Terminal Tennis Elbow

Despite best efforts this morning, Diana and I got to the train station later than we hoped. All the open tables were gone, and now I’m using the new MacBook in a position that the Surface Pro was really having trouble with. Huge improvement, and this was just the test it needed with a couple of days to go in the return period.

Normally I’m working on websites in the morning. Honestly, the past few train days it was more planning and getting various tools installed, like Laravel Valet. I decided on two projects, one to be worked on at home and one to be worked on while on the train.

The home project I’m calling Rings, after the Aesop Rock song of the same name. It’s a wheel reinvention, but a necessary one. It is meant to reproduce much of the functionality of the CoreManager package, which is a web package used to manage private World of Warcraft servers. CoreManager does work, but it’s pretty ugly, very insecure, and generally in need of a full rewrite, and I’m happy to give it a try. So far I’ve got the ability to register a new account for the server, and you can log in on Rings and be taken to a dashboard that, currently, doesn’t do squat. But that’s fine, the logon was a heck of a thing to figure out since I had to replace Laravel’s authentication stack with a setup that would work with my WoW server.

The project I’m working on while on the train is called Kirby, also after the Aesop Rock song. This is a project that Diana and I discussed months ago, and was sort of tabled without a resolution. Now that she’s on a new career path, and I’ve had a change of heart with regards to web design, I’m happy to take it on. Essentially, it’s a thing to manage Diana’s sewing projects, with pictures, tags, measurements, comments, and so on. I can see a long-term plan with it that’s really social and interesting.

There’s a third project brewing in my head, a second attempt at a site I tried to build in 2007 or 2008 and failed, aimed at the perfume-maker and aromatherapy community. The framework I’m building with seems perfectly suited for this project, and now it can be done in a much safer way too.

I’m having this internal debate on whether or not “going easy on myself” is actually doing myself any good. From a mental standpoint, sure, I should probably not give past me (or present me) so much shit. But physically it’s probably not a good thing.

The walking every day ended abruptly when I had an object thrown at me on the sidewalk from a vehicle doing about 40 miles an hour. Three guys, they threw a little red ball, like a stress ball. Soft, but less soft when traveling at that speed. Knocked my headphone out of my ear. It still pisses me off because it killed my enjoyment of something I was really into. Much as I said I would not let it affect me, I have not walked down that street since. That’s been a couple of months, now. My weight has gone back up slightly, though not a full reversion to where it was. Diana and I have been playing a fair bit of tennis. We both had to get new racquets since the car was broken into. I got to pick up my new one on Saturday and it’s just what I was looking for.

There is, after a long radio silence, progress being made on our house. The pad and plumbing are in, and the slab will be poured his week. Then things are going to start moving rapidly. I was shocked to hear during our construction meeting, that they are still targeting the house to be finished before the end of the calendar year. They’re actually targeting late November, which means about two months end-to-end. That seems aggressive to me, but what do I know? I suspect it will be mid-to-late December.

I think my review on Friday set me up in good shape to get stuff done today. The first half of the day is wide-open, too. I’m envisioning a good day, here. It’s been about three straight weeks of spinning my wheels between outages, long weekends, and being sick. There are about 6 really productive weeks left in the year, and I need to make the most of them.

It’s Been a Long Time Coming

I got to disclose the SNSLocker ransomware fully to the FBI last Friday. I caught a late break in research when someone pointed me to a software package that could decompile the virus, reversing it back to source code. So I was able to give them the attacker’s name, age, email address, IP address, password, and the source code to the virus, website, and database. They were quite impressed, and now I’ve got a point of contact there where I can quickly disclose just about anything going forward, and said agent will also be able to quickly acquire warrants to put us on the right side of the Computer Fraud and Abuse Act. I meet with them again in three weeks, and in the meantime I’m going to do a partial disclosure on bluesoul.me going over the tactics used.

One thing I was not factoring in while becoming more active: Becoming more tired, which leads to sleeping later, which leads to missing the train. I missed it for quite nearly two solid weeks. It’s cost me one badly cracked windshield from being on the interstate so much more. Sorry about that.

On the health front, things are going quite well. If I wasn’t drinking quite so much water, I might have a better idea of what I actually weigh right now. I got below 170 quickly, but since then I’ve hovered right around it. However, with logging food on the Fitbit app I can get a rough idea of how much fat has burned off. And I can feel a difference physically; squishy parts are becoming less so, my calves have put on a lot of muscle mass. That thing I said about hitting 10,000 steps for three out of three days, when I’d only hit it once in the prior six months? Since then, it’s gone up to fifteen out of the last seventeen days.

In the past, I’ve always tracked only one half of the weight loss equation. I would set a calorie limit on the day without the context of how many calories I’ve burned in the day. I’d used the FitDay software which had an activity tracker, but it was required to be all manually input, and was based on averages. Now with the Fitbit that can track calories burned in real-time, I’m able to get that critical second half of the story without really having to do anything. It thought it over and came up with a number of calories to burn in a day, which it set at 2,722. How many I should consume in a day is just a matter of how quickly I want to lose weight. If I’m fine with losing a pound a week, the number to eat would just be 500 calories less than what I burned. Some days I’m burning 3100+ calories, and I’m not really interested in eating 2600. All good, I’m just losing a bit more fat that day.

Diana may well have a new job starting next week or the week after. The new job may well be with my agency, about a hundred feet from my desk. The new job may well be a 50% pay raise. Needless to say, we’re both pretty excited about this. She and I have worked together in the past and we work well together. This also has the chance to be a big step forward for her professionally, she’ll be able to learn from some very intelligent, successful women. It’s also going to significantly kill the cost-savings of staying in Albuquerque. I get a discounted train ticket. But both of us together would be $200 a month. Then it becomes a question of about $300 a month for three hours of commuting a day. I value my time above a dollar an hour, personally. One of my coworkers let me know about a really nice apartment on the north end of Santa Fe, the price is about where all the apartments are, which is high. But the pay raise will help with that too, and start to make the business of commuting more than a little foolish.

Dead Dove Dot Jpeg

I don’t know what I expected. I didn’t expect it to go well, this thought of exercising at work. I’m fairly blown away at how well it went. I had a few things I wanted to accomplish.

I wanted to walk at least 250 steps each hour. I almost accomplished that, I did so in 7 of the 9 hours. One hour was entirely taken up by a meeting, and the other was where I had substituted additional resistance band exercise. I don’t think there’s honestly much that can be done for those hour-long meetings, call it a necessary evil.

I wanted to do my exercises, the full 3 sets, 15 reps each, six exercises. That didn’t happen, I only managed one set. It’s going to take a little balancing of my time to manage more. Also, dress pants are not condusive to doing squats. Impossible.

I wanted to try incorporating Pomodoro better in my day. I’d bookmarked Tomato Timer a while back but never really got into it in earnest. Oh, I’ve got way too much to do, I can’t be splitting my day into 25-minute chunks. I used Pomodoro all day today, and I was far more productive than a typical day. During those 5 minute breaks, I figured out a path in the building that not only involves just over 250 steps, but also incorporates four flights of stairs. All total, I climbed 29 flights of stairs today, and I’m going to end the day at about 33 flights. The exercises take about three minutes, so I can actually fit both the walk and the exercise in one five-minute break. I also managed two walks between 15 and 20 minutes.

I need to remember this day, remember how I’m feeling right now, 9400 steps into the day. Because I’m not going to feel this optimistic some days, hell maybe even most days. Ten thousand steps sounded unreasonable not even twelve hours ago. Now I’m going to hit 11,000 before all is said and done. This is coming off of short sleep and bringing earplugs to the train thinking I was going to sleep. I can do this. I can look forward to this. I feel really good. And I wish I could bottle up the sensation.

It’s going to work just fine in these warm months, that Florida upbringing has me saying the hotter, the better. I’ll have to figure something else out in the winter for the long walks. Maybe I’ll be able to do some sort of routine within the office building. Even if I was willing to face the cold (I’m not), there’s the matter of typical pileups of snow and ice around the route.

My GTD article was seemingly finished when this revelation of Pomodoro actually working well came to pass. I’m going to review the article tomorrow and see if it makes sense to include. Then I need to double check all of the links and make sure they work and are sufficiently useful without leaking any data. I’ll end up posting it in a couple of places when it’s ready to go.

Any Place Aimed, Go

Ever have your stomach bother you so badly that you ended up reconsidering your life choices?

It’s been a rough couple of weeks. Sometimes I feel like I just pinball from one illness to the next. At least on this one, I don’t have to worry about being a hypochondriac. You don’t imagine almost throwing up, having that acid climb all the way up into the back of your mouth.

I’ve been thinking it over and my best guess is it’s a combination of two things. One is acid reflux, brought on from being overweight and overly sedentary. The other is stress.

Isn’t that odd? I don’t feel like I have all that much to be stressed out about. And yet I notice it, carrying way too much tension in my head and my shoulders. The logical place to look for sources of stress would be my job, but I have trouble coming up with much. We finished one big project, the next one is going to be much slower to roll out by design (we don’t get to start in earnest until August). Maybe it’s impostor syndrome. I feel like I’m over that, though.

Maybe it just has to do with getting up earlier than I ever have in my life. The thing with that, I’ve thoroughly acclimated to getting up by 5:15 and certainly no later than 6. Two weeks ago I worked out of the Albuquerque office for two days, meaning I didn’t have to leave the house until 7:35. Contrast that with my 6:05 cutoff to leave most days. I could not bring myself to fall back to sleep that morning.

I think I’ll solve a lot of problems by losing weight. I also remember that common advice, which is don’t announce that you’re going to lose weight. The idea there is that your brain isn’t terribly clever and will substitute words for actions and reward you with dopamine, even though you haven’t actually done the work yet. At the very least, don’t write about it until you’ve started, which I did last week, adding multiple breaks from my day to get up and take a walk. The long one is about 20 minutes, and there’s a shorter one that’s about 10 minutes.

Fitbit recently updated their app and added a couple of new metrics. They want you to get up and take at least a short walk (250 steps) every hour, from 8 to 5. (I may integrate this with [Pomodoro](https://en.wikipedia.org/wiki/Pomodoro_Technique), doing two pomodoros and then going for a walk, then repeating.) They also want 30 minutes of exercise, 5 days a week. I’m pleased to say I managed that last week. 10,000 steps per day seems quite far away still, which is funny because it was effortless when I worked at Best Buy and I was still overweight then.

I also have some resistance band exercises I’ve picked that I can do in my office. I don’t have the paper handy but I believe it’s six exercises, three sets of 15 reps each, three days a week. I need to figure out the best way to incorporate them into the day.

This is one of those things that should be simplified by moving, as I currently leave the house at 6:05 AM and don’t get back until 6:35 PM, and I’m in bed by 9:15. That doesn’t leave much time. If we were up here, I wouldn’t have to leave the house until 7:30, I’d get home by 5:15 and not have to be in bed until 10:45. One way or another, that’s an extra 2 hours and 50 minutes. I could do an awful lot in that time. I still think we’re making the right decision in the short term by staying in Albuquerque, but I’m aware of what I’m giving up for low rent.

Don’t make these people mad.

It’s been a good week. I want to get the gaming stuff out of the way because I have something entertaining to talk about. I picked Diablo 3 back up over the weekend and man it feels like a whole different game compared to launch. Fantastic. Got a new wizard from 1 to 70 and cleared my first rift without a death. Only on Hard, mind, which is like the 2nd easiest difficulty out of 10. But I think I’ll be down that rabbit hole for quite a while.

Anyway, what I really wanted to get into. I wrote two weeks ago that I wanted to get into malware analysis and research. So I have been, meeting new people and getting in some circles. Twitter is the go-to community for this line of work, as the rapid response time and ability to talk to people you’d never met before both work in its favor.

My experience with trying to get into the inner circle of a new community is to bring something to the party. So I did, in the form of the Practical Malware Analysis starter kit, which has been a smash hit and got me a little credibility for the cost of about five hours on a Saturday morning getting the stuff I would’ve gotten at some point anyway. I also wrote up a piece on using GPOs to neuter some malware. So it got me a little cred.

That’s led to good things. I can’t be specific yet because the virus is still live and the author isn’t aware, but thanks to a community-provided sample, me and a few other guys and girls got our hands on some new ransomware, before any large campaign got underway. We were able to extract data from the software sample, and with a combination of internet sleuthing, intuition and a little luck, we’ve accomplished two big things:

  1. We added a backdoor to the ransomware, to decrypt any infection when we desire.
  2. We were able to identify the man’s name, age, and the university he attends. Unfortunately, said university is in Morocco, so I don’t think the FBI is terribly interested.

What’s crazy is that this isn’t some sort of test, something from the Practical Malware Analysis lab questions. This is real malware with real consequences for the people that get infected with it. The whole reason I wanted to get into this is to make a difference and I think I managed to do so in my first week.

Don’t misunderstand, I got a bit of a break getting something this easy to crack in my first week. I still have a ton to learn. I said this is pretty much all new content and that’s been true. Learning assembly and the whole world of unpacking, decrypting, and generally breaking open a black box is a new world. But it’s still significant, because it showed the community at large that I’m worth training. Now I can ask questions and I’ll get answers, or at least pointed to the right resources. I can’t overstate how important that is. Nobody learns alone.

We’re approaching a four-day weekend. That’ll be my first one since my first week on the job, almost exactly six months ago. I’ll be down half my staff and my boss after Wednesday, so read-only Thursday as well as Friday. We’re also approaching what is essentially a read-only month, the last two weeks of June and the first two weeks of July. The last machine we were going to bring into Nutanix was done last week so we are fully on that platform and the monolithic task we’ve been calling Nutanix since November is done.

This is gonna be a great week, too. I can feel it. My GTD article should come out this week too.

Also Because “Bounty Hunter” is a Rad Job Title

The last two days have involved driving to work rather than taking the train, hence a lack of writing. I did put up a post over on bluesoul.me that might give a little clue as to what I’ve been up to.

I’ve been involved with fighting ransomware before, if only from the position of raising awareness. At the same time, I’ve been really unsure as to what I want to pursue as my next “deep” hobby. This week, it clicked. I’m going to be a malware researcher.

There are a number of things about this decision that really appeal to me. I have that innate desire to help people, and this is an opportunity to leverage skills that not a lot of people have to do so, potentially to save people from losing what might amount to their life story in digital form. From about the age of 13 on, I’ve had a fascination with hacking, and I can actually take the gloves off as a white-hat, working with teams to dissect viruses and help neutralize the source. There’s a fair amount of press (I’ll stop short of calling it fame) that can come with being a security expert. I’m not planning on leaving my job any time soon, mind you, I just like being renowned for something. It gives me an opportunity to learn an entirely separate field of computing than I’ve ever been exposed to. I’ve got about a 900-page book called Practical Malware Analysis that is pretty much all new content for me. That’s exciting for me. I also have the ability to do something that’s rare in the malware analysis scene right now, which is to quickly translate the research findings into something usable for sysadmins. I did this yesterday and it went over very well.

I’ve got my first credit in one of the best living documents on ransomware out there and it’s a great feeling. It’s a really fun community to interact with, these are all very smart people, likely very high up in various tech and security outfits. And there’s just something infinitely cool about poking and prodding viruses designed for extortion or espionage, taking them apart to see what makes them tick and how to protect the world from them, and then doing exactly that. It makes me feel really good knowing that my network is better-defended than most of the other networks on the planet, without being overly burdensome on my users.

I’m really excited for this, and I’ve already got a few lab environments set up. I’ve got the OK from by boss to build an isolated lab at work to use for research. I’ve got a nice little setup with point-to-point wireless leading to a Verizon USB modem, totally isolated from our production network.

Now, this is probably going to impact my writing schedule a bit. My laptop is perfectly capable of running the software used in analysis and reverse-engineering. It’s also more than suitable for reading a 900-page book. And quite honestly, it’s really got my interest right now. I don’t know what the end-game is, there really isn’t one in a field like this. It would be awfully cool if I was able to apply the knowledge I pick up to earn some bug bounties. There’s something really intriguing about that world, people get thousands and thousands of dollars for finding flaws and disclosing them responsibly. That’s badass. What a time to be alive.

Assprints In The Sand

I think we’re all creatures of habit, when you get down to it. I was bummed this morning because someone was in my usual morning seat. And I get that this isn’t school, there are no assigned seats…but if that’s not my seat, whose assprint is that?

We’re off to a much better start to the week, despite being on the wrong end of this train car. I feel altogether healthy, and ready to get to work. I’m ready to start working with ZenDone and see if it’s the answer or not. I’m cautiously optimistic about it.

Speaking of feeling altogether healthy, I wonder if I can convince myself to do this all the time, like a reverse hypochondria. Might save more sick leave that way.

I’m sad to report the loss of 0.201 bitcoin, which probably happened in 2013. I didn’t care when they were $17/BTC. Now that they’re at about $450/BTC it’s an irritation. That’s 90 bucks, man. If I’d bothered to keep mining I’d probably have a couple thousand dollars from it. I did cash out some Dogecoin, about six bucks worth. I’m on to a new cryptocurrency, Ethereum. I’m gonna stay with it this time. Every time I’ve gotten into mining, I’ve backed a good horse. The currency appreciated in value. And if I had bothered to stay with it, I’d have more money than I have now for roughly the same amount of work.

My presentation on the new file server infrastructure is finished up and approved by the sysadmin that’s actually going to be in charge of building the thing. I think we’ve got a good handle on how it’s going to go. It’s gotta go to the other managers now. This is their first time seeing me present an idea of my own outside of my second job interview with them. All I can say is that this wasn’t born out of one panicked planning session. This has been over two months of research, test labs, and discussion. It’s a good plan. It’s gotta support the whole agency for at least five years, it had better be a good plan. I’ve gotta live with the results for at least five years, it had better be a really, really good plan.

One day I might write about why I seem to be drawn to music with lyrics that are generally nonsensical (or “deep” if you want to justify their existence) but right now it sounds like the sort of pseudo-intellectual navel-gazing that makes me want to slap the shit out of 16-year old me. Maybe I just don’t want to think too hard. They don’t generally get the scrutiny they deserve.

Mariano Rivera or Aunt Jemima

I feel pretty good going into the weekend, physically and mentally. Physically I feel just about normal again. Mentally I got to talk with my guys and my boss about some stuff that had been on my mind. The business of needing to delegate more. It went over alright, probably mostly because I didn’t actually have a ton of stuff to hand over. If this had happened a month ago it might not have gone over as well.

All things considered the week is ending better than expected. I think I’ll feel like a new person going into next week.

I do like that work doesn’t generally feel like work. There’s not that resentment of spending time on stuff you don’t care about. Being happy in your work is underappreciated. It’s not a given that work has to suck, not even close.

I’m starting to accept that OneNote isn’t a 100% match for a GTD book. I found out about ZenDone fairly late in the day, but I’m going to play with it next week. It’s purpose-built to be a GTD tool, and integrates with Evernote, which isn’t bad. If it doesn’t work, I might just do the unthinkable: An analog system. That will be quite a readjustment, so I hope it doesn’t come to that. I can’t seeing it being better for me than some digital system. But, I’m also the one struggling here, so what do I know? I just find it hard to believe I’m better suited to analog than digital. It works for Stephen Covey, but he’s old enough to be my grandfather. He wasn’t surrounded by modern technology when he pioneered his productivity methods, same for David Allen. Companies like Moleskine love pointing out that plenty of 20- and 30-somethings are discovering the advantages of dead trees. I think it has more to do with the average person doesn’t really know much about how to wokrk a computer, regardless of age.

I really want Zendone to be the answer here, if that wasn’t obvious.


Partial credit is being issued today. I spent most of the day feeling ill and the resulting work and effort kind of reflected that. I should be better about that, but I’m a simple creature sometimes. Just like I don’t regret staying home yesterday, I don’t regret going in today. I was far more capable, but it just didn’t amount to much. I could’ve accomplished an equivalent amount in probably two hours any other day.

One of the odd things I’m wrestling with is a note that came out in my first evaluation. I need to delegate more, more managing of the work and employees and less technical involvement. That’s a totally reasonable request, but it’s a tough transition. In the last gig, I was doing most of the technical work at this tier, most of the time. At the same time, I resented not getting some assistance, though honestly most of the time there wasn’t anyone else available that was capable of doing the work. Now I’ve got guys that can do the work, but I don’t want to bother them with it. I’d rather keep them fresh and relaxed for those times where I need 100% out of them. I’m fine with taking on the intervening stuff myself. But that’s counter to the direction I’m being asked to go.

It’s part of that professional transition that I summarized as “making it.” Now that I’ve got a pretty good idea of how everything here works, I need to step back and let the sysadmins work. My focus needs to be in keeping track of all the work they’ve been tasked with, triaging the severity thereof, and letting them know what should get worked on at what time, and that’s the primary responsibility. The secondary responsibility is being the “Tier 4” they can escalate to, being able to pinch-hit for them on their days off, and generally keep the peace. Somewhere in-between is planning and architecting new solutions and project management.

Similar to what I was saying this morning about there being no improvement without challenge, I’m not really doing my admins any favors here by taking work off their plates, not in the long run. It has the potential to be rather career-threatening if they go years without picking up anything new or being exposed to routine problems to solve.

What’s irritating about this is that it sounds for all the world that I’m trying to get out of doing work that I could be doing myself. Like someone rationalizing some awful thing as “for the best, honestly.” The pragmatic view of it is, that’s not what they hired me for. They weren’t looking for another sysadmin. They want an IT manager. Am I delivering on that? Perhaps I am the right person for the job, but am I performing the right duties?

I’m going to have to improve at that.

I perform better while drinking out of a coconut.

Closing out the week is less arduous than it felt last time around. I feel more fresh than last week, despite (or, because of?) more booze being drank this week than last. I did get a full 8 hours of sleep last night, and I’ve gotta say, I’m at a point in my life where I really appreciate sleep. It’s the best.

Today I get my first evaluation from my boss. The timing is pretty good, Nutanix is ready for production as of yesterday and that’s one of my deliverables for the year. There is one more interim evaluation some time in July or August and then the final evaluation in November. I feel like this could put me in a great mood for the weekend, if nothing else. I want to be told I’m on the right track so far. I think that might just happen.

I finished reading Time Management for System Administrators yesterday on the train, hence the no new articles. All in all, I’m not terribly impressed. I thought it was going to be a GTD clone, but it doesn’t do any of the things GTD does as effectively. It boils down to “capture everything, and make a new schedule every day with all the stuff you have to do, then prioritize each item and estimate how long it will take.” The problem with the second half of that is that it doesn’t solve the problem the book set out to do. Limoncelli mentions “The list of doom,” which is a book where you write your tasks in and cross them out when they’re done, and eventually you end up with open issues scattered throughout the book. So instead, you’re to build the list up every day, rewriting the same junk every morning until it’s completed. Also, he wants you to set a finite amount of time aside for “distractions” and tickets. If I knew that yesterday’s distraction would keep me busy from 10 to 3, I’d have planned my day differently. He also suggests writing scripts and programs to automate things. I don’t think the target market really needed to be told about the potential for automation in their job.

I can’t recommend the book.

In honor of it being both Earth Day and Read-Only Friday…

Diana and I are trying out the Wunderlist app, there’s always an awkward wait at the end of the day when she’s asking if I need anything from the store and I’m busy trying to get on the train and might miss the message entirely. With a shared list, there shouldn’t be any need for such a wait.

We’re supposed to get to pilot Google Apps very soon for possible deployment to the agency. I’m pretty excited about that, between the collaborative editing tools, hangouts, and an IM platform we can standardize on, it’s got a lot to recommend for it. It would be awfully nice if we could leverage some of that stuff. I don’t really want to set up an IRC daemon on the network. Well, I do, but I don’t want to have it be the option for people outside of the IT department.

Here’s to a quality Read-Only Friday, everyone. Get some documentation in, testlab some new ideas, and try not to make too much work for yourself.