Jesse Schibilia

So much has gone on in the last month or so that I haven’t had time to sit down and sort out my thoughts.

In July, I took a job at Rutgers University in the Office of Instructional and Research Technology. I am working on the Sakai Project. Sakai is an open source course management system similar to WebCT or eCollege.

For approximately five weeks, I worked to develop a series of technical documentation to help our users understand how Sakai works. It was a great experience that let me learn the insides of Sakai. Click here to see the web version of my documents.

Now that I have ostensibly completed that project, I am working on user support for Sakai. For the last few weeks, I have been learning JIRA (the bug tracking system that the Sakai Project uses), and OTRS, our local user support ticketing system. I have also been taking help desk calls. I am learning a lot and enjoying what I am doing. I recently tracked down a bug that was affecting how users were uploading files to the system. I tracked the bug all the way from taking the symptoms from the user, testing the behavior, reporting to the developers, and working with the CTO of Rutgers to deploy the code fix that will go into effect tonight. Seeing the entire process was a great experience and I thank my supervisors for giving me this opportunity to learn.

The Office of Instructional and Research Technology happens to share an office building with the Rutgers Information Protection and Security. I have been learning from some of the individuals here, taking any chance I can get to speak with them about my interests in security. They have given me a lot of great resources and guidance as I pursue my goals in information security.

I will be starting on my Rutgers IT Certification tomorrow. There are some parts of this certification that involve information security, so I am really excited to start. I will also be learning UNIX during three of the workshops. I have been offered so many learning opportunities here. It has been a great place to start my career.

I will be attending a Career Day this Friday. There will be a lot of companies there, so I hope to make a lot of good contacts. Now that I have some solid work experience, I know that I have something to offer a company.

I have an interview coming up with a large auditing firm. I am really excited because I will be interviewing with the Information Risk Management department. I have been doing a lot of research in preparation for the interview and I plan on knocking this one out of the park.

I just finished the framework for the RUSportCuts.org advocacy website.  It desperately needs conent from the individual teams.  It includes a discussion forum so that members of each community can come and talk about their efforts.  I really hope that it gets some exposure.  I have called out to the athletes to tell their communities about it so that we have a unified voice.  I feel that a unified voice is really important in a campaign such as this.

I’m sure many of you have heard about the varsity team sports cuts that will be occuring at the end of the 2007 season at Rutgers. If not, read up. They will be cutting the fencing program that I was a part of for the last five years. Obviously, this weighs heavily on my heart.

The cuts were made across the entire University. No part of our school was safe. I can understand that in tough financial times, the fat has to be cut. But I feel as if Rutgers Athletics made the cuts of entire teams to make the cuts visible. I am sure they could have rearranged the team budgets to have the same affect of cutting six entire sports. Instead, they want to avoid public outcry by saying “Look at poor Rutgers Athletics, they lost six entire teams!” The cuts made add up to 3% of the total Athletics budget ($1.2 million of $38 million). I am sure all of 30 teams would be able to maintain with a 3% budget cut straight across the board for each sport.

The cuts that were made are seen as “strategic” because we are considered to be teams that are less productive. Take one look at the t-shirt I made for Rutgers Fencing this year and tell me that we aren’t productive. We have 86 NCAA individual appearances and 32 All-Americans in 20 years. We brought Rutgers a national sabre champion in 2003. To my knowledge, there have been no other teams at Rutgers with any NCAA championships. So the notion that fencing is not productive is ludicrous.

I registered a domain name to create a website for an advocacy website for the cuts. I have been waiting for data from the rest of the teams so that I can put it together, but I have yet to hear from any of them. I am still trying though, and once it is up, I will post the URL here.

I have had a problem with one of my XP desktops for several months. None of my computers were able to access any of the shares or printers on that computer. It had bothered me for a long time, but it was never a terribly worrisome problem so I never really plugged away at it. Today I sat down to try and figure it out and I wanted to share my solution to this very specific problem.

Symptoms:

When trying to access shares on the offending Windows XP box from another Windows XP box:

• You can see the offending computer on the network.
• When you try to access this computer, you get the following error message:
• “Error: \\pcName is not accessible. You might not have permission to use this network resource…Access is denied.”

When trying to access shares on the offending Windows XP box from an OS X machine:

• The computer is shown in the Finder under Network > network name and you can click the connect button.
• When you click the connect button, you get a login screen for the network resource, then the following error message:
• “The alias ‘pcName’ could not be opened because the original item cannot be found.” (Options: Delete Alias, Fix Alias, OK…none of which do anything to help the situation.)

Solution:

Type ‘regedit’ into the run line off of your start menu. Navigate yourself to the following section of your registry:

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Look for the following registry value:

• RestrictAnonymous

The default value should be 0, but networking problems can arise if the default value has changed to 1. If this value is set to 1 in your registry, change it to 0 and close regedit. This registry value deals with the sharing and enumeration of shares. You do not need to touch any other values within the LSA section of the registry tree.

Try to access the previously offending XP box from another networked machine. It should make a difference. You might try to restart the box after making the registry changes for good measure.

You can also fix this problem, or just cross-check that the solution worked with the registry fix, in the Local Security Policy Administrative Tool. In your Control Panel, go to Administrative Services, then Local Security Policy. Navigate to the following section of the tree:

• Local Policies > Security Options

Find the entry:

• Network Access: Do not allow anonymous enumeration of SAM accounts and shares.

This entry should be set to ‘Disabled’ by default. If you have made the above fix in the registry, it should now read ‘Disabled’. If you haven’t made the above fix in the registry, you can achieve the same results by changing the value to ‘Disabled’ here.

I hope this helps, it certainly helped me!  I think mine may have been messed up when I downloaded some type of freeware to help optimize XP.

I have been living at home for the last month or so and I am still searching for the right job. I am still looking at several very presitigious firms around New Jersey. Things look very promising, but I hope that I get a job soon because my mother works me like a slave as compensation for living here. So far I have:

• Cleaned the gutters
• Sanded and refinished a rocking chair
• Pressure washed, stained, and sealed the back porch
• Edged around the house
• Spot patched a large stone back into a column
• Cleaned out the garage

The list is sure to go on. If I don’t get a job in IT, I suppose there is always manual labor…

I recently interviewed for a position as a Linux SysAdmin. My experience in Linux is limited. I have only spent about 10 hours on SuSe Linux on my computer at home. I have done a considerable amount of work on LAMP servers and in shell accounts in classes. I think that my inexperience in Linux came across to the interviewers as disinterest.

I contacted some folks at US Fencing about developing a website where athletes coming out of college can connect with individuals (parents or other athletes) in the community who are in a position to offer jobs. The idea stems from my problems trying to find a job without an internship on my resume. The idea was received well by a few of the executives at US Fencing and they want to talk with me further about it. I have to develop a business plan to see if it is sustainable as a non-profit service to the community, but I think that it would be a great project for me to run.

A blogger’s friend lost her SideKick II in an NYC cab. The individuals that found it are being low lifes about the situation. When faced with an offer for a reward, the low lifes have refused, responding instead with threats of physical violence and other such intimidation. Queue up the Web 2.0 Wrath music!!!

The blogger put up a page on his website (go to page) to showcase the injustice his friend is going through. He has had very little (if any) sleep since the ordeal began yesterday. His website has been flooded with traffic from many places (mostly Digg). What chance do the low lifes have?

If you look at the folks at PriceRitePhoto.com, which I wrote about in a previous post, they have very little chance. The only difference is that they are individuals, and not a commercial entity. Based on T-Mobile’s records and logs taken from T-Mobile’s servers, the individuals know who the low lifes are and where they live.

The blogger has posted links to the low lifes MySpace accounts. I am assuming that the low lifes have been thoroughly harassed by the blogging community because one of them has taken down his account. It seems like they are getting lots of nasty feedback because on one of the MySpace profiles, one of the low lifes has lashed out against the e-mails that have been sent to him and the comments that have been left on his account.

How do I see this panning out? Hopefully the police will deal with it in a civil manner. Hopefully the low lifes have enough decency to return the Sidekick. It is in their best interest to avoid the legal system here (the girl who apparently is in possession of the phone is also the 16-year-old mother of an infant). She may or may not have a 24-26 year-old boyfriend who may or may not be the father of the child. They don’t need that type of attention toward their personal lives.

It is amazing to see how the blogging community gets behind people that they don’t know. The blogger mentioned that a police officer (who saw the story on another blog) contacted him to give him advice as to how to handle it. Blogging connects people all over the world without having to traverse the traditional pathways that they would normally have to take. Instead of the blogger having to work through the bureaucracy of a local police station, someone with the right information came straight to him. This is the same way that blogging empowers people in some types of large companies. They connect today’s knowledge workers.

This is the first post in what will hopefully be many regarding information security. As previously mentioned, my interview with an Information Security division is fast approaching. I was thinking today about what actually makes me interested in information security and why I don’t think I will lose interest in the subject. I would like to share some of my thoughts.

1. I have actually read some really good books about information security. Neal Stephenson’s novel Cryptonomicon is an amazing book that centers around code breaking during World War II. Cryptography during this time was essential during the war. Potential reactions to a broken code were taken very seriously. If Germany, for example, realized that their efforts were being thwarted too often, they might change the encryption key, fearing that their enemies were intercepting and decrypting their transmissions. If they did this, it meant alot more work for the Allied Forces to decrypt any new code. The Allied Forces had to pick carefully which transmissions they reacted to; lives hung in the balance. This was an exciting book by a great author. I am in the middle of Snow Crash, one of his other works. I highly recommend his books to any other geek out there.
2. The Cuckoo’s Egg by Cliff Stoll is another exciting book regarding information security. I believe it takes place at UC Berkley in the 1970’s. The main character in this story is working at an astrophysics lab during the earlier times of the Internet when it was primarily used by educational and government institutions. A small accounting error in one of the log files clues him to a hacking attempt and he spends the next several years of his life trying to track down the hacker on the other end of the line. I read this thriller in two days, it really kept me hooked.
3. The market for information security is so hot right now. There are a lot of holes out there that need to be fixed or watched. People need assurance that their data will not be compromised. Any company doing business on the web cannot afford to lose their data in an attack. Some of the fines for negligence with credit card data, for example, are in the hundreds of thousands of dollars per incident. Even internally, companies need to be careful how their employees handle customer data as well as company secrets. There have been a few companies in the recent past who have caught a lot of flak for an employee losing a laptop with customer data on it. Companies need to set strict policies regarding how data is handled.

So I guess you can say that I am attracted to the opportunities within the discipline. I can see myself concentrating on policy development later on down the line. It seems like I will be doing a lot of auditing early on to get my feet wet. I can’t wait until I get my first certification.

I may soon be gainfully employed! I am interviewing with a company’s Information Security division next week, and if all goes well, I could be learning network forensics by the middle of June! Wish me luck, the interview is June 1st.

Scott and I just finished our final project for our Information Visualization class. We decided to do a Google Maps Mashup for restaurants around New Brunswick. The final product turned out really nice. Scott did 95% of the javascript and I did 95% of the styling/conceptual stuff. If anyone wants to use what we’ve done and build upon it, feel free. Just make sure to give us our credit.

One thing that we wanted to implement was a scroll back to center feature. After you close an info window, there is a drastic shift away from the markers. If you can figure this out (its pretty easy) let us know.

We haven’t really tested it in IE or Safari, but it works fine in Firefox.

[Discriminating Taste, New Brunswick]

I just finished my last few assignments last Friday. I only took three classes this semester, but it was still a ton of work. I have already confirmed one official A, and one unofficial A. That gives me six straight A’s in the last two semesters, which makes my mother very proud!