Posted by: rolande | March 18, 2014

Two Pizza Rule

Scott Adams just hits the nail right square on the head. This reminds me of many a requirements gathering discussion. Where talent and teamwork collide to make the fundamental tenets of the meeting seem completely ridiculous and unclear. As I read each statement, I could identify different engineers I’d worked with that fit each of those perfectly. 🙂


Posted by: rolande | January 10, 2014

The Word is Geek

This Venn Diagram pretty much speaks for itself. No matter what my kids may think, I’m really not socially inept.

Posted by: rolande | January 10, 2014

A little geek humor…

To most people, *this* is how they perceive the world of networking. This should help to remind others how much people really need geeks.


Remember, geeks make the world go around and deserve respect. This is another example to help remind those ubiquitous non-geeks how special we are.


This is for those who have dealt with unending customer asking such stupid questions that they can rip a hole in the space-time continuum.


Posted by: rolande | April 21, 2013

Tracking your Pool’s Water Quality History

taylor-test-kitsWhen you have a pool, one of the many fun jobs is tracking the quality of the pool water to insure the pH is in the right range and the chlorine isn’t too high or too low. However, these are the basic, superficial measurements. Beyond these typical measurements, though, it is just as important to know that your water won’t scale or eat away at the pool’s surface over time. When I was a teenager, it was my job to track the pH and chlorine in our pool. Back then, I never realized or fully appreciated the importance of the overall chemistry of the water. The calcium hardness and alkalinity and temperature play a big part in that equation, in conjunction with the pH. Now that I am much older and have a lot more invested in my own pool, I want to be sure that I am monitoring the right indicators and have a history of it so I can see the effects over time and how particular treatments impact the water.

I have created a Pool Water Quality History Google spreadsheet (save your own copy of this spreadsheet to edit; requests to edit will be ignored and deleted) as a template that anyone can use to record and graph their own water quality over time. One of the key indicators I wanted to capture automatically was the Read More…

Posted by: rolande | March 20, 2013

Public WiFi Man in the Middle

Mobile SpyingI encountered a situation yesterday that both puzzled and scared me at the same time. I was sitting in line yesterday afternoon waiting to pick up my daughters from their school. The school had not let out yet, so I had 5-10 minutes to kill. So, I pull out my phone to check my email and I get a strange prompt for a new SSL certificate. I use GMail and have it set to use SSL for the IMAP connection to send and receive mail. So, I click the details button on the certificate to try to figure out what the deal is. As I scroll through the certificate info, I discover that it is signed by a Fortinet Root CA. This raises a big red flag. This is not a valid certificate from Google. There is no way Google is using Fortinet to sign their certificates as it is not a generally trusted Root CA. Then I realize my phone is using WiFi and not the 3G cellular service. So, I go look at my wireless settings and see that my phone is connected to the school’s public WiFi. I must have set it up at some point when we were there. I disabled wireless and the certificate prompt goes away and my mail updates.

So, I am pretty shocked that the school district has  Read More…

Proxy AuthAs the IT industry continues to transform itself more and more towards a cloud based model, the walls of our organizations separating inside from outside or trusted from untrusted are slowly disappearing. With the desire to save money by leveraging cloud based solutions and the demand of business users to gain mobile access to their applications, it is presenting a big breakdown in the traditional security model. Even the existing approaches are a disjointed collection of distributed capabilities within individual applications and a wide variety of endpoint flavors. This leads to non-uniform user experiences across platforms and a complex and costly operational support problem for IT organizations.

Generally, anyone who works in Information Security will agree, to a large extent, that the more distributed security controls are and the more entry and exit points to and from untrusted environments, the less effectively they are managed and maintained. Thus, this approach diminishes the overall security posture. It is similar to the principals relative to physical security. There is a reason why secure companies have only one or maybe two entrances into a facility, depending on the size. I see this distributed security paradigm as a big problem for the IT industry in that companies are really interested in

Read More…

ATEN USB Serial Adapter

I’ve had this USB Serial adapter for many years which I use to attach to network equipment consoles for initial configuration and setup. I have never had an issue using it with Windows machines. However, I had tried using it on my Macbook running OSX Lion and noticed that it did not show up in my device list in ZTerm. I had a VM running Windows XP and I was not able to get it to work properly in that environment either. So, I was determined to figure out how to get it to work, as I no longer have any physical machines running Windows or with serial ports. It took me a few weeks of trial and error and searching around to finally resolve the issue. So, I thought I would add a post here covering the details. Read More…

Posted by: rolande | April 21, 2012

Good Practices for Selecting Strong Passwords


Using passwords for authentication is inherently a fairly weak mechanism for security. Remembering complicated userID and password combinations for an average of 30 or 40 different applications and websites is darn near impossible for any normal person. So, we tend to use one combination that we can drill into our head and we don’t like to change it if we don’t have to. The problem is that passwords can be lifted by key-loggers, shoulder surfers or, if not sufficiently strong enough, they can be brute force cracked from the secret hash that is stored on a system for when a credential is validated for an access request. There are other super stealth methods but the point of this post isn’t to cover all of the remote possibilities of attack. The point is that Read More…

Posted by: rolande | October 21, 2011

Creating an Encrypted Disk Image on OSX

ComboLockFor file encryption on a Mac, the FileVault option on OSX is a pretty decent feature built into the System Preferences. The one downside is that it automatically encrypts your entire Home directory which can be very cumbersome if you have a large amount of data stored there.

So, I had been looking for an alternative solution that would provide me the flexibility of only encrypting a targeted folder of data. As I searched around, I found there are a number of utilities out there that do just this. However, the one option that I happened upon, that I was not previously aware of, is a feature provided right in the Disk Utility that allows you to create an encrypted disk image. This is actually a simple solution using a built-in utility. Read More…

Posted by: rolande | May 3, 2011

Enabling IPv6 on my Home Network

IPv6 ReadySo, after swearing off almost every possible option of being a geek at home for a significant amount of time, I finally decided I needed to spend some intimate time with IPv6. I had already read about it back in the mid-90’s and studied some of the fundamentals of it as part of my preparation for the CCIE exams. But I had never really put it to operational use, until now. It’s coming. You can’t ignore it anymore. So, it was time to immerse myself in it and lift the veil from my eyes, so to speak.

See my latest post on my IPv6 setup with AT&T U-verse.

So, I knew that my broadband provider does not offer native IPv6. Essentially, the only option that leaves me with today is to set up a tunneling service to a natively connected IPv6 host. So, I chose to Read More…

« Newer Posts - Older Posts »