Starting to train...

There is a lot that I would like the physically accomplish and am involved in. I used to love running before an ankle injury and surgery messed me up about ten years ago. I’ve never really been into biking but have wanted to get into it. Swimming I do when I need to do some diving or something related to it. I really enjoy Krav Maga when my bones decide to stay together plus I will be adding jiujitsu to the mix as soon as possible.

This probably seems like a whole lot, especially when you consider I need to be a father and maintain a full time job, but I have learned that I need to be physically exhausted in order to function at anywhere close to capability. That is mentally, physically, emotionally or however else you would like to cut it up. If I’m not doing something that will force me to pass out cold when I hit the pillow I will have a less than optimal tomorrow.

Just like anything it’s important to identify and mitigate the potential risks and that goes for this level of physical activity for sure. I’m in my forties and not exactly in the best shape of my life so there are a few rather significant risks to be dealt with. I’m not a fitness expert but I know one of the easiest things for me to do is overtrain. I have a very bad habit of pushing myself to the point where my body crashes, hard. I’m hoping to avoid this by using online fitness sites and trackers, including my Apple Watch & Garmin 920XT.

I’ll explain my entire strategy in a follow up post along with timelines and costs.

Wish me luck :)

Cheers

Housekeeping...

I am consolidating my technical and personal blogs. Currently if you peruse the articles here you will find a lot of images missing and malformed code examples. I am working (slowly) to fix this as time allows. If there is something you would like please message me on Twitter and I’ll get to it as soon as possible.

Cheers

Rough New Start

Status Update

Well it appears that the last post I made here was at the end of 2016 so almost three years ago. As you can tell from that last post it’s been a rough journey and I would like to say it’s been easier and everything is on track.

-It’s not-

As you might expect, I have had a bunch of things happen between now and then. I would say that things are looking up but it’s still a daily struggle against depression. It only takes one thing to knock me off and it’s a few days of “recovery” until I can get back on track. I look at other people and wonder if they have the same struggles, and it appears that on the outside everyone else is doing just fine. Oh the Joys…

That said, I’m engaged and am looking forward to that. She is an amazing woman and I wonder why she puts up with my BS but I’m glad she does. My daughter is enlisting in the Air Force and I’m exceptionally proud of her. Not just for enlisting but for the work she needed to do to get there.

Plans

Computer Stuffs

I have a few of them actually. In the world of the interwebs I am looking to consolidate my blogs and postings to a single platform. It’s probably going to take me a few weeks of work but it will be totally worth it for me.

Health

I’m looking to start back with my running and I need to get back on track with my diet. I have a gut that I’m exceptionally not proud of and it needs to go someplace else. I will add biking and swimming as appropriate and run a few races this year. I’m sure as we find out about them we will do a few bike races too. Who knows in a few years we may be talking ultras and IronMan(s)…
Maybe…

Cheers

Basic Security Practices

Sections: Passwords AntiVirus Firewall Encryption VPN

I recently had a friend ask me about basic “cyber-security” for thier small business. When I say a small business they are a one person shop but handle some very personal information for their customers. While I was trying to compose a good human answer to this very generic question I was thinking that personal digital security isn’t any different from corporate security. The only real difference is if you can outsource the technical components to the IT department or if you need to do it yourself. True security requires a mindset to prevent exposure. Not using systems for things they weren’t intended for, being very cautions about emails, etc. Good digital hygine is a habit that can be learned and takes time. However, here are a few tips and technologies to help.

## Passwords This is probably the most important thing I can recommend to anyone, change your passwords! All of them! This may seem like over kill but it's really important to prevent certain types of attacks. A simple example is if you are using the same password for your email and social media accounts and someone is able to compromise one they are able to get to the other. Now imagine someone now has access to your email. It's possible they could reset passwords on sites they currently don't have access to, additionally they could peruse your messages for information of other sites you use and build a larger more believable online presence as you.

It seems ridiculous at first glance to maintain and remember hundreds or more passwords, however there is a simple solution. Use a password manager. I am a personal fan of Lastpass but any manager that allows for access via mobile device, application and web then also encrypts the data at rest is good. I’m partial to them because of these features and it uses a web plugin to create and fillin my passwords so I never need to type a password for when logging into a site.

I’m sure everyone has heard that complex passwords are needed and you should have passwords of a certain length, numbers, letters, uppercase, etc. but they are hard to generate and remember. With a password manager you don’t need to worry about any of these issues. It allows me to create complex passwords similar to: b8RrNFstRJH!&WrVK*fVMrkmT92MKF for each account without concern about memorizing or typing them.

## Encryption This is something I'm certainly not an expert at but can give some basic guidance. The first question you need to ask is what are you protecting against? Are you protecting against your laptop being stolen or against files and data being taken with out your knowledge? This is significant because the anwser to each of those are different and varying degrees of complexity. ### Hard Disk Encryption

If you are looking to protect your personal data if someone steals your laptop from your car or office, this is what you are interested in. Whole hard disk encryption makes your entire entire drive appear to be random bits of data. Anyone trying to read that data should not even be able to tell what is free space or a file on the drive. This is built into the operating system of current versions of Windows 10 called BitLocker, and Mac OSX uses FileVault. All you need to do is enable it and the system will encrypt the drive without needed to do anything else.

Windows will present you with a backup key YOU NEED TO PROTECT THAT KEY. Print it out and lock it in a filing cabinet or take a picture and put it in your phone. If your computer updates the certain sections of the drive you will need to prove it’s yours and the only way to get access is with that key. DON’T LOSE IT!

Mac users have a bit of an easier time - the key can be backed up to iCloud and protected that way.

File Level Encryption

This encrypts individual files or directories on your workstation NOT the entire disk. This has the advantage of being very granular but also requires a bit more management to ensure proper security. Also it doesn’t encrypt the file system structure or additional parts of the files or filesystem which could also contain confidential data (directory is name of client?). This protects against someone getting access to your system and copying data from it after it was already running. Access could be achieved physically, programatticly such as through malware.

## Firewalls Every major operating system has a firewall built into it and it should be enabled. Some applications will require modification to work properly but as a general rule they should be turned on and limit incoming connections. If you have the option to install a hardware firewall for your network I have two options I am partial to. If you are not afraid of getting your geek on, have some spare hardware and want to learn I would recommend pfSense for it's ease of installation and capabilities. You are getting a commercial grade firewall for OpenSource prices.

That said if you want commercial support and everything that goes with it I would seriously consider the FortiGate 50E. It’s an enterprise level firewall with support and is more than enough for the small office. It can also be combined with wireless, webfiltering and much more so if you don’t mind paying for it, I would consider this the way to go. (Disclaimer - it’s March 2019 by the time you read this something may have changed)

## AntiVirus AntiVirus is the thing we all hate but need to have. There is no glamour in it but it's going to help keep us safe. People that have fewier than ten systems I would look to Sophos Home. There is a free component but I would recommend purchasing the whole thing. Also I would combine it with FortiClient which will scan your systems for known vunerabilities. The two combined offer a reasonable solution for a great price.

## VPN What do you do when you're working from Starbucks, shared office space or some other open wireless access point? You certainly don't send your traffic over the airwaves unencrypted. Use a VPN service. This will tunnel al your traffic to the endpoint rendering it unreadable to anyone on the local networks or between you and the VPN termination point. Proton VPN is my personal favorite. They are based in Switzerland and don't log traffic so there is no ability of anyone hacking or requesting logs. Additionally they have endpoints in multiple countries so if you need/want to change your connection points it's extremely simple. There is even the option of connecting your firewall to them so all traffic from your local network is tunneled out. This is useful to prevent your ISP from spying or tampering with your traffic. (Yes, this is now legal in the US)

Conclusion

I know this was a long post and there is a lot I didn’t cover but I’m hoping that people find it useful and learn from it. If you have any comments, questions or suggestions send me a message on Twitter and I’ll be happy to reply.

Cheers

New Blog - New Look

This is the first post with the new framework so we will see how it works out over the long run. I was previously hosting this on Blogger but it didn’t offer all the flexibility I wanted so I’ve transitioned it to a static site using templates to build it out then compiling it with Hexo. Hopefully this will work without any issues and will allow me to be a lot more consistent with the look and feel, especially when posting code snippets.

This is the first post using the new format so let’s see how it works out :)

Cheers

Another Rename and Refocus

I look at the statistics for this blog and it’s pretty bad but I do hope there are a few people that have gotten some value from the content I’ve posted over the years. I try to post things that I find interesting, I’ve had to figure out more than once or had a really difficult time solving. Over the last few years I’ve changed who signs my paycheck more than once and it’s always been a good move bringing me to a more challenging or interesting environment and each with lessons to be learned. Some of those lessons have been in business, communication, technical applications and even public speaking. It’s been an interesting few years to say the least.

The last two years I’ve been working at a HBCU in New Orleans implementing the VMware stack of what seems like everything. That’s brought me into implementing ServiceNow to codify our processes. Now we are trying to tie all this together and deploy systems and software anywhere in our environment programmatically when initiated from a service ticket. So now we are leveraging Chef for managing all the configurations of our systems and Terraform to deploy.

This is going to start getting interesting and DevOps is a completely new area of being a SysAdmin for me. I’m going to try and keep this updated as best I can and share my learning. I hope it’s bennificial and somewhat entertaining.

Cheers

Assign missing tag to VM

We run our backup job schedules based on the tags assigned to the VM. This keeps it relatively simple and to add a system to a backup job you only need to tag it, not go into another software and edit a backup job.Recently, while working on a production system I noticed it wasn’t tagged! Whoever had created it never tagged it and so it’s been in production for a while and has never been protected. Obviously, this is a bad situation and I needed to make sure it was fixed across the board.
Did a quick PowerCLI script to find and assign a nightly backup job to anything it found. We can go back and audit this later if a system needs better protection.

1
2
$Tag = get-tag -Category "BDR" -Name Bronze
Get-VM | Where-Object {(Get-TagAssignment $_) -eq $null} | New-TagAssignment -Tag $Tag

Changing AD User Login Hours

Today I received a request to remove the login hour restrictions for all the users in our forest. After a little bit of research didn’t have my curiosity satisfied so I decided to look into the specifics of this. First, the script is pretty simple - sometime in the organization’s past, someone decided to set the login hours so people could not login between 02:00 and 04:00. We have a new system and since students are 24x7 we needed to remove these restrictions. I was asked to simply remove it so I’m querying all the enabled users and simply updating them.

1
2
3
4
5
6
7
8

$Users = Get-ADUser -Filter {enabled -eq $true}
[byte[]]$LogonHours = @(255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255)

$Users | ForEach-Object {
Set-ADUser $_ -Replace @{logonhours = $LogonHours}
}

As you can see the script isn’t complex and simply does its job. My curiosity was with the LogonHours value and why was it so peculiar.

I opened ADSIEdit and looked at the field in question and it appears like this:

As you can see it’s separated into 21-byte fields. Each field represents eight hours starting midnight Sunday morning. If the byte is set to 0 they are not able to log in for that hour, however, if it’s set to 1 then the user has authority to log in. As an example, if you wanted no restrictions they would all be set to 255. If you wanted to enable 8am until 6pm (08:00 - 18:00) it would appear as “00 FF 02”. This would allow them to log into the system until 17:59, however at 18:01 they would be unable to log in.

It took me a few seconds to figure out what was going on here and why it wasn’t in a standard format, however, once I put it together it actually makes perfect sense.
Hope this helped someone out.

The same field in binary just so you can see:
logonHour in Binary
each bit represents an hour

Another Update & Rename… kinda…

I’ve moved again and am now in Higher Education. Recap the last many years would be:
  • Death Care Provider
  • Federal Government (DHS)
  • IBM Partner / Contractor
  • Own Business
  • High Education
    Not a horrible career trajectory. There are a few things I’ve noticed in the industry recently and am hoping to write a few articles about them soon. Currently at the university that currently sends me money on a regular basis we have no configuration or standards management. Literally everything we do is ad-hoc and non-repeatable. We are currently implementing new processes, standards and security. A lot of this will be completed using Chef and related components. We are implementing a new internal cloud infrastructure and looking to be as responsive to our internal customers as the public cloud providers (actually we would like to be better, just sayin’).

I have never had the inclination to learn Git, Ruby, JavaScript or Python however, they are all required skills I will need to acquire in the next few months while we transition to a more DevOps culture here. I’m looking to start posting additional code on GitHub and will be linking it here.

Should be exciting!
Cheers

Slight Depression

People think they understand what depression is and how it affects you. People think you can just “be happier”, “put it together” and “everything will be ok”. People believe that because you seem functional and say you’re ok you are fine, just having a bad whatever it is they tell themselves. Here’s a simple list of what depression is:

  • Depression is being surrounded by true friends and wondering why they give a shit
  • Depression is having kids and wondering if you are more of a burden than a role model
  • Depression is waking up and wondering how you’re going to last the day without tears or panic attack
  • Depression is scoring a major deal/job and having everyone else being more excited about it than you.
  • When they find out because you didn’t tell them.
  • Depression is lying to everyone about how you’re really doing because you feel like a burden and they really don’t care anyway. (They do)
  • Depression is killing relationships because they are better off without you
  • Depression is moving through the world on autopilot
  • Depression is sitting at work/home and not being able to think straight or focus on a task regardless of how important
  • Depression is getting an invitation to an event you would have normally enjoyed and finding the idea of sitting on your couch alone in the dark more appealing
  • Depression is rationalizing suicide or “accidents” even if you believe you would never do it
  • Depression is wondering if your kids will remember you and how…
  • Depression is lying to yourself about your need for help…

I’m putting this down because people need to see these symptoms and recognize them in friends and family. People need to realize that mental health is just as important as physical health, if not more. People need to get their fiends help even if they don’t want it, they need it and that’s what being a friend is.

National Suicide Prevention Lifeline Call 1-800-273-8255

http://www.crisistextline.org/ Text HELLO to 741741

I’m getting help - others you know may not be