A very smoky fathers day

A very smoky fathers day

2018-09-04 | Mental Health, Photography

Driving home from the Fleurieu Peninsula on Sunday there was a heavy blanket of smoke hanging over the hills and the Adelaide plains. I’d been to see dad, helped him repair his lawn mower and sipped a coffee at Port Elliot. I had spent longer there than anticipated, and was running late for dinner with the kids. The way the setting sun was being coloured by the smoke was too enticing, so I swung off the freeway and went up to Mt. Osmond to take a few photos.

I’m finding the act of being creative is really good for my overall wellbeing, so even though it meant that I only just made it home in time for dinner with the family, it’s a really excellent thing to be able to do.

<a data-flickr-embed="true" href="https://www.flickr.com/photos/karloskar/43703681814/in/dateposted/" title="A very smoky Adelaide"><img src="https://farm2.staticflickr.com/1853/43703681814_72599cbabb_z.jpg" width="640" height="427" alt="A very smoky Adelaide"></a><script async src="//embedr.flickr.com/assets/client-code.js" charset="utf-8"></script>
<a data-flickr-embed="true" href="https://www.flickr.com/photos/karloskar/43512755655/in/photostream/" title="Mt Osmond"><img src="https://farm2.staticflickr.com/1841/43512755655_a62ee94ee2_z.jpg" width="640" height="427" alt="Mt Osmond"></a><script async src="//embedr.flickr.com/assets/client-code.js" charset="utf-8"></script>
SQL Server Management Studio – as another user

SQL Server Management Studio – as another user

2018-08-15 | Tech

Skip skip skip all the preamble junk…

My work, amongst many other things, involves managing a small herd of Microsoft SQL servers and a series of small web-apps. When I work from home, from my non-domain-joined machine, I want to be able to run the SQL Server Management Studio (SSMS). I could RDP (or whatever) in to a machine on the domain, but it feels neater to just run it from the local PC where I’m working.

I’d tried this before, but because of two (or maybe one and a half) little hurdles and bits of weirdness, I couldn’t get it going until today.

The half hurdle is that the executable for SSMS is a lot like smss.exe. But very different. Don’t try to launch smss.exe this way.

The full hurdle is what stumped me for longest. When SSMS starts, it will still show your local computer/domain name and local username in the login section. This is ok. Just connect anyway.

SSMS 17 (and maybe earlier versions) adds the path to the executable to the PATH environmental variable, so you don’t need to worry about including the whole path to the executable when you run the command I’m about to show.

Just get on with it…less jibber-jabber.

Here’s the deal.

Create a shortcut pointing to the following:

runas /netonly /user:domain\username ssms

You’ll be promted for your password when it starts.

70% Hydration Pizza Dough

70% Hydration Pizza Dough

2018-08-11 | Baking, Food

Ingredients

1.1kg plain flour (split 700g and 400g)
770ml luke warm water (split 700ml and 70ml)
2g dry yeast
pinch of salt
20g oil

Method

Roughly combine 700g flour and 700ml water in a bowl with a spoon, and set aside for at least 30 minutes (an hour is better).

Activate 2g of yeast in 70ml of water.

Start the stand mixer, add the salt and the yeast and water mixture, and slowly add remaining flour bit by bit until all flour is added – this process should take about 15 minutes.

Let rise for a long time – a day (from morning to evening) is bare minimum. 24 hours is better.

It’ll be a very wet dough, but it’s not unmanageable. It shouldn’t be too springy when you’re rolling it out.

Bake it hot (really hot), on a hot stone, or ideally in a wood fired oven.

Winter Camping

Winter Camping

2018-08-11 | Family, Photography

A while ago we went camping in the Flinders Ranges. Winter camping is the outback is good. Days aren’t too hot. The weather is usually fine. But nights are freezing. Literally. The night sky, though, is worth the cold.

The cold weather is excellent for long-exposure photos, because the sensor is nice and cold, so has less noise. I took this photograph of the milky way. Look carefully on the right hand side (you might need to see it at full size) and you can see a streak from a shooting star.

<a data-flickr-embed="true" href="https://www.flickr.com/photos/karloskar/28550081397/in/dateposted/" title="Milky Way with Bonus Shooting Star"><img src="https://farm2.staticflickr.com/1802/28550081397_27f23304ac_z.jpg" width="640" height="427" alt="Milky Way with Bonus Shooting Star"></a><script async src="//embedr.flickr.com/assets/client-code.js" charset="utf-8"></script>

28s exposure
f/4.0
ISO 1600

Let’s Encrypt Wildcards and IIS

Let’s Encrypt Wildcards and IIS

2018-06-02 | Tech

Introduction

Late last year, Let’s Encrypt, that wonderful semi-automated free SSL certificate service, announced that they would be adding support for wildcard certificates. A standard SSL certificate only covers the specific domains and sub-domains it was issued for, and needs to be modified or adjusted to allow more sub-domains. While it’s not a big deal to make these changes, a wildcard SSL certificate is a really simple way of covering yourself for all the different sub-domains you might have, and might want down the track.

Getting the wildcard certificate (or even a “normal” certificate) from Let’s Encrypt can seem daunting at first, but with the right information, it goes smoothly most of the time.

This post is going to cover how to get a hold of a wildcard SSL certificate from Let’s Encrypt, and then how to get that SSL certificate into your Windows box to use with IIS. I’m going to gloss over the parts where the pfx file is being copied from Linux to Windows, assuming that you know how to use ssh/scp/pscp to move files about.

Ready? Right. Onwards.

Links

Let’s Encrypt
PuTTY
CertBot

Requirements

You’ll need to have access to:

  • A linux machine, where you are a sudoer (or root) (I did this with an Ubuntu 16.04LTS box).
  • Your public DNS zone for the domain you’re trying to get the certificate for.
  • Your IIS box.

Assumptions

I’m going to assume you have SSH access to your Linux machine, and that you know how to use it. Also that you know how to add TXT record to your public DNS zone.

You’ll need to move your freshly minted pfx file from the Linux machine to the Windows machine. I use PuTTY and pscp to move files to and from Linux boxes from Windows. I think you should too.

I’m also assuming you know how to change which SSL certificate a binding is using in IIS.

Let’s do this:

Most of this will be done in the Linux machine, so connect to it with PuTTY.

Download certbot-auto by running the command

wget https://dl.eff.org/certbot-auto

Then make it executable by running

chmod u+x certbot-auto

Certbot-auto is a glorious script that makes everything happen pretty much automatically. It will grab all the required dependencies, it’ll request the certificate for you, tell you what to put in your TXT record, then put the certificate in a sensible spot for you.

Let’s request that certificate for your favourite domain, *.example.com.

sudo ./certbot-auto certonly -d *.example.com --manual --preferred-challenges dns-01

As it’s your first time running certbot-auto, it will probably download and install a bunch of apt packages. Once it’s done, it will request the certificate, and assuming everything has gone well, prompt you to create the TXT record for your domain.

TXT Record

Now is the time to create the TXT record with the string provided by certbot for _acme-challenge.example.com. If you’re unsure how to do this, as your hosting provider to help. Or a friendly friend.

Once you’ve set it up, it’s time to hit Enter to finish certbot’s job. Wait for that to happen, then it’s time to move on to exporting the keys into a format Windows can handle.

Exporting

Your newly minted SSL certificate will be found in the following directory:

/etc/letsencrypt/live/example.com/

together with a README file, and three other files. That live folder is locked down, so you can only get to it as root. You can either switch to root, or you can sudo the following command from your home folder (I recommend the latter, but do the former).

So, from your home directory, run the following command:

sudo openssl pkcs12 -export -out example.com.pfx -inkey /etc/letsencrypt/live/example.com/privkey.pem -in /etc/letsencrypt/live/example.com/fullchain.pem

Enter a password when prompted, and you will have generated a PKCS #12 archive of the SSL certificate. This format is very easy to import into IIS in the next step.

Importing the key into IIS

The final two steps are to import the key into IIS, then change the binding to the newly imported certificate. I’m doing this in IIS7 on Server 2008R2, but shouldn’t be too different in newer versions.

Copy the file from your Linux box to the Windows server (most likely with PSCP), then start up the IIS manager.

Open the Server Certificates feature, then click on “Import…” under actions in the top right hand corner. Find the file, enter the password you picked, and you’re done. Change the bindings for the sites you would like to use this new SSL certificate, and you’re done.

Bonus – Installing Certificate into UniFi

sudo keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore path-to-your-exported-pfx -srcstoretype PKCS12