Kilala.nl - Personal website of Tess Sluijter

Unimportant background
Login
  RSS feed

About me

Blog archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

> Weblog

> Sysadmin articles

> Maths teaching

Some pointers and important tips about OnVue testing

2024-12-08 08:51:00

Well, that didn't go as planned. :)

This morning I was supposed to take both LPIC 101-500v and LPIC 102-500v: the two exams that make up the combined LPIC-1 exam. I'm teaching an LPIC-1 class very soon and I thought it'd be a good idea if I'd actually done the exam at least once. 

Anyway. First big, important tip:

My drivers' license still has my "original" name, which most of you will know isn't Tess. I thought I'd get around the dysphoria of having my old name on my diplomas by telling PearsonVue my first name is my initial: T. Those match what's on the license, right? Because the license has both my first and middle name. Nope, rejected. Your name needs to match, exactly

The PearsonVue team, both the exam proctor and the chat support, were excellent. The proctor was polite and really wanted to help me take the test, by suggesting I might have another ID that does have me as "T.". Unfortunately I don't. So, they flagged my exam for rescheduling; nothing lost except for a little time. 

The chat support employee was swift to respond and friendly. They made a support case for me and indicated that, unfortunately, the name change would take a few days. So they made sure both my exams could be rescheduled without problems. 

Now, other tips.

OnVue on Windows will complain about processes like vmwp. VMWP is a virtual machine worker process, which is part of Hyper-V. In the Services app, shutdown/stop all services whose name starts with "Hyper-V", except for "Hyper-V host computer service". 

If OnVue continues complaining about vmwp: start a Powershell with administrator rights and run: wsl --shutdown. Even when Hyper-V itself is dead, Windows might be running the WSL (Windows subsystem for Linux) VM in the background.

If OnVue still continues to complain about vmwp: start a Powershell with administrator rights and run: Stop-Process -name vmwp. Agree to stop/kill all VMWP processes.

OnVue will also complain about components of VMWare. You will find these in the Services app again; stop everything with VMWare in its name. 


kilala.nl tags: ,

View or add comments (curr. 1)

Reminiscing about 25 years in IT

2024-12-07 16:54:00

I like to hang out on Discord. As we know, I like it a little bit too much.

This month, I was asked two questions which got me reminiscing about my career. About when I decided to quit IT, about when I almost lost my CISSP. And about how I've been doing things the past ten years. 

First off, someone asked me:

"What was the worst job you had?"

The worst job I've had in IT was not a problem with the job, it was a problem with me.

The time I was at my lowest, was after my first five to seven years, around 2006. I was in contracting (as in I was employed by an agency who rented me out to customers), in a job where I was tape jockey and only did minor systems administration. I wasn't motivated to learn or expand, because my employer had a very strict development path where they demanded I first do a few certs that I really didn't want. 

So I gave up. I hated that job, slacked off a lot, spent a lot of my time exploring the building instead of working. 

And while I did that, I did night classes and one day a week at college to become a maths teacher. This I loved! Mostly because I was challenging myself and because I was working on getting out of IT. 

In 2008 I finished my first year with full marks. I even finished a class from second year as well! And I had an internship lined up, so I could go into fulltime teaching. Then we learned we were having a kid and I had to go back to IT, because of money. 

A good friend of mine helped me out. I started working with/for him, and really started challenging myself again... Lots of learning, lots of studying, doing difficult jobs again.

So... My worst job? It was when I gave up.

Today, after I told a little bit about my freelancing, someone else asked me:

"I know you've got a LOT of certs, would you say that made the biggest difference getting you to the position you're in now or was there another factor?"

I have 25 years of experience in IT, but somewhere around 2007 I decided to actually get out of IT. That didn't go as planned, but in 2008 I did get a nice "reset" of my career. I took what experience I had to get a solid job in contracting (not yet freelance) and from there on out started applying myself. 

In 2009 I slowly started getting a few certifications, most importantly CISSP. That's what got me "qualified" for a few other security positions. After that though, I stupidly started slacking again. I even blogged about it then.

I managed to retain my CISSP, but I was still not really applying myself in "continuous improvement". I did some trainings here and there, listenend to podcasts, read books. In 2013 I'd had enough of that, kicked my own ass with the help of a good friend and made a plan. 

Only 11 years ago did I start my "continuous improvement" journey. Every year, I make a list of goals to achieve by the end of the year. A list which grows and fills and shifts throughout the year, with things I feel I need to learn or research... 

In 2013 I made sure to keep my CISSP and get my RHCSA. After that, it's been cycles of three years to renew CISSP, renew RHCE (the followup to RHCSA) and also renew other certifications. Plus do other trainings and certifications, which feed into the renewal cycles, but are also actually helpful. 

As Auti says: it's the journey. I make a plan for every year, I do 2-3 courses and/or certifications every year. I make sure to keep learning new things. 

On the one hand I do this, because I'm honestly afraid of becoming too "old and outdated" for the IT market. But I also do it because my customers value this attitude: I keep improving my value on the market, but staying in touch with tech and skills that are relevant and recent. 

Plus I diversify: pentesting, Linux sysadmin, auditing, teaching/didactics, cloud. There are risks in generalizing as I do, but specialism isn't my thing.


kilala.nl tags: ,

View or add comments (curr. 0)

Setting up multiple VMs to share a NAT network in UTM

2024-12-06 23:11:00

UTM networking config screen

In my Linux and DevSecOps classes, my students run a handful of virtual machines for their labs. We see all kinds of host OS configurations: Windows, MacOS, all kinds of Linuxen. And then there's both Intel, AMD and Apple CPUs. It makes for an interesting mish-mash. 

In most cases we build a NAT network, which has the VMs in it. This shields the VMs from the rest of the network (keeping them safer), while still giving them Internet access. 

Every hypervisor (virtualisation software) has its own approach for this. In VMWare it's almost by default that VMs end up in the same, shared NAT network. In VirtualBox you have to change the adapter connection from "NAT" to "NAT Network". 

UTM on MacOS on aarch64 (Apple Silicon ARM) confounded me for quite a while. Unfortunately their documentation isn't perfectly clear on the subject. But, this week we got it to work! 

To setup more than one VM, in UTM, in a shared NAT network, you do the following. For each virtual machine, go into the Networking configuration. Make these settings:

The networking configuration screen suggests that DHCP works out of the box, without configuration, but it doesn't. I have had to manually enter the information which was already in the boxes (but greyed out), to make it work. 

Now when you boot the VMs, they will be in 10.0.2.0/24 and they'll get IPs starting at .15. They can ping each other, plus you can SSH to them directly from your MAC without needing any port forwards.


kilala.nl tags: , ,

View or add comments (curr. 0)

Unifi Flex G3 camera stuck on updates: how to fix

2024-11-28 17:34:00

Earlier this month I bought an additional Unifi Flex G3 camera, for our security setup.

Adoption of the camera into the network went perfectly fine and it started streaming across the site-to-site VPN immediately. The image quality was bad though and judging by the sticker on the box, the camera had been packages two years ago. It's an old model after all. 

The Unifi Protect app quickly identified that the camera had very, very outdated firmware. I don't even remember what version it was, something like 4.17.x. And it offered to apply the latest update! Lovely!

Except that it didn't. 

Not even after I brought the camera back on-site to where the Protect appliance is installed. The updates weren't happening. There were no error messages... Just, no updates applied. 

I have mixed feelings about Ubiquiti. On the one hand they have great documentation and a decent forum. On the other hand, there's so much activity on those forums that finding answers becomes pretty hard. 

Well, after digging and digging, I found a suggestion to just download the latest available update manually from the UVC-G3-Flex product page. You can then open a browser, and browse to web interface of your camera. Yes, the camera has its own web UI!

For example, go to https://10.0.30.210/camera/system 

You will need to login! The username is "ubnt" and the password can be found in the Unifi Protect app. But not in the mobile app on your phone! You need the webapp! Go to https://unifi.ui.com/consoles then visit your Protect console and go into Protect > Settings > General. There you will find Recovery Code. That field has the password you need! 

Wow, that's hidden away! 

Once you login to the camera UI, you can go into the System tab, where you can upload a new firmware version. This finally took me from 4.17 to 4.30, which is the latest version available on the website. 

From there on out, the theory is that Protect will do the next update automatically. 

But it didn't. I still had the same symptoms! Updates were not being applied and no error messages appeared!

So I hopped back into the camera web interface, to download the support logs. That gave me hundreds of lines of application and Linux logging. :) Among those lines I found some key error messages!

{"anonymous_controller_id":"REDACTED","controller_version":"5.1.57","anonymous_device_id":"REDACTED","version":"4.30.0","model":"UVC-G3-Flex","board_rev":12,"is_default":false}1732818347 P6 360,598 ctl[669]: ubnt_ctlserver[669]: trace.put_trace(): https://REDACTED:7444/internal/device/traces1732818347 P6 360,882 ctl[669]: ubnt_ctlserver[669]: trace.put_trace(): http_code = 2021732818947 P4 960,847 ctl[669]: Firmware validation failed, uri=https://REDACTED:7444/internal/update?platform=s2l&product=uvc&updateType=firmware&version=4.73.71, status=/tmp/bin/precheck-mergeall: .: line 3: can't open '/tmp/hooks/ubnt_utils.sh': No such file or directory 

This suggests a few things:

This suggests that firmware version 4.30.0 for the UVC-G3-Flex is too outdated to actually upgrade to 4.73! That's problematic!

The logs also gave me an idea! 

What if I just download that update file using Curl or WGet, from the console onto my laptop? And what if I then go back into the camera's onboard web interface and just upload that file?

Well, that worked! :D

The G3 Flex is now happily running firmware 4.73.


kilala.nl tags: ,

View or add comments (curr. 0)

Experimenting with Entra Verified ID

2024-11-26 15:02:00

login page of woodgrove

Ever since LinkedIn introduced their Verifications, they've been constantly pushing all their members to get verified because (of course!) other members will be more likely to trust you. Since the verification process generally involves using Persona to read your passport, a lot of people are flat out refusing to do so. Be it for privacy, be it for deadnaming or for other reasons, there's plenty of discussion about red flags.

Reading through LinkedIn's verification options, I noticed there's an alternative: employment verification, where your employer will confirm that you are indeed in their service. Interesting!

Since I am self-employed and I own an actual company, does that mean I can verify myself? Why yes, yes it does. 

I did some reading and pieced together some documentation:

The process I followed is as such:

  1. I went into my Azure Portal and under Entra ID I enabled the "Verified ID" functionality. 
  2. Under Verified ID I also enabled the optional Face Check function.
  3. I then went to the "My Account" site for my Microsoft AD account and set myself up with a proper, representative photograph. *
  4. In "My Account" I then clicked the option to "Get my Verified ID". This gives me a QR code.
  5. Using the Azure MFA app on my smartphone I scanned this QR. This set me up with a brand new verified ID. It includes my name, my company email and my photograph. 

*: If you do not have a photograph of yourself setup under My Account, Face Check will fail. It will give you an error message like "No face detected in Verified ID. Use a different Verified ID with a better photo and try again.".

After setting myself up with a Verified ID, I used Microsoft's Woodgrove public test app. Here, I clicked the option that I have a Verified ID, which now gives me a QR to scan. I do so with the Azure MFA app, which prompts me if I indeed want to share my identity. 

The Azure MFA app then starts the front-facing camera, makes a whole bunch of photographs and then uses Microsoft's AI to compare it to the photograph that's setup in my Verified ID. This is why I earlier ran into the "No face detected" error message: my account avatar was the Unixerius logo instead of my actual face. 

And it works!

Next up: I have submitted a request to LinkedIn / Microsoft, as per the instructions detailed here. I hope that they will in fact enable Workplace Verification for Unixerius. 

This has been an educational day!


kilala.nl tags: , ,

View or add comments (curr. 0)

Linux+ XK1-006 beta experience

2024-11-08 14:39:00

Almost a year ago I had my first frustrating experience with the OnVue checkin process on my mobile phone. Today I learned a new aspect to this: the OnVue checkin process does not work on Apple iOS devices that have Lockdown Mode enabled.

Aside from that OnVue was great to work with, as always. The proctor was polite and efficient, I got my remote testing setup approved really quickly. The software worked fine, the checkin went well, we went over the rules quickly and I was allowed to start testing within 15 minutes. 

I don't know what's up with people on Reddit, who complain about OnVue and proctoring. I have a head cold and I coughed and sneezed and snorted a lot during my exam. I had zero complaints from anyone!

As to the XK1-006 Linux+ beta exam: I'm not as enthused as I was about XK1-005.

I had 115 questions, 4 of which were PBQ. I needed a bit more than two of the three hours I'd been given. A lot of my time went into filling out comments, giving feedback to CompTIA. I just really hope they actually get and read all those comments, so that wasn't wasted time.

One thought struck me earlier today: I get the feeling that CompTIA are trying to shoehorn Linux+ into DevOps+ or something. They're adding on all kinds of stuff that doesn't belong on a junior Linux sysadmin exam and instead should be on an exam for more experienced people with a more diverse job role.

I think that, if CompTIA don't change the objectives to go more on-focus back to Linux, I'll suggest we switch to LFCS (or even LPIC) with my students.


kilala.nl tags: , ,

View or add comments (curr. 0)

CompTIA XK1-006 Linux+ objectives comparison

2024-11-07 13:12:00

Next year the Linux+ certification exams from CompTIA are due for their new version. 003 was the first one I ever did and we're now moving to 006!

As is tradition, I've made a comparison of the exam objectives:

Nov 8th'24 disclaimer: these comparisons were made using information available at the time. This information is subject to change, as CompTIA can and will tweak exam objectives. Always grab the latest objectives doc.

Disclaimer 2: My comparison does not go into details! It takes the high-level objectives and matches them. There will be a lot of small changes, most notably in commands that are, or are not, covered. Always study using the full objectives document!

The comparison also includes comparisons to LPI Linux Essentials, to LPIC1 and to RHCSA for good measure. All of this is very rough and not detail oriented; it just gives a broad overview of the differences.

The changes I've noticed, going from 005 to 006:

If anything I feel that this exam is trying to do too much. 

When 005 introduced basic conceptual understanding of Kubernetes, Ansible and so on, next to in-depth container operations, I was happy. Just a glossing-over of the concepts, so students would understand what we use Linux for. 

But now, the fact that those things have been given objectives of their own with extensive lists of terminology? I feel it's too much. 

The addition of AI also just feels like CompTIA have a 2023-2025 mission to update every single exam to include AI/LLM. 

So, either the curriculum for 006 trieds to do too much, or CompTIA say these are exam objectives while in reality just glossing over these topics anyway. 

EDIT:

For those looking for learning resources, as always you're going to have to work with the current version's materials and then fill in the blanks. As per my comparison, the blanks are pretty considerable, so prepare to learn a lot. 

In my class we use the Sybex book, which is decent and comes with practice questions and exams. But use whicever you like! McGraw-Hill and Pearson also have good books.

There are commercial video courses (though I've heard bad reviews of Dion's) and Shawn Powers has a free series on YouTube

I share all my labs and practice exams here -> https://github.com/Unixerius/XK0-005/


kilala.nl tags: , ,

View or add comments (curr. 0)

It's okay to admit you can't do something

2024-10-12 22:09:00

I volunteer for Wiccon, a cybersecurity conference here in the Netherlands. Last year I gophered on-site and did a presentation on stage. This year I'm gophering again, I helped in the CFP (call for papers) and I'm in charge of the gopher-planning. I'd also submitted an abstract, which was ultimately not chosen.

A few days ago Chantal reached out to me, if I could maybe do my proposed presentation after all because another presenter became unavailable. After some thinking and puzzling I thought I could make it work. I had nothing but my abstract, but with 2.5 weeks remaining I could maybe make it work. Right?!

Well, it's caused me a lot of anxiety, to be honest! As I said, I had only the concept of what I wanted to present about, but not even a skeleton or a set of research. I'd not worked on that since my CFP submission was rejected. 

This morning I reached out to Chantal and Dani to tell them I couldn't do it. 

I'm preparing to teach four classes (DevSecOps in October, Linux+ in November and Linux Essentials and LPIC1 in December), I've got family matters and my primary customer. Shuffling priorities would free up some time, but going from zero-to-complete is simply not possible. I can't do it. 

It's ironic that I would fall for this trap, even after telling Roald not a month ago that "I want too much, I'm too greedy". 

It felt like I was letting down valued colleagues, friends even. I'd promised to help them, but I can't. If I did, my health and sanity would suffer, to the detriment of all other commitments I have. So I won't do it. 

And it's okay. I'm telling myself that and so are they. It's okay if you can't do something. If I can't do it. 


kilala.nl tags: , ,

View or add comments (curr. 0)

Older blog posts