• Hello World!

    Hello World!

    Welcome to Dev-Doc-Ops!

    It’s a space for Engineering Technologists, focusing on how to work with modular, open-source, & service-oriented architectural building-blocks, to create modern platforms for digital services.

    Core interests & practices:

    Public Cloud Hosting, Microservices/SOA, DevOps Delivery, Agile/SCRUM, Cyber Security/DevSecOps.

    There are likely to be posts on other interesting topics too; the common thread being technology & engineering.

  • iPhone Playback Device Selector

    iPhone Playback Device Selector

    Using Apple Shortcuts.

    I am a recent convert to Apple. It started with a personal Macbook Air, but now I am well and truely into the Apple eco-system having a bunch of their hardware.

    When I swapped from Samsung/Android over to iPhone, one thing that seemed missing by default (I am willing to be corrected if wrong here) but is really useful is the ability to easily switch between playback devices, such as the iPhone itself, bluetooth headphones, and bluetooth speakers.

    A cool way I have found to achieve this from my home app screen is to use the Shortcuts app/feature that you get with iOS to create your own macro-like runbooks.

    Here is how I did it…

    Create A Shortcut for each Device

    1. Opent the Shortcuts app
    2. Click the Plus (+) button at the top right to add a new shortcut
    3. In the Search for apps and actions box, type “Playback”, then select the Scripting action for Change Playback Destination
    4. Choose a playback device from the list
    5. Give your new Shortcut a name at the top of the screen
    6. Press the Cross (x) button at the top right of the screen to save the new shortcut
    7. This should take you back to the All Shortcuts screen, where you should see your newly created shortcut
    8. Repeat for each one of your playback devices

    Create A Menu for the device shortcuts, Add to home screen

    Next we create a menu linked to an app icon which we can place on our home screen.

    1. As we did before, in the Shortcuts app, click the Plus (+) button at the top right to add a new shortcut
    2. This time, search for Choose from menu in the search box and add it
    3. Give your new menu a promt, something like “Select Device”
    4. Add a menu item for each of your playback devices and give them an intuative name (so you know which option is for which device)
    5. Then, for each playback device, search for and add a Run shortcut action, place the action under the respective menu item, and link the action to the relevant device shortcut (created earlier)
    6. Now you should have a viable menu structure, with options that each set a different playback device
    7. The final step is to create an icon to run your new menu from the home screen. Do this by pressing the options/preference/sliders button (not sure what its exact name is), located to the immediate left of the Cross (x) at the top of the screen, and select Add to Home Screen

    And hey presto! With these steps you should have created a mechanism that enables you to quickly & easily switch between your various playback devices, straight from the home screen, with a minimal number of steps involved.

  • A Meaningful ‘Engineer’

    A Meaningful ‘Engineer’

    Towards a working definition of a term often used in our field.

    This contemplation focuses on who – or what – does the ‘work‘ in a digital service, and assumes a service provider / service consumer paradigm to said works. It conciders the space where computing meets economics; when machines are the worker and humans the overseers & engineers of said worker.

    Generally speaking, an engineer can be thought of as someone – or something – that creates, builds, and makes stuff. Engineering is a re-arrangement of the form reality is taking, making order out of disorder. This applies in many fields/products such as auto-mobiles, civil works like roads and bridges, buildings, electronics, etc.

    Engineering is a creative act; it brings something out of the realm of mind, of ideas, and into shared objective reality, for the betterment of life.

    In the field of digital service provision, where we are dealing more with formations of electrons than atoms, one possible working definition of the term (or role) engineer is: those who (or that which) design, build, support, and improve the digital machinery that is destined to assume responsibility for completing work on behalf of the service consumer.

    It takes intelligence to engineer the world around us, and if there is human engineering intelligence, then surely so too is there a possibility for a non-human engineering intelligence. Theoretically the intelligence could be human-biological-wetwear or artificial-machine-hardware in nature.

    It’s worth emphasising the point that, for a digital service, consumers are sending work requests for something (work) to be done on their behalf that they cannot or will not do for themselves. These requests are then serviced by digital machines (not humans) which return a response to the consumer. Whether human or AI, engineers act upon digital machines; they do not provide the final service execution.

    It is easy to confuse the human services with the digital ones. When we think of ITIL processes like Incident, Request, Change, these are human services where the digital machines are acted upon. But we should remember these human services are in support of the actual digital ones. To be a true digital service it must be provided by a digital entity, normally manifest in metal and silicon; all other acitivity is in support of the final service.

    The machines (e.g. Jenkins) may themselves make other machines (i.e. app env), as in the case of CI/CD pipelines, but ultimately the purpose / mission is to service the final needs of an end consumer, or user, of such a digital service.

    And of course, the final consumer of any one particular digital service can itself be human or machine in nature.

  • Connectivity Testing TCP/IP

    Connectivity Testing TCP/IP

    Go step-by-step accross the network. Ubuntu 20.

    This is some real “bread and butter” for IT professionals.

    The job of communication (i.e. payload data transmission) over a network-of-networks is a pretty complex problem. To solve this problem, network communications are broken out/down into protocol stacks; each protocol in the stack incrementally solving a part of the larger problem. The TCP/IP stack has emerged as the winner of the protocol wars, beating out the likes of SPX/IPX, AppleTalk, NetBIOS, etc. The situation is very much like VHS winning over Betamax in the videotape format war, and Blu-ray beating HD DVD in the optical disc war.

    Each layer of the TCP/IP protocol stack solves a discrete part, or sub-dividision, of the communication problem, and represents an abstraction layer. Each distinct layer has its own job in getting data payload, from a running source process, one more step closer to the receiving destination process. As a helpful reminder, here are most of the the key ingredients for the internet protocol stack:

    ProtocolJob
    Application protocol (http(s), smtp, ssh, etc.)The job of the application protocol is to facilitate the actual payload data from running process on source host, to running process on destination. And thus, finally solving the communication problem.
    Transmissiont Control Protocol (TCP) / User Datagram Protocol (UDP)The job of TCP/UDP is to get you to the correct running process “post box” or “pigeon hole” inside of the destination host.
    Internet Protocol (IP) / Internet Control Messaging Protocol (ICMP)The job of IP is to get you from source host, on source network, over to destination host, on destination network.
    Ethernet / Wi-FiThe job of Ethernet (physical + data-link) is to get you from one side of a single network / broadcast domain to the other side (usually a gateway).

    TCP/IP protocols are open, collaborative, and progressive in nature. Individual standards documentation for each protocol are maintained by the Internet Engineering Task Force (IEFT) in the form of RFCs.

    Local IP Config / Protocol Stack

    Check you have IP address, subnet mask, gateway, and DNS servers.

    # Your filename may be different
    sudo vi /etc/neplan/00-installer-config.yaml
    
    ----
    
    # This is the network config written by 'subiquity' 
    
    network: 
      ethernets: 
        eth0: 
          addresses: 
          - 10.1.2.3/24 
          gateway4: 10.1.2.1 
          nameservers: 
            addresses: 
            - 10.2.2.41 
            - 10.2.3.41 
            search: 
            - example.com 
        eth1: 
          addresses: 
          - 10.2.3.12/24 
      version: 2 
    
    ----
    
    sudo netplan apply

    Check your network interface is “UP” and the IP config running against each interface looks correct.

    ip a
    hostname -I
    ifconfig
    ifup <ethx>
    ifdown <ethx>

    Check routing table information.

    route -n
    ip route
    netstat -rn

    Check your own public IP address.

    curl ifconfig.co

    Local Firewall

    Ubuntu’s Uncomplicated Firewall command is a useful front for manipulating iptables.

    sudo systemctl status ufw
    sudo ufw status
    sudo ufw status verbose
    sudo ufw show raw
    sudo ufw logging on [off]
    cat /etc/ufw/*.rules

    Ubuntu has a community wiki page for ufw.

    DNS

    Ultimately the destination host is reached by its IP address, but if DNS names are used then we should check they resolve to the correct IP address.

    Check the DNS client’s configured name resolver servers.

    nmcli device show <interfacename> | grep IP4.DNS
    systemd-resolve --status | grep Current
    cat /run/systemd/resolve/resolv.conf

    Ensure your DNS name resolves to the correct IP address.

    nslookup example.com
    
    # To check against Google public DNS servers
    
    nslookup example.com 8.8.8.8 [4.4.4.4]

    ICMP / IP

    Check the destination host IP interface is reachable, and also the route taken.

    ping -c 3 1.2.3.4
    ping -c www.example.com
    
    tracert 1.2.3.4
    tracert www.example.com

    Transport

    Check connection establishment to the receiving process.

    # TCP
    nc -z -v www.example.com 80
    telnet www.example.com 22
    
    # UDP
    nc -u www.example.com 443

    Inspect the state of network connections and related processes.

    netstat -a
    netstat --listening --numeric-ports --programs --tcp
    netstat --numeric-ports --programs | grep 443
    netstat -altp
    netstat -tupan | grep -i http
    netstat -ano | findstr "10389" | findstr "["

    Securtiy Layer

    Check TLS settings and certificate information.

    openssl s_client -connect example.com:443 

    Application Process

    Check service status.

    systemctl status <service_name>
    systemctl is-enabled <service_name>
    systemctl list-unit-files --state=enabled
    systemctl list-unit-files --state=disabled
    systemctl list-units --type=service [--state=running]
    systemctl list-units --type=service --all

    Check running process status.

    sudo ps -ef | grep <string>

    And there you have it! Hopefully the above steps will help you travel end-to-end on the communication journey to isolate / check many of the problems that you may encounter surrounding TCP/IP networking.

    If you have any thoughts or suggestions please feel free to add into the comments below or contact Andrew using details on this site’s About page – we can always update this article to include anything that has been missed.

  • Favourite Tesla YouTubers

    Favourite Tesla YouTubers

    Keep up-to-date on Tesla. Subscribe, smash the like button, & ring the bell! 🙂

    Solving the Money Problem – Steven Mark Ryan

    Tesla Daily – Rob Maurer

    Dave Lee on Investing – Dave Lee

    HyperChange – Gali

    Warren Redlich – Warren Redlich

    Teslafaninsight – Greg

    Oracle Investments – Oracle Tim

    Dr. Know-it-all Knows it all – Dr Know-it-all

    Farzad Mesbahi – Farzad Mesbahi

    Whole Mars Catalog – Omar Qazi

    Tesla Owners Silicoln Valley – John et al.

    Tesla Fans – Tesla Motors Fans

    Infowealth – EV News World

    Jeff Roberts – Jeff Roberts

    Tobias Lindh – Tobias Lindh

    flybrandenburg – tessi-supply.com

    My Tesla Weekend – Brian

    Munro Live – Sandy Munro et al.

    The Limiting Factor – Jordan Giesige

    Good Soil Investment Management – Emmet Peppers et al.

  • Working with Cygwin

    Working with Cygwin

    Bash on Windows.

    Introduction

    Cygwin is an open-source tool which offers a handy way to run Linux commands from a Windows desktop. 

    Installation

    Downoad the installer from https://cygwin.com/install.html and run it.  

    Select the packages you want to install on top of the base installation. 

    Browsing the Windows Host Filesystem

    cd /cygdrive/c

    Adding Common Packages

    Run the installer again.

    Search for the package you want. Here are some common ones:

    PackageCommand(s)
    ncnc
    inetutilstelnet
    curlcurl
    rsyncrsync
    jqjq

  • Tech Bookshelf

    Tech Bookshelf

    Read(ing) it. Recommend it.

    The Phoenix Project – Gene Kim et al.

    Site Reliability Engineering – Beyer et al.

    DevSecOps – Glenn Wilson.

    Scrum Master – Joe Justice.

    The Singularity Is Near – Ray Kurzweil.

  • Working with Digital Certificates

    Working with Digital Certificates

    On Ubuntu 20.

    Digital certificates are a fundamental part of modern security. They assist in proving athenticity, meaning they help prove something, or someone, is who they claim to be.

    File Formats (PFX & PKCS #12)

      

    Certificates are stored and transferred as files.

    Wikipedia explains the file types well: 

      

    In cryptography, PKCS #12 defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust.” 

      

    PKCS #12 is the successor to Microsoft‘s “PFX”;[5] however, the terms “PKCS #12 file” and “PFX file” are sometimes used interchangeably.” 

    – https://en.wikipedia.org/wiki/PKCS_12 

      

    View File Contents 

      

    certutil -dump filename.pfx 

    openssl.exe pkcs12 -info -in c:\temp\cert.pfx 

    # For help: openssl pkcs12 -help 

      

    Extract Certificate 

      

    # -clcerts = only output client certificate 

    openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [drlive.crt] 

      

    # -cacerts = only output CA certificates 

    openssl pkcs12 in [yourfile.pfx] -cacerts -nokeys -out [drlive.bundle] 

      

    Extract Private Key 

      

    openssl pkcs12 -in [yourfile.pfx] -nocerts -out [drlive.key] 

    openssl rsa -in [drlive.key] -out [drlive-decrypted.key] 

    https://www.ibm.com/support/knowledgecenter/SSVP8U_9.7.0/com.ibm.drlive.doc/topics/r_extratsslcert.html

      

    Create Intermediate Certificate Bundle 

      

    From PFX file: 

    # -cacerts = only output CA certificates 

    openssl pkcs12 in [yourfile.pfx] -cacerts -nokeys -out [drlive.bundle] 

      

    From CRT files: 

    https://support.comodo.com/index.php?/Knowledgebase/Article/View/1145/1/how-do-i-make-my-own-bundle-file-from-crt-files

      

    Check Certificate 

      

    openssl x509 -in certname.crt -text -noout 

      

    Check Key 

      

    openssl rsa -in keyname.decrypted.key -check 

      

    Check Key Matches Certificate 

      

    MD5 output values should be matching: 

    openssl x509 -noout -modulus -in certname.crt | openssl md5 

    openssl rsa -noout -modulus -in keyname.decrypted.key | openssl md5 

    Test a Live Site Certificate 

    openssl s_client example.com:443 

    https://www.sslshopper.com/ssl-checker.html