Three quarters of 2015, my IT career and various ramblings

September is over. The first three quarters of 2015 are over.
This has been a very important year so far – difficult, but revealing. Everything has been about change, healing and renewal.

We moved back to Europe first, and you might have now also read my other post about leaving Microsoft, more recently.

This was a hard choice – it took many months to reach the conclusion this is what I needed to do.

Most people have gone thru strong programming: they think you have to be 'successful' at something. Success is externally defined, anyhow (as opposed to satisfaction which we define ourselves) and therefore you are supposed to study in college a certain field, then use that at work to build your career in the same field… and keep doing the same thing.

I was never like that – I didn't go to college, I didn't study as an 'engineer'. I just saw there was a market opportunity to find a job when I started, studied on the job, eventually excelled at it. But it never was *the* road. It just was one road; it has served me well so far, but it was just one thing I tried, and it worked out.
How did it start? As a pre-teen, I had been interested in computers, then left that for a while, did 'normal' high school (in Italy at the time, this was really non-technological), then I tried to study sociology for a little bit – I really enjoyed the Cultural Anthropology lessons there, and we were smoking good weed with some folks outside of the university, but I really could not be asked to spend the following 5 or 10 years or my life just studying and 'hanging around' – I wanted money and independence to move out of my parent's house.

So, without much fanfare, I revived my IT knowledge: upgraded my skill from the 'hobbyist' world of the Commodore 64 and Amiga scene (I had been passionate about modems and the BBS world then), looked at the PC world of the time, rode the 'Internet wave' and applied for a simple job at an IT company.

A lot of my friends were either not even searching for a job, with the excuse that there weren't any, or spending time in university, in a time of change, where all the university-level jobs were taken anyway so that would have meant waiting even more after they had finished studying… I am not even sure they realized this until much later.
But I just applied, played my cards, and got my job.

When I went to sign it, they also reminded me they expected hard work at the simplest and humblest level: I would have to fix PC's, printers, help users with networking issues and tasks like those – at a customer of theirs, a big company.
I was ready to roll up my sleeves and help that IT department however I would be capable of, and I did.
It all grew from there.

And that's how my IT career started. I learned all I know of IT on the job and by working my ass off and studying extra hours and watching older/more expert colleagues and making experience.

I am not an engineer.
I am, at most, a mechanic.
I did learn a lot of companies and the market, languages, designs, politics, the human and technical factors in software engineering and the IT marketplace/worlds, over the course of the past 18 years.

But when I started, I was just trying to lend a honest hand, to get paid some money in return – isn't that what work was about?

Over time IT got out of control. Like Venom, in the Marvel comics, that made its appearance as a costume that SpiderMan started wearing… and it slowly took over, as the 'costume' was in reality some sort of alien symbiotic organism (like a pest).

You might be wondering what I mean. From the outside I was a successful Senior Program Manager of a 'hot' Microsoft product.
Someone must have mistaken my diligence and hard work for 'talent' or 'desire of career' – but it never was.
I got pushed up, taught to never turn down 'opportunities'.

But I don't feel this is my path anymore.
That type of work takes too much metal energy off me, and made me neglect myself and my family. Success at the expense of my own health and my family's isn't worth it. Some other people wrote that too – in my case I stopped hopefully earlier.

So what am I doing now?

First and foremost, I am taking time for myself and my family.
I am reading (and writing)
I am cooking again
I have been catching up on sleep – and have dreams again
I am helping my father in law to build a shed in his yard
We bought a 14-years old Volkswagen van that we are turning into a Camper
I have not stopped building guitars – in fact I am getting setup to do it 'seriously' – so I am also standing up a separate site to promote that activity
I am making music and discovering new music and instruments
I am meeting new people and new situations

There's a lot of folks out there who either think I am crazy (they might be right, but I am happy this way), or think this is some sort of lateral move – I am not searching for another IT job, thanks. Stop the noise on LinkedIn please: I don't fit in your algorithms, I just made you believe I did, all these years.

Capturing your knowledge/intelligence should be SIMPLE

Lately this blog has been very personal. This post is about stuff I do at work, so if you are not one of my IT readers, don't worry.

For my IT readers, an interruptions from guitars and music on this blog to share some personal reflection on OpInsights and SCOM.

SCOM is very powerful. You know I have always been a huge fan of 2007 and worked myself on the 2012 release. But, compared to its predecessor – MOM – in SCOM it has always been very hard to author management packs – multiple tools, a lot of documentation… here we are, more than 6 years later, and the first 2 comments on an old post on the momteam blog still strike me hard every time I read it:

whatever happened to click,click,done?

You would think that things have changed, but SCOM is fundamentally complex, and even with the advances in tooling (VSAE, MPAuthor, etc) writing MPs is still black magic, if you ask some users.

I already blogged about me exporting and MP and converting its event-based alerting rules to OpInsights searches.

Well, writing those alerting rules in SCOM needs a lot of complex XML – you might not need to know how to write it (but you often have to attempt dechipering it) and even if you create rules with a wizard, it will produce a lot of complex XML for you.

In the screenshot below, the large XML chunk that is needed to pick up a specific eventId from a specific log and a specific source: the key/important information is only a small fraction of it, while the rest is ‘packaging’:


I want OpInsights to be SIMPLE.

If there is one thing I want the most for this project, is this.

That's why the same rule can now be expressed with a simple filter search in OpInsights, where all you need is just that key information

EventID=1037 Source="Microsoft-Windows-IIS-W3SVC" EventLog=System

and you essentially don't have to care about any sort of packaging nor mess with XML.

Click, click – filters/facets in the UI let you refine your criteria. And your saved searches too. And they execute right away, there is not even a ‘Done’ button to press. You might just be watching those searches pinned to tiles in your dashboard. All it took was identify the three key pieces of info, no complex XML wrapping needed!

Ok, granted – there ARE legitimate, more complex, scenarios for which you need complex data sources/collectors and specialized/well thought data shaping, not just events – and we use those powerful capabilities of the MMA agent in intelligence packs. But at its core, the simple search language and explor-ability of the data are meant to bring back SIMPLE to the modern monitoring world. Help us prioritize what data sources you need first!

PS – if you have no idea what I was talking about – thanks for making it till here, but don’t worry: either you are not an IT person, which means simply ignore this; or – if you are an IT person – go check out Azure Operational Insights!

IT-Related Articles

This page contaisn links to some of the technical IT articles I've written on the web in various periods of my life. They may go about Security Research or infrastructure or development, or how-to's or useful SQL Queries and Tools and scripts for System Center Operations Manager; some are translations to italian of some english security white papers or guides; they might be just rants or normal blog posts.

I collected them here to let them be found more easily, hoping that someone might find them interesting. Always keep in mind the period in which they are written, as my mind could – and probably has – changed on a variety of topics, with time!

Monitoring SQL Backup Failures with Azure Operational Insights Search and Dashboards
How to collect text log lines in Azure Operational Insights thru Operations Manager (SCOM)

Azure Operational Insights Search How To: Part I – How to filter big data
Azure Operational Insights Search How To: Part II – More on Filtering, using Boolean Operators, the Time Dimension, Numbers and Ranges
Azure Operational Insights Search How To: Part III – Manipulating Results: the pipeline “|” and Search Commands
Azure Operational Insights Search How To: Part IV – Introducing the MEASURE command
Azure Operational Insights Search HowTo: Part V – Max() and Min() Statistical functions with Measure command
Azure Operational Insights Search How To: Part VI – Measure Avg(), and an exploration of Type=PerfHourly
Azure Operational Insights Search How To: Part VII – Measure Sum() and Where command
W3C IIS Logs Search in Microsoft Azure Operational Insights
Useful Operational Insights Search Query Collection
IIS MP Event-Alerting Rules’s OpInsights Searches Equivalents
Anatomy of an Event Collection Rule for Azure Operational Insights (Advanced targeting when using OpsMgr attach)
How to collect Syslog events in Azure Operational Insights thru Operations Manager (SCOM)

Microsoft Monitoring Agent, System Center Operations Manager and Visual Studio Application Insights
Programmatically create APM objects and configuration (w/ APM Explorer sample app)
System Center Advisor now supports Windows Azure Active Directory (formerly OrgID)
Custom Rule for selective APM Event collection (useful with multi-homing)
Alerting on ASP.NET Exceptions thru the Windows Azure Management Pack

APM Agent Throttling settings and other APM Overrides in SC2012 Operations Manager
APM Configured Endpoints Report
 Event-to-Alert ratio, reviewing problems and understanding trends for APM data in OpsMgr 2012
All you need to know about APM “Transactions”
Custom APM Rules for granular alerting
APM object model

Application Monitoring Architecture in OpsMgr 2012 Beta

How to convert (and fixup) the RedHat RPM to run on Debian/Ubuntu
A few thoughts on sizing Audit Collection System


one of Event 9 *Solutions* as a Expert Commentator to the 2009 Summer Scripting Games
Using the SCX Agent with WSMan from Powershell v2
Installing the OpsMgr 2007 R2 SCX Agent on Ubuntu
Get-WmiCustom (aka: Get-WMIObject with timeout!)
OpsMgr2007 Certificate Management via Command Line (coded the included script)
Cross Platform Monitoring in OpsMgr2007 R2 Release Candidate


Programmatically Check for Management Pack Updates in OpsMgr2007 R2
CentOS Discovery in OpsMgr 2007 R2 beta
Testing System Center Cross Platform Extensions


PowerShell and RegExp for log analysis
Create a script based unit monitor in OpsMgr2007 via the GUI


Out-Blog: a sample PowerShell CmdLet using Windows Live Writer adapters


Connecting to an IPv6 Tunnel Broker from behind an ISA 2004 Firewall (Eng)
– BlackHat Europe 2005 Review – with Interviews (Ita) – [broken link]


BlackHat Europe 2004 Review – with Interviews (Ita) – [broken link] – Jeff Moss's Interview (Eng)
Honeynet Project' "Scan Of The Month" (SOTM) 30 – (IT Virtual Community Team)
Honeynet Project' "Scan Of The Month" (SOTM) 30 – (IT Virtual Community Team) a mirror (the honeynet site does not have the complete wiki anymore)


BlackHat Europe 2003 Review – with Interviews (Ita) – [broken link] – Lance Spitzner's Interview (Eng)
What About Netware? (Eng – 1st version)
HONEYTAGS: Honey Power for the masses – ITVC version (Ita) – [broken link] – Worms researched from logs of production systems and honeypots
Honeynet Project' "Scan Of The Month" (SOTM) 29 – (Daniele Muscetta)
Simple honeynet with OpenBSD (italian translation of a paper by Christopher J. Reining) – [broken link]