www.vExperienced.co.uk

Firstly an apology for those who regularly read my blog – I’ve just returned from three months paternity leave where I was largely ‘off the grid’ and had very little to do with technology and lots to do with changing nappies and singing nursery rhymes in public!  I could write a blogpost about technology parallels but that’s already been covered by Bob Plankers so I thought I’d at least check on industry developments and write up the events that caught my attention in those months. In no particular order;

• VMware Hybrid Cloud was finally announced (register for the official launch on the 21st May)
• VMware finally released the Horizon Suite including the new Horizon Workspace
• VMware announced NSX (good intro blog from VMware, and useful info at the Register)
• VMware acquired Virsto
• In the community vExpert applications opened for 2013 and CloudCred was launched (VMware’s attempt to gamify their learning paths), vOpenData was launched to great success, plus Storage Field Day #3 and LonVMUG offered their usual excellent mix of technology and social.
• OpenStack ‘Grizzly’ was released (with VMware plugins supported via Canonical) and there was the OpenStack summit in Portland
• HP announced their ‘Moonshot’ architecture aimed at hyperscale architectures
• Amazon announced a certification program for AWS
• EMC ViPR (Chad Sakacc’s blogpost)
• Netapp EF540 all flash array (covered by Chris Wahl).

Obviously three months isn’t very long in strategic terms although there are a couple of interesting developments. With the acquisition of Virsto and the announcement of NSX VMware are progressing their ‘software defined’ datacentre vision while the hybrid cloud move was leaked last year and now seems obvious given their lack of progress against rival public cloud providers like Amazon. EMC aren’t ignoring the threat that the shift towards open source, commodity, and ‘software defined’ products poses to their existing product lines although it’ll be interesting to see how other storage vendors respond to the same challenges. From my limited viewpoint (my company aren’t really doing ‘cloud’ at all if you ignore shadow IT) OpenStack seems to be gaining ground – I see more coverage and more people I know getting involved.

Anything I’ve missed? What’s in store in the next twelve weeks? Interesting times!

I’ve recently installed the BetterWPSecurity WordPress plugin, and found that while it’s very useful and does increase the security of WordPress it can also break your site.

Ah, Monday morning and the start of my three months paternity leave looking after my six month old son Zach. During his morning nap I logged into my blog to work on an article and noticed that my blog wasn’t loading articles correctly even though the home page worked just fine. Investigating further and looking at my site stats (I use both the Jetpack plugin and Google Analytics) clearly showed that something broke at the start of the weekend – I had nearly no traffic all weekend. Having just referred a colleague to my site for some information and on my first day of paternity leave (ie less time on my hands, not more as some may think) this was definitely not ideal timing!

My first step was to check my logs for information, in this case the BetterWPSecurity log for changed files. This revealed that the .htaccess file in the root directory was changed late on Friday night at 11:35pm – and I knew that wasn’t me as I was tucked up in bed. My first thought was a hack as the .htaccess file permits access to the site but there was no redirect or site graffiti and the homepage still worked so that didn’t seem likely. I logged in via SSH to have a look at the .htaccess file but didn’t see anything obvious although I’m no WordPress expert.

My priority was to get the blog working again so I tried restoring a copy of the changed file from the previous week’s backup (made via the BackWPUp plugin) only to find the backup wasn’t useable. Bad plugin! Luckily I’m a believer in ‘belt and braces’ and I knew my hosting company, EvoHosting, also took backups. I logged a call with them and within the hour they’d replied with the contents of the file from a week earlier. Sure enough the file had been changed but looking at the syntax it appeared to be an error rather than malicious hack.

My .htaccess file when the site was working;

# BEGIN WordPress

RewriteEngine On

RewriteBase /

RewriteRule ^index\.php$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

# END WordPress

My .htaccess file after the suspicious change;

# BEGIN Better WP Security

Order allow,deny

Allow from all

Deny from 88.227.227.32

# END Better WP Security

RewriteBase /

RewriteRule ^index\.php$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

</IfModule>

# END WordPress

I backed up the suspicious copy of the file (for future reference, ie writing this blogpost), restored the original et voila – the blog was working again. Step one complete, now to find the root cause…

Part of any diagnostic process is the question ‘what’s changed?’ and I had a suspicion that BetterWPSecurity could be the culprit as I’d only installed it a few weeks earlier. There was also the obvious issue of the new code in the .htaccess file which looked to belong to BetterWPSecurity. I checked the site access logs which confirmed my hypothesis – someone had attempted to break into my site and while attempting to block the attacker BetterWPSecurity had mangled my .htaccess file. The logs below have been truncated to remove many of the brute force login attempts (there were plenty more) but note that on the final line (after BetterWPSecurity has blocked the attacker) the HTML return code was 418 (“I’m a teapot”) rather than 200 plus the suspect IP 88.227.227.32 is the same as the one denied in the mangled .htaccess file. Yes, you read that right, “I’m a teapot”! Here’s a full explanation for that April Fool’s error code.

88.227.227.32 - - [15/Feb/2013:23:35:19 +0000] "POST /wp-login.php HTTP/1.1" 200 3017 "http://www.vexperienced.co.uk//wp-login.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"
88.227.227.32 - - [15/Feb/2013:23:35:19 +0000] "POST /wp-login.php HTTP/1.1" 200 3017 "http://www.vexperienced.co.uk//wp-login.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"
88.227.227.32 - - [15/Feb/2013:23:35:19 +0000] "POST /wp-login.php HTTP/1.1" 200 3017 "http://www.vexperienced.co.uk//wp-login.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"
88.227.227.32 - - [15/Feb/2013:23:35:19 +0000] "POST /wp-login.php HTTP/1.1" 200 3017 "http://www.vexperienced.co.uk//wp-login.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"
88.227.227.32 - - [15/Feb/2013:23:35:19 +0000] "POST /wp-login.php HTTP/1.1" 418 5 "http://www.vexperienced.co.uk//wp-login.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"

So BetterWPSecurity led me to the fault but also caused it. To be fair the plugin does warn you which settings are potentially going to cause issues but I’d assumed that it wouldn’t be me – dangerous things assumptions. I’ve rectified the issue by restricing BetterWPSecurity from altering core system files as shown in the screenshot below;

My blog is fixed and I’m feeling quite chuffed that it was all resolved during a long lunchbreak – not a bad day’s work if I do say so myself! Lesson for today? Take warnings seriously and have multiple backups!

Firstly, this is not about the 1% associated with the Occupy WallSt campaign! As widely reported on Twitter and the blogosphere the 2012 vExpert program is up and running – I won’t go into the changes this year as there is plenty of coverage for that. In VMware’s own words;

The annual VMware vExpert title is given to individuals who have significantly contributed to the community of VMware users over the past year. The title is awarded to individuals (not employers) for their commitment to sharing their knowledge and passion for VMware technology above and beyond their job requirements.

Sounds great, let’s fill in that application form right? Before you apply have you ever paused to consider what is it you’re actually doing, and for whom? In an interesting article about ‘going social’ posted just a few weeks ago Dr Michael Hu talked about six myths companies believe are associated with a social strategy, one of which is the need to reach every customer to be effective. He refutes this, stating;

Instead, you need to discover the small number of “superfans” who want deeper engagement and then harness their enthusiasm to manage and strengthen other customer relationships on behalf of the brand. That’s the real power of community – you tend to the 1% who tend the other 99%.

That describes the vExpert in a nutshell - you are the 1%!

You could see this through cynical eyes as VMware using the community for their own benefit but like many of my peers I’ve been working in IT for well over a decade and virtualisation is the first time I’ve found a community that really benefits everyone involved. Maybe it’s the advent of social networking, maybe it’s the convergence of the various technologies or maybe it’s the time and effort expended by VMware (and geek herder extraordinaire @jtroyer)  but for some reason it works where it never did before. I enjoy being part of the VMware community and I  know it adds value for me (and therefore my employer) and many other people. While the 1% add great value on VMware’s behalf they also benefit greatly from the experience themselves. Just bear in mind that much as we’d all like VMware’s recognition, VMware need us too!

I’m already vExperienced and I’d love to be a vExpert. Fingers crossed!

ps. Apologies to Alex Maier who now runs the vExpert program – I’d already made up my ‘poster’ before I knew!

After being asked why I blog by a co-worker I’ve been thinking about what motivates me to blog. An inspirational blogpost by Mark Pollard on how to get into strategy identifies some traits which strike me as equally applicable to blogging;

1. Curiosity. This is partly why I got into blogging as the techie in me wanted to know how it worked, which technologies were involved, what was that plugin that other bloggers were referring to? It’s the same instinct that makes good engineers – they want to know how something works so they take it apart!
2. Action. Like most technologies the only way to really understand it is to get stuck in and do it. Until I started my blog I wasn’t sure what I’d blog about but I quickly found myself thinking ‘that might be interesting to others’ during my working day and I started turning thoughts into blogposts. I agree wholeheartedly with Seth Godin’s view that the process of distilling your thoughts into something readable for others is a very valuable process, and reason enough to blog – even if nobody reads it. Read more…

Today was officially the start of VMworld Copenhagen even though many people were here yesterday for partner day. The hands on labs are always popular at VMworld shows, and for all the reasons previously covered by others. I’ve done two labs so far (HOL01, Creating the Hybrid Cloud and HOL27, Netapp and VMware) which were both useful in different ways. There’s a good atmosphere and the technology behind the labs continues to evolve – this year vCenter Operations (and I think Netapp Insight Balance) are on display showing how the lab infrastructure is performing. There are more seats and the labs are open longer than last year (32 hours) which is good to see.

I spent fair bit of time in the bloggers lounge, a small dedicated area with power, a separate wifi connection, and facilities for VMworld TV to broadcast live from. This is where you can often find John Troyer, the godfather of VMware’s social media scene along with many of the twittter names you’ve seen but never met in person. VMworld is a vertitable ‘who’s who’ of the virtualisation world – I found myself sitting next to Scott Lowe for ten minutes before realising who he was and saying hi! Many of the people hanging around the bloggers lounds have been at VMworld many times so it’s a good place to get a feel for what’s hot and what’s not at this year’s conference. I got my first taste of VMworld TV via an invite to vSoupTV. Quite a few people mentioned that it felt quieter this year but as the attendance has been confirmed at over 7,000 it must be because there’s more space rather than less people.

The centre of the complex is used as a relaxation zone complete with plenty of seating, food, recliners (for those quick power naps), table tennis, table ice hockey, chess sets etc. It’s a good place to meet people as you pass through on your way from a general session to the labs. Free wifi is available throughout the Bella Centre but unfortunately it’s pretty temperamental – somewhat expected for a large conference with over 7000 people. That wouldn’t be so bad but the VMworld iPhone app relies on internet access so when that’s not working you can’t reference your schedule or register for sessions. When it does work the VMworld iPhone app is pretty good – you can check for upcoming sessions, get a filtered twitter stream for a given session, and even check site maps. Read more…