Popular Tags:

Finding a Home(stead)

July 12, 2015 at 3:36 pm

Finding a place to call your own is quite a step in life. To me, it means you’re ready to settle in, put down some roots, and potentially create a legacy. After discussing various options with my wife, we decided now would be a good time to consider buying a home. I thought would document the reasons for a the move for posterity’s sake.



The thing that started us down this path was a simple realization: we pay a lot out in rent, and it would be really nice to “invest” that money instead. My wife and I currently live in a nice townhouse, in a good planned development near Princeton, NJ. Though we live within our means, we still pay out quite a bit for rent. For that, we get three bedrooms (really one bedroom and two offices), access to a pool, and lots of restrictions (including a no-charcoal-grill policy).

At the time, it made sense for us to move in to the development and not worry about anything. We could concentrate on paying off our debts, saving money, and helping my mother sell her old home in Queens, NY. Now that we’re done with all of that, though, it’s time to move on. Although many don’t consider a home an investment, putting equity in our pocket is certainly better than having it leave the family entirely.

Healthy, Self-Sufficient Lifestyle

My wife and I have recently started to adopt a “healthy lifestyle”. For us, that means eating more natural foods with fewer carbs and processed junk. The first thing we realized after making these changes was that the cost of high-quality food adds up quick. Then next thing we noticed was that we really did feel a lot better, so the premium was worth it.

Aside from food, we spend a lot of time commuting. Currently, my wife is commuting two hours, one way, by public transit, daily. This just isn’t healthy for so many reasons. I am in a better position, commuting a little over an hour one-way, by car, twice a day, but this takes quite a toll on us in many ways.

We don’t eat until 8:30-9:00 PM most nights. When you go to bed at 10 PM, this is a really bad thing. Second, we don’t have time for each other. Having an hour, two if you’re lucky, to catch up with your significant other is a terrible way to live a life. I love my wife, it’s why I married her! Finally, we don’t have time for our hobbies. My wife is a bit luckier in this regard as her hobby, knitting, is portable. I have taken to listening to podcasts on my commute as no one wants to listen to a table saw going at 9:30PM.

A Base of Operations with a Sense of Permanence

Living in a development has taught me two things: I love having someone else mow the lawn / shovel snow, and I hate not having a back yard to do projects in. Even with two offices, there’s no place for a shop, garden, or sheep. Yes, you read that right: sheep.

My wife is a knitter and she loves her hobby. She wants sheep, and I want her to be happy, so we need a place for sheep. My hobby is woodworking and building things. I’ve always been limited to a corner of a garage or basement, when I’ve been lucky enough to have a place at all. So room for a shop is a must for me. Finally there’s the garden. We had one in the past, and it was a wonderful experience. Now that we are focusing on healthier eating, what better way to get the best produce at the best prices than to grow it ourselves?

So on to the home search!

Searching for Superfish using PowerShell

February 19, 2015 at 1:31 pm

Lenovo installed a piece of software that could arguably be called malware or spyware. Superfish, as this article indicates, installs a self-signed root certificate that is authoritative for everything. I wanted to be sure that this issue wasn’t present on any of our Lenovo systems, so I turned to PowerShell to help.

I found a copy of the certificate on Robert David Graham’s github here. I pulled the thumbprint from the cert which appears to be: ‎c864484869d41d2b0d32319c5a62f9315aaf2cbd

Now, some simple PowerShell code will let you run through your local certificate store and see if you have it installed.

Get-ChildItem -Recurse cert:\LocalMachine\ |where {$_.Thumbprint -eq "c864484869d41d2b0d32319c5a62f9315aaf2cbd"}

You could just as easily replace the get-childitem with “Remove-Item -Path cert:\LocalMachine\root\c864484869d41d2b0d32319c5a62f9315aaf2cbd”, but I wanted to make sure the key wasn’t installed somewhere else.

Now, to take it a step further, I use the AD commandlets and some more simple PowerShell to search all my systems for it.

Import-Module ActiveDirectory
$Cred = Get-Credential
$Computers = Get-ADComputer -Filter {enabled -eq $true} | select Name
foreach ($Computer in $Computers) {
 if(test-connection -Count 1 -ComputerName $Computer.Name){
 write-output (invoke-command -ComputerName $Computer.Name -Credential $Cred -ScriptBlock {Get-ChildItem -Recurse cert:\LocalMachine\ |where {$_.Thumbprint -eq "‎c864484869d41d2b0d32319c5a62f9315aaf2cbd"}})
 Write-Error ("There was an issue connecting to computer $Computer : " + $_.Exception)

Is it perfect? No. But it gets the job done in relatively short order.

Intro To Chocolatey at NJLOPSA

December 4, 2014 at 12:00 am

Chocolatey Logo

I will be giving a presentation on Chocolatey, a Windows package manager, tonight at the New Jersey League of Professional Systems Administrators meetup. It is being held at the Lawrence Headquarters Branch of the Mercer County Library, 2751 Brunswick Pike, Lawrenceville, NJ. Come by and get some cake, meet some folks, and learn about a great tool!
For more details and to register, head over to the meetup: http://www.meetup.com/LOPSA-NJ/events/218257852/

A Hundred Domains and SHA-1 Depreciation

September 17, 2014 at 4:30 pm

Apparently I’ve been living under a rock for a while, because I didn’t know that SHA-1 was being phased out in the immediate future. Thank you, GoDaddy, for notifying me with a month and change to spare. As it turns out, Google will no longer be trusting certain SHA-1 signed SSL certificates with the release of Chrome 39, which is set for November. For details, see the following links.

Due to the fact that our clients often purchase their own SSL certificates, we have no internal records to check what algorithm was used to sign the certificates in use. So now we get to audit slightly over 100 domains to check and see what signature algorithm is in use. We could browse to each domain manually and take a look at their certificate but that would just take way too long. There were some web based tools around that could do it, but they also only worked on one site at a time.

So, instead, I looked to PowerShell to see what could be done… Unfortunately, there was no native cmdlet to do anything like this! I did find a module that had a lot of great PKI-related functionality, the Public Key Infrastructure PowerShell module, but it, too, didn’t have the much-needed signature algorithm. However, it did provide a very robust base on which to build. Below is the solution I came up with.

function get-SSLSigningAlgorithm {
        [Parameter(Mandatory = $true, ValueFromPipeline = $true, Position = 0)]
        [Parameter(Position = 1)]
        [int]$Port = 443,
        [Parameter(Position = 2)]
        [Parameter(Position = 3)]
        [int]$Timeout = 15000,
    $ConnectString = "https://$url`:$port"
    $WebRequest = [Net.WebRequest]::Create($ConnectString)
    $WebRequest.Proxy = $Proxy
    $WebRequest.Credentials = $null
    $WebRequest.Timeout = $Timeout
    $WebRequest.AllowAutoRedirect = $true
    [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
    try {$Response = $WebRequest.GetResponse()}
    catch {}
    if ($WebRequest.ServicePoint.Certificate -ne $null) {
        $Cert = [Security.Cryptography.X509Certificates.X509Certificate2]$WebRequest.ServicePoint.Certificate.Handle
	write-host $Cert.SignatureAlgorithm.FriendlyName;
    } else {
        Write-Error $Error[0]

I’ll create a CSV of the domains that I need to check, and iterate over them in a for-each loop. That function will be used within the loop to check the sites, and the output will go into another CSV. We’ll use that to plan our re-keying.

Hide Disabled AD Accounts from the GAL using Powershell

September 8, 2014 at 10:48 am

Our account decommission process involves disabling a user and moving them to a “Disabled Domain Accounts” OU. Well, it turns out that our previous admin never actually hid these mailboxes from the Global Address List (GAL), so many of our offshore partners have still been sending emails to them. I decided to start cleaning this up a bit today with the following:

Search-ADAccount -SearchBase "ou=Disabled Domain Accounts,dc=example,dc=local" -AccountDisabled -UsersOnly |Set-ADUser  -Replace @{msExchHideFromAddressLists=$true}

Another simple bit of PowerShell. The first command searches within the disabled account OU, and looks for disabled user accounts only. That output is piped into the second command which replaces the Exchange attribute that hides that account from the GAL.

How to clear all Workstation DNS caches from PowerShell

September 4, 2014 at 2:32 pm

I recently found myself in need of the ability to clear the DNS cache of all the laptops in my company. I found a very powerful and simple way to do so and thought I would share.

$c = Get-ADComputer -Filter {operatingsystem -notlike "*server*" }
Invoke-Command -cn $c.name -SCRIPT { ipconfig /flushdns }

The first line queries Active Directory for all computers that are not servers. The second line simply invokes the normal windows command “ipconfig /flushdns” on all computers.

This technique could be used to run any command across all workstations. Very powerful, and dangerous. Use at your own risk!

Finding Expired User Accounts in AD and Resetting Their Passwords with PowerShell

June 2, 2014 at 4:01 pm

The Setup

I came into the office today and was bombarded with users not being able to access our TFS server. Now, before I get too far into this story, you have to understand: Technically I’m only responsible for client-facing infrastructure. However, over the years I’ve started wearing more of a devops hat because, apparently, I’m quite good at it. That means TFS is now largely my problem. Funny how that works, eh? Anyway, back to TFS.

There were a few odd things about this issue: the oddest being that some of our off-shore developers were having no problems and others just couldn’t get in. The users with issues also couldn’t access the web portal. We (at least me) hadn’t made any changes to TFS in about a month, so I started to investigate.

After a brief panic about SharePoint not being installed properly (Hey, I didn’t set up this system, I’m just its current keeper) I managed to trace the issue to network logons. Thank you Security log! Wait, what’s this? Turns out many, many users recently had their accounts marked as expired… Turns out we just implemented mandatory password rotation and guess what? Today – 90 days was the day that a large batch of offshore development accounts were created! So now I had to reset credentials on 35+ accounts, and I’ll be damned if I’m going to do that manually!

Enter PowerShell!

List all accounts in an OU that have expired passwords

Get-ADUser -searchbase "ou=contractors,dc=example,dc=com" -filter {Enabled -eq $True} -Prop PasswordExpired | Where {$_.PasswordExpired } |select-object -property SAMAccountName,Name,PasswordExpired |format-table


SearchBase tells the Get-ADUser command to limit the search to a specific OU. This is very handy since I only have admin access to the one OU anyway. I filtered only for enabled accounts since trying to filter on PasswordExpired here didn’t work for some reason. I also explicitly called out the PasswordExpired property.  This output was piped to the where-object commandlet.


This was where I filtered on the current object group. Since passwordExpired is a bool, no fanciness needed here. Then I piped the output to Select-Object.


I only cared about some specific data for the output. I used this to select the properties I needed. Finally, I piped to Format-Table to make everything display nicely.

Reset passwords for accounts in an OU with expired passwords

Get-ADUser -searchbase "ou=contractors,dc=example,dc=com" -filter {Enabled -eq $True} -Prop PasswordExpired | Where {$_.PasswordExpired } | ForEach-Object {Set-ADAccountPassword -Identity $_.SAMAccountName -NewPassword (ConvertTo-SecureString -AsPlainText "Changeme1" -Force) }

Get-ADUser & Where-Object

These are the same as in the section above. We are filtering for enabled accounts in the contractors OU. This was piped to one of my favorite commands on earth: ForEach-Object.


This is, hands down, one of the handiest commands in PowerShell. Or any language for that matter. In this particular instance, we are running the Set-ADAccountPassword option for each object that we pass in. We pass the object’s SAMAccountName as the identity. We then create a new secure string password and pass that to -NewPassword. Then you hit enter and the magic runs!


PermaEthos PDC

May 23, 2014 at 3:39 pm

PermaEthos LogoJack Spirko, of The Survival Podcast fame, is a visionary in many ways. His most recent endeavor is a little project called PermaEthos, which aims to create a worldwide network of farms based on Permaculture Principles and Libertarian Ideals. As part of this effort, Jack and his team will be putting on an online PDC at the first PermaEthos farm. Needless to say, the wife and I are taking a PDC!

For more information on the PermaEthos model, and how it came to be, listen to Episode 1335 The PermaEthos Model 3.0.

As part of this, I created a profile over at Permaculture Global to help track what I’ve done. If you’re on that network, feel free to connect with me!
Direct Link to Profile on Permaculture Global

Good Gear!

February 7, 2014 at 3:38 pm

Whether it’s camping gear, construction gear, kitchen gear or computer gear, I’ve always loved gear. From cheap doodads to expensive precision thing-a-ma-bobs, I’ve used a lot of gear over the years. Some of it has worked really well for me, and a lot of it has failed miserably. Strangely enough, price isn’t always a determining factor, either. In this blog series, I’m going to review some of the gear that I’ve used and tell you why I love or hate it. Stay tuned for the first post in the Good Gear series: Pots and Pans!

Learning to Cook

November 18, 2013 at 2:52 pm

A friend asked me at lunch today: “How do I learn to cook?” Since this question seems to come up a lot in my life, I figured I would write a post on the topic so I could easily answer the next person.

I am passionate about cooking. I learned to cook from my mother at a very young age. She would always encourage me to help cut the vegetables, or stir the soup. Some of my earliest memories are of helping out in the kitchen (the others are of taking things, usually expensive, apart). For me, cooking developed naturally as I absorbed what my mother taught me. When I hit college, I started collecting cookbooks trying to improve on my skills in earnest. However, I quickly became disappointed in what the average cookbook had to teach.

You see, the problem with most cookbooks is that they are just recipe collections. Sure, some good ones will give you a  few brief pointers on how to knead bread, or broil a steak, but most are just a list of recipes that throw terms at the reader that they might not be familiar with. “Saute one cup of chicken, diced into one inch cubes”. What’s a saute? What’s a dice? What temperature? What pan? Do I cover it?

Most folks think that they know the vocab, and throw the recipe together in a way that makes sense to them. This usually results in an edible meal that roughly approximates the recipe, so most people leave it at that. Presto! We’re cooking now! Never mind the fact that our ragu is now more of a vegetable stew and our bread is completely crumbly without any of that nice chewy texture we were looking for… Cooking not only throws an entirely new vocabulary at you, it also throws you a new grammar and syntax, which most books don’t even touch on. By following the average cookbook, we are merely parroting back what we are reading and failing to understand why we’re doing any of it. This isn’t how you learn.

So how would I recommend you learn to cook? Learn the vocab, learn the grammar, and learn the syntax.

The vocab is basic, and fairly easy. It’s not like you are becoming a doctor and need to learn latin. To take our earlier example, sauteing involves cooking meat in a pan with oil while braising uses some other water based liquid. Most folks at home braise meats unintentionally when they cover their frying pans. The Professional Chef and Jacques Pépin’s Complete Techniques do a great job of going over the vocabulary of cooking, while illustrating it with both recipes and pictures.

Grammar is a bit more tricky. The rules are hinted at, and even discussed in a high level, in The Professional Chef. However, pick up a copy of Ratio: The Simple Codes Behind the Craft of Everyday Cooking and you will really get a feeling for the power of culinary grammar. For a full review of Ratio, see this article I wrote a while back. To summarize it, though, imagine knowing the base ratio for a cake and then being able to make any cake you can imagine. Then imagine changing the ratio of the exact same ingredients and coming out with a scone instead. This is the power of culinary ratios. They free you from recipes and let your imagination take flight.

Finally come syntax, and this is one of the harder things to learn. Syntax, in the cooking world, is the fingerprint of a particular cuisine. More accurately, it is the flavorprint of a particular cuisine. What makes American BBQ unique when compared to, say, Vietnamese BBQ? If you look at the recipes, you will notice that it is all in the specific ingredients and flavoring agents that are available to each culture. Unfortunately though, no-one, to my knowledge, has written a good book on the flavor prints of the world. The only way to learn syntax is by reviewing recipe collections on specific cuisines, looking at the ingredients in ethnic markets, and analysing the flavors when you eat out at a restaurant that specializes in that type of cuisine. It may not be easy to learn syntax, but it can be fun and filling!

Since this is an article on learning to cook, I want to share my favorite cooking show as well. Good Eats is a fantastic show by the mad scientist of the culinary world, Alton Brown. It gives great examples of all of the above material and does so in a fascinating, highly entertaining way. Truth be told, Good Eats was one of the reasons I started looking in to the whys and wherefores of the cooking world. You can pick up the DVDs of the show on Amazon, and I’m sure you can find episodes streaming online if you look on the search engine of your choice.

Was this article helpful? Did you find it interesting or disagree with it? Please post in the comments below!

Edited to add: Turns out there are a few cheatsheets floating around on flavor profiles. Have a look.