Velcro for VAR Engineers

When I was younger, I must have watched The Delta Force about a hundred times. One of the things I loved in that movie was the uniforms the Delta guys wore. Jet black, covered in cargo pockets, and very useful. The most compelling feature, however, was the velcro on the shoulders and chest. The Delta troopers could remove the patches on their uniforms whenever they needed to be anonymous, then put them back on at will. I loved this idea. As time has gone on, I’ve notice the same kind of capability on the new military BDUs. Rank insignia, unit affiliation, and even the name tag are all velcro patches that can be removed, reapplied, and changed as needed.

This idea of configurable uniforms finally hit home for me the other day when I was going through my closet looking for a vendor-specific shirt. Yes, I know that Greg has decried the plumage of the vendor in a previous blog post, but as a VAR I’m a bit hamstrung. Sometimes, I need to put on my Aruba shirt or my Cisco jacket or my Aerohive tuxedo. Customers feel a bit reassured when you’re wearing a shirt from a company that you’re pitching. However, I’ve noticed that all these shirts seem to start looking alike after a while. I have the same Dri-Fit Nike polo shirt with four different vendor logos. I have the same dark blue polo with three other different vendor logos. I think I have a Cisco shirt in every color of the rainbow. I even have shirts that don’t fit anymore with fun old logos, like my Master CNE. Why do I need to have that many logo shirts in my closet? Why can’t I have a little more control over my VAR uniform?

That’s when it hit me. Let’s do the velcro configurability on vendor polo shirts. A velcro patch over the left breast and maybe another couple on the sleeves. Think of the possibilities. Now, instead of worrying about what vendor shirt I’m going to wear in the morning, I can just pick out the black one or the red one. Then, when I’m ready to brand myself, I just need to pick out the appropriate patch and slap it on the velcro. No fuss, no muss. If I wear the wrong vendor shirt today, it can cause some embarrasing issues. With the patch system, I just remove the errant patch and replace it in seconds. Much easier than trying to keep track of which shirt I shouldn’t be wearing to a particular site. You could even make a big show of it. When it’s time to get work done, make a big production of taking your patch out and slapping it on. When you need to be “off the record” about something, make a theatrical gesture of ripping the identification patch off your shirt as if to say, “I’m not with this company right now. Here’s what I think.” It would be practical as well as awesome.

Sure, there are details to work out. Even getting the vendors to start offering velcro patches would be a huge step in the right direction. I’m all for this, as it means I can finally take a little more control over my wardrobe. Now where did I put that sewing machine?

Device Naming Conventions

At some point or another, we’ve all been faced with the ominous screen asking us to name a device.  Whether it be a NetBIOS name or a DNS hostname, in those critical minutes we’ve been under as much pressure as any other time in our careers.  What should we call this thing?  Should I name it something memorable?  Should it be useful?  What about some kind of descriptive codename?  I wanted to share a few things with you that I’ve found over the years that might get a chuckle or two.  Hopefully, they’ll also serve as a yardstick for naming things in the future.

More often than not, desktops that are deployed straight out of the box keep the name that they were programmed with at the factory.  This can be some strange combination of manufacturer or serial number or phases of the moon.  Unless you’re on top of things or you have a VAR doing the installation for you (yay me!), you’ve left the name alone because it’s something that you don’t necessarily care about.  Infrastructure devices, on the other hand, are devices that have to be named to function.  These are the ones that engender the most thought into what they should be called.  My first run-in with an odd naming convention came back in high school.  When I was but a wee lad trying out this scary Internet thing for the first time (through Compuserve, no less), I started emailing a friend that went to more tech-savvy school.  Her email address was hosted by the local university on a mail server they built.  It seems that the seven mail servers that hosted the university and its users were named after Disney’s seven dwarfs.  In particular, this server was named Bashful.  I always thought that was interesting, since my friend was anything but bashful.  As time went on, I realized that people started naming their computers funny things because they wanted to remember what it did or make it have some kind of special significance to them.  When it came time to name a whole set of networked computers, that’s when you usually delved into the depths of literature or popular culture to come up with naming sets.  Groups of collected individuals of diverse skill sets that help you remember what it is that your devices do.  It also affords you the chance to show how clever you think you might be.

Far and away, the most popular naming set for servers/routers/stuff is Greek Mythology.  I’ve worked on more Apollos and Zeus’s and Athenas that I have any other device in history.  Usually, you can figure out what a server is doing based on which deity it’s named after.  Zeus is the domain controller/master server.  Athena is the ticketing database or Sharepoint server.  Hermes is the VoIP server.  Funny thing though.  You hardly ever see Hades doing something.  Usually, it’s a server on the fifth or sixth reload that they don’t really care about.  Also, don’t ask what Tartarus is doing.  It’s never anything good, I assure you.  While the Greeks are popular when it comes to server naming, I’m seeing a huge uptick in Lord of the Rings characters.  This is a bit more problematic for me, since I’m not usually inclined to figure out why someone named a server Merry or Pippin.  Depending on how much server sprawl you have, you may even need to reach down to find characters that weren’t in the movies, like Tom Bombadil.  Of course, every time I see a LotR naming setup, I very much want to change the name of the primary domain controller to Mordor and then disable all user accounts on it.  Why?  Because no one simply logs into Mordor.

On the flip side, I’ve seen users that understand that naming things after Greek gods and Ian McKellen characters can be a bit confusing at times.  So they’ve swung to the complete opposite side of the spectrum and come up with their own naming convention for things.  Normally, I applaud this kind of forward-thinking approach.  However, if your code names only make sense to you, it’s not much better than naming your servers after Best Support Actor Academy Award winners.  For instance, does the server name SW2K332DC050 jump right out and tell you anything meaningful?  It took me many tries to finally figure out that this particular server is running Windows Server 2003 32-bit and is serving as a domain controller.  Of course, that was when the server was first installed.  Now, it’s a Windows Server 2008 R2 machine that’s not a domain controller and is instead running some web-based application.  Faced with a whole page full of names like that is like trying to read the phone book.  Someone coming into this environment would need a cheat sheet or at least access to the server admin team to figure out what server you were working on.

I’m a huge fan of naming conventions that convey the device’s type and purpose on one short line.  Being a VAR, it’s usually critical to me to be able to scan an environment quickly and determine what exactly I’m working with.  Calling a switch 7K-Core-1 allows me to know almost instantly that I’m working on a Nexus 7000 in the core and that there should be at least one other switch (Core-2) somewhere close by.  Naming a switch 2960S-IDC1-1 is almost as effective but can lead to issues when I don’t know where IDC1 is located.  Since I work mostly with K-12 education institutions, I usually fall back on familar location info, such as 3560-Lib-1 or 4500-Caf-2 to help me figure out where I need to start my search for these devices.  I’ve always told people that my documentation habits arise from the need for me to remember exactly what was going on when I did something six months ago.  This goes for naming conventions as well.  I may be looking at this device from a stuffy hotel room three time zones away and not have access to all of the pertinent information before a critical change must be made.  The more descriptive I can make a device name, the better the chances that I won’t accidentally remove EIGRP from the core router.

What types of naming conventions do you use?  Are you a dwarf/deity/fictional character type of person?  How about washing the hostname through an MD5 hash tool before applying it?  Maybe you just name it the first thing you see on your desk when you power it up.  I’d be curious to see what your ideas are.

Start Menus and NAT – An Experiment

Fresh off my recent fame from my NAT66 articles (older and newer), I decided first thing Monday morning that a little experiment was in order.  I wanted to express my displeasure for sullying something like IPv6 with something I consider to be at best a bad idea.  The only thing I could come up with was this:

The response was interesting to say the least.  Questions were raised.  Some asked if I was playing a late April Fools joke.  Others rounded up the pitchforks and torches and threatened to burn down my house if I didn’t recant on the spot.  Mostly though, people made sure to express their displeasure by educating me to the fact that I should use something else to do what I wanted rather than rely on the tried-and-true metaphor of a Start Menu.

Now do you see what I’m talking about with NAT66?  Some people think that NAT is needed not because it’s a technological necessity.  Not because it’s solving fifteen problems that IPv6 has right now.  They want NAT because they really don’t understand how things work in IPv6.  It’s the same as bolting a Start Menu on to OS X.  When I started using my new MacBook a few months ago, I took the time to figure out how to use things like Spotlight and Alfred.  They weren’t my Start Menu, but they worked almost the same way (in many cases better).  I didn’t protest the lack of a metaphor I clearly didn’t need.  I adapted and overcame.  And in the end I found myself happier because I found something that worked better than I had hoped.

In much the same way, people that crave NAT on IPv6 are just looking for familiar metaphors for addressing.  I’m going to cast aside the multihoming argument right now because we’ve done that one to death.  Yes, it exists.  Yes, it needs to be addressed.  Yes, NPT is the best solution we’ve got right now.  However, when I started going through all the comments on my NAT66 blog post after the link from the Register article, I noticed that some of the commenters weren’t entirely sure how IPv6 worked.  They did understand that the addresses being assigned to the adapters were globally routable.  But some seemed to believe that a globally routable address meant that every device was going to need a firewall along with DDoS protection and ruleset monitoring.  Besides the fact that every OS has had a firewall since 2002, let me ask one question.  Are you tearing out your WAN firewall when you move to IPv6?  Because as far as I know, you still one have one (maybe two) WAN connections that are terminated on some device.  That could be a router or a firewall.  In the IPv4 world, that device is doing NAT in addition to controlling which devices on the outside can talk to the inside.  Configuring a service to traverse the firewall is generally a two-stage process today.  You must configure a static NAT entry for the device in question and then allow one or more ports to pass through the firewall.  It’s not too difficult, but it is time consuming.  In IPv6, with the same firewall and no NAT, there isn’t a need to create a static NAT entry.  You just permit the ports to access the devices on the inside.  No NAT required.  If you don’t want anyone to talk to the devices on the inside, you don’t configure any inbound rules.  Simple as that.  When you need to poke holes in the firewall for things like web servers, email servers, and so on, all you need to do is poke the hole and be done.

Perhaps what we really need to end this NAT issue is wildcard masking for IPv6 addresses in firewalls.  I have no doubt that eventually any simple home network device that support DHCPv4 today will eventually support DHCPv6 or SLAAC in the near future.  As fast as new chipsets are created to increase the processing power we install into small office/home office devices, it’s inevitable that support will come.  But to support the “easy” argument, what we likely need to do is create a field in the firewall that says “Network Address”.  That would be the higher ordered 48 bits of the IPv6 address.  Once it’s plugged in, the hosts will use DHCPv6 or SLAAC to address themselves.  Then, we select the devices from a list based on DNS name and click a couple of checkboxes to allow ports to open for inbound and outbound traffic.  If a customer is forced to change their address allocation, all they need to do is change the “Network Address” field.  Then, software on the backend would script changes to DHCPv6/SLAAC and all the firewall rules.  DNS would update automatically and all would work again.  Perhaps this idea is too far fetched right now and the scripting necessary would be difficult to write at the present time.  But if it answers the “easy” outcry about IPv6 addressing without the need to add NAT to the protocol, I’m all for it.  Who knows?  Maybe Apple will come up with something just this easy.


Tom’s Take

For the record, I really don’t think there needs to be a Start Menu in OS X.  I think Spotlight is a perfectly fine way to launch programs not located on the dock and find files on your computer.  Even alternatives like Alfred and Quicksilver are fine for me.  The point of my tweet and subsequent replies wasn’t meant to advocate for screwing up the UI of OS X.  It was meant to show that while some people think that my distaste for NAT is silly, all it takes is the right combination of silliness to get people up in arms.  To all of you that were quick to jump and offer alternatives and education for my apparent lack of vision, I say that we need to focus effort like that into educating people about how IPv6 works or spend our time figuring out how to remove the roadblocks standing in the way of adoption.  If that means time writing scripting for low-end devices or figuring out easy UI options, so be it.  After all, someone else has already figured out how to create a Start Menu on a Mac:

Software Release Names

Keith Parsons (@KeithRParsons) is to blame for this one with the following tweet:

I’m not a developer, but I’ve been on the receiving end of some of these software naming conventions before.  I figured I’d share my thoughts on them and maybe get a chuckle or two out of it.

Alpha – You should be happy the program even launches!  Alpha code is basically every module our programmers have been working on thrown together for the purposes of meeting a milestone.  It probably doesn’t work half the time.  It has horrible memory leaks. In fact, 50% of the features that are here won’t be in the final release.  Either because we don’t know how to code them properly or we only put the names in there to generate buzz and get more funding.  Your job as an alpha tester is to ensure that this program doesn’t format your hard drive or cause your GPU to melt through your motherboard.  If you do a really good job helping us fix all the glaring and obvious mistakes, we might give you and invite to the closed beta.  Maybe.  Tech support is great at this point.  Provided the developer isn’t on the phone with his mom or ordering a pizza for a late night coding session.

Beta – Okay, we got the GUI all figured out, and it won’t melt your machine anymore.  We’ve still got memory leaks, and we pulled some of the features that we listed just so we sounded as good as the other programs just like this but didn’t really plan on putting in here anyway.  However, we’re thinking of adding a few more features or changing a whole bunch of stuff right before release so that we don’t have time to test or change anything.  After all, we’ve got a deadline to meet, right?  Your job as a beta tester is to fill out form after form of feedback and bug reports so we know what we screwed up from the alpha code.  In fact, most of it is still screwed up.  We just spent our time going to beta putting in feedback forms and making sure they were all spelled correctly so we didn’t get bug reports that said, “You misspelled feedback.”  If you want to call support, feel free.  We could use a good laugh after looking at our last paycheck.

Beta (Google) – This is actually the release code.  We’ve been running it internally for about six months and it’s bulletproof.  We want to release it to about ten people and then make the rest of you beg for invites while we polish the extra pieces.  We also don’t want to support it in any way, so we’re just going to leave the beta tag on this until the development team that created it gets tired of working here and leaves to go to Microsoft.  Then we’ll just kill the product.  Have fun testing!

Developer Preview – Thank you for paying perfectly good money to be official guinea pigs.  Whether you flew to our conference or signed up for a yearly fee, we really appreciate you giving us extra money for a sneak peak at how horrible our programmers are.  You’re likely going to find out about the developer preview about a hour before we tell the gadget websites.  We’ll give you an older copy on a DVD and tell you to load it up and play with it.  Of course, it’s not really ready to go just yet and not much better than the last beta we put out there.  This really only exists for those app writers out there that want to figure out we’ve screwed up their whole programming structure.  We’re going to force them to massively rewrite their code in a rush to have an “approved” app out in time for the release in 6-9 months.  Of course, we’ll probably just take all their hard work and create our own feature that mimics theirs and cut them out of the profits.  Tech support for developer previews is conducted solely from our online support forums by those people who live and breathe our products.  We don’t actually pay them to like our stuff so much and we surely won’t pay them to keep fixing everyone else’s problems.

Release Candidate (RC) – This is what we used to call “beta”.  But since Google screwed up the term beta for the whole world, we had to come up with a new beta.  Sorry!  In this case, RC releases are the final code.  You can submit bug feedback, but we’re going to ignore it until the product goes live.  No time for delays!  Wall Street expects this out yesterday!  Your job is to find all the bugs and submit them so we can put them into the first service pack.  We’re also going to have to put a time limitation in this so people don’t download the software thinking it’s the final release and then use it forever and call for support on what is essentially a beta release.  Microsoft tried that with Windows ME and, well, you see what happened there.

Open Beta (mostly online games) – This is what you’re going to pay $60 plus $15/month for next month.  It’s the final game code release for the first twenty levels.  We don’t have time to work on the last thirty, so we’re placating you people to finish them.  You’re supposed to be stress testing the servers and verifying the first act of the game is feature complete.  In reality, we know all you nerds are downloading the game and using it as a “try before you buy” sneak preview.  There’s a good chance that we’re leaving some surprise stuff out, but you’re going to look at the program files and figure it out anyway.  Please feel free to post on message boards and fan sites and tell us how much our game sucks and how much it resembles other games that are more popular (we did copy them after all).  We won’t read anything in the feedback queue until we hit the first major patch.  Unless you figured out a way to hit the max level in eight hours.  Then we’ll fix that little bit and have you banned and burn down your house.  No hard feelings.

Gold Release – Hurry up and download this!  It’s the real live version!  It’s even got the right release number so your automatic updater doesn’t freak out later.  We’re trying to get this code to the manufacturing plant or the content delivery network as fast as possible.  In the meantime, someone probably posted this to a popular nerd or gadget website, so our single code server is getting hammered right now.  We’re just going to sit back and laugh at the 1 kbit/sec download speeds.  You fools should really have more patience.  In the meantime, we’re going to be sitting here playing Halo.  Don’t bother calling the support line if you break something.  They won’t be trained on the new version until next Wednesday.

General Availability – Okay, you can now download our software from anywhere.  It hasn’t changed much since the first release candidate.  We just kept correcting spelling mistakes and incrementing the version numbers.  The lead developer took his milestone bonus and went to Fiji for a month, so we couldn’t do any really complicated code fixes.  He’s back now with a sunburn and can’t go outside for two months, so he’s coding away.  We’re not fixing anything until the first service pack comes out, though.  We only release hotfixes if the CEO finds out that this program conflicts with his PalmPilot software.  We should also point out that support is going to be a little hard to come by.  The two people that didn’t schedule their vacations to coincide with the release date for the software were sick last Wednesday during training.  You might try turning it off and on again.  That helps. Really.

First Service Pack – Now you can install the software without fear that it will wipe out all those family pictures you keep forgetting to back up.  We fixed all the bugs you reported in the RC stage.  We’re still working on the ones that you came up with when we really released it.  We also added five new features that will probably break ten other things you really counted on.  We’re also adding in support for the second version of some new software so that we can claim to support it when it comes out sometime next year.  But in reality we’re just going to have to recode everything anyway.  If you work in a mission-critical environment, feel free to install this program now.  We’re 80% sure it won’t explode.  Okay, maybe 65%.

Extended Release/Extended Support – Guess what?  We finally fixed all the bugs!  Granted, you’ve probably been using this software for the last five years and complaining every day.  We fixed everything though!  Now, there have been quantum leaps in hardware and coding technology.  So we’re going to mark this one as “old” and move on to porting the whole thing to Java.  Or HTML5.  Or whatever wacky programming language Microsoft is trying to peddle this week.  The new version will have 68% of the feature set of the previous version.  It will also run 200% slower, due to code bloat.  That’s because the lead developer for the project took his release bonus and moved to Fiji permanently.  We had to hire six new interns to replicate what he was doing.  Then we had to send the code to him to fix the things the interns broke.  Don’t bother calling support unless you are a very important publication or the government.  Then we might help.  But we’re going to charge $500/hr for support.  We also take checks.

I hope this little guide helps you out the next time you’re trying to decipher what the various different software release acronyms/terms mean.  Don’t get me started on major number/minor number versioning, though.  That’s a whole other mess.

Why Not OS X Cougar?

Apple announced today that the new version of OS X (10.8) will be called Mountain Lion.  This makes sense considering the last version was called Lion and this is more of an evolutionary upgrade than a total redesign.  But I wondered why the didn’t pick something more catchy.  Like Cougar.  I realize the connotations that the word “cougar” carries in the world today.  You can read some of them on Urban Dictionary, but be warned it’s a very Not-Safe-For-Work page.  The more I thought about it, the more it made sense that it should be called Cougar.  After all, OS X 10.8…:

– is very mature at this point

– is trying to stay attractive and good looking despite its advancing age

– is trying hard to attract a younger crowd

– unsure of what it wants to be (OS X or iOS)

– has expensive tastes (10.8 will only work well on newer Intel i-series processors)

For the record, OS X 10.1 Puma and 10.3 Panther are the same animal as 10.8 Mountain Lion.  Maybe they’ll save Cougar until 10.9.

IT Christmas Carols

What would Christmas be without someone trying to come up with a funny list of Christmas carols with names related to their profession?  I humbly submit…

Oh, Spanning Tree

I’ll Be /home for Christmas

#FFFFFF Christmas

Rockin’ Around the Source Tree

Little Toner Drummer Boy

Blu-Ray Christmas

Chestnuts Roasting on an Open-Source Fire

Arctic Silver Bells

AFK In A Manger

Slide Deck the Halls

The 0xC Days of Christmas

What Child Process Is This?

Here We Come A-WAASailing

Rudolph the LED-Nosed Reindeer

For what it’s worth, I almost wrote lyics for some of these.  Then I decided that this was enough torture for one year.  There’s always next season.  If you can think of some that I missed, please leave them unwrapped in the comments below.

Merry Christmas to all and have a safe and festive holiday season.

Meeting Attention Span Request

To Whom It May Concern:

Due to an overwhelmingly full schedule of meetings, I have decided that my participation in them is unnecessary.  Therefore, I would ask that you fill out the following form prior to the scheduled meeting so that I may know when it is appropriate to tune out whatever is being talked about and begin doing real work on my laptop/iPad/iPhone/Etch-a-Sketch.  Please indicate the meeting subject from the list below:

  1. This is a weekly scheduled meeting to discuss why things haven’t improved since the last weekly meeting.  About 3/4ths of the way through, we will begin to plan for next week’s meeting where we discuss why things haven’t improved since this meeting.
  2. Your attendance in this meeting is to provide an aura of professionalism and reassurance while I spout off randomness to a customer.  You will be required to listen to my ramblings without comment or dissention until the customer asks you if this is correct.  Your required response is to nod and answer in the affirmative while trying to avoid saying anything that might make me look foolish.
  3. This meeting is a complaint-based diatribe focused on one or more persons/departments/divisions.  Odds are very good that you are not among the subjects being complained about.  However, an audience is required so that the affected subjects may be shamed into proper behavior/performance.
  4. This conference call will begin 5 minutes late and continue with late attendees beeping in and forgetting to mute their speaker phones.  After restarting several times due to interruption, the call will progress to the third slide in the deck before a number of attendees begin asking where to obtain the slide deck so that they may follow along in another application besides watching the slides being shared.  After directing the attendees to a download site, the call will then devolve into endless pointless questions on pedantic subjects until the majority of the attendees disconnect in frustration.  We will then call a meeting the next day to discuss the effectiveness of the conference call.
  5. This customer call is a valiant attempt for you to talk them out of doing something terrible to their computer/network/data center.  The customer will explain what they are attempting to do in very generic terms.  After the look of incredulity, you will be required to explain the deep technical details of why this procedure or setting will not work and may in fact cause more harm than good.  After the customer reveals they have made the change already before this call, you may be excused to wander down the hall and mutter quietly to yourself.

Thank you for your assistance in expediting the discovery time of the useless point of this particular meeting.


If you would like to download a PDF of this document for your own use, you may do so from this link.

One Syllable Tech Support

Shannon Hamilton: You wanna say something?

Brodie Bruce: Yeah, about a million things, but I can’t express myself monosyllabically enough for you to understand them all.

 – Mallrats

Full blame for this one gets laid at the feet of Erik Peterson for this little gem:

In an effort to avoid clogging the Twitters with endless hastags of #OneSyllableTechSupport, I instead decided to unleash a few of them on my blog.  After all, where’s the fun of not sharing some of my favorite short retorts to users?


I don’t know.

I think you broke it.

You should call TAC.

Did you bounce it?

I have no clue.

What did you touch?

Why did you call me?

What changed?

Can I talk to your boss?

I will go home.

Do I look mad?

Who else can you call?

That’s not my job.

My phone is off.

He said it would work.

I need to hang up now.

Don’t call me again.

I need a beer now.


Feel free to contribute in the comments below.  Remember, two syllables is too many for some people.

I Am The Cloud

I am the cloud.

When users see into the dark place they dare not look, they will find me staring back at them. I am the infrastructure. I am the platform. I am the service. I provision. I hypervise. The unknown is known to me. Commodity IT is my currency. I am public. I am private. When users want a new resource, I am the one click they make. When the magic happens, it is because of me. I scale infinitely. My throughput is legendary.

I am the cloud.

Double NAT

I’m sure that you’ve probably seen the now-famous Double Rainbow video somewhere on the Internet or television.  It has spawned thousands of time-wasting videos.  Allow me to make that 1,001.

Gerren Murphy (@Smurficus) threw down the gauntlet on Sept. 27th with this tweet.  I thought it might be fun to try, so I fired up the Flip and promptly got writers block.  How to show what double NAT really looked like?  That’s when I stumbled across the Wikipedia page for carrier-grade NAT.  The picture there served my purpose just fine, so I pulled it up in full screen and let my best method acting take over:

I would like to thank the Academy for any awards I might win in the future.  Although I apologize to my readers for not being as…augmented as the original video director.

If you’d like to learn more about carrier-grade NAT (also called NAT444), please head to Ivan Pepelnjak’s blog and check out his NAT444 post.