tzlee.com/blog

A friend of mine was unhappy with his work and asked when he would make it up the corporate ladder. I shared the following with him and thought it makes a good blog post.

Maybe I’ll elaborate on the corporate ladder part. Big companies (in your case) are big enough that you are actually insignificant. Not just you, everybody else is dispensable. These companies have stood the test of time and will stand even if the key people leave. This is what makes a company – it’s structure. CEO leaves, so what? There’s still many people under working despite his absence. People now know that if you throw a stone, you’ll hit a degree holder.

“There’s many others that can do your job,” says your boss. Sad but true.

The fact is that the corporate ladder is overrated and nobody should sit around a company waiting years over years to climb it. It just does not happen that way. Climbing the corporate ladder in a large corporation is mostly politics. Nobody I know sits around a company for a few years and gets promoted without meddling with some politics. Most who just stay put and “do their work” get at most a measly pay raise and hardly any promotion.

Don’t think about the ladder. There’s a closed door at each floor. You need to convince the person staying there to open it for you. There’s usually only room for one on each floor, and that person has to go up as well. If he doesn’t move, you don’t move either.

The alternative? Either work in a smaller company where your value is greater, or work for a company who would pay you more, or go start your own business.

I guess society has gotten used to the term “urgent“. It’s pretty annoying that people send you e-mails that make requests to be completed in a day or two, citing them as urgent. I guess these people don’t realize urgent doesn’t involve the entire world and applies to their context and not mine. Don’t blame others for your own lack of planning and foresight. I have a lot of other urgent things to do too.

Sorry folks if I haven’t been responding to your e-mails/wave/chat promptly and haven’t been doing my homework. I’m super tied down this week with work, plus my mum’s sick and I have to be at the Istana tomorrow. The weather isn’t really very helpful since I’ll be under the damn hot sun.

If any of you need to buzz me, the surest and fastest way is via SMS.

And for those who’ve mailed me on project groupings and/or discussions please hang on a bit and I will get back to you ASAP.

I’m sitting in a client’s office and just two cubicles away, this guy is on the phone with another guy trying to troubleshoot something.

“Hello? Yah, yah? What is wrong?”

Few seconds later…

“Oh, can you go inside? Erm… edit the file?”

Few seconds later…

“Yah, use pico open the file.”

One or two seconds later…

“Pico don’t have? What you use? Nano? Don’t use nano. You try pico?”

Few seconds later…

“No pico? Install pico and try?”

Few seconds later…

“OK, you call back. Yah. OK, thanks, bye.”

So he concluded the guy used the wrong editor? Few minutes later, he makes a call to someone else.

“Hi, yah, er, ask you ah, how you see the Linux is 386 or 686 or x64?”

Two seconds later..

“Oh like that ah. Use you-name lah. OK. Then, then… like that I cannot install the 386 on 64bit lah?”

Wahlaueh, it drives me nuts just listening to the conversation Heng I don’t have to work with these people.

http://roomfordebate.blogs.nytimes.com/2009/08/03/what-do-school-tests-measure/#comment-127279

Busy at the moment. Will blog later. Link for your reading pleasure.

I’ve been puzzled for quite a while now why the web UI keeps crashing on one of my VMware servers here, and I finally decided to kick my lazy ass and get down to work.

I found out that it was the vmware-hostd process that hosts the web UI ports (HTTP on TCP/8222 and HTTPS on TCP/8333). A quick search on Google gave me just what I was looking for.

So it seems the new glibc version in CentOS 5.4 breaks VMware Server 2. If you’ve already upgraded your server, here’s how you can downgrade glibc:

• Go to /etc/yum.repos.d
• Make a copy of CentOS-Base.repo to CentOS-5.3-Base.repo
• Edit CentOS-5.3-Base.repo and rename all the headings in the [brackets], e.g. [base] -> [base53]
• Do a search and replace all $releasever with 5.3
• Save the file
• Run yum clean all then run yum downgrade glibc glibc-common
• You’ll also need to re-run vmware-config.pl
• After the downgrade is done, edit /etc/yum.conf and add exclude=glibc glibc-common glibc-devel glibc-headers glibc-utils nscd on a new line to avoid future update issues, at least until VMware decides to fix it.

So the second lecture was on Software Engineering. Big word and unfortunately means big problem. The class was introduced to Agile/Scrum which is a newer methodology compared to the old waterfall/spiral SDLC model that I was taught in school.

I used Agile/Scrum about two years ago in my previous job and my experiences were much similar to the ex-students who presented. I worked with teams from about 2 to 6 in size. Honestly, not many teams can get past 10 pax because of $$$. I must say 80 is an awesome huge group!

So here’s my observations:

• The common effort multiplier is between 2.5 to 3 not because people are slow or bad at estimating, but because they did not consider time taken for communication and other context switching overheads. However as the team gets better and better at estimating their effort this multiplier can go down to about 2. Don’t forget, Project Manager doesn’t do the actual work but still gets paid. So where does his effort go?
• The biggest problem with estimating effort is with companies billing by the hour. I was constantly questioned for high estimates (thanks to my 3x multiplier) because it ballooned the cost of a project and I was pressurized to push it down, but guess what? It always overruns, i.e. the original high estimate was correct.
• Agile works well with small projects too, just that you may not need to religiously hold the daily scrums, but the idea of having broken parts down into bite-sizes is the key to easing project management.

Wei Man is right. Geeks are bad at estimating effort, but we have to know what it takes to do something so that we can manage ourselves. Time, energy and life are finite and therefore our efforts are finite as well. If you don’t learn the skill of estimating efforts I can 100% assure you that you’ll overrun your projects. This is from a personal experience from not getting paid and even almost being sued.

***

On the documentation part, Prof. Ben is right. There’s a job market out there with people writing documentation. This type of job is called Technical Writing. If you’re good with language, maybe this is a job you can pursue. There’s not many of these companies around and their clients are usually huge (Aerospace, Military, etc.) so you get paid pretty decent. Not to late to change courses now.

Somehow I think I’m living life on the soft side, or as the Chinese says, 吃软饭. I’m officially in a holiday mood as I write this blog entry while my wife (who’s just right beside me) bashes away at a PCI DSS audit report… I think she doesn’t even notice me blogging.

I’m finally taking a real break from work with a weeks’ leave between Christmas and New Year. Not that I’m the first around here, but hopefully not the last. I spent the last working hours of 2009 actually back in office unpacking, installing and repacking servers each fully jam-packed with twelve 3.5″ SAS disks. They’re really quite heavy – weighing up to 30 kilos each. SAS disks are considerably heavier than SATA ones. Somehow, weight does matter? Shrugs. So if you think I’m really having a good time at work everyday, now you know it’s not always the case.

But before I let myself run wild for the last few days of 2009, I’ll write a little about work… I’ve been at this job for a little over a year. It’s been pretty nice working around here and I’ve surely learnt a great deal. My colleagues are fantastic – I’ve got a great PM and one thing that touched me was that the sales folks gave us Christmas presents every year! Or at least for the two Christmas I’ve been through. I got cookies from Vivien last year and Winnie gave us Royce chocs this time round… I ate about half the box before I brought the remainder home. Oops, sorry dear.

I’ve also gotten really lucky to have won lucky draw prizes at all the company dinners – I got a Dell Inspiron the last year and a Sony PSP Go this year. The Dell has been put to good use, but the PSP is not really my kind of toy, so it’s going to my sister if she behaves, or maybe eBay.

I’m packing my schedules up for the next week to catch up with some looooooooong lost friends, some of whom I’ve completely lost contact with since we left primary school. Thanks to the power of the Internet and social networking, I’m finally meeting them again after fifteen years! Unbelievable.

And of course in my free time I shall religiously clean the house which has been neglected for the past two months. I also need to learn how to cook more variety of dishes. I’ve been preparing fish dishes so far.

Well, that’s the life of a working house husband. At least for now.

Welcome back…

I know you have been faithful readers.

See? You’re smiling. Stop denying it. You love my blog, don’t you?

It has been a crazy month. I’m part of a small team of three and two of my colleagues went away – one to Turkey and another to reservist so he could help weed out terrorist. I was, of course, left all alone to take on some good amount of work that, well,  came all at the same time. Screw Murphy. Hate that guy.

So it’s December and everybody’s in a holiday mood. I wish I was too, but it’s not quite easy with a fucking noisy neighbour living right upstairs. They make so much noise and vibration by dragging furniture, slamming their doors and let their kids run about into the wee hours that even my window grilles rattle at times. After approaching them three times and calling the cops once, I decided to approach them one last time which ended in a yelling session, with the typical remark from these inconsiderate bastards like “this is my house, I’ll do whatever I want” or “go buy a condo“. Things improved a bit after the yelling, but it still happens. When the night’s all quiet, these sudden bumps and squeaks really make you to jump.

So it seems nothing really changed in 2009 other than my marital status and an empty bank from a property purchase and renovation. It’s time to work out something new in 2010. My public list of items goes like this:

• Get back on track with some research/dev type projects. I’ll be meeting an NUS professor before 2009 ends, so I’ll post an update here.
• Learn to cook now that I’ve got a kitchen to myself. I’ve also promised to post some of my successful attempts out of many other unsuccessful ones.
• Get the wedding banquet done.
• Build new sources of revenue. I’ll start small, but aim big.
• Get back to flying R/C occasionally as a hobby. I’ve stopped flying for the entire of 2009 without even realizing it.

And of course, before 2009 ends, here’s a short to do list.

• Pack up the study room. It’s in an absolute mess now.
• Get another two sets of Wii Remote + Nunchuck since the two I ordered from HK over a month ago didn’t arrive at all.
• Get my old Cello bows rehaired. Already sent and will only be done in January 2010.

I’ve just attended a one day “seminar” with folks at Arbor Networks and it has been insightful.

It seems people are still pretty ignorant about DDoS attacks. Unlike the 1999 CIH virus that was programmed to take out a computer by corrupting it’s BIOS EEPROM, most of the viruses, worms, malwares and whatnots on the Internet today are around for one simple reason – money. Obviously if you’re good enough to write worms, you’d think “why write a worm for fun, when I can make money?” These worms infect computers to build Botnets, and Botnets are sold for real money on the black market to take down sites (via a DDoS), send spam, and all sorts of other things.

There was one point in particular though that caught my attention, and it was that firewalls (or in fact any type of inline device such as load balancers) are potentially targets for DDoS attacks. To make matters worse, the higher the OSI layer the firewall capability goes, the worse it gets in terms of performance and reliability.

Believe it or not, firewalls are vulnerable to serious security issues like buffer overflows just like any other server or appliance with an IP address. So it turns out that firewalls are the biggest marketing scam in the history of IT security because companies have spent millions and millions of dollars on these stuff that don’t offer much protection than say, iptables.

Just about a month ago, I spoke to one of our customers who experienced a DDoS attack launched towards their co-location in the USA. The DDoS traffic was approximately 500Mbps and it completely took out the firewall. This site provided online payment services to customers and was up and down for days. Their firewall was tiny in comparison to the DDoS they got – on paper specs states performance capabilities of 90Mbps or 30Kpps at 2.8K sessions/sec with a max of 8K sessions at any time. Of course, these are lab specifications and real world traffic wouldn’t be as forgiving.

A simple DDoS attack that’s merely 10Mbps in traffic volume would have generated millions of packets per second with a 1-byte  UDP or ICMP packet. Taking down such a firewall would be a breeze. In fact, a single modern day computer on a broadband connection could probably do the job.

If it was a TCP SYN flood, it would have been way easier. Sending 2K TCP SYN packets per second is child’s play, so filling the firewall’s state table really takes no more than 10 seconds.

I had a chat with my wife who audits financial institutions (FIs) based on the PCI-DSS standard. Most FIs providing payment card services will have to conform to this standard. This standard, however, mandates that a firewall is required to comply. Unfortunately, most FIs have a pretty average Internet connectivity pipe – somewhat in the range of 20Mbps to 100Mbps. They scale their firewalls to their connectivity, so what they have, well, closely resembles the one I described earlier.

So why were firewalls invented?

Early operating systems didn’t provide packet filtering capabilities, so the early firewalls were really just stateless packet filters that basically routed (not NAT’ed) traffic and dropped unwanted requests based on simple IP, protocol and port numbers to services that weren’t supposed to be public. Then the idea of NAT came about (remember the days of WinRoute) to allow multiple computers on a LAN to share a single IP address on a WAN link. Some smart guy then figured, “oh well, let’s put servers on a private subnet and use the NAT technology to map public and private address spaces. This way, we’re safer!” Agreeably, that was the dumbest idea ever and is a PITA to manage, but millions of servers are configured this way today. Over time, these features were slowly incorporated into the all-in-one junkbox we now call the Firewall. Sweet.

Personally, I don’t have a firewall sitting in front of my servers. All my servers are individually configured to run iptables (or ipfilter on Solaris, etc.). I am going to test the Linux TCP stack with Apache from a default CentOS install to see how much SYN flood it can hold up before giving up and maybe post some results here, including what I tweaked in the kernel.