I recently have been on a serverless kick. What is that you ask? Well, it means running code in the cloud without managing any server resources or having a server operating system that is always running. Even better, you only pay for resources when your code is executing. Hosting solutions have been around for a long time, but they typically run all the time, and you pay for that (also you might have to manage and update your server). Serverless also means you should break your code into smaller micro-services so it is easier for them to run independently of each other, and you can upgrade one component without affecting the whole.

This post will explain how I backup mine and my clients Linux servers to Amazon’s S3 file storage service via bash shell scripts.

It’s cheap, quick, and it takes care of off-site backups. I prefer to use a different provider than my hosting company in case of major system disruption. I hope everyone has great documentation on how to stand up a new server! With this design, it gives you ultimate control over how many backups you want, and how long to keep them. Amazon will actually take care of deleting old backups based on your preferences.

! *****   Fill in the parameters within the angle brackets  *****
! *****   Catalyst 6500 Native configuration template       *****
!****************************************************************
!
mls rate-limit unicast ip icmp unreachable acl-drop 10
mls rate-limit unicast ip icmp redirect 10
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
logging buffered 11024
service password-encryption
enable secret <password>
no enable password
ip multicast-routing
clock timezone GST 0
!
hostname <hostname>
!
!
! ***************************************************************
! * Configure DNS parameters
! * Enable UDLD in aggressive mode
! * Enable full ip flow tracking for mls
! * Enable TCP path mtu discovery
! * Enable QOS and re-map COS to DSCP values
! * Rate limit ip redirect and unreachable to the Switch process at 10 PPS
! ***************************************************************
! 
ip subnet-zero
ip domain lookup
ip domain-list <domain that switch is in>
ip name-server <www.xxx.yyy.zzz>
udld aggressive
udld message time 7
mls flow ip full
ip tcp path-mtu-discovery age-timer 30 
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos map ip-prec-dscp 0 8 16 26 32 46 48 56
mls qos
mls aclmerge algorithm odm
mls aclmerge odm optimizations 
!
!
! ***************************************************************
! * Set the VTP domain to the name of the switch and the VTP mode to transparent
! ***************************************************************
!
vtp domain <hostname> 
vtp mode transparent
!
errdisable recovery cause all
errdisable recovery interval 60
!
!
! ***************************************************************
! * Configure Spanning Tree 
! *  Set the spanning tree root or secondary root for the vlan. If this is the HSRP
! *  primary for this vlan, the priority should be set to 8192.  If this is the HSRP
! *  standby, the priority should be set to 16384.
! ***************************************************************
!
spanning-tree mode rapid-pvst
spanning-tree vlan <vlan list> priority <value 8192 for primary or 16384 for secondary>
spanning-tree extend system-id
spanning-tree portfast bpduguard default
!
!
! ********************
! * Configure VLANs
! ********************
!
vlan <vlan number>
 name Data_Vlan
vlan <voice vlan number>
 name Voice_Vlan
!
!
! ********************
! * Standard Fastethernet interfaces (2q1p2t ports), configure as a range
! ********************
!
interface range FastEthernet <Start interface> - <End Interface Number>
 switchport
 switchport host
 switchport access vlan <vlan>
 switchport voice vlan <voice vlan number>
 no snmp trap link-status
 mls qos trust extend cos 0
 mls qos trust cos
 priority-queue cos-map 1 5
 power inline auto
 no shut
!
!
! ***************************************************************
! * Uplink Ports
! * Configure the uplink ports to trunk with 802.1q encapsulation
! * Only trunk vlans that are needed
! * Set port to trust DSCP values from the MDF
! ***************************************************************
!
interface range GigabitEthernet <Start interface> - <End Interface Number>
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan <vlan list, NOT vlan 1>
 switchport mode trunk
 mls qos trust cos
 no shut
!
!
! ********************
! * Always disable interface VLAN 1
! ********************
!
interface Vlan1
 no ip address
 shutdown
!
!
! ***************************************************************
! * Layer 3 Vlan Interfaces No HSRP
! * Enable PIM on the interface
! * Do Not enable PIM on VOICE vlans
! ***************************************************************
!
interface vlan <vlan Number>
 ip address <IP Address> <Netmask>
 ip helper-address <helper address>
 no ip redirects
 no ip directed-broadcast
 ip pim sparse-dense-mode 
 no shut
!
!
! ***************************************************************
! Use the configurations below for configuring HSRP
! ***************************************************************
!
! ***************************************************************
! * Layer 3 Interfaces (Primary HSRP)
! ***************************************************************
! * Enable PIM on the interface
! * Configure the standby HSRP IP address
! * Configure the HSRP timers 1 & 3 respectively
! * Configure the HSRP priority (115) & premept delay (15)
! * Configure interface tracking for HSRP
! * Do Not enable PIM on VOICE vlans
! ***************************************************************
!
interface vlan <vlan Number>
 ip address <ip address> <netmask>
 ip helper-address <helper address>
 no ip redirects
 no ip directed-broadcast
 ip pim sparse-dense-mode
 standby <group number> ip <HSRP address>
 standby <group number> timers 1 3
 standby <group number> priority 115 preempt delay 15
 standby <group number> track <uplink interface> 20
 no shut
!
! ***************************************************************
! * Layer 3 Interfaces (HSRP Standby)
! ***************************************************************
! * Enable PIM on the interface
! * Configure the standby HSRP IP address
! * Configure the HSRP timers 1 & 3 respectively
! * Configure the HSRP priority
! * Configure interface tracking for HSRP
! * Do Not enable PIM on VOICE vlans
! ***************************************************************
!
interface vlan <vlan Number>
 ip address <ip address> <netmask>
 ip helper-address <helper address>
 no ip redirects
 no ip directed-broadcast
 ip pim sparse-dense-mode
 standby <group number> ip <HSRP address>
 standby <group number> timers 1 3
 standby <group number> priority 100 preempt delay 15
 standby <group number> track <uplink interface> 20
 no shut
!
!
! ***************************************************************
! * Set the syslog server
! * Disable the HTTP server for web management
! ***************************************************************
!
logging trap debugging
no ip http server
logging <logging server IP address>
!
!
! ********************
! * Set SNMP system variables
! ********************
!
snmp-server community <Read-Only String> RO
snmp-server location <site/building>
snmp-server contact <contact-name>
snmp-server enable traps
snmp-server ifindex persist
no snmp-server enable traps syslog
no snmp-server chassis-id 
snmp-server trap-source vlan <management vlan>
no snmp-server enable traps snmp authentication
!
!
! ********************
! * Configure the tacacs+ servers
! ********************
!
tacacs-server host <Primary tacacs server IP>
tacacs-server host <Secondary tacacs server IP>
tacacs-server timeout 10
tacacs-server key <tacacs key>
!
!
! ********************
! * Set the Banner exactly as shown below
! ********************
!
Banner motd ^

THIS IS A PRIVATE COMPUTER SYSTEM --- USAGE MAY BE
MONITORED AND UNAUTHORIZED ACCESS OR USE MAY RESULT
IN CRIMINAL OR CIVIL PROSECUTION

^
!
!
! ********************
! * Configure timeout timers and login passwords on all available
! * console and vty lines
! ********************
!
line con 0
 exec-timeout 10 0
 password <password>
 logg sync
line vty 0 15
 exec-timeout 20 0
 password <password>
 transport input telnet
 logg sync
!
! ********************
! * Configure SSH if correct code
! * Use version 2 of SSH if supported
! ********************
!
ip ssh version 2
line vty 0 15
  transport input telnet ssh
!
crypto key generate rsa
!
!
! ********************
! * Set the NTP Server
! ********************
!
ntp server <local ntp server or pool.ntp.org>
!
!
! ********************
! * Configure tacacs+ if using an ACS server, otherwise do not configure
! * Remove ACS auth from console in case of emergency
! ********************
aaa new-model
aaa authentication login no_tacacs enable
aaa authentication login default group tacacs+ enable
aaa authentication enable default group tacacs+ enable
aaa authorization commands 0 default group tacacs+ if-authenticated none
aaa authorization commands 15 default group tacacs+ if-authenticated none
aaa accounting update newinfo
aaa accounting commands 15 default start-stop group tacacs+
line con 0
login authentication no_tacacs

Here is a quick template to setup a Cisco Nexus 56128 or any other switch in the 5600 series. These are solid 40G switches that offer a ton of features. Fabricpath is used in this template for switch to switch communication. These are also setup as a “Leaf” switch in a spine/leaf two tier design. These are running Nexus 7.0.X code.

For reference here is the spine configuration: Spine template

The configuration can vary depending on the type of switch you are using, so this is for the Nexus 5600 series, tested on the 56128. Unified ports on this device are available on the modules you can install in the top two slots, they are 24 ports each unified. So you can have a total of 48 ports. The border is orange so you know they are different.

By default they are Ethernet 10 gig ports, so if that’s what you want then you don’t need to change anything. Say you want to use FCOE (fiber channel over Ethernet) then you keep them as is. You only need to change the mode if you want to use Native Fiber Channel.

VPC: Virtual Port Channel - this is a port channel that instead of connecting multiple ports only on one switch, you are spreading it over two physical switches. This give more redundancy in most cases.

it can be a bit tricky to setup, so here is a config that I have used which seem to work great. The keep alive is done with the management port, and the peer-link is a leaf to leaf (in a fabricpath network) or switch to switch direct link. The peer-link needs to be a port channel. The keep-alive should be put into its own VRF (virtual route and forwarding), which means it can’t share the routing table with anyone else. This will prevent false keep-alives being routed where they shouldn’t. The management port has one by default which makes it easy, and a side benefit of not needing a layer 3 license for vlan interfaces.

Here is a quick template to setup a Cisco Nexus 6004 or 6001 (recently renamed to the 5600 series, so now the 5696). These are solid 40G switches that offer a ton of features. Fabricpath is used in this template for switch to switch communication. These are also setup as a “Spine” switch in a spine/leaf two tier design.

This code was created on 7.0.x NX-OS.

!!!MGMT port config
interface mgmt0
  vrf member management
  ip address x.x.x.x/24
vrf context management
  ip route 0/0 x.x.x.x
!

install feature-set fabricpath
feature-set fabricpath
feature udld
feature privilege
feature tacacs+
!
errdisable recovery interval 30
errdisable recovery cause all
!
ntp server x.x.x.x prefer use-vrf management
ntp source-interface mgmt 0
!
!!ssh regenerate the key
hostname xxxxx
no feature ssh
  no ssh key rsa
ssh key rsa 1024
feature ssh
!
!!misc
no ip source-route
ip domain-lookup
udld aggressive
ip tcp path-mtu-discovery
!
!Change the balance algorithm to what fits your network
port-channel load-balance ethernet source-dest-port XXXX
!
!!enable jumobframes
system jumbomtu 9216
policy-map type network-qos fcoe-jumno
  class type network-qos class-fcoe
    pause no-drop
    mtu 2158
  class type network-qos class-default
    mtu 9216
system qos
service-policy type network-qos fcoe-jumbo
!
!!logging and snmp
no logging console
no logging monitor
snmp-server location XXXXX
snmp-server source-interface trap mgmt0
snmp-server source-interface inform mgmt0
!
!Enable the traps that you actually want to monitor
no snmp-server enable traps
snmp-server enable traps XXXX
!
snmp-server community CCCC group network-operator
snmp-server community CCCC use-acl AAAA
snmp-server host x.x.x.x version 2c CCCC
!
banner motd ^
**********************************************************************BANNER BANNER
**********************************************************************
^
!
!Enable fast fabric
fabric-mode 40g
!!Configure necessary vlans for fabricpath.
!They must exist on each switch in the fabric to be used. 
!Not recommended to pre-configure all of them, might cause errors. 
! 
vlan X-XXXX
mode fabricpath
!
!configure all interfaces as fabricpath
int ex/x-x
switchport mode fabricpath
!
!!!!!!!!!!UNIQUE CONFIG per switch
!Use a switch id scheme for your devices, something like xx for vpc, xxx for spines, xxxx for leafs. 
!Also have one spine be the root so there is no confusion. 
!
!Spine switch 1
fabricpath switch-id xx1
fabricpath domain default
root-priority 100
!
!Spine switch 2
fabricpath switch-id xx2
fabricpath domain default
root-priority 200
!
!
!!!SAVE THIS and RELOAD to switch to 40G fabric mode
copy run start
reload
!
!
!VALIDATION commands:
show fabricpath route 
show fabricpath isis hostname switch-id
show fabricpath isis interface br 
show fabricpath isis vlan-range
show int brief

MacOS has a few locations that start programs up on boot (called agents and daemons in macOS). If your Mac seems slower, this might be a cause, a bunch of background services running for programs you don’t use often enough. There are also programs that install themselves everywhere and just deleting the application will not remove them. We will walk through all the directories that an application can hide in.

I have quite a few wordpress sites under management, and updating the plugins and themes can get quite tedious. This script will update all of them automatically (you will need SSH and CRON access for this) to whatever time-frame you set it to. The trick is to use “wp-cli” which is a command line toolset for WordPress that lets you do just about anything (you can even reset admin passwords so be careful who has access to this stuff).

I have been on an email cleanse lately, so going back and deleting old emails that there is no reason to keep. Over the years I have been quite good at labeling anything that is keep-worthy, but a few can slip through the cracks. Here is a simple search you can run inside your gmail box that shows all the emails you can look through and delete.

Search for this to find anything that doesn’t have a label,  isn’t in trash, your inbox nor drafts. The new Gmail search should return 100 results, so look through and see any you may have missed to label.

If your not familiar with tor, check out https://www.torproject.org/ to get more information. Its a secure proxy system that basically anonymizes your ip address.

You can install the Tor client and connect or a super easy way is to run your own proxy and just have traffic flow through it. Don’t have to start up anything, its always running if you want to use it.

The Beaglebone black is a perfect device to run a Tor proxy on your home network. Once its setup, you can leave it plugged in via ethernet, a USB power supply and its always available. It makes a decent Ubuntu Linux server for development purposes too (although it compiles a little slow).  For a temporary website or learning a programming language its a great deal. We will also have a shortcut on your desktop that you can click on to make chrome go into incognito mode, and connect to our proxy with just one click.

There is a decently easy way to make your online accounts more secure (as in logging into them). Its still up to the site owners to keep your data safe, but thats another day.

The method is called 2-factor authentication. A username and password is the first part, and a randomly generated code is the second part. So if someone gets ahold of your password, the random code will stop them from logging in (unless of course they steal the device giving you the codes as well, but we can only do so much).

! *****   Fill in the parameters within the angle brackets  *****
! *****   Catalyst 6500 Native configuration template       *****
!****************************************************************
!
mls rate-limit unicast ip icmp unreachable acl-drop 10
mls rate-limit unicast ip icmp redirect 10
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
logging buffered 11024
service password-encryption
enable secret <password>
no enable password
ip multicast-routing
clock timezone GST 0
!
hostname <hostname>
!
!
! ***************************************************************
! * Configure DNS parameters
! * Enable UDLD in aggressive mode
! * Enable full ip flow tracking for mls
! * Enable TCP path mtu discovery
! * Enable QOS and re-map COS to DSCP values
! * Rate limit ip redirect and unreachable to the Switch process at 10 PPS
! ***************************************************************
! 
ip subnet-zero
ip domain lookup
ip domain-list <domain that switch is in>
ip name-server <www.xxx.yyy.zzz>
udld aggressive
udld message time 7
mls flow ip full
ip tcp path-mtu-discovery age-timer 30 
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos map ip-prec-dscp 0 8 16 26 32 46 48 56
mls qos
mls aclmerge algorithm odm
mls aclmerge odm optimizations 
!
!
! ***************************************************************
! * Set the VTP domain to the name of the switch and the VTP mode to transparent
! ***************************************************************
!
vtp domain <hostname> 
vtp mode transparent
!
errdisable recovery cause all
errdisable recovery interval 60
!
!
! ***************************************************************
! * Configure Spanning Tree 
! *  Set the spanning tree root or secondary root for the vlan. If this is the HSRP
! *  primary for this vlan, the priority should be set to 8192.  If this is the HSRP
! *  standby, the priority should be set to 16384.
! ***************************************************************
!
spanning-tree mode rapid-pvst
spanning-tree vlan <vlan list> priority <value 8192 for primary or 16384 for secondary>
spanning-tree extend system-id
spanning-tree portfast bpduguard default
!
!
! ********************
! * Configure VLANs
! ********************
!
vlan <vlan number>
 name Data_Vlan
vlan <voice vlan number>
 name Voice_Vlan
!
!
! ********************
! * Standard Fastethernet interfaces (2q1p2t ports), configure as a range
! ********************
!
interface range FastEthernet <Start interface> - <End Interface Number>
 switchport
 switchport host
 switchport access vlan <vlan>
 switchport voice vlan <voice vlan number>
 no snmp trap link-status
 mls qos trust extend cos 0
 mls qos trust cos
 priority-queue cos-map 1 5
 power inline auto
 no shut
!
!
! ***************************************************************
! * Uplink Ports
! * Configure the uplink ports to trunk with 802.1q encapsulation
! * Only trunk vlans that are needed
! * Set port to trust DSCP values from the MDF
! ***************************************************************
!
interface range GigabitEthernet <Start interface> - <End Interface Number>
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan <vlan list, NOT vlan 1>
 switchport mode trunk
 mls qos trust cos
 no shut
!
!
! ********************
! * Always disable interface VLAN 1
! ********************
!
interface Vlan1
 no ip address
 shutdown
!
!
! ***************************************************************
! * Layer 3 Vlan Interfaces No HSRP
! * Enable PIM on the interface
! * Do Not enable PIM on VOICE vlans
! ***************************************************************
!
interface vlan <vlan Number>
 ip address <IP Address> <Netmask>
 ip helper-address <helper address>
 no ip redirects
 no ip directed-broadcast
 ip pim sparse-dense-mode 
 no shut
!
!
! ***************************************************************
! Use the configurations below for configuring HSRP
! ***************************************************************
!
! ***************************************************************
! * Layer 3 Interfaces (Primary HSRP)
! ***************************************************************
! * Enable PIM on the interface
! * Configure the standby HSRP IP address
! * Configure the HSRP timers 1 & 3 respectively
! * Configure the HSRP priority (115) & premept delay (15)
! * Configure interface tracking for HSRP
! * Do Not enable PIM on VOICE vlans
! ***************************************************************
!
interface vlan <vlan Number>
 ip address <ip address> <netmask>
 ip helper-address <helper address>
 no ip redirects
 no ip directed-broadcast
 ip pim sparse-dense-mode
 standby <group number> ip <HSRP address>
 standby <group number> timers 1 3
 standby <group number> priority 115 preempt delay 15
 standby <group number> track <uplink interface> 20
 no shut
!
! ***************************************************************
! * Layer 3 Interfaces (HSRP Standby)
! ***************************************************************
! * Enable PIM on the interface
! * Configure the standby HSRP IP address
! * Configure the HSRP timers 1 & 3 respectively
! * Configure the HSRP priority
! * Configure interface tracking for HSRP
! * Do Not enable PIM on VOICE vlans
! ***************************************************************
!
interface vlan <vlan Number>
 ip address <ip address> <netmask>
 ip helper-address <helper address>
 no ip redirects
 no ip directed-broadcast
 ip pim sparse-dense-mode
 standby <group number> ip <HSRP address>
 standby <group number> timers 1 3
 standby <group number> priority 100 preempt delay 15
 standby <group number> track <uplink interface> 20
 no shut
!
!
! ***************************************************************
! * Set the syslog server
! * Disable the HTTP server for web management
! ***************************************************************
!
logging trap debugging
no ip http server
logging <logging server IP address>
!
!
! ********************
! * Set SNMP system variables
! ********************
!
snmp-server community <Read-Only String> RO
snmp-server location <site/building>
snmp-server contact <contact-name>
snmp-server enable traps
snmp-server ifindex persist
no snmp-server enable traps syslog
no snmp-server chassis-id 
snmp-server trap-source vlan <management vlan>
no snmp-server enable traps snmp authentication
!
!
! ********************
! * Configure the tacacs+ servers
! ********************
!
tacacs-server host <Primary tacacs server IP>
tacacs-server host <Secondary tacacs server IP>
tacacs-server timeout 10
tacacs-server key <tacacs key>
!
!
! ********************
! * Set the Banner exactly as shown below
! ********************
!
Banner motd ^

THIS IS A PRIVATE COMPUTER SYSTEM --- USAGE MAY BE
MONITORED AND UNAUTHORIZED ACCESS OR USE MAY RESULT
IN CRIMINAL OR CIVIL PROSECUTION

^
!
!
! ********************
! * Configure timeout timers and login passwords on all available
! * console and vty lines
! ********************
!
line con 0
 exec-timeout 10 0
 password <password>
 logg sync
line vty 0 15
 exec-timeout 20 0
 password <password>
 transport input telnet
 logg sync
!
! ********************
! * Configure SSH if correct code
! * Use version 2 of SSH if supported
! ********************
!
ip ssh version 2
line vty 0 15
  transport input telnet ssh
!
crypto key generate rsa
!
!
! ********************
! * Set the NTP Server
! ********************
!
ntp server <local ntp server or pool.ntp.org>
!
!
! ********************
! * Configure tacacs+ if using an ACS server, otherwise do not configure
! * Remove ACS auth from console in case of emergency
! ********************
aaa new-model
aaa authentication login no_tacacs enable
aaa authentication login default group tacacs+ enable
aaa authentication enable default group tacacs+ enable
aaa authorization commands 0 default group tacacs+ if-authenticated none
aaa authorization commands 15 default group tacacs+ if-authenticated none
aaa accounting update newinfo
aaa accounting commands 15 default start-stop group tacacs+
line con 0
login authentication no_tacacs

I like to travel, so sometimes on the road programming can be a chore without my large monitor. There is a useful solution and that is to use an iPad as an external monitor. It actually works quite well!  What’s nice too is you can use the tablet for most of your normal tasks, and bust out the laptop/tablet combo when you need more real estate (and are compiling things).

If your not familiar with tor, check out https://www.torproject.org/ to get more information. Its a secure proxy system that basically anonymizes your ip address.

You can install the Tor client and connect or a super easy way is to run your own proxy and just have traffic flow through it. Don’t have to start up anything, its always running if you want to use it.

The Beaglebone black is a perfect device to run a Tor proxy on your home network. Once its setup, you can leave it plugged in via ethernet, a USB power supply and its always available. It makes a decent Ubuntu Linux server for development purposes too (although it compiles a little slow).  For a temporary website or learning a programming language its a great deal. We will also have a shortcut on your desktop that you can click on to make chrome go into incognito mode, and connect to our proxy with just one click.

I have always been on the lookout for a nice Bluetooth headset, and a new contender is the LG HBS-730. It is one of the newer style devices that sits on your neck and has ear-buds with wires. It allows you to make phone calls, and is mainly a set of wireless headphones. This means you can listen to music or podcasts all day, and make phone calls with it. So far I have been very impressed, the sound quality is great and phone calls sound just fine (I don’t make all that many these days but the ones I do are great).

This article deals with the wealth of information out there, and how to make sure yours is accurate. There are a few things I do to keep tabs on myself. The online world has an excellent memory. Your most likely have done it; Google yourself!

Type your name with quotes “a name” and see what comes up. Try all the different variants of your name. Use a different search engine too, they all have different results. A couple things that might show up, old message board postings, companies you have worked at, and organizations you are affiliated with.

So the jury is still out on Bitcoin, but I really like the idea of a virtual currency. Its value has been swinging quite a bit the last few years, but people who were in on the front-end have been rewarded.

If you have some extra cash, and don’t mind a little volatility, then why not get some BC? It could be an investment if you have a high risk tolerance.

I see a hundred different guides online but none of them really document the easy way to setup a reverse tunnel.

Q: What is a reverse tunnel?

Great question! A reverse tunnel is needed when you are trying to connect to a client computer from an outside connection. A typical scenario is the device you need access to is behind a firewall or proxy. Since you can’t make a direct connection to it (say you want to VNC, RDP, SSH to it, etc),  a tunnel is the best way to poke a hole.

If you manage a bunch of Redhat Enterprise Linux servers (RHEL), it can be wasteful or difficult to update packages from the internet each time (or you don’t have enough subscriptions). So let’s create a package repository on a local server which will update every night and allow the other internal servers to access it. This is particularly useful if only one server on your network has internet access or you have a slower connection.

This post will explain how I backup mine and my clients Linux servers to Amazon’s S3 file storage service via bash shell scripts.

It’s cheap, quick, and it takes care of off-site backups. I prefer to use a different provider than my hosting company in case of major system disruption. I hope everyone has great documentation on how to stand up a new server! With this design, it gives you ultimate control over how many backups you want, and how long to keep them. Amazon will actually take care of deleting old backups based on your preferences.

I have quite a few wordpress sites under management, and updating the plugins and themes can get quite tedious. This script will update all of them automatically (you will need SSH and CRON access for this) to whatever time-frame you set it to. The trick is to use “wp-cli” which is a command line toolset for WordPress that lets you do just about anything (you can even reset admin passwords so be careful who has access to this stuff).

If your not familiar with tor, check out https://www.torproject.org/ to get more information. Its a secure proxy system that basically anonymizes your ip address.

You can install the Tor client and connect or a super easy way is to run your own proxy and just have traffic flow through it. Don’t have to start up anything, its always running if you want to use it.

The Beaglebone black is a perfect device to run a Tor proxy on your home network. Once its setup, you can leave it plugged in via ethernet, a USB power supply and its always available. It makes a decent Ubuntu Linux server for development purposes too (although it compiles a little slow).  For a temporary website or learning a programming language its a great deal. We will also have a shortcut on your desktop that you can click on to make chrome go into incognito mode, and connect to our proxy with just one click.

I am a super Geek, so having my own ESXi server is a necessity. I have been using Vmware stuff since the company was created back in the day.

I had Dell T310 from my old business so its a perfect Vmware server. Has 4 hard disk slots, upgraded it to 16GB RAM, and two Ethernet ports. I have a small Belkin home wifi router which only has 4 gigabit ports, and I wanted to plug one more device in. What to do? Well my server has an extra gig port, its not doing anything, so why not connect that up an Ubuntu virtual machine and bridge between the two interfaces (can most likely do this in ESX, but whats the fun in that)?

This is kind of general holding place for commands that I run into and need to keep track of in Linux. I mainly play with Ubuntu and Kali but these should work with almost any distro.

If you run a ssh server on the internet, you want to minimize the risk of brute forcing. Its best to not allow root logins via anywhere, so that removes the easy job of guessing a username. This little trick will allow new connections to ssh from the same IP, only three times. So basically if someone keeps trying to connect to your ssh server, it will track the SYN packets and block them for 5 minutes after the 3rd new connection.  This also gets logged.

Meteor 1.5 is out and we can finally do code splitting!  If you are not familiar with code splitting, this allows us to separate our logic in a single page web app (SPA) and only send the client the relevant portions of code. This is useful in a couple immediate ways:

1. You have a giant application that is too large to send at once (any script files over 1MB often take too long and the user experience is terrible)
2. You want to keep some portions of code hidden until the user is authorized to see it

We are going to cover option 2 since that is a use case I just ran into. Sometimes splitting the code up can make the files larger (or the same size) so Meteor has provided a nice tool that helps visual how large the file sizes are once they are bundled. You can read more about that in this great post: Bundle Visualizer. Use the tool before the split, and after the split to make sure it doesn’t effect your code in the wrong way (compare the two).

The current way to connect Meteor into your React App is to use ES6 based components. Meteor has a function called “createContainer” that will send Meteor data into your React component as props instead of “this.data” access. This can make it a bit more complicated if you need to change your subscriptions based on React’s state, but we will talk about the new pattern you will need to use. This is a better pattern long term as you can switch out the top level data injection and re-use all your display logic (say you want to swap out Meteor down the road, or use Redux).

Does your application have users? I hope so! Keep them around and active.

The best way to get users engaged, and keep them coming back is to use email marketing. You can create a sign-up workflow, move users to different workflows based on what they are doing in your app, and re-engage users that haven’t logged in for X months/weeks. Its very easy, so here is some code that connects to the MailChimp API and lets you add users to Lists. Lists are what trigger the emails for each email address.

I have been chasing down an odd issue with a Meteor/React app I am building. The error showing up in the browser console is:

You are currently using minified code outside of NODE_ENV === ‘production’. This means that you are running a slower development build of Redux. You can use loose-envify (https://github.com/zertosh/loose-envify) for browserify or DefinePlugin for webpack (http://stackoverflow.com/questions/30030031) to ensure you have the correct code for your production build.

DNS, or domain name system is how nice names like google.com get translated into an IP address and eventually find the server that has your content.

For this article we are going to focus on website filtering (or content filtering) since the goal is to block access to websites that are deemed inappropriate. This can be blocked by a parent, employer, ISP, or government regulation/policy.

Employers typically have an enterprise policy which gets pushed out to your web browser, and they often have a proxy at the edge of the network which does HTTPS inspection. That will make all of the techniques we are going to discuss irrelevant since the employer controls all aspects of the network. This article mainly focuses on non-enterprise users.

When a company/enterprise is signing up with an ISP for internet access, they are able to connect in many different ways, but we are going to go over a couple of the popular methods.

NOTE: This is a brief overview to answer this one question, BGP is very powerful and programmable, so we won’t touch on most of its features.

If the company has its own ASN (Autonomous System Number) they can connect to an ISP and advertise out this number through BGP with the IP space (prefixes) they own. That way other participants in BGP can find the best path to get to that company/ASN and the IP space. Companies will typically get an ASN if they are an ISP or if they are hosting some sort of content that others need to access. You can think of content as a website, portal, video, audio, VPN, or anything else that someone else needs to connect to from somewhere else. A large majority of the time this content is “in the cloud” instead of on-premise, but many larger organizations have their own equipment and data centers to handle accessing this content.

c++ is one of my favorite programming languages. It has been around a long time (I used it for my bachelor degree) and is very mature. The libraries and optimized algorithms are great to make software fast and efficient.

The downside is more modern languages provide a wide array of features that make development much quicker. One of the main features is garbage collection, which is a memory management technique that Python and many other languages have built-in. With c++ memory management is handled by you!

I have been working with Django quite a bit the last few months, and finally deployed the app into production. The setup uses uwsgi and nginx.

My Django app uses threads quite a bit, and when deployed to development server using uwsgi/nginx, it was painfully slow. As in it took 15 minute to run commands that should take 30 seconds. So it took a while of experimenting, and determined that a setting was missing in the uwsgi configuration.

I recently had the need to figure out the date and time in my local timezone (Phoenix) for a future appointment. Bookings on a website don’t open until 12:01AM in their local timezone (HST), so how can you determine what date and time that is locally? Don’t want to be late to book! Counting on the calendar can be wrong by a day as well.

Python to the rescue. Two libraries make this easy: datetime and pytz.

This post will walk through a quick script that connects to a Cumulus switch and runs a command. Cumulus has a virtual machine appliance called VX available for free to run your tests on. Cumulus VX

Much of this can be found on the netmiko github:Netmiko

There is an examples directory that goes into more details for adding things like concurrency. If you are running this on 10+ switches in series, things get slow!

Meteor 1.5 is out and we can finally do code splitting!  If you are not familiar with code splitting, this allows us to separate our logic in a single page web app (SPA) and only send the client the relevant portions of code. This is useful in a couple immediate ways:

1. You have a giant application that is too large to send at once (any script files over 1MB often take too long and the user experience is terrible)
2. You want to keep some portions of code hidden until the user is authorized to see it

We are going to cover option 2 since that is a use case I just ran into. Sometimes splitting the code up can make the files larger (or the same size) so Meteor has provided a nice tool that helps visual how large the file sizes are once they are bundled. You can read more about that in this great post: Bundle Visualizer. Use the tool before the split, and after the split to make sure it doesn’t effect your code in the wrong way (compare the two).

The current way to connect Meteor into your React App is to use ES6 based components. Meteor has a function called “createContainer” that will send Meteor data into your React component as props instead of “this.data” access. This can make it a bit more complicated if you need to change your subscriptions based on React’s state, but we will talk about the new pattern you will need to use. This is a better pattern long term as you can switch out the top level data injection and re-use all your display logic (say you want to swap out Meteor down the road, or use Redux).

For the past few weeks I have been refactoring a client’s app to move from the React.CreateClass() format to the new and shiny ES6 class based format. We also re-factored Meteor from a mixin to the new createContainer component format. While we are at it, let’s demonstrate the functional based components for a child that only uses props (so not state). Functional components make the code much cleaner as you don’t need constructors for just display logic.

If you are creating things with ReactJS, it’s sometimes nice to use it in WordPress. I will describe how to use it in a page, but this should also work for just a post.

You can do this pretty easily with a couple plugins:

“Scripts N Styles” - this plugin will allow you to add JavaScript to your Page.

“Per Page Add to Head” - this will allow you to add the necessary JavaScript libraries to the head portion of the WordPress page. This is how React is actually loaded.

Does your application have users? I hope so! Keep them around and active.

The best way to get users engaged, and keep them coming back is to use email marketing. You can create a sign-up workflow, move users to different workflows based on what they are doing in your app, and re-engage users that haven’t logged in for X months/weeks. Its very easy, so here is some code that connects to the MailChimp API and lets you add users to Lists. Lists are what trigger the emails for each email address.

I have been chasing down an odd issue with a Meteor/React app I am building. The error showing up in the browser console is:

You are currently using minified code outside of NODE_ENV === ‘production’. This means that you are running a slower development build of Redux. You can use loose-envify (https://github.com/zertosh/loose-envify) for browserify or DefinePlugin for webpack (http://stackoverflow.com/questions/30030031) to ensure you have the correct code for your production build.

In late 2020 I decided to do a slight career shift from working in the enterprise world (Financials, Small Businesses) to the ISP space.

An ISP (Internet Service Provider) is how consumers and businesses access the internet. If you are reading this, you are going through one of many ISPs.

I am now on the other side of the fence, and it has been a wild ride! It really is amazing to see how the internet works and what “it” is. The internet can be fragile and remarkably adaptive at the same time.

I am moving my website over to Hugo. Its a static site generator that uses markdown syntax and a templating system. The binary is written in Golang and it is super fast.

I honestly got tired of all the authentication attempts trying to login to wordpress, it is insane how many of them there are per day. Even with a blocking mechanism in place, still hundreds on just this little site.

I see a hundred different guides online but none of them really document the easy way to setup a reverse tunnel.

Q: What is a reverse tunnel?

Great question! A reverse tunnel is needed when you are trying to connect to a client computer from an outside connection. A typical scenario is the device you need access to is behind a firewall or proxy. Since you can’t make a direct connection to it (say you want to VNC, RDP, SSH to it, etc),  a tunnel is the best way to poke a hole.

If you manage a bunch of Redhat Enterprise Linux servers (RHEL), it can be wasteful or difficult to update packages from the internet each time (or you don’t have enough subscriptions). So let’s create a package repository on a local server which will update every night and allow the other internal servers to access it. This is particularly useful if only one server on your network has internet access or you have a slower connection.

What is ScaleIO? It is a storage solution designed for small businesses and enterprises that use standard servers and disk inside of them to provide storage over ethernet. So if you are a Dell shop, you can install a few servers with a bunch of disks, install some software, and have a storage solution with automatic redundancy. ScaleIO needs direct access to the disk, so it runs best on bare metal servers using an OS such as Redhat Enterprise Linux (RHEL) or Ubuntu. In this guide, we will walk through a quick Redhat installation and optimization. A side note, running it completely in Vmware ESXi is supported, but access to the disk can get difficult, and you cannot VMotion or move the virtual machines anywhere. This is called in the “marketecture “world, hyper-converged. You are running everything off of one common server architecture.

It has been quite an adventure the last couple years, I finally was able to visit the South Pole, both geographic and ceremonial. There are two of them and they actually have poles. Each year the winter staff creates a new marker for the geographic pole, since it moves around 30ft per year.

I have never felt cold like I did there, and it was not a very cold time. Since the summer season is opposite of the U.S., it was -45F with the wind chill. It gets down to -100F during the winter. That makes your lungs hurt and takes some getting used to.

It has been a rush the past couple months planning and preparing! I have been working at McMurdo station in Antartica for a month now as a Senior Network Engineer. This has been on my list of jobs to keep an eye out for, and the opportunity came about. I have to say it has been a great journey so far, dealing with the new environment (I have been in a hot desert the last 9 years, so a cold desert is different!), learning new systems, meeting tons of new people.

MacOS has a few locations that start programs up on boot (called agents and daemons in macOS). If your Mac seems slower, this might be a cause, a bunch of background services running for programs you don’t use often enough. There are also programs that install themselves everywhere and just deleting the application will not remove them. We will walk through all the directories that an application can hide in.

In this guide I will show Python code that will use HTTP GET requests on the Cisco APIC / ACI system and pull data. This will let you get information from the APIC, and display it in a better way. There are many things missing from the GUI (mostly on the reporting front) that you can create with some basic Python scripting.

There are two formatting types to get data in and out of the APIC: JSON and XML. I will show both of them in this guide so you can decide which one works better in your environment. From a programmers perspective, I like JSON because it is basically a Dict in Python (which is nice for processing). With XML you need to convert it into a usable format using the xmltodict library.

I am going to run through a quick procedure to make the downloadable Cisco CUCM ISO images bootable. When you download them they are non-bootable for some reason. Use this at your own risk, and you must have a support contract to use any Cisco products. I am not liable for anything you do or mess up!

Cisco is nice enough to include the boot options and ISOLINUX files and configuration necessary to boot it. They just don’t add the boot sector to the ISO file.

I have been struggling with this question: Where should I live?

Close to work? Close to Friends? Close to things to do, close to hikes, close to biking trails?

All of these go into a decision, if you have children a huge part of that is schools and a younger neighborhood. I don’t have to worry about that.

A bunch of those questions are personal issues that you need to decide on how much time is spent on each.

I have been on an email cleanse lately, so going back and deleting old emails that there is no reason to keep. Over the years I have been quite good at labeling anything that is keep-worthy, but a few can slip through the cracks. Here is a simple search you can run inside your gmail box that shows all the emails you can look through and delete.

Search for this to find anything that doesn’t have a label,  isn’t in trash, your inbox nor drafts. The new Gmail search should return 100 results, so look through and see any you may have missed to label.

There is a image search feature that can be incredibly useful. It is called a reverse image search, and its is scarily accurate. Basically you can upload a photo or give Google the URL (a link) to a photo online and it will search for images that are the same or similar.

1. To use it, goto: https://images.google.com
2. Click the camera icon at the far right of the search box. Your options are Paste the URL (if you can find the picture link directly online) or upload a local picture.     Click This:

   

An easy way to get the URL (link) to a picture online with Firefox is to right click on the image, and select “copy image location”. This will copy the direct URL into your clipboard, then you can paste it directly.

In the I.T. industry we are constantly twisting, opening, screwing, unscrewing things. I have been on the lookout for a nice tool that will fit in my pocket without a giant bulge. Gerber has one that fits the bill, the Crucial.

Comes with pliers, very nice blade, can opener, philips and flathead. Just the basics and it has a pocket clip!

It fits perfectly into my “lighter” pocket right on the front jean pocket.

I have been on a power reduction kick lately to see how low I can get my monthly bill. Currently it is a perfect time of year in Phoenix, so we don’t need AC nor heat.

One tactic I use when traveling is to just turn off all of the circuits when I leave for more than a day. Do this right at the circuit breaker and all those “vampire” devices will go away. Make sure to keep the refrigerator and smoke detectors powered up. Watch out for alarm clocks that are battery powered, those will kill the battery over time.

This is a great story I see on the net, wanted to re-post it. Sums up quite a bit about life!

A boat docked in a tiny Mexican village. An American tourist complimented the Mexican fisherman on the quality of his fish and asked how long it took him to catch them.

“Not very long,” answered the Mexican.

“But then, why didn’t you stay out longer and catch more?” asked the American.

Meteor 1.5 is out and we can finally do code splitting!  If you are not familiar with code splitting, this allows us to separate our logic in a single page web app (SPA) and only send the client the relevant portions of code. This is useful in a couple immediate ways:

1. You have a giant application that is too large to send at once (any script files over 1MB often take too long and the user experience is terrible)
2. You want to keep some portions of code hidden until the user is authorized to see it

We are going to cover option 2 since that is a use case I just ran into. Sometimes splitting the code up can make the files larger (or the same size) so Meteor has provided a nice tool that helps visual how large the file sizes are once they are bundled. You can read more about that in this great post: Bundle Visualizer. Use the tool before the split, and after the split to make sure it doesn’t effect your code in the wrong way (compare the two).

The current way to connect Meteor into your React App is to use ES6 based components. Meteor has a function called “createContainer” that will send Meteor data into your React component as props instead of “this.data” access. This can make it a bit more complicated if you need to change your subscriptions based on React’s state, but we will talk about the new pattern you will need to use. This is a better pattern long term as you can switch out the top level data injection and re-use all your display logic (say you want to swap out Meteor down the road, or use Redux).

For the past few weeks I have been refactoring a client’s app to move from the React.CreateClass() format to the new and shiny ES6 class based format. We also re-factored Meteor from a mixin to the new createContainer component format. While we are at it, let’s demonstrate the functional based components for a child that only uses props (so not state). Functional components make the code much cleaner as you don’t need constructors for just display logic.

If you are creating things with ReactJS, it’s sometimes nice to use it in WordPress. I will describe how to use it in a page, but this should also work for just a post.

You can do this pretty easily with a couple plugins:

“Scripts N Styles” - this plugin will allow you to add JavaScript to your Page.

“Per Page Add to Head” - this will allow you to add the necessary JavaScript libraries to the head portion of the WordPress page. This is how React is actually loaded.

I have been chasing down an odd issue with a Meteor/React app I am building. The error showing up in the browser console is:

You are currently using minified code outside of NODE_ENV === ‘production’. This means that you are running a slower development build of Redux. You can use loose-envify (https://github.com/zertosh/loose-envify) for browserify or DefinePlugin for webpack (http://stackoverflow.com/questions/30030031) to ensure you have the correct code for your production build.

DNS, or domain name system is how nice names like google.com get translated into an IP address and eventually find the server that has your content.

For this article we are going to focus on website filtering (or content filtering) since the goal is to block access to websites that are deemed inappropriate. This can be blocked by a parent, employer, ISP, or government regulation/policy.

Employers typically have an enterprise policy which gets pushed out to your web browser, and they often have a proxy at the edge of the network which does HTTPS inspection. That will make all of the techniques we are going to discuss irrelevant since the employer controls all aspects of the network. This article mainly focuses on non-enterprise users.