Azure Point to Site VPN – Add or replace certificates.

Jan 18, 2019 | , ,

A year ago I set up a new environment for a company who decided to host everything in Azure.

I set up the virtual machines, the storage, the backups and everything that came along with that.  I also gave them a Point to Site VPN connection so they could independently make changes and modify / add data as needed.

Today that VPN connection stopped working.  Why? Simple.  The cert expired. Microsoft have written great documentation on this topic but by default, the root and client certificates only last for one year.  That’s for security reasons of course.  Each year, you renew your certificates and if someone has a certificate that should no longer be allowed, that cert becomes invalid. Nice and easy.

However, in addition to using certs, I also have accounts that I can modify on the local machines and each group of people have a different route cert so replacing certs isn’t a major problem.

That said, I wanted the certs to last longer than 1 year.  I could have made them last 10 years but I thought 3 years was a happy medium.

You could of course create the scripts using a GUI but here’s a faster way that uses Powershell.

$date_now = Get-Date
$extended_date = $date_now.AddYears(3)
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature
-Subject "CN=P2SRootCert" -KeyExportPolicy Exportable
-HashAlgorithm sha256 -KeyLength 2048
-CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign -Notafter $extended_date

Now create the client cert using this.

New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature
-Subject “CN=P2SChildCert” -KeyExportPolicy Exportable
-HashAlgorithm sha256 -KeyLength 2048
-CertStoreLocation “Cert:\CurrentUser\My” `
-Signer $cert -TextExtension @(“2.5.29.37={text}1.3.6.1.5.5.7.3.2”) -Notafter $extended_date

When you’re ready, open the route cert.  Remove the lines at the top and bottom of the file that indicate the start and end of the certificate then in Azure, browse to All Resources \ Your VPN Gateway,  Configure Point to Site VPN

Now add the new root certificate.

When you’re ready, download the VPN client.  ON the same Screen in the Azure portal, click Download VPN client.

 

If needed, remember to export your certificate.  Include to private key and give the exprrted PFX file a good strong password.

Getting stuck in.

Jan 17, 2019 | , , , ,

It’s been one of those weeks. There’s no major projects looming but yet there’s a lot of what would be called BAU “Business As Usual” tasks that need attention.  BAU tasks are not the most thrilling but never the less they need to be done I suppose.

So. I’m here at my desk. I’m signed in, I’ve the Bose QC35’s on my ears, the Ceol FM energetic stream is playing and I’m ready to go.

 

  1.  Email department about Azure subscription renewal.  They have several reserved instances and an Email thread with the sales partner has finally answered the questions that I had so I’m now in a position to make informed decisions so that they can renew their reserved instances and decide on their monetary commit for the next twelve months.  ON a separate note, I created that infrastructure in Azure exactly a year ago and it has had 100% up time.
  2. An integration project that has been ticking away needs attention.  The people who’s system I’m integrating have no technical problems in particular but I can tell from their responses that they are worrying so I think I’m going to arrange to meet them for a coffee later just to explain what’s happening and to put them at ease.
  3. I’ve been working on a Shiboleth IdP integration project for the last while but I inherited code and instead of objectively looking at it I just dived right in and started trying to make progress.  a month in, I’ve had to take a step back and look at what I’m trying to do.  The previous developer had tried to reinvent the wheel by manually writing the SAML using an XML writer. That’s fine for login. It’s not ideal but it will work.  But for logout, there’s just too much XML to write and the requirements for logout are tooo complex.  For example, although you might get the SAML write for sending the logout request, the SPNameQualifier meta data that’s needed is generated by a HTTP request that originates from the IdP.  If you query the SP for that directly, it won’t expose the data so it’s very hard to find out what should be written by investigating a working system.  Therefore, I’ve found a library that handles the Shiboleth conversation without needing to write all of the SAML by hand.  I’ve done some work on this on Tuesday but I will need to spent another few hours on this today.
  4. There’s a career progression task on my list. I’ll explain what that will involve later but that’s another hour gone.

There you have it. It’s going to be a full day.

 

Please send coffee.

 

Oh I’m also studying Azure enterprise architecture on Linkedin Learning at the moment. I’ve completed several projects in this area and I’ve attended at least a dozen courses and workshops in the area of Azure as well but cloud platforms are constantly evolving.   This particular course uses templates for everything which is a really good idea.  Using the web UI is inefficient. So far the infrastructure I’ve been working on is small enough.  Forty to fifty servers at most but as I start to look into ASR “Azure Site Recovery” and as high availability workloads are pushed to the cloud, I need to be more confident when deploying high availability resources out in bulk and verifying that configuration remains consistent through using templates and desired state configuration powershell scripts.

That’s what’s in my head this morning. Your welcome to it.

Windows Weekly 603. Paul Thurrott is so very wrong.

Jan 10, 2019 | , , , ,

Paul Thurrott, a tech journalist behind Thurrott.com contributes to a rather useful podcast on the Twit.tv network every week called Windows Weekly. I’ve listened to this podcast almost every week probably for at least 10 years.

This week, Paul went on one of his many rants but this rant was ill informed, damaging and utterly unhelpful. He makes certain arguements that could be perceived as being against inclusion and accessibility. Here are a few of the quotes from the podcast excerpt.

It’s done in the name of accessibility. That’s a crock.
Accessibility at any cost is just a brain dead mentality.

There’s this belief that anything that you add that is accessible is a win.

No offence to people who cant see or who see poorly and who want to set up Windows 10 on their own but if your vision is that bad the act of setting up Windows 10 is not a priority. In the background, Leo laughs. Paul continues: It’s something that is going happen once and you probably have someone else that can help you with that.

I have recorded a podcast that includes several extracts from this week’s Windows Weekly. Between the extracts, I have given my considered views on certain parts of Paul’s rant.

I would really hope that Paul listens to this and more importantly that as many people as possible who heard the latest Windows Weekly hears this as well.

Please comment here on the Blog. Facebook comments and Twitter mentions are great but it would be really nice to have the comments right under the post. Thanks.

IN this podcast, there are a number of audio recordings used. Here they are in full.

Differing opinion

An author on a site called BSG has shared an alternative opinion. The author states:

The blog has gone quite a while without me writing about twitter drama, but that is about to come to an end now. Blind twitter is all riled up and flipping out over something someone said on the Windows Weekly podcast. Spoiler alert, all the rage and offense is being blown out of per portion and there is 0 reason for any of it. People just seem to want to be offended, but of course I’ll show why this is all based on someone taking everything out of context to manufacture outrage.

The link to the full post is here.

I assume the someone the author is talking about is me. I have a few points in response and I have left a comment on that post but for your conveenience, I will include my comment here as well:

You have expressed a few interesting opinions and I except that you are entitled to them. However, I disagree that the origional blog post / podcast was out of context. I deliberately left most of the Windows Weekly podcast in my recording so as I couldn’t be accused of taking things out of context. I also provided a link to the Twit.TV Windows Weekly 603 show so that people could listen to it in full. In addition, I provided a link to a Youtube video showing the full Windows 10 setup experience.

My podcast is here for anyone who is interested: http://www.digitaldarragh.com/2019/01/10/windows-weekly-603-paul-thurrott-is-so-very-wrong/

And to show that I hold no ill will toward BSG for your differing opinion, I will include a link to your post as an edit to my origional piece.

I have been on social media for 10 years and I have had a blog for nearly 20 years. I stand by my content and my record. I have never insighted negativity toward another person however in this instance, I firmly believe that paul Thurrott’s comments were distructive, damaging, incorrect and misleading. Time and time again during the podcast and in messages, I have explained that my issue isn’t with the windows 10 setup. Microsoft can disable that feature I wouldn’t give it a second thought. As many have pointed out, it’s not an accessibility consideration. The huge problem I have here is in the way Paul Thurrott ranted. I have listened to Paul on podcasts for nearly ten years now and in the past few years, I have noticed his tendancy to launch into rants. However, this particular one went too far.

I am happy to discuss this with anyone. Including Paul Thurrott directly. My aim here has and is always to ensure that the message that Paul gave on Windows Weekly 603 is corrected. Not that he is attacked directly. And in faireness, I don’t see any indication that he has been personally attacked. In fact, messages to him on social media have been well worded and considered.

One final point. I respectfully submit that you consider that your take on Paul’s thought’s may be very different if you worked in the tech industry.

The podcast has now been listened to over 380 times. It has had 18 responses on Twitter, 4 on Facebook and 9 comments here on the blog. Not many in the grand scheme of things but for this low traffic blog it’s significant. I remain hopeful that the objective of this post will be achieved and TwiT will correct Paul Thurrott’s statements on Windows Weekly 604 due to be aired this Wednesday 16th January.

We got a new pup. We must be mad!

Jan 9, 2019 |

About two years ago we started to notice that our children were nervous and sometimes even afraid around other dogs. It’s really strange because we have a dog at home and they are around it every day. We would teach them to have a healthy respect of dogs but we encouraged the contact when possible.

RcNama and Réalta drinking from the same bowl. About a year ago, Nama, my guide dog had a few negative encounters with other dogs. He was attacked a few times by loose dogs and after a few of these encounters, he decided that he would attack before they attacked him.

We decided a year ago that we would get another dog as a pet. It makes sense. Nama gets ongoing exposure to another dog and so too do the children. The pup will also help with keeping Nama engaged with everyone in the house and more mobile. When the pup gets attention, Nama joins in. It’s great because he was enjoying his bed a little too much.

Enter stage left Réalta. She’s a Lurcher pup that’s now about 12 weeks old. Her father is a Greyhound Collie cross. Her mother is a Greyhound Collie Whippet cross.

Back in August, I was talking to a friend during Music at the Gate. I mentioned that we were actively looking for a lurcher but the right one. We had visited a few dogs but hadn’t found the right temperament. I didn’t know that the man I was talk to actually bread lurchers! He promised me that he would find a breeding pair that he would trust to provide a really great pup with the temperament that we were looking for. Four months later I get a call to tell me that the pup was ready and it would be dropped off a few weeks later.

Réalta arrived a few weeks before Christmas. She’s getting on really well. Oh Réalta for anyone who doesn’t speak Irish is the word star. Because Réalta is one of the best traditional groups ever and star because…. you know…… Christmas, stars, all that kind of stuff.

So here’s the thing. Pups are nuts! Crazy! Wild! Untamed! We should have called her zoom because she has two speeds. Stop and zoom! Or maybe bounce because sometimes she stops, zooms then bounces off the fridge, a door or a wall. IT’s kind of funny. She flies through the house, through the living room, out through the hall, into the kitchen and tries to make a slight left adjustment to avoid the corner of the fridge. Sometimes she doesn’t quite make it though and there’s a crash followed by a tiny whimper. Sometimes she over compensates and her four paws go from under her and she slides across the floor for a second until she rights herself. It’s really funny. It doesn’t bother her of course. Two seconds later she’s off zooming around the place again without a care in the world.

It was great getting a new pup right before Christmas. It added to the energy in the house over our favourite time of the year. It was also nice that I was off for about two and a half weeks so I got to spend a lot of time with her. But now the fun begins. We’re establishing a more rigid routine now that we’re back to our normal daily activities. Getting up in the morning is now a crazy blur of craziness. I remember the days when I’d have a few minutes to get up, grab some breakfast and a cup of coffee, take a leisurely shower, sort out Nama then head to work. Now it’s something like this:

*. Get up.

Go down stairs

Turn the alarm off

Nama jumps out of bed. I tell him to settle quietly.

I grab Réalta from her bed

I bring her outside because if I leave her for any time at all, she’ll pee on the floor.

When she’s peed I let Nama then relieve himself and I try to get dog food ready. While I’m doing that, Réalta goes zooming around the garden. I need to go grab her then rush back so Nama doesn’t manage to get to the food before I do.

I feed Nama then bring Réalta to eat. If I don’t have both food bowls prepared quick enough, both dogs will make too much noise. Nama will start dancing and Réalta will start crying and barking.

Both dogs eat. Then it’s back outside to the dog run but it takes some convincing. I bring Réalta in but she needs some convincing to relieve herself. She finally finishes then I sort out Nama.

After I’ve sorted Nama out I go find Réalta again. She’s gone zooming around the garden again so I have to go find her again. Then Nama does the same so I have to talk to him nicely so he comes back as well.

I go inside and start to make breakfast. Meanwhile I’m talking to Nama so he has attention and I’m occasionally distracting Réalta from playing with my laptop case, the swim bag that Emma has out in preparation for today, the bottom of the kitchen chairs and everything else that has caught her attention in that millisecond.

By the time I’ve had breakfast and had a coffee, I’m wrecked! I get into the shower, rush to get dressed then fly out the door glad to go to work for a break for a few hours.

I pity Emma then because she has Réalta still zooming around the house and two children to get ready for school.

It’s just nuts!

But I wouldn’t trade her though. The children are really enjoying having the pup around and Nama is a lot more sociable.

Silly season is over.

Jan 6, 2019 |

Emma my wife wearing a cat mask playing with my son and daughterAnother Christmas is over. Christmas is my favourite time of the year. I hate the marketing side of things. But fortunately we very rarely have a television on in this house and when we do, we tend to stick to streaming services such as Netflix so advertisements have minimal impact on our household. The reason I enjoy Christmas is it’s always a great opportunity to spend far too much time with family and friends. I say far too much time because invariably we gravitate to a particular house each year. Recently it’s because Méabh and Rían are getting enjoyment from the other children in that house. I hear some people say that after the hype leading up to Christmas they are just tired of it and within a few days they don’t know what to do. I’ve never found that. I managed to take just over two weeks off this year. I spent a lot of time with the children, the dogs and my wife. I also got to spend about two days working on things that I wanted to spend time on. I could easily spend another two weeks doing the same. No day is boring. There’s always something to be done, someone to visit or somewhere interesting to travel to. IT’s the lack of defined things to do that makes Christmas so enjoyable for me.

Walking with my two children and my guide dog through Laurence's street shopping centre. My son is on my back. My daughter is holding my hand.Tomorrow, I’m back to work, the children are back to school and life will return to normal. I’m reasonably okay with that. There are a few things that I want to get stuck into in work and I’m looking forward to ramping up the music side of things in anticipation of the Fleadh in Drogheda in August. It’s going to be a busy 8 months until the next decent block of time off. It’s an eight months where I’ll have a lot to do but if I play my cards right, the hard work will be rewarding and the commitment will pay off.

I hope that what ever you did, you had a very enjoyable Christmas break.

Friday night music

Jan 5, 2019 | ,

Cabin fever was starting to creep in.  I had spent three days migrating sites to a new server and polishing up this site so I was overdue for a bit of relaxation.

I decided yesterday at about 4pm that I hadn’t paid the Cobblestone a visit in a while so I’d go for a few tunes.  By ten past four I was out the door with the pipes on my back heading to the train station.  The dog hadn’t been working all that much over Christmas so even though I had the pipes on my back it still only took us about 20 minutes to get there.  The damn 4:47 train wasn’t running though so all that rushing was pointless.

Musicians playing in the Cobblestone in DublinAnyway, getting to the point of all this, the Cobblestone session was as inviting as always.  As soon as I walked in the door, a stool was presented and I was welcomed in.  The tunes were slow which wouldn’t usually be my style but I enjoy the change so I settled in for a few hours of tunes, stories and craic.

With a dog called Nama, I regularly get sniggers or laughs when I tell people what his name is.  Yesterdays reaction was a new one though.  One of the regular musicians, Mick asked the name of the dog and when he heard it his response was:

What do Nama and pipers have in common? They both complain about their regulators.

Terrible joke. Absolutely terrible. But I couldn’t help laugh.  It’s one of the more creative responses to his name that I’ve heard in six years.

In no time at all, it was 8:30 and time for me to make the run to Connolly for the 8:50pm train.  I wanted to make it to a session in Dundalk in a place called Toales pub.  I have heard great things about this session and I’ll tell you now. The session lives up to it’s reputation.

The train pulled into Dundalk at 9:50 and I set off walking again.  It’s funny. I have Nama so long now that I forget the places he’s been to and the places he hasn’t.   When I had my first guide dog Freddie, we lived in Dundalk for a while so Freddie knew Dundalk very well.  Nama wouldn’t know it so much.  So when we were leaving the train station I was surprised when he waited for instructions.

It was nice walking from the train station. I wanted to cut down a narrow walkway that runs beside a school.  But I haven’t walked through that area in at least eight years.  I wasn’t sure if I would remember where the walkway was but luckily enough, It came back to me in bits as we approached that area.  Nama loves this kind of thing.  Walking through areas that he’s never been to while I give him instructions. He gets a thrill out of it I think.

Musicians playing in ToalsBack to the music.  Toales was just getting started when I arrived shortly after ten. But already powerful musicians Andrew Kelly, Graine Smyth, Finien O’Connor and Feargal Mcardle were starting a set.  Again I was warmly welcomed and the tunes flowed.  About half an hour Sean Conway joined giving an already powerful session another boost.  Shortly after that Oisin McCann joined. Then Tadhg Mulligan walked in around 12am and of course a seat materialized and he was promptly told to sit down and play a few tunes.  There were others there as well.  Caoimhe on the fiddle, Keili on the accordion  and more on flutes and fiddles.  It was just an amazing night of tunes.  Tunes that I’d never dream in weird time signatures like 7 8 were encouraged and enjoyed.

There’s one thing that’s certain.  I’ll be back there again soon.

It cost €50 euro in a taxi.  Money well spent in my opinion.

Musicians playing in toals. You can also see Darragh from the side.DArragh playing in Toales

Brief introduction to voice guide on Samsung television

Jan 3, 2019 | , , , ,

I bought this Samsung television a week or so ago with no expectation that it would be accessible to me at all. I went for the 6th generation 49 inch QLED model as it is a good balance between functionality, modern technology and price for what my family want it for. I was therefore amazed when with a bit of digging through the menus,, accessibility options were found that enabled a fully functional screen reader called Voice Guide. This provides great access to most apps and all built in features of the smart television. It’s nothing less than remarkable and in addition to highlighting this here, I have also sent a letter of thanks to Samsung for this great innovation.

Watch this quick and dirty video for more details:

Please note: There’s a problem with displaying the video at the moment. I’m working on it. For the moment please open the video in full screen to view it properly while I figure out what’s wrong.

There’s a good article about this on the Samsung website

So long social networks

Jan 3, 2019 | , ,

Background

In around 2007, I took the plunge and started a Twitter account. I had been blogging regularly for about four years and in fact the DigitalDarragh.com website was over seven years old. Twitter was a way for me to engage with other bloggers, talk to readers and drive more traffic to the site. It served me very well up until about 2013. But from then on I began drifting away from it. From aroudn 2010, Facebook started to catch my attention and I posted more and more on tha tplatform. It was less about driving traffic to digitaldarragh.com and more about connecting with family and friends. But in 2016, that too changed. Facebook started to become a music networking platform. Suddnenly I had over a thousand friends on Facebook most of which I wouldn’t recognise if they said hello on the street.

My primary online social media activity for the past six or so years has been centered around these platforms and although I have huge concerns around privacy on Facebook and I dislike the bullying on Twitter, they have served a need.

Realization

That said, something has tipped the scales for me. I used to post audio to Audioboom, video to Youtube and then the normal social media stuff on either Facebook and Twitter. But recently, Audioboom has decided that it’s in effect shutting down as a consumer service. This was a brilliant audio podcasting network and because it’s not finantially viable, it’s leaving content creaters high and dry by deciding to remove that functionality. Facebook, Twitter and other social networks could at any moment do the same although currently, it’s not likely. But what it has reminded me and highlighted is this content that we post is often very personally significant It’s not just ours in terms of intellectual property or even owned by us personally in terms of some kind of limited copyright. Social media platforms own that data, text, picture, video or audio as soon as you post it to their servers but they can also share it, delete it or misplace it without many or any repercussions. So take Facebook for example, they could decide that retaining ten, twenty or thirty years of video isn’t finantially viable and therefore place a retention period of five years on it. But these are often your memories so fifteen years later, a memory that might have been really important to you that you want to look back on may no longer be available. Again, this isn’t the current reality, but there’s nothing stopping Facebook or any other platform doing it just like Audioboom has.

New years resolution? I hope not.

At the start of each new year, dead blogs that have been neglected for ages often hold promises of more content. This promise has certainly been made here a few times but this year will likely be different. I’m moving back from social networks such as Twitter and Facebook and I’m posting the things that are important to me here instead. This may result in shorter more frequent blog posts, more video, more audio or longer posts containing all forms of media. I really don’t know. Let’s see how it all works out.

Techy stuff

For now, you may notice a few test posts going up while I work on more effective ways of delivering video and audio without eating all the bandwidth on the server.

To prepare for this new bout of blogging, I’ve dusted off the site, given it a brand new coat of paint and taken a sledge to the old server. It’s now on a shiny new system with more RAM, more CPU cores, better disks, more bandwidth and all round greatness.

Deprecating core commands

Jan 3, 2019 | , ,

My opinion doesn’t matter a damn of course. But I’m going to write it here anyway.

You install Linux, log in and the first thing you will need to do is find out the IP address your DHCP server has given it so what do you type?

ifconfig

The last thing you expect to find is that the command has been deprecated. If Microsoft did something like this I would be a bit miffed as well. Why change core commands. Okay. ifconfig wasn’t maintained and ip has more functionality so why not just branch ifconfig and add that functionality in! I know. That’s a very simple opinion to have but ifconfig is used on Unix and several spin ofs so why the hell would Debian decide to remove it completely. same with netstat and route! It just seems stupid and crazy to me.

I don’t mind learning about ip. But it’s such a core command. I shouldn’t need to think of what distribution I’m in when I’m deciding the command that I’m going to use just to check an IP address.

You can read more about the deprecation of ifconfig in this Server fault forum thread.