Automox Insiders – Ted Harapat, Tales of the Linux Firefighter, E03
Download MP3Maddie Regis: Hey everyone, this is Maddie Regis, account-based marketing manager at Automox and I'm bringing you another new episode of IT Insiders, which is an Automox podcast that introduces you to the people behind the product. So, this week we're talking with Ted Harapat Senior Systems Engineer about his background time at Automox and since he's our resident Linux guy, we're going to learn a little bit more about what that means. So thanks for being here, Ted.
Ted Harapat: Thank you for having me.
Maddie Regis: Thank you.
Maddie Regis: All right, so let's get into it. Tell me a little bit about your role and also the name that you would give our company if we weren't called Automox.
Ted Harapat: Okay, my role is simply a system engineer with a focus on Linux. It's my responsibility to support our Linux product and expand the distributions and versions of Linux that we support for the Autobox agent. Primarily, I analyze new Linux distributions and identify what or how the OS package manager works, and where all the system details need to be scraped from for that particular Linux. And then I add those to the back end.
Ted Harapat: They will be recognized during installation and daily use. And we then call it a supported Linux. Since I started, we've doubled the supported Linux distributions and have a few more in queue just waiting for some teams to test it. And beyond that, in the role, I just do general system teams things, such as helping add new software titles to the third-party catalog and assisting the other team members with testing and troubleshooting their specialties.
Maddie Regis: So not important stuff at all. You know, definitely not essential to Automox. Yeah, it sounds like you're, I'm sure a lot of listeners are familiar with the third-party catalog and probably more familiar with some of the Linux terms you use than I am. But yeah, there are definitely a lot of essential things there. And what would you call our company if we weren't called Automox? If you can think of a name.
Ted Harapat: Oh, a different name for Automox, huh? I was kind of falling back on the old dad, the natural dad instinct of going to puns. And so I was thinking of something like EyePatch like the eyeball patch, except I think of the name being read as a singular pronoun like eye, like "I patch my system." And then instead of Otto, the Automox robot character, we could make a plushie pirate doll and call it something like wet-beard or neck-beard.
We just have to make sure we don't call it iPatch or the letter I or else the Apple lawyers would be after us pretty quickly.
Maddie Regis: Very true. I actually like that a lot! I might be going back to my friends in the marketing department to argue that we might need to switch up our branding. I'm a big pirate fan. So that's really fun. I think that's been my favorite idea so far!
Maddie Regis: So give me some background. Why did you get into it and what made you so interested in Linux or how did you kind of end up in your, in your current role?
Ted Harapat: Well, it's been a lot of years. It really started when dad who worked for the only IBM vendor in town in the early eighties, he'd bring home early household PCs like the, like the IBM PC junior and the, the compact portable computer, which was hardly portable is about 30 pounds of dead weight, but that was as good as I got back then anyway, when dad wasn't using those systems himself, a six-year-old me was fascinated by the loud clacky keyboards and green glowing screens.
And once dad brought home some classic games like Centipede, Mineshaft, or King's Quest, there was no way I was ever leaving those PCs alone. Then the fascination just never left me. I tinker with any tech that I could find in those early days and end up getting involved and I would end up setting up computer labs at school or writing back scripts for people who were happy to turn over the tasks to someone else. And, you know, skipping a million details, because my life was very nerdy back then.
To transition how it got to being a career, it happened kind of by accident, literally as a strange event in the middle of a cold winter night. It was, I feel like I'm storytelling here, but it was a January night of early 1996, and I was on home for my college winter, my freshman winter break. It's 1 a.m. and I nestled in bed and there's a tapping on my window, which.
Sounds absurd now, but we didn't have cell phones or text messages or emails or chats even back then. And you sure couldn't call the house phone or you'd wake up mom and dad. So we just drive over to the buddy's house and knock on the window. But anyway, I climb out of bed and it's my best buddy, Dave from third grade. So I open up the window and he says, “Ted, you won't believe it. I'm interviewing tomorrow at an ISP.” I congratulate him and ask him what it has to do with me at this hour. And he says, “You have to come along with me to the interview!” And I go, “That's not how interviews work, Dave”.
Ted Harapat: He says: “But these guys told me to come into the interview and bring anyone I knew who was technical and might be interested in a tech support job.” So sure, why not? I went along with him to the interview the next day and was hired at my first internet provider. It launched me into learning Unix and networking and internet services, which started leading me down the path that has spanned about three decades now as a career. All because of a knocking on my window at 1 a.m. on a cold winter night. I mean, that and a whole lot of hard work, but it's kind of a random start for me.
Maddie Regis: I love it. Well, you said you feel like you're storytelling. I mean, that's what a podcast is about, right? So I think that's really interesting. And what made you choose Automox? Why Automox?
Ted Harapat: Well, previously I had spent eight years at a major tech company with nearly 100,000 employees and I was getting an overbearing sense of stagnation and just kind of being a tiny cog in a huge machine and I knew it was overdue to find some new opportunities and excitement. Some previous coworkers at the big company had worked here and so it was kind of on my radar, and I looked into it. I put in a resume, interviewed, got the job, and it was a fit.
And now here I am. Another thing that was big extra points for me was that I discovered during the interview that the position didn't have an on-call duty. It didn't have any responsibilities, which had been the only thing that held me back from joining the local fire department for several years. I was evacuated from my own home for two months in the Cameron Big Fire of 2020. And so without on-call duties, I was able to join the fire department where I promptly once again had on-call duties. Just fighting fires in a much more literal sense than before.
Maddie Regis: Absolutely. Yeah, that's so interesting. I didn't know that about you. So, wow, you're IT by day and firefighter by night, right?
Ted Harapat: I am, yes, yes. It's a fantastic experience. I highly recommend it to anyone else who has the opportunity.
Maddie Regis: That's awesome. Okay, I've got one last question and then we'll wrap with our game as we always do. But you know, you're the Linux guy, you're the Linux expert. So what's one thing everyone in IT should know about Linux regardless of that, if that's their main bread and butter every day?
Ted Harapat: Okay.
Ted Harapat: Well, if I had to pick one thing for people to know, and this really applies to new people, because I think that's where it's most intimidating, is don't let Linux intimidate you. It's not scary. Stop looking for answers and just look. What I mean by that is Linux is full of text files, config files, /etc, log files, and var log, and dot files in your home directory, that application's reference. Almost all of these are merely text files. Go look around, just wander. Go in these directories and look.
Look at any of the files, use the grep command to search for strings in that file or all the files in the directory at the same time if you're unsure. And then once you find what you want, you can use vim or nano to edit these files and make your changes. But many of those config files have the instructions included in the file. Or you can just look at the most recent logs entries in the var log files.
But I learned so much by just looking into that intimidating command line and just going directory to directory and looking at files.
Even when I was trying to accomplish a task, I learned so much by being wrong and discovering the wrong answers and configs in my search for the right one. So don't believe people when they tell you that Linux is scary and hard. Just get in there and look around. It's a great operating system to learn by exploring.
Maddie Regis: Love that, yeah, you gotta learn by doing, right?
Ted Harapat: Mm-hmm. Yes.
Maddie Regis: All right, cool. Well, I think that's some great advice. Let's hop into our last little bit here, which this is gonna actually coordinate for everyone who's listening out here with our top vulnerabilities of the last decade bracket for March Madness. That's gonna be out on all of Automox's social media. So you can go ahead and check that out. And we're gonna focus on four of these vulnerabilities and I'm gonna have you Ted kind of have them.
head to head against each other and pick the most influential one. So, Automox can fix all four of these, by the way. Alright, so... So the first pairing is Bluekeep versus Log4Shell.
Ted Harapat: Sure, do you want me just to declare what I think was bigger or talk about it? I can tell you a little bit about each one.
Maddie Regis: Yeah, well, yeah, why don't you, why don't you pick one and tell me why you picked that one over the other?
Ted Harapat: I would pick log4j because that was, well, let me just say that the difference in BlueKeep is that it was kind of isolated to older versions of Windows. First of all, it was about four or five years ago, so it's not out there as much, I mean, hopefully. But it's old versions of Windows and it was isolated to, largely isolated to like corporate networks where people had the pro versions or the ultimate versions that had the RDP service enabled.
And then log4j is more prevalent because it was out in Java applications embedded within the applications. So it was harder to detect unless you looked into each one. You couldn't just go to a system and easily patch just the internal library. You would, at least in the early days, we had to go and grep into or search through each of the actual .jar files and find out if it had any reference to it to know if we needed it patched up. So it could stay hidden very easily. And Java applications just kind of get
copied and patched and moved around. And so it seems like one of those things, it doesn't just disappear and they exist on internet-facing servers a lot more.
So I would definitely say Log4j was more of an issue.
Maddie Regis: Okay. For sure. Yeah, I know that one by name recognition. I can't say the same for BlueKeep. I feel like if a non-IT person can identify it, might be the winner there. And okay, the second pairing is going to be Chrome Zero Day versus the Atlassian Confluence code injection.
Ted Harapat: Yep. Yep, yep.
Ted Harapat: I would have to say Chrome Zero Day was more of an influence, a bigger deal, because it was, well, I'll start with saying why the other one is less of a big deal. When it came out, it was on older versions of the Confluence service. So if you were staying up to date, it wasn't such a big deal.
Again, that one's over a year old, or about a year old now. So I'd like to think it's been phased out of existence and the newer one is the zero-day one, which actually affected a file format. I think it was called WebP and that was embedded not only in a very, very large percentage of the active browsers at use out there, but it was also in some 700 applications that used that same file format. And that could be exploited with a just specially crafted webpage, which is
It seems like a much easier target to hit if you're just an average user using a browser, which is a big, big audience against one of a million trillion web pages out there that could be maliciously crafted. So I think that was a much bigger deal of the two.
Maddie Regis: Absolutely. All right. And now for the final face-off. We've got the Chrome Zero Day versus Log4j. So which one are you picking between the two?
Ted Harapat: I would have to say the Chrome Zero Day. It was more recent, first of all, which is unfair bias, but it's definitely more recent and it is just across so many applications, so much harder to clear that up. You'd have to contact all the vendors and get all them to update their WebP pieces. So as much as Log4j personally haunted me as a Unix guy more than the other, I don't think that's the more vicious of the two.
Maddie Regis: Thank you.
Maddie Regis: All right, well, we'll see what everyone thinks on our socials. We'll see if Chrome Zero Day comes out as the most influential vulnerability or if there's a different shakeup. But Ted, I appreciate your insights there and your expertise. You got anything you want to plug? Your LinkedIn, anything else before we wrap up here?
Ted Harapat: No, I think that's good. I don't, I don't use anything I want to add on that.
Maddie Regis: All right, great. Well, thank you so much for being here. Thank you for your wonderful branding idea around the eye patch. Again, I do think somebody should steal that idea since, you know, I think we'll stick with the Automox branding, but that is, that is a fun one. So, thanks so much, Ted. And, we'll talk soon.