Less Tech.

Less Tech.

2019-01-07 | Health, Mental Health, Tech

I really like numbers. I like graphs. I like plots. I like tables. I like SQL queries. It was pretty predictable that I’d like having a Fitbit on my wrist. No surprise that I’d find myself poring over the graphs in the app, checking my resting heart-rate (56-58 bpm when I’ve not had any red wine for a couple of days, 61-63 bpm when I have, FYI), my active hours, how many steps I’ve done and when, and probably because I can be a bit* competitive at times, how my steps stack up against my Fitbit friends steps.

But – what did I have the Fitbit for? I had it to help me keep track of my exercise (check) and improve my fitness levels. It just didn’t help improve my fitness. It didn’t push me to do more steps. It didn’t motivate me to run. It didn’t really help me improve at all. So it’s gone.

When I stopped wearing it, I felt quite a bit of relief, which I didn’t expect. I thought I’d miss it. Miss having those graphs, and tables of information to sift through. But instead, I felt liberated. When I go for a walk, I’m going because I want to. Because it feels nice. Because it’s good for me. Not so that I can compete against other people, who most likely aren’t competing back. To be completely honest, there have been a couple of times I’ve gone for a walk and thought that it’d be nice to have the steps recorded because it would have added a decent chunk to my tally, but then I quickly realise that it’s not important. It’s important that I’m moving – it’s not important that I’m winning.

Anxiety levels: slightly lower than they were before.
Plan: figure out what to get rid of next.

SQL Server Management Studio – as another user

SQL Server Management Studio – as another user

2018-08-15 | Tech

Skip skip skip all the preamble junk…

My work, amongst many other things, involves managing a small herd of Microsoft SQL servers and a series of small web-apps. When I work from home, from my non-domain-joined machine, I want to be able to run the SQL Server Management Studio (SSMS). I could RDP (or whatever) in to a machine on the domain, but it feels neater to just run it from the local PC where I’m working.

I’d tried this before, but because of two (or maybe one and a half) little hurdles and bits of weirdness, I couldn’t get it going until today.

The half hurdle is that the executable for SSMS is a lot like smss.exe. But very different. Don’t try to launch smss.exe this way.

The full hurdle is what stumped me for longest. When SSMS starts, it will still show your local computer/domain name and local username in the login section. This is ok. Just connect anyway.

SSMS 17 (and maybe earlier versions) adds the path to the executable to the PATH environmental variable, so you don’t need to worry about including the whole path to the executable when you run the command I’m about to show.

Just get on with it…less jibber-jabber.

Here’s the deal.

Create a shortcut pointing to the following:

runas /netonly /user:domain\username ssms

You’ll be promted for your password when it starts.

Let’s Encrypt Wildcards and IIS

Let’s Encrypt Wildcards and IIS

2018-06-02 | Tech

Introduction

Late last year, Let’s Encrypt, that wonderful semi-automated free SSL certificate service, announced that they would be adding support for wildcard certificates. A standard SSL certificate only covers the specific domains and sub-domains it was issued for, and needs to be modified or adjusted to allow more sub-domains. While it’s not a big deal to make these changes, a wildcard SSL certificate is a really simple way of covering yourself for all the different sub-domains you might have, and might want down the track.

Getting the wildcard certificate (or even a “normal” certificate) from Let’s Encrypt can seem daunting at first, but with the right information, it goes smoothly most of the time.

This post is going to cover how to get a hold of a wildcard SSL certificate from Let’s Encrypt, and then how to get that SSL certificate into your Windows box to use with IIS. I’m going to gloss over the parts where the pfx file is being copied from Linux to Windows, assuming that you know how to use ssh/scp/pscp to move files about.

Ready? Right. Onwards.

Links

Let’s Encrypt
PuTTY
CertBot

Requirements

You’ll need to have access to:

  • A linux machine, where you are a sudoer (or root) (I did this with an Ubuntu 16.04LTS box).
  • Your public DNS zone for the domain you’re trying to get the certificate for.
  • Your IIS box.

Assumptions

I’m going to assume you have SSH access to your Linux machine, and that you know how to use it. Also that you know how to add TXT record to your public DNS zone.

You’ll need to move your freshly minted pfx file from the Linux machine to the Windows machine. I use PuTTY and pscp to move files to and from Linux boxes from Windows. I think you should too.

I’m also assuming you know how to change which SSL certificate a binding is using in IIS.

Let’s do this:

Most of this will be done in the Linux machine, so connect to it with PuTTY.

Download certbot-auto by running the command

wget https://dl.eff.org/certbot-auto

Then make it executable by running

chmod u+x certbot-auto

Certbot-auto is a glorious script that makes everything happen pretty much automatically. It will grab all the required dependencies, it’ll request the certificate for you, tell you what to put in your TXT record, then put the certificate in a sensible spot for you.

Let’s request that certificate for your favourite domain, *.example.com.

sudo ./certbot-auto certonly -d *.example.com --manual --preferred-challenges dns-01

As it’s your first time running certbot-auto, it will probably download and install a bunch of apt packages. Once it’s done, it will request the certificate, and assuming everything has gone well, prompt you to create the TXT record for your domain.

TXT Record

Now is the time to create the TXT record with the string provided by certbot for _acme-challenge.example.com. If you’re unsure how to do this, as your hosting provider to help. Or a friendly friend.

Once you’ve set it up, it’s time to hit Enter to finish certbot’s job. Wait for that to happen, then it’s time to move on to exporting the keys into a format Windows can handle.

Exporting

Your newly minted SSL certificate will be found in the following directory:

/etc/letsencrypt/live/example.com/

together with a README file, and three other files. That live folder is locked down, so you can only get to it as root. You can either switch to root, or you can sudo the following command from your home folder (I recommend the latter, but do the former).

So, from your home directory, run the following command:

sudo openssl pkcs12 -export -out example.com.pfx -inkey /etc/letsencrypt/live/example.com/privkey.pem -in /etc/letsencrypt/live/example.com/fullchain.pem

Enter a password when prompted, and you will have generated a PKCS #12 archive of the SSL certificate. This format is very easy to import into IIS in the next step.

Importing the key into IIS

The final two steps are to import the key into IIS, then change the binding to the newly imported certificate. I’m doing this in IIS7 on Server 2008R2, but shouldn’t be too different in newer versions.

Copy the file from your Linux box to the Windows server (most likely with PSCP), then start up the IIS manager.

Open the Server Certificates feature, then click on “Import…” under actions in the top right hand corner. Find the file, enter the password you picked, and you’re done. Change the bindings for the sites you would like to use this new SSL certificate, and you’re done.

Bonus – Installing Certificate into UniFi

sudo keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore path-to-your-exported-pfx -srcstoretype PKCS12

Pi Hole Update

Pi Hole Update

2018-04-15 | Tech

A while ago I wrote a guide on how to configure a Pi Hole on an Orange Pi tiny computer.  See here: Filtering Ads and Stuff

This was a bit of a mistake. The Orange Pi wasn’t reliable, and failed on Friday, just about two months since it went in.

I’ve since rebuilt it on a Raspberry Pi and I imagine that it will be significantly more reliable if the other ones I have around the house are anything to go by.

Pictured is the Pi 3 in a Lego (inspired) case, currently running Pi Hole and Squeezelite.

Squeezelite is a distributed music playing system, which I will post about soon.

Riding + Technology

Riding + Technology

2018-04-08 | Biking, Fitness, Health, Tech

I love information. Or maybe it’s that I, more specifically, love data. For a information/data-phile like me, having a device in your pocket (and on your wrist) that can collect, collate, and visualise the information for you is pretty amazing. With that information I can track improvement, decline, progress, and stagnation.

I like it.

I have been using Strava for a long time to collect information about my running and cycling. You get a cool summary for the month, comparing you against the previous month. You can track your heart-rate, average and top speeds, amongst many other things. Recently I’ve linked Strava to a service called Relive, which gives you cool little videos of your logged activities.

<iframe height='405' width='590' frameborder='0' allowtransparency='true' scrolling='no' src='https://www.strava.com/activities/1495477866/embed/557c51f60d274a6aa3b8ab858f4fc8dc233d8a4e'></iframe>
<blockquote class="embedly-card" data-card-controls="0" data-card-key="f1631a41cb254ca5b035dc5747a5bd75"><h4><a href="https://www.relive.cc/view/1495477866?r=embed-site">Relive 'Up and down.'</a></h4></blockquote><!-- [et_pb_line_break_holder] --> <script async src="//cdn.embedly.com/widgets/platform.js" charset="UTF-8"></script>

Those things are all very cool.

Add, now, to this a video camera, and I can get a really good visual representation of the whole ride, too. And if something interesting happens along the way, I have that information.

Below is my first video, which is the descent from around Cleland along Long Ride and Winter Track to Waterfall Gully Road. I got rid of all the sound because the thrum of my knobbly tires is exhausting. You can add your own soundtrack by playing your favourite song while watching the video. ¯\_(ツ)_/¯

<iframe width="560" height="315" src="https://www.youtube.com/embed/oQOzyT_UVmY" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen></iframe>

Organising my life with an app

Organising my life with an app

2018-03-10 | Mental Health, Tech

It feels a bit hypocritical to post about an app so soon after I posted about managing a screen addiction. But not very. I guess the point of my other post wasn’t that I didn’t want to use my phone. I wanted the interraction with my phone to be meaningful, and valuable.

In the last few years I’ve found myself to be very easily distracted, and I forget what I need to get done. Not big picture stuff, so much, but with smaller things. I’ve tried paper lists. I really, really wanted to be able to do paper lists with neat handwriting and big flourishes when I got to cross things off as done. Unfortunately it’s become clear that it just doesn’t work for me in the long term. On my phone, I’d tried Trello, and Evernote. Both seemed like they would do the job, but neither of them did.

I needed to try something else.

The next thing I found was Todoist. So far it is really working. I’ve been using the premium version for a couple of months now, and it is really excellent. I’m going to avoid sounding too much like an ad here, but with Todoist, you can add items to your list using natural language for categories, priorities, due dates, and recurring items. For example: “Take Out Bins every tuesday at 1900 #chores p1” will set a repeating item called “Take Out Bins” every Tuesday at 7pm, categorised as “chores” with a high priority. The desktop app is good too, for setting up your recurring events and doing all the things that are tedious to take care of on your phone.

I’ve added my standard house chores to it, spread out a bit over the week as repeating items. Basic stuff – vacuuming, dusting, laundry, mopping, cleaning bathrooms. A lot of chores are in there. Then I have some one-offs in there that come and go.

“If it’s your job to eat a frog, it’s best to do it first thing in the morning. And if it’s your job to eat two frogs, it’s best to eat the biggest one first.” – Mark Twain (allegedly)

I still put things off. I still have things that are long overdue on my list. Those frogs don’t always get eaten first thing, but there are gentle reminders that I still need to do them. So, in the end, they do get done rather than fall off the todo list and finally forgotten.

The developers at Todoist have also gamified your todo list. It’s not important to me. Or not very important, at least. But having a few graphs showing a rough approximation of my productivity over the last week is nice. The app would be just as good without it, but it’s a bit of a bonus feel-good.

So, in essence, since getting Todoist, I have a cleaner house and less frustration because of forgotten tasks, and I like it.

I also have points. Nearly 5,000.