-estimate the importance or scope of the results of tests like Insights or the MBTI. Casually using these test results outside of a theraputic setting is pure hokum. Using such results to generalize human behavior or reach broad conclusions about people harms people and our society by creating social pressure to behave within the norm for your “type”. This pressure could  ”tell” some people to avoid IT professions, much like other stereotypes have done in the past and continue to do today.

Why do we have pressure for some folks to avoid IT jobs? There is a broad variety of well-paying IT jobs and these jobs are in high supply and come with opportunities for rapid advancement. Who benefits if some folks get the message that IT jobs are not for them?

Presently, IT suffers from a lack of diversity in the US. According to the National Center for Women in IT, women are greatly under-represented in IT professions. Although women comprise almost half of all professional workers in the US, they are only 25% of all IT workers. I believe that ethnic and racial minorties are similarly impacted in the US, but time constraints have prevented me from finding solid demographic evidence to support this claim. I welcome posts to prove or disprove this claim.

The opportunities in IT are real. IT includes but is not limited to network administrators, database administrators, database developers, desktop administrators, user support specialists, IT trainers, IT managers, software developers, web developers, content managers, software engineers, IT project managers, and business-to-business customer managers.

Sustained growth in IT is expected. The US Bureau of Labor Statistics (BLS) has consistently ranked jobs in IT as some of the most plentiful and well-paying for the past several years. In the 2010-11 Occupational Outlook Handbook the BLS reported that the demand for many jobs is expected to grow much faster than average over the next 10 years. Additionally, median salaries for these jobs are between $45,200 (computer support specialsts) and $81,780 (computer programmers).

The need to broaden our perception is real. Humans, including Ph.D. and masters students, have a tendency to try to find simple relationships or theories to describe not-so-simple phenomena. The myth that there is an IT “type” (read “stereotype”) is perpetuated by the media, including popular television shows. It is further perpetuated by the popular “Geek Squad” division of Best Buy (yes, shame on you, Best Buy). We must be skeptical of simple theories and marketing gimicks. When we passively pass on the notion of an IT stereotype to our children and others, we are providing the ingredients for prejudice and hurting our society. (Although some folks may benfit. Can you guess who?)

 Recall that the inquiry before me is whether or not I should support a research effort to correlate the MBTI results with success in IT. Although the motive behind the effort may be innocent, it is likely that the researcher has selected IT for this study precisely because he expects to find significant results. It is clear to anyone who takes a look that IT jobs are disproportionately filled by men and likely white men. An inquiry to claim that this is anything but the feedback caused by a strong self-fulfilling stereotype would obfuscate the real problem: negative stereotypes caused this. Searching for the IT “type” would only reinforce the harmful myth that there is some genetic, or natural right for certain kinds of people to hold these jobs.

IT jobs are for you and for everyone else too. I welcome your responese.

I recently listened to an episode of my favorite network security podcast PaulDotCom Security Weekly and gained interest with a project that was discussed in a segment of the show. Episode 198 can be listened to here. The episode featured a guest interview of Matt Jonkman and Will Metcalf who are both involved in the Suricata Project. The Suricata Project is a open source Intrusion Detection System developed by the Open Information Security Foundation, which is funded by the Department of Homeland Security. The Project has used approximately 1 million tax dollars to date so it could be of interest to anyone in the public. The first stable release is going to be available on July 1^st, 2010 and can be downloaded from the OISF website.

The goal of the project isn’t to make a a replaceable IDS necessarily but instead to bring the community together to identify current and future IDS/IPS needs and desires. Since the project is funded by the government, they have yearly brainstorming sessions in which anyone is welcome to join new ideas and needs are discussed.

According to the interview, IDS development is behind what it should be right now and should be at the point as far as automation goes. They compared it to the early days of anti-virus how many tasks had to be manually achieved by the user but now days the software runs exclusively in the background with minimal user interaction. They claimed that most IDSs run in log only mode because they aren’t reliable enough to block or allow traffic without some type of administrative interaction.

To achieve this automation, one of the features they are working on is a IPreputation system which is currently still in beta development. The IPreputation system acts as a behavioral detection by using many different rules about a particular IP address to give it an overall score, different rules will hold different values as certain behaviors are much more suspicious and potentially harmful to a network. If that score is over the threshold set by the administrator then the IP will be blocked. This is a much better system then just having a cut and dry IP blacklist, because there will clearly be IP’s that aren’t tagged as dangerous that are going to be used for malicious intent. The interviewees said that Cisco also has a similar system and has great success with it. I have also heard of IPreputation systems being used for email administrators who can more effectively block spam.

Another key feature they addressed with Suricata was that it runs on a multi-threaded engine, and this is the only IDS that has this. I found this hard to believe considering how long multi-core processing has been around, but the interviewees said that this feature alone would be worth switching to it. If you are more interested listen to the podcast and listen to the interview, or check out the OISF website.

There have been a few news stories that caught my attention recently about illegal downloading that got me thinking more about the future regulations on our Internet in regards to file sharing.  Illegal downloading is just one of many misuses of the information technologies that we have today. I wouldn’t even say that it is highly severe compared to other criminal activities that have taken advantage of our Internet such as human trafficking, identity theft and many other black market services. Either way, it is a large issue and has been especially devastating for the record companies, movie studios, book publishers and many software developers. As long as these industries see a drop in profits I don’t see how they will stop fighting against illegal downloading, and I am certain that in the future we will see a much more regulated internet when it comes to file sharing. I have heard stories related to downloading lawsuits here and there for some time, but lately it seems like there is escalating pressure being put on the “big dogs” of illegal file distribution.

Here a couple of recent stories that I have read which confirm copyright holders will continue to be proactive in their fight -

RIAA (Recording Industry Association of America) vs. LimeWire

A Federal Court Judge has recently ruled against LimeWire in a copyright violation case which will likely be the end of LimeWire as we know it. This is probably the most shocking of all stories and will have the most impact on downloaders as a whole considering 60% of people who downloaded songs used LimeWire. In my opinion this is even bigger than the former Napster being shut down, and is a step forward for the recording industry but realistically there are still many other gnutella driven software still out there, not to mention the emergence of torrent files over the last decade. Also, there is nothing stopping other similar services operating from countries that go unregulated in this area. Still, I think if the record industry is going to gain any ground it will be in their best interest to go after the “hands that feed” like they did here. I like this approach vs. what the RIAA has done in the past by going sue happy on individuals who use these readily available services. With millions using these sites, it is completely unfair to select only a few to prosecute. For example, one case that stuck out to me as overly erroneous was last year when 32 year old single mother of 4 was ordered to pay 1.92 million in damages for downloading 24 songs. I just do not get what was accomplished here, ruining 5 lives over chump change to the 6 different record labels the damages were awarded. Maybe they realized that scare tactics such as this one do not work and have moved to the bigger fish, because your chances of getting nabbed are still less than getting struck by lightning.

The Congressional International Anti-Piracy Caucus releases a list of targeted “notorious” file-sharing sites.

This is the first year that the Congressional International Anti-Piracy has released such a list, even though since the groups formation in 2003 they annually release a list countries which have insufficient copyright laws. The sites on this list are The Pirate Bay of Sweden, isoHunt of Canada, Mp3fiesta of Ukraine, Rapidshare of Germany, RMX4U.com of Luxembourg, and Baidu of China. These sites are mainly torrent search engines which have become the biggest threat to copyright holders. To tackle this issue they are going to have to take an international approach and gain some cooperation from other countries. If they are able to do this then we might actually see some real change.  It appears by calling out these internationally operated sites, the group knows full well what they need to do to gain some ground.

An even larger problem for the film and recording industry is the increasing advancement of streaming technologies. There are many sites now in which you can view pirated films via streaming which gives the user a more convenient way to break the law by not having to wait for a file to download and people feel much safer with it as they never possess a digital copy. Just a warning though, do not think that just because you are not downloading a file means that you will be exempt from consequences. Your IP can be tracked while streaming just like you downloaded the file, and in the future I am certain these streaming sites will be highly regulated as well. Even though I am an advocate for Internet anonymity in many aspects, it is very hard for me not to respect copyrighted material and I wouldn’t mind seeing a little more order.

There are always new and crazy things that can be found using the World Wide Web. Here are 5 cool/useful/not useful things that fellow IT people will be able to appreciate. Hopefully you can find a use for one of these and if you have already heard of it I am sorry but it is new to me.  Enjoy!

1. http://lmgtfy.com/ - Ever get asked questions that can be easily be found by a simple Google search when you know a computer with internet access is readily available? Send them a link of you googling it for them! After it demonstrates the act it leaves them with the famous Nick Burns tagline “Was that so Hard?” - be careful not to be a wise crack with this one.

2. Change the “about” urls in Internet Explorer – On a windows machine go to your registry editor and open HKEY_LOCAL_MACHINE >> Software >> Microsoft >> Internet Explorer >> AboutURLs. Here you can create and edit the about URLs for IE. I created a new one by right clicking on a blank portion of the right window and creating a new string value for “about:me” to direct to my homepage. Now I go to IE and type “about:me” it it will redirect – could be handy.

3. Googlegooglegooglegoogle.com.br – this link will separate your browser into four different screens. I have actually found some use for this one and sometimes can be more efficient than tabs. You used to have to not use the br in the domain (which is for Brazil) but it has been removed from the U.S domain for some reason. Repeat this url in each of the four windows and you will have yourself loads of fun.

4. Yahoo.com – I don’t know why this one amazed me so much, but if you click on the exclamation point at the end of Yahoo in the header, you can hear their yodeling jingle. I actually found this one at a CNET article of “10 awesome Internet Easter eggs” which is worth a read as well.

5. Watch ACSII Star Wars – This one will have no relevance to anything you will be doing at any moment in any way, but hey I am a Star Wars fan and I thought this was cool when someone at work showed this to me. On Windows go to the command line and type “telnet towel.blinkenlights.nl” without quotes. On a mac you can use the same command via terminal to watch the show. All I can say is that I have respect for the creator who apparently has way to much time on his hands.

In my Information Security class this quarter one of the topics we have gone over is the difference between a risk, threat, and a vulnerability in a system. If you are looking to get into Network Security it will be important that you understand the difference between these terms. You do not want to end up misusing these words in conversation because you will sound like the person who doesn’t know their stuff. I will use this time to rant about a term that I hear misused - I have played piano for 10+ years, and I listen to a lot of contemporary piano music, and when someone hears it they say “oh you like classical music?” And I say yes I do like classical music but this isn’t classical, and they just get confused. It is not classical unless the artist transported back to the late 1700’s in the classical era and composes in that time period. Yes the music shares similar qualities as classical music, and popular belief says that it is “classical”, but it technically is not. This is just an example of a misused term and how it sounds off base to me.  If you are around security professionals and swap threat, risk, and vulnerability it will probably get under their skin as well.

First off there is a more formal explanation on threats vs. vulnerabilities. Then, I have some funny analogies that I found at various sources on the web.  These analogies might help you remember the terms a little better.

“In personal terms, a vulnerability is something that can happen to your system. For instance, your data is vulnerable to fire if you don’t have a protected backup somewhere. Your system may be vulnerable to a virus or Trojan if you don’t have an anti-virus program running. It also might be vulnerable if you don’t maintain security updates offered by your operating system vendor. Your system might be vulnerable to a hacker attack if you don’t run a firewall. Conversely, a hacker is a threat to your system, as is a virus or Trojan. There is a threat of data loss, or to be more specific, you could lose your important information including pictures, files, personal information from a fire, flood, weather, etc. Vulnerabilities and threats don’t have to be purely intrusion-related. A vulnerability can actually be something as simple as someone getting onto your computer that you didn’t plan on. A threat could be the likelihood that someone would get on and get sensitive information or do damage.” - Thomas Williams - Source Article

“Imagine that you are going on a trip. While packing your suitcase, you realize that you need to bring some shampoo. Your shampoo has a flip top, not a screw top, and so you’re concerned that if you pack your bag too full, the airport baggage handlers might treat your bag roughly, exerting excess pressure on the bottle and popping the top. Shampoo could spurt all over your stuff!

In this scenario, you have a vulnerability (the flip top shampoo bottle which might not survive a good squeeze). The threat is that baggage handlers are not known for being gentle. The risk is that your clothes might get doused with shampoo.” - David Bianco - Source Article

“Imagine a lush green field of grass and clover, where bunnies frolic and play. These are cute white bunnies, with pink eyes. And the occasional black bunny, which inexplicably costs more. The bunnies in this field have no natural predators. The wolves don’t know about this field.

Now, picture a city cat that roams the streets, getting into fights, disappearing for days at a time. When it comes home, it’s missing a little more of its ear, or occasionally needs to be stitched up. If it gets into a fight, sometimes it wins, sometimes it loses. It will eventually be run over by a car. Its bloated carcass will be poked by children with sticks.

The bunnies are vulnerable. The kitty is vulnerable, and has threats.” - Ryan Russell - Source Article

This last week I have been working with another person at the company I work for in upgrading our servers operating systems and firmware. The servers are running OpenSUSE so I have been getting exposure to some Linux based servers. The downside is that they are production servers with live websites on them so we had to work the 12am-3am shift. I really like the idea of running your servers on Linux because the cost is minimal, and they are also very secure. I have mentioned the hosting facility where our servers reside in previous posts called nFrame. While I was there this time I took some pictures to share for anyone who has never been in a facility like this. The pictures only show one room and the facility actually has 10 separate rooms filled with servers, and hold equipment for a few big name clients such as the large shoe distributor - Finish Line, who’s headquarters are located in Indianapolis. The place is on a security lockdown with biometrics, camera surveillance, and 24 hour security guards – as it should be.  I had been in a facility like this one in the past, but it is much more appreciated with solid knowledge on the equipment.

Some thing to look at is the large blue units seen to the left of the server racks, these operate the cooling as there needs to be a lot of air flow with all the heat that is generated in a data center.  You can also see where the air shoots up from the holes in the floor, and it it is a nice breeze up the pants to stand over them because it gets quite hot while working in there. The floor panels are also all removable with crawl space underneath and I didn’t get to see anyone pull one up, but I suspect you could run cables underneath as well.  Also notice that there are many cables running over top of the server racks, which distribute the main stream coming into the facility.  Thats about it, hope you enjoy the pictures.

Are you graduating in the next year and don’t yet have an IT job lined up? It’s time to begin the work of making yourself attractive to prospective employers. Our career services folks can help by alerting you to job postings that come our way, and they have a whole list of things you can do to improve your chances of getting an IT job, but times are tough. I call for drastic measures. Here’s my checklist of drastic measures for you:
1. If you don’t have a job (any job) now–then get one. Employers are more interested in hiring people who have a record of showing up to work. Ideally this will be a part time or volunteer job that can be worked around your class schedule.
2. Clean yourself up. This one was hard for me so I understand if your reaction is “no way”. Change your mind and your language. Cut your hair. IT jobs and most entry level jobs you will apply for in (1) above require a certain amount of customer contact. Buy several pairs of Dockers and shirts with collars.
3. Quit World of Warcraft. Everyone played it, but no one wants to hire a WoW junkie. If you’re already too cool for WoW, quit whatever is your current addiction. Farmville? Smoking?
4. Make your boss happy. Now you should have a part time job (any job). Make your boss happy. Never be late. Never miss a day. Always cover shifts missed by others if you can. Learn and be an expert at your job. If asked, train others. This is a no-brainer that I have seen many young people not get. Imagine what she wants in a model employee and be that. The time will come when you are ready to move on and a letter of recommendation from your current boss is like a free ticket to your next job.

5. Be an excellent student. Not only does this have the obvious benefit of giving you the best return on investment in your time in school, but your instructors are like your current bosses. We can write letters of recommendation too. If you do well in a class, ask that instructor to write you one. Most instructors have done it before and if they think they can write you a strong recommendation, they will agree to do so.

6. Visit your campus career services department. Make an appointment and keep it. Bring your resume and portfolio. Be pleasant and professional. Follow their advice too.

I went into registration for the Spring Quarter with mainly Information Technology electives remaining for my last quarter minus a 1 credit career development class. I saved most of my electives for the end of my program, because I believe my final classes will be the most interesting and useful for my career path. I started realizing a couple of quarters ago that I wanted to start emphasizing in network security courses, but have been having trouble getting into these courses because of unmet pre-requisites.

Thankfully I was able to finally get some of these pre-requisites taken care of so I could take the classes I needed to take to fit my desired emphasis. I recommend that if there are elective courses that you want and you don’t meet the requirements due to a prerequisite, either plan to take care of the prerequisite if you have time, or lobby to join the course anyways. I don’t see a problem with that unless the class is unreasonably out of your range, as you are paying for the classes it should be up to you. Core requirements will be much more strict as they are built into the program and much less flexible, but Globe/MSB has always been very reasonable with me when it has come to getting the electives I need.

While choosing my classes for the Spring Quarter, I was pleasantly surprised by how many courses I found to help me meet my emphasis of network security and was grateful that I was able to get into all of these great courses at Globe/MSB, and all online! If I would have figured out exactly what my emphasis was going to be sooner and I could have even taken a greater advantage on what our college offers. This is why I put together a little guide to help students who are more in the infancy of the program and are thinking about emphasizing in network security. Here are some courses that you can shoot for to maximize your specialization of Networking and Security at Globe/MSB in the Information Technology program -

Core

NT272 – Network Administration and Security

DB311 – Database Implementation

IT305 – Systems Analysis and Design

IT315 – Information Security

Electives

DB321 – Database Server Administration

IT333 – Network Application Services

IT425 – Network Security Services

IT432 – Computer Forensics – Especially excited about this one

NT322 – Network Implementation Technologies

For a security emphasis, I think that it is a great idea to get a good base in the database as this can be the most integral part of an information system. I didn’t know anything about databases before I started here, and now I am enrolled in the fourth and final course offered here. Globe/MSB has taught me database concepts from the ground up so I can personally recommend this process. Whatever your strong areas are, it is good to figure out what your exact interest is earlier so you can start planning on your future.

This quarter I have been teaching Programming I. One thing I can confirm as a result of this experience is that games are great motivators for new programming students. They certainly are more relevant to the students than calculating interest rates or tax rates. The four programming examples that piqued my students interests more than any others included:

1. an implementation of the Caesar Cipher, which is a simple substitution cipher. Our text by D.S. Malik introduces reading and writing files early (in Chapter 3). The Caesar Cipher is a good way to get students to work with files. I introduced the cipher by giving the students a program, “DecoderRing.cpp” and  three text files  that contained these phrases:

message1.txt: “Tgcf{”kp”vjg”pqtvj0″

message2.txt:”Vjg”gcuv”ku”tgcf{0″

message3.txt:”Yg”ujcnn”cvvcem”cv”fcyp0″

Students were asked to run the DecoderRing.cpp program on each of these files and investigate the results. The program created three new files with these words:

Plain text 1: “Ready in the north.”

Plain text 2: “The east is ready.”

Plain text 3: “We shall attack at dawn.”

I was very pleased with the reaction of the students! This exercise demonstrated many important but tedious programming concepts: reading and writing files, integer arithmatic on character data types, and I think they got a glimpse of what power they would wield if they mastered programming.

2. An implementation of the XOR hashing algorithm. Granted, this required some time on my part to implement, but it provided my students with an example of a program that implements a very important error-detecting algorithm and gets them to think at the bit-level. Since the second quarter of programming will be going into objects, I figured this was my only chance to get them to look at integers as the 32 bits (on our machines) that they are. Students then used my program as a template to write their own hashing algorithm that has some of the features of the more cryptographically secure algorithms (like the MD5 checksum algorithm has). It will be my task (hopefully enjoyable!) to grade these this weekend.

3. An implementation of a tic-tac-toe game. I introduced this only after arrays and enumerated data types, but this was much more popular than either the XOR hash or the Caesar Cipher. Next time around, I think I can introduce tic-tac-toe even earlier–during the unit on functions. You don’t really need an array to represent nine squares on a board.

4. Rock-paper-scissors (lizard-Spock). This was a hoot. I provided the source code for the game Rock-Paper-Scissors (thank you D.S. Malik and Cengage Learning for this and other excellent programs with your text). Students were directed to modify it to accomodate Lizard and Spock as player actions (see these sites:http://www.samkass.com/theories/RPSSL.html and YouTube video of the Big Bang Theory). This was just a laboratory assignment this quarter. Next time, I will make it a homework assignment, and have the students add a computer player.

In summary, whenever possible I suggest that we design our programming examples and homework assignments around things that students may find interesting. Games top the list clearly in my experience–but be careful–many games and game features (such as an artificial intelligence) are very difficult to implement in code for first year programming students. I recommend that you try writing the game yourself before you recommend that your students attempt it.