This was Tyla’s idea (my daughter); we wrote a book together… I figured I would just post it here. When my kids where small I used to make up stories; this was one of them.. The Magic Beans Book 1: The Land of Candy Chapter 1: The Long Summer The sun was relentless, a heavy, golden weight pressing down on … Continue reading “The Magic Beans : By Tyla and Andrew Baker”
I have no idea why you need this, but if you’re unlucky enough to be on a windows device then you may as well get used to this, so here is a powershell for a BSOD..
This is (hopefully) a short blog that will give you back a small piece of your life… In technology, we rightly spend hours pouring over failure in order that we might understand it and therefore fix it and avoid it in the future. This seems a reasonable approach, learn from your mistakes, understand failure, plan your remediation etc etc. But … Continue reading “Technology Culture: The Sinking Car Syndrome”
Finding issues in SQL Server is not alway that easy. It can be NUMA issues, it can be DBCC settings, it can even be the CU (eg CU19). A friend sent me a very useful query a few years ago that really helped me fault find these issues. It was written by Glenn Berry, but I lost the query. Luckily … Continue reading “Ms Sql Server 2019 Diagnostic Query”
The Amazon EC2 console allows you to delete up to 50 Amazon Elastic Block Store (Amazon EBS) snapshots at once. To delete more than 50 snapshots, use the AWS Command Line Interface (AWS CLI) or the AWS SDK. To see all the snapshots that you own in a specific region, run the following. Note, replace af-south-1 with your region: Note: … Continue reading “AWS: Use the AWS CLI to delete snapshots from your account”
Most companies will have a fair amount of SQL databases and its likely that most of those databases are performing sub-optimally due to missing indexes. We can debate (for a long time) the pros and cons of indexes, but the undeniable reality is that having missing indexes on large tables create a lot of issues in production environments (including, slowness, … Continue reading “Sql Server: Query to View a list of missing indexes from your Sql Server database”
You can absolutely get the following from the AWS help pages; but this is the lazy way to get everything you need for a simple single account setup. Run the two commands below to drop the package on your Mac. Then check the versions you have installed: Next you need to setup your environment. Note: This is NOT the recommended … Continue reading “AWS: Install and configure the AWS CLI on a Macbook”
Below is a quick (am busy) outline on how to automatically stop and start your EC2 instances. Step 1: Tag your resources In order to decide which instances stop and start you first need to add an auto-start-stop: Yes tag to all the instances you want to be affected by the start / stop functions. Note: You can use “Resource Groups and … Continue reading “AWS: Automatically Stop and Start your EC2 Services”
I have seen many organisations restructure their technology teams over and over, but whichever model they opt for – they never seem to be able to get the desired results with respect to speed, resilience and quality. For this reason organisations will tend to oscillate from centralised teams, which are organised around skills and reuse, to federated teams that are … Continue reading “How to Optimise your Technology Teams Structure to improve flow”
Once you start using a zero trust network, the first causality is normally the Ping command. The gping (Graphical Ping) command line displays a color coded realtime graph of continuous pings to a specified host and it supports specifying alternate interfaces/gateways. First lets find which interface to use. The “arp -a” command is used to display the ARP cache on a … Continue reading “Macbook OSX: Using gping over a Zero Trust Network Client (like Zscaler)”
If you have multiple connections on your device (and maybe you have a zero trust client installed); how do you find out which network interface on your device will be used to route the traffic? Below is a route get request for googles DNS service: If you have multiple interfaces enabled, then the first item in the Service Order will … Continue reading “Mac OSX : Tracing which network interface will be used to route traffic to an IP/DNS address”
If you have just changed ISPs or moved house and your internet suddenly starts misbehaving the likelihood is your Maximum Transmission Unit (MTU) is set too high for your ISP. The default internet facing MTU is 1500 bytes, BUT depending on your setup, this often needs to be set much lower. Step 1: First check your current MTU across all … Continue reading “Finding and Setting the Maximum Transmission Unit (MTU) on a Windows Machine”
If you have just changed ISPs or moved house and your internet suddenly starts misbehaving the likelihood is your Maximum Transmission Unit (MTU) is set too high for your ISP. The default internet facing MTU is 1500 bytes, BUT depending on your setup, this often needs to be set much lower. Step 1: First check your current MTU. As you … Continue reading “Finding and Setting the Maximum Transmission Unit (MTU) on Mac/OSX”
I frequently forget this command shortcut, so this post is simply because I am lazy. To clear your history in iTerm press Command + K. Control + L only clears the screen, so as soon as you run the next command you will see the scroll back again. If you want to view your command history (for terminal) type:
There are three basic ways to secure email, these are: Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), Domain-based Message Authentication, Reporting & Conformance (DMARC) definitions. Lets quickly discuss these before we talk about how to check if they have been setup: SPF helps prevent spoofing by verifying the sender’s IP address SPF (Sender Policy Framework) is a DNS record … Continue reading “Macbook: Check a DNS (web site) to see if basic email security has been setup (SPF, DKIM and DMARC)”
1. Find a list of IP addresses linked to a domain To find the IP address for a particular domain, simply pass the target domain name as an argument after the host command. For a comprehensive lookup using the verbose mode, use -a or -v flag option. The -a option is used to find all Domain records and Zone information. You can also notice … Continue reading “Macbook: Querying DNS using the Host Command”
Nikto is becoming one of my favourite tools. I like it because of its wide ranging use cases and its simplicity. So whats an example use case for Nikto? When I am bored right now and so I am going to hunt around my local network and see what I can find… Now lets pop across to nmap to get … Continue reading “Hacking: Using a Macbook and Nikto to Scan your Local Network”
If you see the error “The capture session could not be initiated on the device “en0″ (You don’t have permission to capture on that device)” when trying to start a pcap on wireshare you can try installing ChmodBPF; but I suspect you will need to follow the steps below:
When you open terminal you will see that it defaults the information that you see on the prompt, which can use up quite a bit of the screen real estate. Customize the zsh Prompt in Terminal Typically, the default zsh prompt carries information like the username, machine name, and location starting in the user’s home directory. These details are stored … Continue reading “Macbook: Changing prompt $ information in the mac terminal window”
This is a very short post to help anyone quickly setup vulnerability checking for a site they own (and have permission to scan). I like the vulners scripts as they cover a lot of basic ground quickly with one script.
The below script will give you basic information on a websites certificate: NMAP is provides a simple way to get a list of available ciphers from a host website / server. Additionally, nmap provides a strength rating of strong, weak, or unknown for each available cipher. First, download the ssl-enum-ciphers.nse nmap script (explanation here). Then from the same directory as the script, run … Continue reading “Mac OS X: View the details of a websites supported TLS certificates from terminal”
If you want to automatically renew your certs then the easiest way is to setup a cron just to call letsencrypt periodically. Below is an example cron job: First create the bash script to renew the certificate Now enter the script in the following format into nano: Now edit the crontab to run the renew script:
If you have ever tried to use jumbo packets, or trace a weird slowness on the network – one of the things that frequently comes up is packet fragmentation. This is basically where a source machine is sending bigger packets than can be consumed along its pathway to a destination machine. This means the packets will need to be split … Continue reading “Linux: Find the maximum packet size (MTU) between two hosts (using do not fragment flag)”
If you have ever tried to use jumbo packets, or trace a weird slowness on the network – one of the things that frequently comes up is packet fragmentation. This is basically where a source machine is sending bigger packets than can be consumed along its pathway to a destination machine. This means the packets will need to be split … Continue reading “Mac OS X: Find the maximum unfragmented packet size (MTU) to reach a host”
Imagine you have trauma and could figure out whats causing in under one minute. Obviously, the preference is an observability platform – but for my little wordpress site I don’t really have the budget. So I just use a few tools to isolate common issues. The idea behind this blog is to quickly isolate the fault by looking for errors … Continue reading “Linux: Diagnose your linux server in under a minute using standard (free) command line tools”
To retrieve a list of the SSL/TLS cipher suites a particular website offers you can either use sslscan or nmap alternatively you can just use nmap (note: i use “-e en0” to bypass zscaler): Another variant (including cert dates, again “-e en0” is used to bypass zscaler):
Web devs need to know the http headers their apps/webpages. This can be easily achieved using a browser plugin for Chrome or Firefox. But I prefer to use the command terminal, and curl makes this really easy.
DIG is an awesome command line utility to explore DNS. Below is a quick guide to get you started. Query Specific Name Server By default, if no name server is specified, dig will use the servers listed in /etc/resolv.conf file. To view the default server use: You can override the name server against which the query will be executed, use the @ (at) symbol followed by … Continue reading “Macbook: Exploring DNS using DIG (Domain Information Groper)”
Below is a dump of examples of doing pretty much the same thing differently. I mostly use netstat and lsof, coupled with some bash scripts. You can argue that this is overkill, but below is a simple bash function that you can paste into terminal and call it whenever you want to see which application/process IDs have open ports: Below … Continue reading “Macbook: Show which applications have ports open and to what IP address”
I think you’re a genius! You found this blog and your reading it – what more evidence do I need?! So why do you keep asking others to think for you? There is a harmful bias built into most technology projects that assumes “the customer knows best” and this is simply a lie. The customer will know what works and … Continue reading “Technologists: Please Stop asking for requirements 😎”
I always forget the syntax of SCP and so this is a short article with a simple example of how to SCP a file from your laptop to your EC2 instance and how to copy it back from EC2 to your laptop: Copying from Laptop to EC2 scp -i identity_file.pem source_file.extention username@public_ipv4_dns:/remote_path scp: Secure copy protocol-i: Identity filesource_file.extension: The file that you want … Continue reading “Macbook/Linux: Secure Copy from your local machine to an EC2 instance”
A lot of companies are moving to ZTNA (Zero Trust Network Architecture). This is generally a good thing, it helps cyber posture and it and makes life a lot easier as you no longer need to login to VPN tunnels to manage your cloud environment/s. But one of the few downsides of ZTNA is that (by definition) it cannot support … Continue reading “Macbook: Alternative to Ping (using TCP rather than ICMP)”
22 If you want to change the default mail client on your Mac then you can use a quick Python script to quickly change the default mail app. Copy/paste the following command into Terminal. Below I am setting Outlook to be the default mail client, but you can replace com.microsoft.Outlook with whatever application bundle identifier you use. Note: If you’re not sure … Continue reading “Macbook: Change the default Mail Client using Terminal/CLI (Command Line Interface)”
To view the list of nameservers your mac is using, simply open Terminal and paste the following: Alternatively, you can copy the DNS servers to clipboard directly from the command line (using pbcopy):
I am not going to tell you why you would need to flush your DNS cache (you will know if you need to). So, to flush DNS on a mac simply fire up Terminal and run the following sudo command:
I recently managed to explode my wordpress site (whilst trying to upgrade PHP). Anyway, luckily I had created an AMI a month ago – but I had written a few articles since then and so wanted to avoid rewriting them. So below is a method to create a backup of your wordpress mysql database to S3 and recover it onto … Continue reading “How to Backup your MySql database on a bitnami wordpress site”
If the fingerprint of your remote host changes you will see the following error message appear: There are many ways to fix this. The easiest of which is simply to delete your “known_hosts” file. This will mean you just need to accept new finger prints on all your SSH hosts. Yes, this is very lazy…
If you’re like me, little things bother you. When I turn on my bluetooth headset and it connects to my Macbook when its closed/sleeping, I get very frustrated. So I wrote a simple script to fix this behaviour. After running the script below, when you close the lid on your Macbook it will automatically turn bluetooth off. When you open … Continue reading “How to Automatically Turn your bluetooth off and on when you open and close your MacBook”
If you want to quickly test a URL for changes, then the linux Watch command couple with Curl is a really simple way to hit a URL every n seconds (I use this for blue/green deployment testing to make sure there is no downtime when cutting over):
If you are testing how your autoscaling policies respond to CPU load then a really simple way to test this is using the “stress” command. Note: this is a very crude mechanism to test and wherever possible you should try and generate synthetic application load.
Previously Macs would allow you to install software from anywhere. Now you will see the error message “NMAPxx.mpkg cannot be opened because its from an unidentified developer”. If you want to fix this and enable apps to be install from anywhere, you will need to run the following command line: Once you have run the script you should then see … Continue reading “How to Install Apps From Anywhere on Apple Mac”
bonuscide noun Definition of bonuscide: Bonuscide is a term used to describe incentive schemes that progressively poisons an organisation by ensuring the flow of discretionary pay is non does not serve the organisations goals. These schemes can be observed in two main ways, the loss of key staff or the reduction in client/customer base. Bonuscide becomes more observable during a … Continue reading “Definition: Bonuscide”
Introduction This article follows on from the “Cloud Migrations Crusade” blog post… A single tenancy datacenter is a fixed scale, fixed price service on a closed network. The costs of the resources in the datacenter are divided up and shared out to the enterprise constituents on a semi-random basis. If anyone uses less resources than the forecast this generates waste … Continue reading “Part 2: Increasing your Cloud consumption (the sane way)”
Back in the day I had to do quite a bit of COM / .Net interop. For some reason (and I cannot remember what it was), I need to be able to enumerate the COM running objects table (ROT). I think it was to do with createboject/getobject and trying to synthesis a singleton for an exe. The System.Runtime.InteropServices.Marshal.GetActiveObject method will … Continue reading “Iterating through the contents of the ROT (running objects table) using C#”
I remember getting weird flashing on my laptop and eventually figured out my icon cache was full. So if you ever get this, try running the script below. This is obviously quite a weird/random post – hope its helpful 🙂
In technology, there is a tendency to solve a problem badly by using gross simplification, then come up with a catchy one liner and then broadcast this as doctrine or a principle. Nothing ticks more boxes in this regard, than the principle of least privileges. The ensuing enterprise scale deadlocks created by a crippling implementation of least privileges, is almost … Continue reading “The Least Privileged Lie”
I was playing with S3 the other day an I noticed that a file which I had uploaded twice, in two different locations had an identical ETag. This immediately made me think that this tag was some kind of hash. So I had a quick look AWS documentation and this ETag turns out to be marginally useful. ETag is an … Continue reading “AWS: Making use of S3s ETags to check if a file has been altered”
If you need to test out your big data tools below is a useful set of scripts that I have used in the past for aws emr and redshift the below might be helpful:
So after getting frustrated (and even recreating my ec2 instances) due to a “Permission denied (publickey)”, I finally released that the worpress builds by default as set up for SSH using the bitnami account (or at least my build was). This means each time I login using ec2-user I get: Being a limited human being, I will never cope with … Continue reading “Setting up ssh for ec2-user to your wordpress sites”
Ok, so I am a windows dude and only after docker and K8 came along did I start to get all they hype around Linux. To be fair, Linux is special and I have been blown away with the engineering effort behind this OS (and also glad to leave my book of Daniel Appleman win32 api on the shelf for … Continue reading “Linux: Quick guide to the CD command – for windows dudes :)”
This is a short blog, and its actually just simple a plea to AWS. Please can you do three things? North Virginia appears to be the AWS master node. Having this region as a master region causes a large number of support issues (for example S3, KMS, Cloudfront, ACM all use this pet region and all of their APIs suffer … Continue reading “AWS: Please Fix Poor Error Messages, API standards and Bad Defaulting”
Getting an application knocked out with a simple SYN flood is both embarrassing and avoidable. Its also very easy to create a SYN flood and so its something you should design against. Below is the hping3 command line that I use to test my services against SYN floods. I have used quite a few mods, to make the test a … Continue reading “A simple DDOS SYN flood Test”
Introduction In most large corporates technology will typically report into either finance or operations. This means that it will tend to be subject to cultural inheritance, which is not always a good thing. One example of where the cultural default should be challenged is when managing IP duplication. In finance or operations duplication rarely yields any benefits and will often result in … Continue reading “The Triplication Paradigm”
The cloud is hot…. not just a little hot, but smokin hot!! Covid is messing with the economy, customers are battling financially, the macro economic outlook is problematic, vendor costs are high and climbing and security needs more investment every year. What on earth do we do??!! I know…. lets start a crusade – lets go to the cloud!!!! Cloud … Continue reading “Part 1: The Great Public Cloud Crusade…”
Today I am a happy bunny!!!! Yury Tsarev (a very clever dude) did a presentation to one of the Kubernetes co-founders Tim Hockin. The demo was one of absa banks opensource projects called K8GB (a cloud native GSLB for K8s): https://www.k8gb.io/ Why do I like K8GB? Because it uses a single CRD that integrates to all the big DNS providers … Continue reading “External k8gb presentation to Kubernetes SIG multicluster”
Just popping this here as I have had this a few times. Have you ever had your desktop icons flash and if you check explorer.exe its using high CPU. If so try: Step 1. Delete the Icon Cache Save the following as a batch file on your desktop and run it as admin: Step 2. Tweak the Registry Try setting … Continue reading “Windows 10: How to fix you desktop flashing icons”
Below is a sample class containing a high performance timer. Example usuage: PerformanceTimer pf = new PerformanceTimer(true);float timeMs = pf.GetTimeMs(); }
Unfortunately, the following (seemingly harmless code) requires administrator rights (and on Windows 2003 you will need to be member of “Performance Monitor Users” group): In most cases this is not appropriate and certainly not in a Citrix environment. If you call it without the correct permissions you the following stack dump: Below is a light weight alternative to System.Diagnostics.Process.GetCurrentProcess().ProcessName and … Continue reading “A lightweight alternative to Process.GetCurrentProcess().ProcessName”
I regularly administer Windows 2000 Server and Windows Server 2003 machine using Terminal Services. In W2K I use Terminal Services in Administration mode and in W2K3 I use Remote Desktop. Basically this is the same thing but it’s packaged a bit differently on the two OSes. In both situations there are only 2 users allowed for administration so occasionally both … Continue reading “Managing Terminal Services Sessions Remotely”