Active Directory makes me something something....

Been working on Windows Server 2008 Active Directory automatic installation.  All I want to do is use automatic installation of IE 11 with a specific Content Adviser set.  But no.   When I update Content Adviser using the IE Automated Installation Kit, it doesn't update Content Adviser.  It doesn't even install.

Great.

Back to beating on the same problem.

Introduction to Networking Chapter 3 notes

Chapter 3 notes from Introduction to Networking

Network protocols and communication

Rather than adopt new standards and rebuilding the wheel, the network industry has developed a framework

-use of accepted models

All communication has 3 elements

-sender or source

-receiver or destination

-channel, the medium over which the message travels

transmission governed by protocols

-specific to type of communication

protocols necessary for effective communication

-specific to characteristics of communication method

-must be followed to be successfully delivered and understood

-identify sender and receiver

-common language and grammar

-speed and timing of delivery

-confirmation of acknowledgement requirements

Network protocols define

-message encoding

-msg formatting and encapsulation

-msg size

-msg timing

-msg delivery options

message encoding

-process of converting into another form for transmission

decoding - reverse of encoding; used to interpret

message formats

-depend on msg

-channel

if destination address and formatting wrong, then msg is not delivered

-computer format called a frame

frame acts like an envelope

message size

-large messages broken into smaller

message timing

access method- where you can send

flow control - how much and how fast

response timeout - reaction according to no answer

rules of communication

message delivery options

1 to 1 - unicast

1 to many - multicast

1 to all - broadcast

protocol suite - a group of interrelated protocols necessary to communicate

visualized as a stack

lower layers - transmit data

upper layers - focused on content

application protocol

transport protocol

internet protocol

network access protocol

standards organizations

-open standards encourage competition and innovation

-prevent monopoly 

-standards organizations write rules in order to maintain an open internet

-vendor neutral

-non-profit includes ISCO, IAB, IETF, IEEE, ISO

ISOC - promotes open development

     -evolution

     -world wide use

IAB - responsible for overall management

     -development of standards

     -oversight of architecture and protocols

IETF - develop, update maintain internet and TCP/IP technologies

     -produce RFC

IESO - technical management of the IETF

IRTF - focused on long term research

IEEE - wide range of standards

     -wireless

     -MAC for wired ethernet

ISO - created OSI model

EIA - electrical wiring, rack size

TIA - electrical wiring, cell tower, VOIP

ITU-T - video compression, IPTV, broad band communications, DSL

ICANN - coordinate  IP Address allocation

     -domain names used by DNS

     -TCP/UDP protocol/port number

IANA - handles ICANNs job of 

     -IP address allocation

     -domain name management

     -protocol identifiers

TCP/IP and OSI model

-layered model used to help visualize interaction between layers

benefits of layered model

-assists in protocol design

-fosters competition

-prevents different layer changes from affecting other layers

-provides common language for network functions/capabilites

Two types of model

protocol model - closely matches structure of a particular protocol suite

     -represents all functionality required to interface human network with data network

reference model - provides consistency within all types of networking protocols and services

     -describes the what, not the how

OSI model                    TCP/IP Model

-----------------------------------------------------

Application

Presentation               Application

Session

-----------------------------------------------------

Transport                       Transport

-----------------------------------------------------

Network                         Internet

-----------------------------------------------------

Data link

Physical                         Network access

OSI model designed by ISO

TCP/IP model deployed faster, so that it is what has been used

OSI model has specific functions at all layers

7.  Application Layer - means for end to end connectivity between individuals in the human network using data networks

6. Presentation layer - provides a common representation of the data transferred between application layer services

5.  Session Layer - Provides services to the presentation layer to organize its dialogs and to manage data exchange

4.  Transport Layer - defines services to segment, transfer, and reassemble the data for individual communications between the end devices

3. Network Layer - provides services to exchange individual pieces of data over network between end devices

2. Data Link Layer - method for exchanging data frames between devices over common media

1.  Physical Layer - Decribes mechanical, electrical, functional, and procedural means to activate, maintain, and deactivate physical connections for bit transmission to and from a network device

TCP/IP model (AKA Internet model)

defined by RFC

     -contains technical and organizational documents

Application - represents data to the user, plus encoding and decoding control

Transport - supports communication between diverse devices across diverse networks

Internet - determines best path through the network

Network Access - controls hardware devices and media that make up the network

TCP/IP model is described in terms by the OSI model

     -network access layer doesn't specify which protocols to use when transmitting

     -only describes hand off

Data Encapsulation

segmentation - divide data into smaller, manageable, chunks

benefits - many conversations interleaved on the network

     -increase reliability of the transmission

     -more complex

     multiplexing - interleaving the pieces as they traverse the media

data at any layer a PDU (protocol data unit)

data - application layer PDU

segment - transport layer PDU

packet - network layer PDU

frame - data link layer PDU

bits - physical layer PDU

data encapsulation - process of adding headers and trailers before transmission

deencapsulation - occurs at end devices

OSI model describes processes of encoding, formatting, segmenting, and encapsulating data for transmission over the network

network address - 

     -contains layer 3 information required to deliver IP packet from source to destination

L3 address has 2 parts 

     -network prefix

     -host part

     network prefix used by routers to forward packet to the proper network

     host part used by routers to forward packets to the proper network

     host part used by last router to deliver to final destination

a L3 IP packet contains 2 addresses: source, destination

Data link address

L2 physical address - used to deliver from one network interface to another network interface on the same network

on Ethernet, L2 physical address know as MAC or BIA (burned in address)

     -48 bits

How does a host find MAC address?

     uses ARP (address resolution protocol)

     1) sending host send ARP request; broadcast to entire LAN

     2) all devices examine the broadcast to see if it contains its own IP address

     3) destination IP address device responds with ARP reply.  ARP reply contains associated MAC address

Access remote network

     1) sender determines destination is not in network

     2) sends to default gateway

     3) repeats 1 & 2 until reach destination

Information Density

I spent most of the last couple of days studying Cisco Introduction to Networks material.  The chapter on IP addressing was incredibly dense.  I ended up taking 25 pages of written notes during the entire thing.

I think what I learned from all of it is the future of the Internet is in the hands of two distinctly different people with distinctly different goals.  One wants unlimited access to everything and no security.  The other wants security.

There was a time when the Internet was time when the Internet was this wild, woolly place of hope and adventure.  It was the great playground of intellectuals and only those in the know could manipulate the world.  Which was great in theory, but not in practice.  Eventually you ran into a human problem, not a technology problem.

I guess it narrows down to the simple fact that people want to get paid for their work.  And the other group believes the Internet should be a free trading ground of ideas.  I think both ideas are capable, but designing the Internet towards one or the other is short-sighted.

From a security standpoint, the argument is that  with IPv6, you should use normal router and device hardening techniques and that should be fine.  That idea was designed by someone who never had to protect a network, or anything for that matter.  Security wise, you should always design for security in depth.  There should be multiple, complimentary levels of security.  Combining router hardening with NAT and PAT, VLANs, VPNs, network obfuscation and no DHCP pool and you've got the beginnings of security.  I said beginnings, because each technology has its failings.

It's a big blue marble out there, and a lot of cooks with different plans make for an interesting mix.

No Blog is a Bad Blog

A Day late and a dollar short, here.  I'm behind on pretty munch everything, which is why typing all this on a phone is kind of nicer. I can drag a blog out of myself where ever I happen to be.  

I've taken a few pictures for something I'm thinking of about running cable. A Modest Mouse song about a long walk off a short pier keeps running through my head.   

Then my wife was telling me something about a $100 bottle of wine, and I could think about was an Entreleadership podcast with Seth Godin.  In that episode, he was discussing story telling and selling by pointing out that there isn't a wine out there where the cost of production alone justifies the high cost.  If it only costs $5 to produce, then $100 wine doesn't make sense unless there is something else involved.

The other thing running through my head right now is one of Murphy's rules for combat.   I found the document some time before the invasion in 2003, and it was pretty accurate.  One of the statements was:

If you are low on eveyrthing except the enemy, you are in combat.

Yeah, seems pretty accurate.  

Cisco Introduction to Networks chapter 2 notes

Chapter 2

Configuring a network operating system

Router - forwards packets to and receives data packets from the Internet

switch - connects end devices using network cables

wireless access point  -consists of a radio transmitter capable of connecting end devices wirelessly

firewall appliance - secures outgoing traffic and restricts incoming traffic

operating system enables the hardware to function

Cisco Internetwork Operating System (IOS)

IOS  - generic term for the collection of network operating systems used on Cisco networking devices

kernel - portion of the OS code that interacts directly with hardware

shell - portion of the OS code that interacts with user and applications

user can interact with the shell through command line interface (CLI) or graphical user interface (GUI)

purpose of IOS

     security

     routing

     QoS

     Addressing

     managing resources

     interface

Accessing Cisco IOS

     -console

     -telnet/SSH

     -Aux port

Console - outbound access - access via a dedicated channel for maintenance only

     -available without configured networking services

telnet - remote access through a virtual interface over a network

     -requires active networking on the device

     -can also access any other devices via a built-in telnet client

     

SSH - secure shell - similar to telnet, but uses encryption

     -stronger password authentication

     -encrypts transmission

     -requires active networking on the device

AUX - access via telephone dial-up

     -requires no networking services to be set up

     -can be used locally

Navigating IOS

     user exec mode >

     privileged exec mode #

     global config (config)#

     specific config modes       (config-if)#

                                          (config-line)#

     user exec mode >

          -view mode

          -basic operations

     privileged exec mode #

     

     global configuration mode - change device as a whole

> enable/disable

#configure terminal

to leave modes -> exit or ctrl-Z

command structure

switch> ping 192.168.31.1

prompt  command   space  keyword/argument

switch> show ip protocols

bold - type as shown

italics - supply value

Cisco IOS command reference

help forms

     context-sensitive

     command syntax

     hotkeys and shortcuts

     context-sensitive - provides a list of commands within the current context -> ?

     

     command syntax check

     -parse left to right

     -generally only provides negative feedback

          3 types of error

          -ambiguous command

          -incomplete command

          -incorrect command

Hotkeys and shortcuts

     ctrl+shift+6  ->break sequence

     tab -> finish command

     ctrl+C -> interrupts entry and exits config mode

commands

     show - display various information

     show version - display version info, system uptime, restart info

Getting Basic

Hostnames

     switch requires no configuration to function

     hostname - unique device name

     -provide info about network setup

     -remove ambiguouity

     -should be used in network documentation

     -create naming convention

     -apply using CLI

Limiting access to a device

     physical limitations - behind closed doors, in a rack

     device passwords 

     

     enable password - limit access to priviledged exec mode

     enable secret - same as enable password, but encrypts the password

     console password - limit device access using password

     VTY password - limit access via telnet

     (config)# enable secret password

console security

     

     #line console 0

     #password ***

     #login      <- apply="" div="" login="" password="" the="" to="" used="">

VTY security

     

     -most switches have 16 VTY lines number 0 through 15

          #line vty 0 15

     #password ***

     #login     <- div="" login="" on="" password="" require="">

     #service password encryption

     -applies weak encryption to all passwords when viewing configuration files

     -removing command doesn't remove encryption

 banner configuration

      -should never show "welcome" type message, or encourage access

     motd - message of the day

     #banner motd #   message goes in here #

          -The # symbols are message start, end characters

          -delimiting characters

          -can be any character

          -can't be in the message presented

          -motd showed when anyone accesses the system

saving configurations

     -running config reflects current operational configuration

     -unsaved changes removed at reboot

          #copy running-config start-config

     

     #reload    ->reboot system and restore to startup-config

eliminating startup-config

#erase startup-config

#erase NVRAM:startup-config

must also delete vlan file to return to factory out of box status

#delete vlan.dat

Backup configuration with text capture

#show running-config

copy/paste into a text file.  Have to clean up file before importing back into a system

Address Schemes

Ports & Addresses

IPv4 (Internet Protocol, version 4) uses dotted decimal notation

     -4 numbers between 0 and 255

     -subnet mask also required

IP Addresses assigned to physical ports and virtual interfaces 

     -virtual interface - no physical hardware associated with the interface.

Addressing Devices

Remote access requires IP address and subnet mask

#interface vlan 1

#ip address XXX.XXX.XXX SubnetMask

ex...   #ip address 10.75.20.254 255.255.255.0

#no shutdown      <- and="" disable.="" div="" enabled="" ever="" port="" set="" t="" to="" won="">

Addressing End Devices

depends on device

     -must have IP address,

               subnet mask

               default gateway

     -default gateway is IP address of the way out of the network

     -DNS server (domain name system)

          translate IP addresses to web addresses

     -IP addresses can either be configured manually or automatically using DHCP

     Dynamic Host Configuration Protocol

     Show IP info in windows using 

     ipconfig

     ipconfig /all

testing the loopback

     loopback adderss is 127.0.0.1  <-reserved address="" div="" ip="">

     ping failure indicates problem with system

          -drivers

          -NIC

          -TCP/IP implementation

Verifying connectivity

     #show ip interface brief

use ping to verify end to end connectivity

Prisoner's Dilemma, in one part

Game Theory has this idea called the prisoner’s dilemma.  This involves a series of risk/reward categories between two people.  It is in both peoples’ interest to cooperate.   I ran into such a situation one night.  I was heading to the site for an upgrade around 11:30 PM.  The store was supposed to be open until midnight. 

I hit the stop light before the store, thinking I had the store close time off.  That has happened before.  I’ve seen sites that I thought closed at midnight close at 11. I drove up to the site, and noticed people still roaming around.  Good, now I won’t have to reschedule this upgrade.  Actor 1 in the prisoner’s dilemma.

And then the clerk tells me a story about how he’s been at work for 12 hours and he had to send his help home and more and more stuff.   The end result being he decided to close the store 30 minutes early.   Actor 2 in the prisoner’s dilemma.

So, now we have our two actors and the stage is set.  There is actor 1, who knows an infraction has taken place that will probably cost this person their job.  On the other hand, not reporting the incident could possibly cost me my job.  The third part of the equation is if neither of us would suffer any penalty if no one knew the store closed early.  

In this situation, I have the power to make or break the entire plan.   And thus, my choices are laid out.

1) Report the situation.  I suffer no consequence, and the person potentially loses their job

2)Don’t report the situation.  Get caught.  The person could lose their job, and I could lose my job or get reprimanded.

3) Don’t report the situation.  Don’t get caught.  No one suffers any consequences.

Logically, the best choice in the matter is option 3.  But logic doesn’t always dictate what should be done.  Logic also ignores morality.  

The morality of the situation can be described as thus: long ago I decided I would do the correct thing, regardless of what might happen to me.   The goal is simply to tell the truth at all costs, without wavering.  Logic without morals can take a long winding path to horrible places.

Logically, the needs of the many outweigh the needs of the few.  Because the needs of the many outweigh the needs of the few, resources should be more allocated towards the needs of the many, and away from the needs of the few.  Perfectly reasonable, correct?   So what if that reallocation of resources is for healthcare?   The many are the generally healthy people born without long term cognitive or birth problems.  They are the many.  Those people born with birth defects are the few.  But in comparison to dollars spent, the people with birth defects consume a lot more money than those born without birth defects. 

Logically speaking, the money should be allocated towards the healthy and away from those born with birth defects.  But logic isn’t very nice when it comes to valuing human life.  And I value life too much to be too enamored with logic.  

In the end, I chose option 1.  Failure to follow policy is a choice by the person who closed the store early, and that knucklehead is not going to drag me into their problem.  Because if he had done what he was supposed to, there would be no problem.

Anyways…. 

Perhaps there will be a more uplifting post later. 

Or more Cisco notes.

Clarity, and plan-monkeys

I’ve talked about taking action and doing things, but I want to add a bit of clarity.   There’s a difference between smart action and dumb action.

Smart action involves small steps towards a goal.  Such as staying up late and writing a blog post or studying some new material.

Dumb action involves taking large steps towards a goal when you have no idea of the first step.  A good example of this would be to think you are going to make money blogging on day 1. 

Sure, go out and blog to make money.  But don’t jump ship on your day job until your blog is close to replacing your current income or replacing your current income.  Case in point: I still have an 8 to 6 or so day job.  Should the Android app I’m writing take off, I’m still going to have my day job.  Deciding when to quit the day job is more complex of an answer than I can give right now, because I haven’t quit my day job.  I’m still here. 

But, I’d have to say this: 12+ months of living off the income of the side job alone.  And by that, take your day job paycheck and plow it against any debt, emergency fund savings, or investing (in that order).  Personally, I wouldn’t quit my day job until the only debt I have is my house.  I don’t own a house, so that’s a ways to go. 

I guess I need to add more clarity to what I’ve muddled up quite a bit in this mess.  Smart action will often result in failure.  Dumb action will also result in failure.  The difference is in scale.  A smart action that fails and costs you $20 has been an interesting learning experience.  Continue to lose $20 here and there to learn at a small scale and with little hope of bankrupting yourself.  There’s a mental thing that happens when you lose $20 on a venture.  Because if you can’t make money on the small scale, you can’t make money on large scale.

If the only way to make money is invest at least $100,000, your plan sucks and you need a new plan.   Any plan that can make money for $20 invested can be scaled up to $50 invested.  From there, your plan out to feed itself.   If the plan isn’t cranking out at least the amount you’ve invested by $50, you should seriously think about shooting that plan. 

Somewhere in that last sentence, Dave Ramsey’s speech about employees carrying problem-monkeys came into my brain.  Maybe these are plan-monkeys.    Dave’s discussion was on decision making.  Essentially, every person that comes to you with a decision that needs to be made has a monkey on their shoulder.  When they tell the boss, the monkey goes from the person to the boss.  The goal of the boss is to make sure the monkey leaves with the person. 

So the goal with these plan-monkeys is feed them a bit in the form of money.  If they don’t start handing money back to you, you need to quit feeding them money.  Simple as that. 

Time invested is a different thing, though.  In creation of this blog I have invested zero dollars and a lot of hours.  And I’m okay feeding this monkey, because it doesn’t cost me any money.  It doesn’t make me any either, but it doesn’t cost me anything.

When do you shoot the non-cost plan monkey (like the blog)?   When you want to.   It’s not costing you anything, so you won’t suffer if it goes away.   If you need more time to do other things or if you feel you aren’t gaining any traction, then just shoot the monkey.  If people miss that monkey, they will let you know.

Cisco Introduction to Networks chapter 1 notes

Chapter 1 Net Academy

Internet is globally connected

-borders less important

     (but still important)

     (actually, it's more like access is more important)

need to communicate

Communication creates networks

Imagine a world without Internet

     -can do.  Lived it.

     -future is Internet of Everything (buzzword alert)

Network Today

     Internet changes a lot

          Human network - centers on impact of Internet and network on people and business

Changing the way we learn

     3 fundamental building blocks of education

     -communication

     -collaboration

     -engagement

     student - 

          geographic/locational barriers decreasing.  Study any where you have a network connection

          time is less relevant.  Study any time you want.

     Teacher

          better administration

          better management

Changing the way we communicate

          IM/Texting

          Social Media

          Collaboration tools

               -work together on a shared system       

          Weblogs

          wikis

          podcasting

          P2P file sharing

Changing the way we work

     administration

     messaging

     training

     

Changing the way we play

  (nothing of interest in this section)

(Break for lab 1)

Globally connected

     Providing resources in a network

          numerous sizes

     Internet - network of networks

     Host - all computers connected to a network that participate directly in network communication

         

     software determines the role

     

     server  - host with software to enable them to provide information

     Client - host with software that enable them to request and display information from the server

     -servers can perform multiple server roles

     -clients can access many servers

     -client and servers usually on different computers, but can run on one.

     peer to peer - many hosts functioning in a dual client/server role

         advantages

          -easy to set up 

          -less complexity

          -lower cost

          -good for simple tasks

         disadvantages

          -no centralized administration

          -no as secure

          -no scalable

          -slowed performance

LANs, WANs, and the Internet

Components of a Network

Chapter 1 quiz:  missed items

An  INTRANET is a private connection of LANs and WANs that belongs to an organization, and is designed to be accessible only by the members and employees of the organization, or others with authorization.

A  SCALABLE network is able to expand to accept new devices and applications without affecting performance.

Quit wasting your time

It is moderately interesting.  I hear a lot of people complaining about the world.  They say the world is falling apart.  There is no opportunity.  There’s bad people.  Facebook is full of stupid.

Sure, and how many of those things can you directly change?  I’m not talking butterfly effect in 50 years.  I’m talking about stopping the water from boiling by turning off the fire.  If you can’t directly affect something, you need to quit worrying about what might happen.  Are bad people bad?  Yes.  Can I directly do anything about a bad person five states over?  No.  Then there is no need to waste time thinking about it or worrying over it.

Don’t like violence and bad people?  Become a cop and catch them.  Become a prosecutor and put them away. 

Otherwise, quit wasting your time on them.

That is all.

Spreadsheets, goals, and number systems

I was going to write something on how stupid the statement “it takes money to make money” is, but that started boring me, so I quit.  Instead, I’m going to talk about accomplishing long term goals by creating a measurement scheme. 

A few posts ago, I said I found a way to teach myself a bit about artificial intelligence, and I mapped out a plan to do so.  Part of mapping out that plan was creating a spreadsheet to track my accomplishment towards that goal. 

Remember:  goals are specific and measurable.  If you haven’t narrowed these two things down, try again.

Anyways, I created a spreadsheet to provide myself some encouragement and get an idea of how far I have come.  As of now, I’m currently 12.55% complete.  This doesn’t seem like much, but it provides everything I need to keep me going.  With this spreadsheet, I can see a sense of traction and movement.  That may not seem like much, but it’s a great motivator.  Looking at the enormity of reading 6,000 pages or so is daunting.   

Seeing numbers improve over time, and seeing where you started?  Motivating.

Secondary note:

Something I was reading about that was incredibly interesting.  

The problem with 1/3 being written as an irrational number, or .3333 infinitely repeating is a problem with the base 10 number system (decimal) that is primarily used.  Java has problems with 1/10, because its math is designed around a base 2 system (binary). 

There’s a little food for thought for everyone that happens to be slightly numbers obsessed.  

It's a long way to the top...

I love the thought of creating learning systems.  Artificial intelligence seems like a great goal to me, and I think so degree of created intelligence is possible.  It just requires the right degree of knowledge and the right degree of thinking. 

I know where the gaps in my knowledge have been in learning artificial intelligence, I just haven’t put in the effort.  I found a rather interesting website, www.lightandmatter.com that provided the physics and calculus knowledge necessary to complete the goal.

So what I did is I collected all the books I need to read to accomplish the goal of learning a decent amount on artificial intelligence.  Before I can learn artificial intelligence, I have to cover the basics of pre-knowledge to even understand what the books are talking about. 

Great.

It’s about 6,000 pages.

That does include a Server 2008 book I’ve been reading on Active Directory, and book on Security+.   But the rest of it is incredibly dense material.  Beyond that, I know what I need to accomplish in order to get where I want to go.

The problem is getting through 6,000 pages is just a large degree of labor.  There’s nothing easy about reading and understanding 6,000 pages.  And these are textbooks, so you also have a certain degree of practical application that comes with the learning. 

But I have to admit, even staring at the density of the task is much more empowering that staring at an empty computer program and trying to will genius out of lack of knowledge.  Because the idea that a novice is going to come in and produce a program that learns is laughable.  It just is.  I guess it’s doable, but highly unlikely.  There’s always the person capable of making tremendous intuitive leaps. 

But I’m generally not that person, so I’ve got 6,000 pages to read.

But most of us aren’t that person, so if you want to learn some interesting stuff, you are going to need to read a few thousand pages of material before just so you aren’t completely lost when you start covering the material you intend on learning. 

I guess it is similar to the thought that any random person could come in and run a large corporation.  This is also not the case.  There’s a level of experience and knowledge absolutely necessary to keep a large company running and doing well. 

Or the thought of a random person going to compete in the NFL or NBA without ever having played the sport.  Because really, that’s how it is all portrayed.  The CEO of a large company is generally at the same level of professionalism in their job as an NBA or NFL player.  There are varying degrees of each, but just to make it to that level indicates talent.    

And to get NBA, NFL, or CEO talent, you have to pay some money.   Joe Burgerflipper who barely made it through high school doesn't have the talent, skill, or knowledge to do any of the above.  

But Joe Burgerflipper's life isn't a snap shot, it's a moving picture.  If Joe wants to improve his life, he's got to put in effort.  

It’s a long way to the top, if you want to rock and roll.