Author Archives: bluedepth

TWSBI Fountain Pen

Posted on by
Reply

A few months ago while talking with a friend about technology the conversation turned to throwback items that we enjoy using. I brought up my fondness for fountain pens, which always seems to surprise people. The idea of a pen as a writing instrument goes back a really long time. Around the turn of the last century, there was an explosion in patents related to fountain pens and how they hold and dispense ink as you write. After my conversation with my friend, I was inspired to go shopping a little bit. I had some money that I set aside for small little gifts to myself that I had set aside over the past number of years. I never really touch it, so the money sits in my accounts. I came across a company that sells a highly regarded fountain pen, called TWSBI. As I got to browsing the options on Amazon, I looked at my Lamy branded Fountain Pen and realized that it was good as entry level pens go, but I wanted to move up a notch. TWSBI seemed a good option. The pen I selected was the TWSBI Diamond 580AL Silver Fountain Pen with the medium nib. I also got the “Broad Nib” as many reviewers expressed pleasure at writing with both.

580AL_1024x1024.png

TWSBI 580AL Fountain Pen

I have to say that writing with it is quite an experience. I started writing with fountain pens back in college and found that the way the ink flows beat any other sort of pen hands down. Plus the way the nib moves on good paper makes writing longhand a pleasure. It can still work on rough stock, but it struggles with the rough material, and there is more skritch-skritch-skritch while writing on some of the lowest class papers out there.

The Lamy I have uses a piston-convertible insertable tank, while the TWSBI has its piston tank built into the frame of the pen itself. I find that the TWSBI holds more ink, way more ink than my Lamy ever did.

Another little bit to note, fountain pens aren’t meant for left-hand writers as far as I know. The ink doesn’t dry fast enough for the way a lot of left-handed writers have to use a pen. Although I don’t have many folks I know that are left-handed writers, so there is no way to see if they could use it or not without making a mess of their hands with the ink.

If you have a little bit of spending money, this pen can go a long way in both its look and its function to add a little something to your workaday life. It won’t solve problems or anything like that, but it is something nice to have that a lot of people appreciate. I always chuckle to myself when people remark on how I use a fountain pen, and what I do for a living, which makes people think I should be keyboard bound. Sometimes old things peak, and iterations afterward are all downhill from that peak. In a lot of ways, just like Windows 2000. LOL.

Starve The Beast

Posted on by
Reply

Finally moved all my Facebook Saved Links out to Pocket and dumped them from Facebook. Went from 600 pages liked to 300, although I think there are items on that list that Facebook is no longer revealing, and I suspect it is a bid to prevent people from using automated tapeworms to delete their Facebook account via hollowing. Leave the account in place, but dump all the guts out.

I don’t care to encourage people to do anything. The more I see how much Facebook knows about me, the more shocked I feel. That they have monetized me was always a part of the deal, but the Cambridge Analytica scandal points to a deeper corruption that runs along with the platforms inability to admit error and only responds when caught red-handed. If they have been corrupt all along, how far does the corruption go? How much have they sold us all for profits? Who has the data that describes us so well?

In many ways, #DeleteFacebook is a matter of bonum ira. It’s a good sort of anger that helps clean up a mess that we all have made of things. Facebook demands punishing, in a manner of speaking and retraction of personal data is probably the only rational way to achieve this sort of effort.

I don’t want to delete Facebook as much as starve it of data.

Security Notes: OpenDNS Umbrella

Posted on by
Reply

In my workplace, I have deployed OpenDNS Umbrella across my company network to secure and manage my DNS system. I have found that Umbrella is remarkably good at preventing unwanted behavior and protecting my corporate network from threats both outside the firewall and inside it.

All traffic destined for domain resolution must pass to two Hyper-V VM’s located in my Headquarters branch. These two virtual machines handle all requests from my entire network, including the branches across the Data WAN, facilitated by the Meraki Site-to-Site VPN mesh network that the Meraki system handles for me automatically. These two VM’s then pass all their collected queries to OpenDNS itself, where my policies about what kind of Layer 7 categories I have allowed and disallowed for resolution. Malware is the primary reason for Umbrella, as everything from viruses to trojan horses all rely on DNS to function and be clear as a bell so they can function in a harmful manner. Umbrella acts as a canary in a coal mine, messaging the admins about everything from Command-and-Control requests, to Malware requests and category violations throughout the company.

As I have been working with Umbrella, I noticed an immediate vulnerability in the way the system works. There is technically no reason why a user with a company device, or theirs even, could define their DNS servers manually and side-step Umbrella completely. Specifically, I am thinking about Google’s DNS servers at 8.8.8.8 and 8.8.4.4, although any public DNS server would work in this arrangement. It is important to include in this discussion that as an IT administrator I buck the trend against my own industries best practices, that all users are local admins of their machines. I don’t believe in “nailing down the workstations” at all. Instead, I keep my security surface deep into the domain controller and file server, a much tighter arrangement that affords end users more liberty. With the liberty comes a risk that end users could perform some action which would ruin their day. This keeps the users responsible, and it keeps what we have to say in IT more relevant than ever. We don’t keep you from ruining your day, we help you cope. I have found that users, for the most part, treat their computers like simple tools, they don’t go poking about where they shouldn’t, and it has served me very well. Except in situations like this one, where users or malware have the inherent rights to change the DNS resolver settings if they know where to go and how to do it.

So that started me thinking about ways to address this risk and naturally I thought of the switching layer that everyone is connected to. The best place to control this is within the Cisco Catalysts themselves. It’s a matter of an ACL, an Access Control List. I poked about online and eventually came up with this solution. My two DNS resolvers are at 10.1.1.238 and 10.1.1.239 respectively:

ip access-list extended FIXDNS
!
permit udp any host 10.1.1.238 eq domain
permit udp 10.1.1.238 0.0.0.0 any eq domain
permit udp any host 10.1.1.239 eq domain
permit udp 10.1.1.239 0.0.0.0 any eq domain
permit tcp any host 10.1.1.238 eq domain
permit tcp 10.1.1.238 0.0.0.0 any eq domain
permit tcp any host 10.1.1.239 eq domain
permit tcp 10.1.1.239 0.0.0.0 any eq domain
deny tcp any any eq domain log
deny udp any any eq domain log
permit ip any any
!

This code block creates an ACL package named FIXDNS in the switch, and then on individual ports, or VLAN’s, or even the entire switch input flow I can affix this command and put this rule into operation:

ip access-group FIXDNS in

Obviously, I would use this in individual cases across the system, applying the limits only to end-user facing ports and skipping the trunks and support services like servers, copiers, and plotters. Being only a single command, it also makes it a snap to tear it out of ports as well, just on the off chance that I want to relax my security posture for some specific reason. I like the idea of the granularity of control this solution provides me, and I spend every day in my switching systems, so managing this is not any more work for me than usual.

I tested it in the lab as well, which is how this all got started. If the test laptop is configured to fetch its DNS settings from the DHCP pool, the users notice absolutely nothing at all unusual about their connection. Their DNS queries head off to OpenDNS Umbrella for resolution as normal, and everything works as it should. Acceptable traffic is allowed, while malware or banned categories are blocked. In the lab, if I set the laptops NIC to a specific DNS server outside my organization, like Google DNS, then any DNS related queries do not work. As a matter of record, I have included log directives in the block statements above, so if someone is breaking the rules, we’ll see where they are attempting to get their DNS services from and head out to correct it. Although the chances are that they would likely call us to find out why their Internet has stopped working.

I have this FIXDNS package installed on all my switches company-wide, but I haven’t actually enabled it anywhere. I think I am going to roll out the blocks very slowly and make sure that there aren’t any alarms raised at my efforts. Not that I seriously think anyone has the interest or know-how to customize their DNS resolvers, but it is nice to know that they cannot even if they tried.

Not A Chew Toy!

Posted on by
Reply

I’ve been struggling on and off for a while now with my old MacBook Pro MagSafe 2 85W adapter. A while ago, Bailey, my male feline decided that the power cable from the block to the magnetic adapter would be a great thing to nibble on. I know it was a cat, because the insulator had sharp little teeth marks all along it, and I know it was Bailey because he has killed Apple EarBud cables in the past.

The cable for my MacBook has been a source of irritation for a while. My electrical tape patch apparently wasn’t enough to restore the accessory to full working state. There are times when I plug it in and no charging, or if I can get it to charge, sometimes when I move the Macbook the power subsystem detects something awful and immediately terminates the power in the laptop. Power failures like this are annoying because everything pops off, no shutdown, just instant-off. So earlier today I went out, ponied up some more money to deal with the Bailey damage, about $60 bucks after some Best Buy Bucks were on my account that I used to defray the cost a little bit.

So now I keep a constant vigil against cat related IT damage. While I was away in Dallas for work, the adapter started giving me fits there, but I was able to coax it back to life, and it didn’t cause any hard resets for which I am very thankful. So now I have to throw the old one away and make sure there aren’t any more chewing misadventures for this cable.

I got to thinking about how I charge the laptop at night, and what I might do is plug the bigger cord into the business end of the wall wart and put everything in my backpack to charge up. That way it’s all out of sight, out of mind.

Very Naughty Kitties!

Kalamazoo #NeverAgain March

Posted on by
1

Today we drove up to Western Michigan University and joined the community in the anti-NRA #NeverAgain March from the flagpoles on campus to Bronson Park.

It was surreal to park on that campus again. We walked up to the flagpoles and the crowd was quite well organized and burgeoning. Several schoolkids were there with the event organizers to speak to the crowd and offer their viewpoints and context to what we were about to accomplish. Here’s a sample of what we saw:

IMG_0027.JPG

The group was peaceful and orderly, there was no violence and no exclamations. As we walked away from the flagpoles, and down past the entry to Sangren Hall on Western’s campus, that was the only point that I noticed any counter-protestors. There was supposedly going to be counter-protestors from the local Open Carry group, but Western’s Public Service does not allow open carry on University grounds, so the only counter-protestors we saw were some people with signs. There were very many of us and maybe a handful of the counter protestors.

The event organizers helped a lot by telling all of us that counter-protestors were expected and that the best way to interact with them is to not interact at all. This was an exercise of First Amendment Rights on both sides, the teeming horde of us in the #NeverAgain march, and the handful of counter-protestors. Nobody that I saw made contact, there were some glances, but nothing overt that I witnessed. The march downtown was met with lots of honking horns from the rerouted traffic. The police were kind, principally silent, and really to keep watch around the edges and to handle traffic. We came into contact with one police officer who was attempting a charm offensive, he thanked us for our orderly civic display and we thanked him for traffic control and keeping watch over us all.

The march itself was very pleasant. There wasn’t anything remotely provocative about any of the progression down to the central park downtown. There were no accidents that I saw, no foolishness from anyone, and we all demonstrated our political viewpoints in a very calm, exceptionally orderly manner.

Afterwards, when the words were said and the kids had their moment to shine, the march broke up and everyone drifted away. We ended up going to Kelvin & Company for a snack because we really wanted a break from the chilly wind and all that walking. After our little stop, we dropped by another new store on the Kalamazoo Walking Mall, RocketFizz. We enjoyed some Special Dark Hersheys Chocolate Bars and I bought a bottle of butterscotch root beer from a bottler in Washington State, Oh-So brand, I think. The walk back was long, and upon reflection if we had stashed the Juke somewhere downtown we probably would have had a faster way to get back to campus. Political marches aren’t very common, so that we missed out on a logistical tip wasn’t so awful. We got in a lot of walking steps on our Fitbits, at least.

Meijers is a Dump

Posted on by
Reply

We are at our local Meijers Market and this establishment doesn’t have any functioning bathrooms for male patrons. So, with no choice and urinating outside of a bathroom a misdemeanor, I just walked right into the out of order bathroom. Because, public health huh? They have a restaurant here, so I’m pretty sure they have to have a functioning bathroom.

Heh, technically I could have just used the sink.

This place is a dump. Now it’s unfit for serving and selling food. One question: where do employees go? How do they wash their hands? Heh, where oh where is the health department?

Phrasing!

Posted on by
Reply

Having lunch at a local establishment and there is a chalkboard with the menu drawn on it. It’s really quite well done and we both enjoy this place.

Then we saw this, and it stuck me in a funny way:

And the only thing I could think of was “Oh my God! They feed the pigs vegetarians!”

It’s fitting, hilarious, and I don’t think I could ever unsee this.

And then it struck me that if I shared this on Facebook I’d get blowback for suggesting that we feed vegetarians to pigs. Thankfully this is not Facebook, and the comment section is not a free for all. It isn’t even a democracy, not fair, even.

Crocodile Apologies

Posted on by
Reply

The media is starting to process the Cambridge Analytica misuse of Facebook data, and the story is only just getting some legs underneath it now. I see this as a reflective surface of the panic that we all felt back in November 2016, digging all that psychic turbulence back up again.

I want to focus more on Facebook itself. There have been several instances where Facebook has declared innocence publicly up until proof found, usually by journalists or investigators, and then when the truth comes out, Facebook stops, pauses, and issues an apology for their transgressions or mistakes. This reactivity is for me what lies at the core of my misgivings about the Facebook platform, and Facebook as a company.

In my opinion, it appears that Facebook is only chastened and contrite when caught red-handed doing something improper. I cannot trust a platform or a company that behaves this way. I honestly admit that I never really expected Facebook even to want to try to be upright and wholesome, I wanted them to, but all of this is similar to the feeling that I had when Google walked away from its mission statement “Do No Evil.” Facebook cannot be trusted.

There is no shock or surprise that Facebook has no tapeworm function available, only two options exist, leave everything alone or blow it all to kingdom come. I know there is a third path, the manual deletion of everything in the Activity Stream, but over ten years and quite a regular amount of use that is utterly impractical. Plus, I expect Facebook to be both capable and invested in retaining my data even if I think I’ve deleted it. Just because it no longer exists on the interface to me doesn’t mean that it is gone. I doubt thoroughly that even deleted accounts get deleted. I would bet money that they get hidden from view. It would not be in Facebook’s self-interest to lose any data they can get their hands on. I would also not put it past Facebook to also log every keystroke that goes into the text boxes on their site, so even if you don’t post anything, I would bet that Facebook has a record of what you did type and that you abandoned it. That they could record and store your unshared thoughts, indexing, and selling them even if you didn’t share. Logging into the Facebook site itself is a personal hazard to privacy. I have no proof of this last part, but I would fully expect a company like Facebook to do this very thing.

There is little that quitting Facebook will accomplish, since human personalities are quite fixed and constant constructs. We maintain that iron grip of control and Facebook has monetized it, and now, since Cambridge Analytica, they have lost it. Pandoras Box is open.

So why stop using Facebook then? Facebook must be caught being evil, which means that the intent is a stain that runs right to the core. I’ve abandoned Facebook itself because continued use is tacit approval of their offensive behavior, and if it makes them money through advertising revenue, and I’m a part of that? That’s personally unacceptable.

Wayback Machine: March 22nd

Posted on by
Reply

On a lark I thought I would go into my www.bear-writer Journal and see what I was up to on previous March 22nds. Here is a little view:

2017 – The Kalamazoo River was quite aromatic. Funny enough, it was aromatic today too, in 2018. There is a paper plant on the river and their effluent supposedly comes out at 150 degrees Fahrenheit. This cooks the vegetation in the river and then that releases various organic chemicals. The practical upshot is, the Kalamazoo River smells farty.

Cisco also released a gaggle of updates related to CVEs linked to a CIA release last year. Ah, cybersecurity.

2014 – An article about Marriage Equality. How quaint. I still maintain that such a thing goes nowhere because rights that people can vote away aren’t rights, they are privileges.

I also wrote about the little shower-thought epiphanies that strike randomly. That you were working on a problem for a long time and you stopped “thinking” about it, but you didn’t really. And then on a day, a fine March day, the solution comes plopping out of your subconscious, with a neat little red bow tied around it, ready to go. I had one for Western right before the end, but I whacked that idea with a shovel and buried it in a shallow grave. I apparently also had a similar idea for Meijers, since I was applying at Meijer corporate in Grand Rapids as well. As the Dalai Lama is famous for saying, “Sometimes you don’t get what you want, and sometimes that’s an incredible stroke of luck!”.

2013 – Returning from vacation, waiting for a flight in Charlotte, North Carolina.

It’s been a rather long while since I did a vertical memory exercise. Another hidden gem when it comes to my journaling.