So when I last left you guys I was attending Splunk .conf. My plan was to write each day but I quickly realized how long the day was when you included 9 hours of conference, plus commuting to and from DC each day so screw that.
So today was day one of Splunk .conf2017. This being my first time at .conf, I wasn’t entirely sure what to expect. The morning started off with the keynote address by the CEO of Splunk, Doug Merritt. A couple of interesting numbers to start with. 7,187 people were regestered to attend .conf this year from 65 countries who traveled a combined 65 million miles to get to Washington DC (enough miles to go to and from the moon over 100 times).
Today was the first (well sort of) day of the 8th annual Splunk .conf convention here in DC. .conf covers a range of topics, is three days (well really 2.5) long, has over 200 technical sessions, and includes over 6,000 participants. In short, its a bit of a data science nerd orgie.
A while back I wrote about the importance of using a standardized time source. Keeping accurate time across devices is essential so that you can easily correlate events within logs across the network. But what do you do when you’re operating on a closed network and there is no time source that you can pull from?
As anyone who has spent more than an hour or two driving around the box at NTC knows, it can be pretty damn easy to get lost in the desert, especially at night under blackout conditions. After 3.5 years there, I got pretty good at knowing my way around the box but during each rotation there was always at least one or two times where I would get turned around and have no idea where the hell I was
Today Signal-Chief.com is joining the likes of Github, Google, Amazon and host of countless others who are protesting the FCC’s proposal to end its current policy of Net Neutrality.
I was looking through Nixcraft on Facebook yesterday (if you haven’t been to it before, check it out) and came across the graph. As a warrant officer, we’re supposed to be experts in whatever field it is that we happen to be in. But what exactly does that mean?
One thing that I first noticed occasionally as a Net Tech, and then more as an OC/T at NTC and finally a ton now that I have moved into the cyber side of the world is the just how important logs can be. The problem….we suck at actually saving the stupid things.
By and large I personally think that most of us are much more comfortable with layer three than any other layer in the OSI model. We deal with it each and every day. We have a number of tools at our disposal which make it very easy for us to see if/when it’s working and just how the data is traveling. To start with though, we have to know just how things are supposed to work.
When I entered the Army in July 1999, I came in as 31F (switch operator). Anyone who worked with MSE will remember that it had almost absolutely no data capabilities, but also that it was extremely easy to troubleshoot. Signal flow for MSE was pretty darn easy to understand. If you understood the idea of how the system worked, the signal flow was easy to follow. With the introduction of JNN and IP data networks to tactical communications, logical and physical said “It’s been fun” and headed their separate ways leaving our operators and even ourselves busy scratching our heads wondering how the hell it all worked.