The obscurity of open source software projects.

With all the¬†sturm und drang about the OpenSSL so-called Heartbleed vulnerability, I spent a good chunk of the previous week examining servers I own or maintain to determine whether I’ll need to upgrade, regenerate/revoke certificates, etc. It has not been pleasant, nor easy.

The challenge of maintaining infrastructure that seems to hum along without intervention can’t be overstated. In my personal and work life, turn up of servers is not a day-to-day occurrence. Maintenance work gets slotted into the “do when there is slack time” column. And since those servers just keep chugging along without too much noise, they don’t rise up and get noticed. The unfortunate side effect of this is a slow, but steady, growth in open attack vectors on those critical infrastructure elements.

The obvious way to deal with this “low priority/high importance” work is to aggressively schedule it and get buy in from management and one’s personal scheduler. It always takes more time than estimated to perform these maintenance tasks, because of changes in software features and operation — and sometimes obsolescence. The problem of obsolescence is the most dogged one, I believe.

Cacti Logo

I’ve used Cacti for many years to graph SNMP interface statistics, traffic, and memory usage collected from Linux, Cisco, and Zhone platforms. It’s a PHP application utilizing the LAMP stack and is lightweight and easy to use. In the chronology of web based graphing of SNMP data, Cacti came after MRTG/RRDTool and allowed for easy creation and viewing of graphs from a web front end. Over the years, the pace of development and release cadence has slowed where the last released version was in August 2013. Since then, there seemingly has been a major restructuring of the code, but I can’t determine¬†where the project is going.

There are tons of projects like this, powering important parts of the Internet’s infrastructure. Each with communities that swell and wane as itches are scratched and new challenges found. Right now, ElasticSearch and the “ELK Stack” are hot and cool and fast — and quite useful — but in 5 years will there even be a way to download the code reliably or documentation that reflects the way the code actually works? I discovered OSSEC last year and was blown away by the completeness of the solution and the excitement of those who had been using it. But now the support of Trend Micro may be in doubt. Will the project sink into obscurity as attention wanes?

There are big challenges for those who must maintain infrastructure built on these tools. As the different software stacks “evolve” on different timelines, it falls to the users/administrators to step up and dig deeper into the code and discover, document, and attempt to correct problems. This is the lifecycle of FLOSS software and, upon writing this entry, I think that it’s a damn good thing (compared to the pay and pray model with commercial software).

First Days

I’ve now started working at the largest employer in my work history. The first day was consumed by human resources “stuff” (sexual harassment training, policy manual, paperwork) which I’ve never really had at my previous employers. Then, in a significant challenge to my name/face memory, I was introduced to 15+ other employees. My brain hurt.

I have a prox. badge, an email account, a laptop, and a good idea what the next weeks will bring. So far so good!

Difficulty Leaving

I’ve officially not been working since last Friday, but I’m still trying to separate myself from my old employer. It’s a little tougher than I thought it would be. My initial plan was to go into work over the weekend and clean my desk, prepare some RMAs, and make a clean break. That plan did not get executed.

Over the weekend, instead, Christmas trees were acquired, social goodness was continued, and quick trips were made. That leaves me with the frustrating task of going into the old office during work hours to take care of these remaining tasks.

This week was supposed to be open, so I could do housework, plumbing, cleaning, and preparations for the new job. So far, I’ve failed at keeping to those simple tasks.

New Job

As of December 16th, 2011, I’ll be working for Lincolnville Telephone/Tidewater Telecom. In terms of timing, the move will be almost exactly four years since I started with Cornerstone Communications. Choosing to move to LT/TT was incredibly hard, but I think the decision is the right one for my long term strategy.

Looking back at the past four years, it’s amazing how much I’ve been able to learn and do at Cornerstone. Working in such a dynamic environment with a great group of people was really eye opening after my years at Points South. The task of growing a business with little to no resources was challenging, to say the least! We were able to keep it fun, most of the time, and always rewarding.