lorez landline: November 2014

Thursday, November 27, 2014

Happy Thanksgiving

Happy Thanksgiving!

or... slapsgiving...

Wednesday, November 26, 2014

Introduction to Networks (non-technical)

Rather than post my typical notes from a CCNA course, I figured I'd post a non-technical description of how networks "work". I'm going to preface this by saying this is "allegory" of TCI/IP layer 3. This is not intended to be definitive.

So...

You have built a company. It's a great company. But no one can ever find your physical location. You live on a drab, grey, boring street. Did I mention grey? I meant every single building is nothing but grey concrete, and the streets are bleached grey. It is grey as far as the eye can see.

So, being the great business leader you are, you go out and buy a bucket of purple paint. Now, purple paint is the greatest thing since sliced bread. And because it's the greatest thing since sliced bread, it costs an arm and a leg. To get the shade of purple you want, you buy one can of paint. It covers the outside of the door well, but nothing else.

So, from the outside your door looks purple. But that paint is so darn expensive, you only paint the outside. The inside of the door is still brown.

So, a customer comes to visit.

You tell him to drive down the grey street until you see a purple door. He find your location in minutes. It's easy.

Back in your office, you have a discussion, and he thinks he is going to buy from you. But he needs to talk to a few people to determine how much he wants to buy. And he forgot how to get out of the building.

"Oh, just go out the purple door", you tell your customer.

The man spends 45 minutes wandering your halls, and finally finds you. He curses you out, cancelling all potential business. You are at a complete loss. The customer can't find the purple door.

The one thing you forgot is that doors have two sides. One side that is visible from the street, and one side that is only visible from the inside of the building. You painted your street door purple. It's easy to find. But your exit door on your building? Still just as brown as it ever was. So telling someone to go find a purple door is an exercise in futility.

You have to name the door based off which side you happen to be looking at.

Even though both talk about the same thing, it's a matter of which side of the door you are on. And you have to have your discussion based on which side of the door you can see.

Tuesday, November 25, 2014

Ramblings that get longer

As it always does, my mind seems to be skipping back towards the ideas of Cyberpunk. I’ve been a fan of the worlds created by various artists and authors for years. Maybe that’s why I went into computers. Doubtful, but it seems like a good answer. Perhaps there’s some sort of draw to a world that is altogether completely overwhelming and interconnected. Or maybe I’m just fascinated by urban density. I’ve visited a few large cities, but they never strike me as dense until you reach certain parts of them. All are strangely built up to a point, and then everything falls off. The quicker people can get away from the density, the better they like it. I can’t blame them. It’s dead silent where I live, and as long as I don’t look towards the one street light on my block, I can see stars as far as the eye can see.

It really makes me wonder. One of the things I realize is the current education system will not keep up with the rate of growth. One size fits all does not fit all. Eventually, there’s going to be a separation of students. There has to be to maintain technological ability and skill. I was reading something earlier about the creation and production of virtual machines to segment individual computers for personal use. It would be much like running VMWare for servers, but instead running it on desktops. You’d have multiple virtual machines running throughout your computer, with each having a separate purpose. Depending on what you were trying to do, you would create multiple virtual machines across your desktop. With the ever present threat of virus and malware, it seems the only logical thing to do.

Unfortunately, people like me would have to maintain those environments and would have to understand what was going on. And some people are just technologically inept. They have no interest or use in technology, much less a desire to learn it and learn how it works. I often wonder what would have happened if I had learned and developed the skills I have now in my 20s instead of my 30s. Would another decade of information have made that much difference in my future growth? What about 20 years? What if I had spent time learning this information in my teens? Who would have taught a young kid the ins and outs of systems? Could it be we will be slowly moving towards the archology models described by William Gibson? In them, he describes people growing up in company towns and being taught company thoughts, with the idea of developing the best and brightest to become leaders in the company.

Gibson never really talks about the inside development thought much. He only talks about “stealing talent”. Perhaps the average person is just too simple and really doesn’t make a good story. It’s only in the breakaway that people become interesting. So what does it eventually become? A collection of corporation-states all building great cities to develop the talent? Or is it the artificial intelligence world where humans are essentially out of work because robots can handle most services like Dredd? Both are possibilities.

Monday, November 24, 2014

Monday Ramblings

Here are some ramblings for Monday.

The subcontract work fell through. I spent about 45 minutes on the phone explaining how TCP/IP layer 3 works, and finally got them to know what they needed to know. I guess a broad knowledge of networking helps a lot when working in an industry that is increasingly network based. It doesn't help that most networking issues happen at layer 1. The issue there was a layer 3 addressing issue. Pictures don't help some people.

After messing with my current reading chart, I determined it will take me (on average) until January 17th to finish the next book. Strange what a few excel formulas can do. It's almost magical. The formula here happens to be

(today's date + (estimated remaining sessions * average days between reading))

estimated remaining sessions = (total pages - current page ) / average increase in page count

So, by close to February I'll be back into an old Security+ book, Some time after that, I'll be into the book on Physics. Progress, as it were, is happening. After starting over with the Active Directory book, I'm about 12.7% complete with my reading goal. That doesn't seem like much, but it more progress than I've made in years.

It's hard to remember that progress only happens when it is intentional. Rambling through life will not get you where you want to go. Make a plan, and go there. That's the only way to get to the end of the path. And if that path takes reading 5,200 pages, then so be it. At least you've got a plan, which is a lot more than most people have.

Finals are next Monday, so I'll finish up Introduction to Networking then and be free for a few weeks. Fighting issues with the next class, but we'll see what happens with that. The issue is a supply/demand problem. The next class filled up in three days. Every other class doesn't have the people as the one section I want to take. Lovely stuff.

Friday, November 21, 2014

late night, post upgrade

12:35 at night. Just finished an upgrade. The BUYPAK 6.00.10 (Verifone Ruby/Sapphire) upgrades are done for the moment. I'm a little bit tired and wired at the same time.

On the drive home, I started contemplating the Internet as envisioned by the likes of William Gibson. I think it's pretty simple (in theory). All you'd have to do is continuously ping and tracert the Internet, and use some searching algorithms to place all the live IP addresses on a globe, with a vague idea of where everything. Merge it with Google Maps, and you could swing around a virtual globe. Public IP addresses tied to physical locations and areas. Sounds interesting in my head, at least.

I guess I'm still obsessed by the idea of cyberpunk and most dystopian future books. Akira comes to mind, as does Ghost in the Shell. Maybe a bit of Snow Crash?

Maybe the future I always envisioned is possible, and here. Just not the way we imagined it. Really. I can control computers half-way around the world with a cell phone application.

I guess I should quit rambling and wander to bed. It does seem an interesting world, though.

Thursday, November 20, 2014

Random Thoughts

Seeing as how I'm behind the curve on updates, today is another day of random thoughts!

I've been finishing up an Active Directory computer roll out. This grouping I created after creating my first set. I should have set up a template before creating that first test machine. Eh well. A template is now created. I just have to figure out why web filtering isn't working. I think I need to read more about application deployment. There's probably something I'm missing.

I'm looking at some subcontracting work in next couple of weeks. More on that after the contract is over.

I'm still not registered for the next section of Cisco classes. The class filled up in three days, and they only offer one section. The every other section in the department has less people than the one class I want to take.

I still haven't started my Android App yet. Listening to Seth Godin, I think I front loaded the thing with all the stuff I find fun, and now have to do the hard parts. That, and I have to mess with the Java version on my computer in order to get Eclipse to work. If Verifone ever upgrades off Java 6, I'll be happy as a clam.

On the plus side, I've got one more night upgrade this week, and then I should be done with upgrades until at least January. I hope.

Other than the subcontracting stuff.

It looks like the day is calling, so I'd better go answer.

Tuesday, November 18, 2014

Security

Something I’m questioning quite a bit is network security. Network security is a nebulous thing that is never really clearly defined. I’ve read through most of a Security+ book, but that doesn’t really cover the broad scope of what needs to be done to cover the subject.

I’ve looked at the SANS website, and they might be great but SANS is too busy selling things. Looking at Cisco, it’s one part of the subject, but it doesn’t cover the entire subject.

Here’s the real problem: network security is so spread out, ambiguous, and poorly documented that truly learning network security has to be a personal topic. The individual has to wander through the various resources, hoping to find some piece of information that will secure the network. So many different possibilities of areas to cover without any real dedication. It is no wonder that networks are broken into all the time.

I guess that’s my rant for the day. Lots of work today, so little time to spend at home and do… anything else.

And I’m pissed at Evernote right now. It lost about 2-3 hours of my note taking. There was a lot of interesting information. And somehow, I’m back to where I was before all my Saturday/Sunday studying.

Monday, November 17, 2014

The Monday update

This is about the best you are going to get today.

I haven't thought of anything interesting throughout the week to write down. The entire family has started coming down with pink eye, so maybe today will be quiet.

I have thought of some things to work on, but nothing that seems of interest. I've got the last section of studying for class done on Sunday, and the rest is just Packet Tracers and Labs. I'm wondering if I actually need to enroll in the next class, or just buy the book. I essentially taught myself, so what's the difference of going through 2-3 more Cisco books by myself without having to pay for the $500 class?

After all of that, I've got thoughts on collecting network baselines running through my head. Interesting stuff, or at least to me.

Friday, November 14, 2014

The User Profile Service service failed the logon. User profile cannot be loaded.

Hmm… I just realized I almost posted the same blog twice. That’s not very professional of me. I spent part of the morning fighting an active directory issue. The issue was “The User Profile Service service failed the logon. User profile cannot be loaded.”

That’s a mouthful. It probably had something to do with a setting I had. Anyways, the fix for me was to log on to the local computer and add the domain user to the local computer as the proper account, and then logon as the domain user. The thing fired up and ran for me like no one’s business.

I spent a good 3-4 weeks on Active Directory without a single computer installed. I installed one on Thursday, I am looking to install a second on Friday. Then nine more the next week, as fast as I can build them and get them configured. I would like to completely automate the build process, but that’s not going to happen. Too many things that require hands on button pushing, and I have no way to create an MSI file for an automatic install.

Perhaps one day, but not today. At least I got my proxy file/web filtering working quite well. I really love the thought of “make one change, affect every computer”. I’ve spent far too long doing things the manual way because that’s the way it was always done. Now, I’m tired of the way things were “always done”. What I generally find is things were “always done” one way because some guy figured out how to do it that way. After it was figured out, everyone else just hopped in line and followed along. Too many round pegs going straight into round holes.

Thursday, November 13, 2014

Back to Active Directory

Eating lunch, I once again have a brain running in circles. In the end, I got a little done during that lunch break, but not much. Now I’m back in the morning, and things are considerably calmer. Earlier this week, I thought I was behind. Now, I’m not as convinced. I ended up finishing the Java book and now I’m moving on to the Active Directory book. I have decided to start over and reread the Active Directory book because I essentially skimmed through to find the parts I was looking for the first time. Now, I’m going for a decent level of competency. So I have to read the entire book to make sure I get what I want out of it. I’m pretty sure I will. My Active Directory knowledge has moved in leaps and bounds, and a lot of things are making a lot more sense.

My problem with the startup script had nothing to do with permissions. I had the default software policy to basic, and the user didn’t have rights to access or run network resources. They basically couldn’t run any software I didn’t specifically allow. So that had to be dialed back to allow the company to operate. Now, my proxy file works great and updates like I want it to. This solution seems to work a lot better than using Content Adviser. It also allows the use of Google Chrome without a separate blocking file. That was nice of Google to allow all those things to interoperate well together. Good design policy for Google, there.

Changing subjects: after restarting the Active Directory book, I’ve completed 11.96% of my goal. Granted, I don’t have a date on any of these. I just have an overarching goal to get it done. I really only have a goal on getting my app built because there is a definite potential there. Though I may be wrong, the financial outlay is low enough to where I’m not concerned with a flop. I could make nothing on the thing, and still be happy I got it out there. The hard skills in creating the app will still be there, so if I come up with another idea the lead time won’t be near what it was before. Definite bonus to me. Plus, the web based skills could easily be usable. My brain is still running the thought of having MySQL and Tomcat running on my wife’s desktop, and doing… I don’t know with it. Something internal, probably. I don’t want the hassle of hosting. That’s just a pain. It’s easier to pay someone else.

Wednesday, November 12, 2014

Introduction to Network chapter 5: Ethernet

from Introduction to Networks by Cisco Press

Ethernet operates at datalink and physical layer

Ethernet most widely used LAN technology

defined by IEEE 802.2 and 802.3

speeds between 10 and 100,000 Mb/s

802.2 - LLC

802.3 - MAC and Physical layers

LLC sublayer

handles communication between upper and lower layers

between networking software and device hardware

implemented in software

considered driver software

MAC sublayer

lower sublayer of data link layer

2 responsiblities

data encapsulation

media access control

data encapsulation

frame assembly before trasnmission

frame dissassembly upon reception

adds header and trailer to network layer pdu

data encapsultion has 3 primary functions

frame delimiting

used to identify groups of bits that make up a frame

provides syncronization between transmitting and receiving

addressing

contains physical address

Error detection

contains a CRC value used to determine if the contents have changed

media access control

responsible for placement of frames on the media (wire)

removal of frames from the media

underlying logical topology is a multiaccess bus

all nodes in a network segment share the medium

uses CSMA

understanding CSMA

1) detect if there is a signal on the media

a) if busy, wait

2) if no signal, transmit

if there is a collision, all data is bad and must be resent

contention-based methods have less overhead than controlled access systems

do not scale well with heavy media use

CSMA/CD

widespread use of switched networks makes CSMA/CD largely unneeded

CSMA/CA in wireless still needed

Every device receives every frame

To prevent mass processing of frames not intended for that device, MAC was created.

MAC used to identify which device should process a frame

MAC address structure

1st 24 bits/ 6 hex digits - Organizationally Unique Identifer

Last 24 bits/ 6 hex digits - Vendor assigned

1) Source computer sends

2) each NIC in the network views the information

a) if the destination MAC matches, then the frame is processed further

b) if not, the frame is dropped

Ethernet Frame Attributes

created in 1973

2 primary versions

-802.3 Ethernet Standard

-DIX Ethernet, or Ethernet II Used in TCP/IP networks

framing style differences are minimal

both define minimum frame size as 64 bytes

max 1518

preamble/Start Frame Delimiter not included when describing frame size

any frame less that 64 bytes discarded as a "runt"

VLAN technology increased maximum frame size to 1522

frame too big or too small, frame is dropped

Ethernet Frame

-preamble and SFD - synchronization between sender and receiver

-Destination MAC -

-Source MAC

-Length Field - exact length of the frame's data field; can indicate which higher-layer protocol is used;

if size greater than 1536, frame is ethertype protocol indicated.

-if 1500 or less, then use of 802.3 frame format

-data field - contains encapsulated layer 3 pdu

-frame check sequence - used to detect errors

In Ethernet, different MAC addresses used for layer 2 unicast, broadcast, and multicast communications

Unicast -destination MAC of receiver

broacast - destination MAC of FFFF.FFFF.FFFF

Multicast - destination MAC is 01-00-5E

MAC and IP

2 primary addresses assigned to a host

Physical Address - MAC

Logical Address - IP

Source device sends based on IP address

DNS used to identify remote network

ARP protocol has 2 basic functions

-resolving IPv4 addresses to MAC addresses

-maintaining a table of mappings

Frame must have destination address to be placed on the media (wire)

refers to ARP table or ARP cache. Stored in RAM on all devices

Each entry binds a MAC with an IP

table maintained dynamically

-adds information by

-monitoring network

-ARP request - L2 broadcast to all devices on the LAN

-entries are time stamped; if the system doesn't get a message by the time stamp expires, the entry is removed

-also capable of static entries

ARP to remote network

-when host creates a packet for a destination, it compares destination IP address to its own IP address to determine if they are both on the same network.

-if not the same network, then ARP to router interface serving as the gateway

ARP issues

overhead on the media

-could initially flood the network

security - ARP spoofing or ARP poisoning

-broadcast adn security issues can be mitigated with modern switches

-switches segment LAN into independent collision domains

-switches send to only sender and receiver, reducing traffic flows

Switching

devices usually connected by a layer 2 switch

switch builds MAC table to make forwarding decisions

if destination MAC is not known, switch sends the frame out all port except receiving port

when destination responds, switch adds MAC to its MAC table

-capable of multiple MACs per port (switch connected to a switch)

switch MAC table sometimes referred to as CAM (content addressable memory)

-transparent to network protocols and user applications

-can operate in different modes that affect the end user

-duplex settings

-half duplex - one talks ata time

-full duplex - send and receive at the same time; CSMA/CD shut off in this case

-Cisco Catalyst supports 3 duplex settings

-half

-full

-auto

-proper cabling also required (or used to be)

-MDIX auto function

autmatic medium dependent interface crossover (auto-mdix)

switches use following forwarding methods

-store and forward

get the entire frame before forwarding

use CRC to determine if it needs to dump frame

analyzes destination for where to forward

required for QoS analysis

-cut-through

holds frame until it gets destination address, then forwards

no error checking

faster than store and forward, but can send broken frames

2 variations to cut-through

-fast-forwards

offers lowest level of latency

typical of cut-through switching

-fragment free

reads first 64 bytes before forwarding (most errors occur in first 64 bytes)

switches use buffering techniques

port-based memory buffering

frames are stored in queues that are linked to specific incoming and outgoing ports

delay occurs if there is nothing transmitting on other ports and buffer is full

shared memory buffer

frame stores in common buffer used for all ports

useful for asymmetric switching

Fixed or Modular switches

PoE allows power to be sent to devices

forwarding rate defines how many frames the switch can process in a second

stackable vs non-stackable

modular configurations - add more cards

Small form-factor pluggable (ports that can be purchased and easily changed out on each switch)

Layer 3 switch

capable of performing layer 3 routing as opposed to the standard switch that just handles layer 2

support Cisco Express Forwarding (CEF)

complex, but based on

Forwarding Information Base

conceptionally similiar to routing table

Adjacency table

maintains layer 2 next-hop addresses for all FIB entries

separation provides benefits

-adjacency table can be built separately from the FIB table

-MAC header rewrite used to forward a packet is not stored in cache entries

layer 3 switch variants

Switch virtual interface (SVI)

logical interface on a switch associated with a VLAN

Routed port

physical port on an L3 switch configured to act as a router port

allow L3 switch to act as a router

not associated with a particular vlan

L3 interface only and does not support L2 protocol

no switchport interface configuration command

Layer 3 EtherChannel

logical itnerface on a Cisco device associated with a bundle of routed ports

Tuesday, November 11, 2014

Chasing Down a Dog with a K-Bar

Saturday before Halloween

Go to a neighbors birthday party.
Come home.
Sit down to carve pumpkins on the back porch
Wife brings the dog out.
The baby sits on a blanket on the back porch.
Other two kids are hanging out, picking designs for the pumpkin.
Go inside to pee.
Wife yells for me. Trouble kind of yell.
Neighbor's dog is fighting my dog. Baby is down and crying.
I scream at the dogs and chase down the neighbors dog.
Neighbor dog runs away.
This is the second of my kids to be attacked by that dog.
I go inside and grab my K-Bar
Stuff the K-Bar in sheath into the back of my pants.
Time for Thunderdome.
Injury check.
Dog saved by being a giant fluff ball
Baby just got knocked over.
Fool me once, shame on you.
Fool me twice, shame on me.
You won't fool me again.
Time for the dog to die.
Hunting party.
Stalk the dog down the alley.
Runs around and tries to get back inside it's fence.
I yell at the dog again.
Dog runs off.
I yell at the owners through the front door to come get their dog.
Back to stalking the dog.
Owners catch the dog, bring in through back entrance.
Guess the dog gets to live.
Go home.
Carve pumpkins.
Break the plastic tools.
Get a power drill and finish the pumpkin.
Owners get rid of the dog that night.

True story.

Monday, November 10, 2014

Catching up

I'm still slightly behind schedule, but it will be okay. I'm about 94% complete with Java All-In-One. Technically, I'm supposed to be done with the book today so I can start programming Tuesday. I've got class on Monday, so my day is pretty much taken up.

I probably don't have to finish the entire book to learn what I need to learn. I could probably start coding now and fudge around until I figure out what I need. I think my knowledge is there, it's just a matter of slugging out the work. But I wanted to make sure and read the entire book just so I'm certain there's nothing left in there that I need.

I'm not sure it's going to take me until January 1st to finish my prototype, but it could. I do have the troublesome problem of having to move between Java 6 and Java 8 any day I want to try and code. And I'm not a big fan of Eclipse, but it's pretty much the only Android development kit out there I've heard of that doesn't require more time to setup than writing the code.

I think I'm going to write most of the code in NetBeans and then port it all to Eclipse later. The general idea shouldn't be complicated. Most of this is going to be user interface design, anyways. Which I really find strange. But that's fine.

The only question I have is a pretty straightforward one, as presented by Seth Godin. He's got a podcast called Start School. It was a class he taught for several days. Anyways, Godin said if you are going to create any sort of phone app, you have to add a social component to it. Adding a social component gives others the opportunity to find and recognize your creation as they advertise their successes.

I'm still not 100% certain what that all means, but I'm going to throw in a social component just because of the potential expanded reach. Yeah.

Thursday, November 6, 2014

Introduction to Networks Chapter 4 Notes

From Introduction to Networks by Cisco Press, 2014

Chapter 4

Wireless -

-range limitations

-easily mobile

-performance directly related to distance

-performance degraded by other wireless

wired

-won't degrade in performance based on distance

-hard to move

-static positioning

-as many devices with no degredation

Physical layer

types of media

-copper

-fiber optic

-wireless

Functional Areas

Physical components - electronic hardware, media, connectors, interfaces

encoding - convert a stream of data bits into predefined code

common network encoding schemes

-manchester - 0 is high to low transition

1 is low to high transition

-non-return to zero - two states meaning 0 and 1, and no neutral/rest position

signaling - method of representing bits

asynchronous - transmitted without clock signal. frames require start/stop indicator flags

synchronous - data signal sent with clock signal

ways to transmit

frequency modulation - carrier frequency varies

amplitude modulation - carrier amplitude varies

pulse code modulation - analog signal is converted to digital by sampling the signals amplitude and expressing as binary

data transfer speeds (in bits)

know your metric

throughput - measure of bits across media in a given time

-varies by...

-amount of traffic

-type of traffic

-latency - amount of time, including delays, to travel from one point to another

throughput can't be faster than the slowest link

Copper cabling

-inexpensive

-easy to install

-limited by distance

-limited by signal interference

data transmitted as electrical pulses

attenuation - the longer a signal travels, the weaker it gets

electromagnetic interference (EMI) and/or radio frequency interference (RFI)

-capable of distorting signal or corrupting signal

-produced by florescent lights and electrical motors

crosstalk - electrical or magnetic signal on one wire distorts the signal on another wire

-canceled by twisting pairs together

main types of copper media

-shielded twisted pair (STP)

-unshielded twisted pair (UTP)

-coaxial

UTP - most common

- 4 pairs of color coded wires

STP - not as common

-provides better noise protection

-more expensive

-difficult to work with

-if improperly grounded shield can act as antenna and pick up signals

-4 pairs of color coded wires

coax - 2 conductors sharing the same axis

-traditionally used in cable tv, early Ethernet

-still used for

-wireless

-cable internet

all copper susceptible to fire/electrical hazards

-toxic gas released when burned

-lightning strikes

-over voltage fries ports

prevent problems by....

-separate data and electrical

-connect cables correctly

-inspect for damage

-most be grounded correctly

UTP cabling

-cancelation - pair wires in a circuit, then magnetic fields are cancelled

-vary twists per wire enhances cancellation effect

standards defined by EIA/TIA

-cable types

-cable lengths

-connectors

-cable termination

-methods of testing

categorized by IEEE by transmission speed

- terminated with ISO 8877 RJ45 jack

termination options

-Ethernet straight through

-crossover

-rollover

Fiber Optic Cable

-higher data rate

-longer distance

Fiber is used

-Enterprise networks as the backbone

-fiber to the home (FTTH), access networks

-long haul networks

-submarine networks

fiber design/layout

-core - pure glass - transmission medium

-cladding - surrounds core, acts as a mirror

-jacket -surrounds and protects core and cladding

-susceptible to sharp bends

transmitted using...

-lasers

-LED

-laser light through the fiber could damage the human eye

single mode fiber - small core and lasers

-long distance

multimode fiber

-large core and LED

-cheaper

-up to 550 meters

terminated with optical fiber connector

-70 different connector types

lorez landline