Corned Beef

The search for our St. Patrick’s Day corned beef has run into a snag, then an epiphany, and now, a hairpin loop back to Walmart of all places. A long while ago we loved Sy Ginsburg’s Corned Beef. Can’t find it. Meijers isn’t carrying it. But we did notice Grobbel’s Corned Beef at Walmart. Didn’t realize that E.W. Grobbel bought out Sy two years ago.

So, back to Walmart we go.

Good Omens

https://www.reddit.com/comments/axv3go/only_this_unlikely_duo_can_stop_doomsday_good/

Here is a link to a trailer for a Good Omens. It’s one of my all time favorite books by Neil Gaiman and Terry Pratchett. If you haven’t read it, YOU REALLY SHOULD. I can’t wait for this series to come out! It’s on Amazon Prime, so thankfully I can watch it on a borrowed Prime account.

David Tennant as Crowley. I love it!

Mercury Retrograde!

If you work in IT, have anything at all to do with technology, you should be aware of these two dates and times:

Mercury goes Retrograde in Pisces (29o 39″) on March 5, 2019, at 6:19 pm Universal Time, 2:19 pm EDT and 11:19 am PDT.

The Direct Station occurs in Pisces  (16o 06″) on March 28, 2019, at 1:59 pm Universal Time, 10:59 am EDT and 7:59 am PDT.

It is coming up for us on the Eastern Time Zone, in just a few minutes. After that, everything will be impossible, bonkers, or unbearably loopy for about four weeks.

You have been warned!

Darn Tough Socks

The start of this Winter season inspired me to organize my wardrobe and store my summer clothes and reveal my winter clothes. Living in Michigan as I do, Winter is something you do not fool around with and the best way to prepare yourself for anything that the outside may have to offer is to dress for the conditions. As I was pulling previously stored winter gear out of storage, I came across a pair of Darn Tough socks I had bought, or were a gift, years and years ago. They were woolen, featuring Merino Wool and quite long, definitely over-the-calf in length. Generally I cannot sleep well unless my feet are warm, and so I almost always sleep with some sort of socks on my feet, and since these were woolen and the warmest I had, they served that purpose quite well.

Then I noticed there was a hole that had been worn into the heel of these particular pair of socks. I have a pronated gait, so this sort of wear and tear is common for me. I noticed the label down by the toes and figured I would replace them with another pair, since they worked so well for so long. I went to the website and discovered more about the Darn Tough brand. They take incredible pride in their products, even to go so far as to offer a unconditional lifetime warranty on their socks. Send in the blasted out pair, and they’ll credit you for a new pair. I was blown away by this, you don’t see pride and pro-consumer qualities like this anywhere, at least never in my lifetimes memory, except for Darn Tough. This started me exploring and reading and discovering that Merino Wool is not scratchy, that it has a litany of really quite shockingly good features, warm in the Winter, cool in the Summer, naturally fire-retardant, and naturally anti-microbial. It also dries very quickly and transports sweat away from the skin and releases it better than a lot of other fabrics. Pretty much every review I read online flogged the daylights out of Darn Tough, claiming they were the best socks that they had ever owned. So I gave them a shot. I washed the blasted out pair, then shipped them to Darn Tough. A few weeks later I got a gift card for the cost of the original pair!

So I bought three pair to see what all the hubub was about. I prefer long socks, so practically knee-high are for me, which in the industry is called OTC for Over The Calf. I picked their Paul Bunyon socks, the pricetag was rather shocking for socks, but after a while of wearing these socks as my daily pairs I can say that they are the best socks I have ever owned, hands down! They are soft, they check off every expectation claimed by the manufacturer, and then some!

After that, and with the gift card in hand for my warranty claim, I bought a few more, some for sleeping, some for work and daily use. If you are tired of cotton or polyester-blend socks leaving you with sopping wet feet, smelly feet, or cold feet, find something you like at Darn Tough. You won’t be sorry you did.

Goodbye Twitter

Today in my email I received this from Twitter Support:

IMG_2439

So if you click on the link, the only option is to self-censor, basically a specially crafted button to blow up whatever the offensive tweet was. In my case, my heartfelt wish that our current human stain in the White House has a stroke or heart attack. I don’t want to do anything to him, I want him to simply sieze up and die all by himself. Fly into a rage, then grab his chest and drop over stone dead.

So, Twitter took it upon themselves to force me to censor myself. Right after I got this message, I most certainly did click the “Remove” button, which blew up the Tweet. Then I downloaded my Twitter archive, once that was safe, I then deactivated my Twitter account. I would much rather it all get blown up to kingdom come than self-censor myself against the pile of waste sitting behind the Resolute desk.

I don’t really care to discuss the First Amendment ramifications, as I’m absolutely positive that Twitter will hide in the tall grass of their TOS. And that’s actually quite fine. I haven’t used Twitter in years, only logging in to lob gems like this one at the pile of fecal matter with a spray tan. I deleted Facebook, I can delete Twitteriffic too.

What am I missing out on? Nah, nothing lost. Peace of mind gained. Goodbye Twitter.

Slack vs. Jabber

Several years ago I started working for a new company. Their phone system was stuck in the past. The past, like Version 4 when Version 10 was being sold. So we had to upgrade, there really wasn’t any other way around it.

Enter Cisco. As VOIP hardware manufacturers go, if you stay in the silo you’ll have a pretty good life. Call Manager, Unity, and Presence are a heady combination. I decided early on to hire a local company to help me with the design and the initial layout and setup, and I will always regard that choice as one of the best I have ever made, professionally. They did an amazing job, and their staff are absolute tops in their game. They are expensive, but in the end I think worth it. So they came, helped install the Cisco Business Essentials 6000 server, and all the heavy lifting that was needed to get all three products up and running, so that people who were using the old system saw next to nothing different about how everything worked. That’s a kind of holy grail in IT.

A part of the trio of products was Cisco Presence, or to use a shorthand about what it really was, simply Jabber. Jabber is an instant messaging platform, and I had quite a bit of experience as Jabber is, at least ostensibly, an open-source system. I had lots of Jabber experience back at my previous employ and I was looking forward to seeing Jabber rolled out across the company that I now work for. The previous employ was centered on Apple technology and as an IT administrator, Apple was like waking up in the Garden of Eden. It was an earthly delight. The Apple iteration of Jabber included a CLI option switch that allowed you to instantly join everyone in the Jabber directory, nee an LDAP directory, all together. It was called “–auto_buddy” and I loved that feature. It was the killer part of Jabber from Apple. When I added someone to OpenDirectory, I could open a Terminal and throw this one command and all my work would automatically add all my coworkers together, everyone is everyone else’s buddy. It was great, I really enjoyed it.

So then, years forward, on with Cisco Presence, their implementation of Jabber. Off searching for my favorite CLI friend, “–auto_buddy”, only to find out, none of that exists. And so, that hobbled Jabber immediately. Instant Messaging’s ROI is only really salient when you have everyone engaged. You can’t really argue about ROI until that point, because when you have only a handful of people actually connected, they don’t see the point, because not everyone is connected, including the people they want to communicate with right now. If you can’t do a thing immediately, then what is the point of doing it at all? This is the core reason why a lot of tech adoption trips and falls on its face. Especially with collaboration solutions like Jabber. Until everyone joins and uses the system, convincing them that they should use it might as well be one of Hercules’s tasks, like cleaning the Augean Stables. So without my ability to link everyone up, with “–auto_buddy”, I had a piecemeal system. Without the ability for everyone to see everyone else, adoption tripped and fell flat on its figurative face.

Shortly thereafter, it exited the cultural consciousness until years later, when a new coworker had stoked interest in it all over again. But it was doomed, not this time by the lack of demonstrable ROI or the lack of “–auto_buddy”, but rather by compliance control. By the time I had installed the required pieces for compliance, the entire affair was loaded into the figurative airlock and blown out into space.

Before the end of Jabber, and running currently is another system, one that I find more engaging at least personally and that is Slack. It’s free to use, which is a huge help, and also available everywhere. I don’t have to limit it behind the walled garden of our corporate VPN. That is a huge benefit and really eases the use of it, in every case. I can immediately see the benefits of using Slack, especially in groups like mine, in Information Technology. So that’s currently the extent of it. Again, tech adoption is flat and terminal, the selling point for Slack is still tied up with the same point for Jabber. You can only demonstrate the ROI when you have full engagement, and you can only get full engagement when people see the rewards of ROI. So even Slack is just a moribund as Jabber was. But at least with Slack there is room for enticing directions it could take. I’ve been kicking around the notion of examining Slack’s position in a B2B framework. Like between MSP’s and their customers. The MSP starts a Slack and invites their customers to join. Then each customer has a channel that they are invited to. Then the company staff at the MSP hop on Slack and use it for their own benefit. Everything is segregated using Slack’s internal controls, so the MSP gets a benefit immediately and the customers can effectively chat up their reps with a single click on an app, a website, or their phones. This could enhance the collaborative power between customer and provider. Invoices posted, updates about payments, and with IFTTT looming in the background, new automated benefits could be crafted and rolled out to customers immediately.

This could also revolutionize B2C relationships as well, but that would take more corporate bravery than even the B2B solution would. I don’t actually expect anyone to seriously accept my shoot-the-moon ideas, but I would like to imagine the world where I could start my Slack app, see all my professional relationships and be able to communicate with them that way. Maybe someday if Slack succeeds and more people ask the right questions. More people actively interested in collaboration would also help.

Windows 10, QNAP, and error 0x80004005

While setting up a new Windows 10 laptop we ran into a head-scratcher problem. We store a lot of our setup data in a network attached storage system called a QNAP. The laptop was connected to our local area network over Wifi, and everything connection-wise looked to be good. We could ping both the IP address of the QNAP and the DNS name as well, so we knew for a fact that the laptop could indeed send and receive traffic with the QNAP. When we attempted to call up the QNAP using Windows Explorer on this laptop we used the UNC convention to get to our data, like this \\10.1.1.100 and when we press enter, Windows 10 would pause for a short few seconds and then throw back an error code:

Windows Cannot Access \\10.1.1.100 Error Code: 0x80004005 Unspecified Error.

We then attempted to reboot, then we escalated to a full system rebuild and nothing seemed to work for us. We fiddled with PowerShell commands, to no effect, also flipping on and off IPv6, which also had no effect. So our next step was to switch to wildcat debugging and just start taking wild potshots at the laptop trying to find a way to just make this work. And we found the solution, thanks to a user by the name of dimamed on Spiceworks, who posted the solution we needed:

Adjust Registry Value:
HKLM\SYSTEM\CurrentControlSet\LanmanWorkstation\Parameters\AllowInsecureGuestAuth, and set the DWORD to 1.

Then I closed the registry editor, opened up Windows Explorer again, tried the QNAP as I usually do and it worked! We don’t really need it to function for our end users, but it became a matter of professional pursuit to make sure that all our technology can work together properly. It can, with some coaxing.

We hope this solution works for other folks, if you also run into this issue. Please leave a comment if you would, so we can see just how much of an impact something like this has if you don’t mind.

Cat’s Megamix

I have a 25 hour long playlist on Spotify that is solely composed of Cat relaxation music. Currently it’s playing throughout the house and especially for felines, and also for their hapless human lap-warmers, the slowly paced lullabies and carefully composed music interspersed with isochronic beat patterns have chilled all felines right to unconsciousness. Instead of mobbing the door leading to Ysabel’s welcome room, they are on my lap, or near me, totally lounging, sleeping, and napping. Even the new kitten digs the music, and has likewise fallen asleep.

It may be wishful thinking, but this music seems to be having the same effect as Felidae does.

There is another note of kismet in all of this. The way we discovered Ysabel, just how free and easy all this has been so far. Right down to the right gadgets and the service and the music to bring it all together. It feels effortless, although I freely admit that this has only just started, but perhaps if I stay optimistic everything will follow suit and work out for the best.

This all assumes the music doesn’t put me out like it is the cats. Who thought it, music enhanced introductions. What a marvel!

200 Hours

The last time I was logged into Facebook was June 9th at 11:45pm. I was scrolling along the wall feed and I distinctly felt ill that I was on Facebook. It wasn’t making me happy, it wasn’t rewarding, it was a chore. More than that, it was an unpleasant chore, and at the time it felt repulsive. The kind of repulsion that makes your stomach go sour, hurk a little and the metallic acid tang at the back of your throat, that sort of raw physical displeasure. I closed the tab, and wrote a little in my journal.

It’s been 200 hours and a few since that moment. I haven’t logged on once since. I don’t feel like I am missing anything, except when I have something to cheer or gripe about. There are a few things that I could have posted on Facebook, and thanks to Yelp, some of that has made its way on to Facebook, but that was automation doing the sharing, not me.

I made a break with Facebook. I’m not going to close anything or remove anything, that would require more exposure to their platform. I simply won’t be there. I’ve got this blog, where I can share things, and of course my journal. Almost everything ends up in the journal anyways, the important things in the blog, and I will leave Facebook and Twitter to the machines, let them suffer it. The universal answer to “Did you see on…?” will default to no. I didn’t see it. I don’t really want to see it, but you’ll show it to me anyways. There may never be freedom, true freedom from Facebook, because it leaks in around the edges and is in the news a lot, so it will become something like a persistent fungal infection. Nothing that actually hurts me, but it makes my toenails ugly. Just leave the socks on.

Facebook, and Google both have contributed to the death of smalltalk. What’s the point of saying anything when nobody believes you and they tell you that you are wrong, up until they read it on the platform and then you hear in a small voice, “Oh, yeah… there it is.” So, whatever. It’s best to just leave everything to the platform, it has in so many ways replaced so much for us. The matter of record, truth, facts, and even basic conversation. The only thing left is to pretend to be a dullard. You don’t know anything, you have nothing to say, and everything is a mystery novelty.

The platform is very interesting. We created something we can’t control, it’s bad for us, but we don’t really care. We’re throwing flowers at Frankenstein’s Monster and celebrating it with daily parades, despite the fact that it rampages and burns down random buildings and causes such conflict and suffering. Hooray for the Monster.

I won’t see it on Facebook. Save your bus fare. Keep whatever it is to yourself. Whats the point of talking about it anyways? All the possible conversations are there, up on that platform, go there, knock yourself out. The Monster loves daisies.

Automatic Blacklisting using iptables

My home server, an elderly Mac Mini with Debian 8 was recently exposed to the public Internet on port 22, sshd service. I did that on purpose, so I could use the dynamic DNS addressing so I could open a secure shell from wherever I might be, even if that’s not home.

Of course, with a port opened up like this, I have exposed this Mac Mini to the wilds of the public Internet, and it has been scanned thoroughly. When I looked at /var/log/auth.log, it was full of attempts to login using root, admin, and pi. The last one, pi, is hilarious because the hostname was never changed when the OS was migrated from running on my Raspberry Pi, so people who scan the IP and get the hostname think it’s a Raspberry Pi.

This has led to a curious exploration of how to prevent people from scanning and attempting to brute-force my sshd server running on this machine. The passwords are complex, so I’m not really worried about anyone breaking into the box, but I do want to dissuade people from even trying. So after some research, I came up with this iptables definition:

iptables -N LOGDROP
iptables -A LOGDROP -j LOG
iptables -A LOGDROP -j DROP
iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp –dport 22 -i eth0 -m state –state NEW -m recent –set
iptables -A INPUT -p tcp –dport 22 -i eth0 -m state –state NEW -m recent –update –seconds 86400 –hitcount 3 -j LOGDROP

I adapted a bunch of good ideas floating around on other help pages, and these instructions are rather straightforward until the end. I found the LOGDROP chain to be really useful, it will log and then drop traffic in one call, without having to mess around with multiple log and drop jumps. The next keeps any current SSH shell running no matter what, then everything from loopback, and then everything from my internal network. The next sequence sets up a tracking database in the server, if someone attempts to chat up my sshd server more times than three in a day, their IP addresses are installed in a blacklist and their traffic is dropped.

Obviously this is overkill, and my next step is to add 2FA to PAM on this server so that I will need to enter a password and a six digit 2FA code that changes every 30 seconds and never repeats. If anyone else out there is looking for something similar to this, you’re welcome to try it out. Good luck!