OS End of Life…

Before I left Tanium, I was working on some content around Operating System EOL Lifecycle. What does this mean exactly though? When an operating system is RTM’d or released to manufacturing (aka, downloadable and installable, in today’s day and age), it usually has a set timeframe from the company that created it to support it during its “life time”. Resources are needed to keep the published operating system (OS) secure and reliable over time, so keeping people on something that’s ten years old for example can be a strain on the company. In order to bypass this, a lifetime for a product is decided, according to how fast the company can publish a new version.

Let’s take Microsoft Windows 10 as an example. For the last few years, major updates to the Windows 10 OS typically come out in March and September, so in 2019 the two major updates were 1903 and 1909. These have a specific timeframe for supporting security updates and features on these specific builds. Here is more information about what is supported and when those life cycles go “out of support”: https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet

When an OS is within its support window, major and minor updates to the OS are provided freely, provided they are activated appropriately. These can include new features, visual updates, and hopefully lots of fixes to previously known issues and bugs. Security updates sometimes have an extended time window, depending on how critical the threat is. When an OS is outside of this support window, the charges to ask Microsoft to support these systems becomes very expensive. Why though? Because Microsoft must spend more resources that have likely moved on to newer or other projects throughout the company, on something that is not making them money anymore. Newer versions have come out, and support for older versions has mostly ceased, other that critical security patches. Microsoft is a publicly traded company, is has to make money to survive, hence the expense to support these older systems.

What’s the solution when someone has older OSes, or out of date ones? Well, that’s a tricky question to answer. Home users, that only have their personal data and machine(s) to work on, can hit Windows Update to update their systems. Sometimes this causes issues with software that may be installed, but usually those get fixed pretty quickly. On a grander scale at a worldwide corporation though, the apps that are used for business run on the operating systems that are installed, so an OS patch could affect their ability to do business. For this reason, large scale patching of OSes needs a more tightly controlled mechanism and process in order to update their company’s systems. But I want to update my system now! Hahaha, not so fast buddy. If you update, and that update causes apps on your system to misbehave or interrupt business workflow, that can cost the company money in outages. Can you imagine a bad patch being pushed out to thousands of systems running the company’s public facing website? An outage like that could cost hundreds of thousands of dollars PER MINUTE. I’ve seen it happen, and it’s quite a scary site.

Ok, so how do I update my company’s systems safely? TEST TEST TEST. Grab a few machines that represent the majority of the systems in your company, and install the necessary patches for OS and apps on these systems first, away from the rest of the systems that are making your company money. Once those have been tested for stability and continuity, then a phased approach to update those systems across the enterprise can be performed. Whether this is a small patch, or a larger bi-annual Windows 10 or Server OS patch, the workflow would be the same. Test the updates with the software you normally use, then deploy at a larger scale once verified.

But I’m using Windows Server 2003 and it runs really old software that isn’t supported anymore, since the company that created it no longer exists. That’s really tough, and I feel for you. I’ve seen situations where this is more common than you’d think. But still the same issue, though you aren’t getting patches anymore at this point. If you can’t upgrade to a newer OS, because you can’t lose the app that is running on it, this would be a good time to isolate that system, and possibly move it to a secure space in the cloud. At least once it’s virtualized, the old hardware can be decommissioned. The old app and OS virtual machine could be in your data center or public clouds like Azure or AWS. Easier to manage, even though it still won’t be updated anymore, but at least still can be used.

Some important takeaways to key in on:

  • It’s important to know what’s no longer supported and when (no upgrades, no updates, no security fixes after the support window closes)
  • Why track this over time?
    • Not paying thousands to hundreds of thousands of dollars, just for security updates
    • Get ahead of OS upgrades
    • Gain better security visibility
    • Already paying for latest Windows through Microsoft Agreements, why not upgrade?

AWS and PowerShell Core

Quick script to automatically updated my AWS access ID and secret

#set-psrepository psgallery -installationpolicy Trusted
#install-module AWSPowerShell.NetCore -scope currentuser -AllowClobber -force
import-module AWSPowerShell.NetCore
$profilename = 'ohyeah'
# Initialize-AWSDefaultConfiguration -region us-west-2 -AccessKey $x -SecretKey $y
Initialize-AWSDefaultConfiguration -ProfileName $profilename
$keys = get-iamaccesskey
if(($keys | measure-object).count -gt 1) { "Two keys already exist, must delete one first" | out-host}
elseif(($keys|measure-object).count -eq1)
    "One key exists, ready to switch" | out-host
    Set-AWSCredential -AccessKey $newkey.AccessKeyId -SecretKey $newkey.SecretAccessKey -StoreAs $profilename
    Initialize-AWSDefaultConfiguration -profileName $profilename
    Remove-IAMAccessKey -AccessKeyId $keys.AccessKeyId -passthru -force # old key


What’s Wireless “mesh”?

Eero, similar devices, how they work, and why I decided to jump into the deep end of this tech. What is a wireless mesh? In simpler terms, it consists of multiple wireless devices working together (instead of a network extender, which connects to another wireless base station, and acts as a “helper” to get packets to a farther away device) to understand where the internet is and how best to get your packets from your device to the internet. Most wireless extenders that I’ve tried, usually halve the internet bandwidth to account for getting packets to/from the base station. Mesh devices, such as eero, connect together in a more intelligent way to understand where the devices are and routes packets from devices in a much faster way. My understanding is that when the mesh is set up, where the mobile device is, it connects to the closest access point and that access point knows how best to route traffic to the internet (either another AP or the base station, whichever is closest). Wireless extenders only know how to route traffic to the base station which sounds like it would be fastest, but not in every situation since half of the bandwidth is still consumed by extender-to-base-station traffic internally. Eeros cut down on that since they remember the fastest route to the internet. In my experience, having a couple of these devices in my condo, I get near gigabit speeds to my ISP from my Macbook Pro over wireless 802.11ac. Before with one access point and an extender, I might get 20-30Mbps. For me at least, mesh creates a more stable and reliable wireless network/internet connection without having the need to “reboot the router” every week or month. Other companies like Google, Luna, and Netgear also make wireless mesh products.

Making the switch from Android to iPhone

Earlier this year I made the switch from an Android based phone (Google Pixel XL) over to an Apple iPhone 7 Plus. Why? Well let me give you a history of some of the devices I’ve had first for a less biased view.

I started with an Ericsson AF738 flip phone back in 1996. Small and compact flip phone that fit in my pocket. Most students had pagers in high school, which required someone to call a number and leave a numerical message which then got sent to the pagers, then those people would call the senders back. My cell phone (which on AT&T had a 20 minute per month voice plan), was more than enough to let my family and friends know that I was running late on my way home, or that I was going somewhere after school. In many senses, it was my digital leash which allowed me more freedom than most.

Once in college, I decided an upgrade was needed and I got a Nokia 5160. I had a few more candybar style and flip phones until I bought my first PalmOS based device which combined my calendar and contacts with notes. Treo 600/650 were devices based on PalmOS, and the 650 was one of the first on Sprint’s network at the time to allow text messaging. After that, a Windows Phone, the Pocket PC PPC6601 slider with a keyboard was now my primary phone. It was useful and fun, but large.

After college, I moved up to Redmond, WA to work at Microsoft. I drank some of the Kool-aid and had some more Windows-based phones (Pocket PC, Windows Mobile, Windows Phone, etc.) until my first iPhone. I then had some reception issues where I lived at the time, and found that switching networks and switching to a new Motorola Droid on Verizon worked better for me at the time. I stuck with mostly Android phones up until this year, when I found that iPhones might be a worthwhile switch again for what I needed.

So… I switched to the iPhone 7 plus, picked up an iPad, Airpods, Apple TV, and some other Apple goodies. I still have Windows workstations and my passion for technology hasn’t changed. Best tool for the job, but why iPhone? It does what I need it to for now, allows me to iMessage with my friends and family, and my data just goes where it needs to when I need it. Will I switch again? Perhaps. Is Android dead? Absolutely not, and it keeps pushing the other player(s) in the mobile space to get better, including Apple. The new Apple Watch Series 3 with LTE is pretty neat, and definitely works well making phone calls and data.

My story so far…

People at a recent summit were asking a bit about my story, what did I do besides helping with the summit, technical background, etc.

Well, short version. College at Oregon Tech, contracted at Microsoft on the Exchange Mailbox team and tested the first versions of the Monad/PowerShell cmdlets for Exchange, then System Center Configuration Manager testing deployments, then a few years in SharePoint/SharePoint Designer for the 2010 release. Hopped over to Expedia, learned Splunk, and now I work at Splunk as a software engineer. I work on deployments, Microsoft related things, Python, Ansible, Cloud (AWS), Apps, Testing methodologies and a ton of other things.

PowerShell Summit 2017

So this week, was the annual PowerShell Summit in Bellevue, WA. I think the number was around 230 attendees, not including speakers. So many smart and funny people around the world came to one place to hear what Microsoft and the community are doing next with PowerShell Core (6.0), technologies and companies working with Powershell, DevOps in general, and solving solutions.

PowerShell Summit

What did I get from it as a developer? Besides spending time with friends in the industry, I was able to meet people like Jeffrey Snover, Lee Holmes, and Bruce Payette. Meeting up with friends like Don Jones, Jason Helmick, Missy Januszko (@thedevopsdiva), Jeff Hicks, Richard Siddaway, Steve Murawski (Chef) and so many others I’ve met over the years, the conversations gave me inspiration and ideas for how I can not only make my personal projects better and more efficient, but also help with solutions to problems I didn’t yet know I had!

Now the meat of the story. Ansible, Python, and virtualenvs have been my life lately, and after talking to some guys at AWS, the awspowershell module sounds like it would simplify my personal dev workflow. 😀

Git Squashing, what’s going on here?

So, being a beginner to git and its associated commands and check ins, I needed a way of “squashing” the 15 or so check ins into one so others can see one checkin versus my save-a-holic-ness. I save a lot, whether it’s video games or code, and that includes commits to my local history. Squashing is combining commits into fewer to make the history much more readable. How does one squash their commits? With this magic command.

git rebase -i HEAD~3

This is what it does. The rebase command basically rewrites the local history (make sure you’ve not pushed to a remote repo though! You don’t want to mess up history for others) The -i makes it interactive, usually opening in your local editor or vi as a default for most OSes, and yes this includes Windows if you’ve installed git on Windows with the bash shell. The HEAD~3 part (no spaces between HEAD and ~3 though, and that is the tilde character before the 3), takes the local head and goes down 3 commits. Change the entries to “squash” and include in the check in.


After that, “:wq” to write the changes if using vi, git commit and merge with your upstream repo.

The Google search results in a simpler explanation: “ Use git rebase -i <after-this-commit> and replace “pick” on the second and subsequent commits with “squash” or “fixup”, as described in the manual.”

Run pytest inside of a Nano Server Container on Win10

Work in progress, but this is what I’ve got so far. I’ve been wanting to run small workloads in isolated environments that are repeatable and identical.

This is my Dockerfile, on my Win10 workstation, but customize to your environment and requirements as necessary for use. Windows Server 2016 Core is a little overkill, but I haven’t got all the necessary software running on Nano Server yet.

FROM microsoft/windowsservercore
# Because why not?
# Build docker image: docker build -t jeff1 .
# Run docker image: docker run -it jeff1 powershell
# Install Chocolatey for package installs
RUN powershell -c "iwr https://chocolatey.org/install.ps1 -UseBasicParsing | iex"
RUN choco install -y python2
RUN powershell -command [Environment]::SetEnvironmentVariable('PYTHONIOENCODING','utf-8','User')
RUN pip install --upgrade pip pytest paramiko boto
# This requires Administrator privileges, so leaving out for now
#RUN powershell -command "install-module pswindowsupdate -force;import-module -Name pswindowsupdate;Get-WUInstall -MicrosoftUpdate -IgnoreUserInput -AcceptAll"
RUN choco install -f -y --allow-empty-checksums strawberryperl vcpython27 curl git.install jdk8 openssh wixtoolset
# Placeholder for Windows Driver requirements
# git clone <git repo>
#RUN pytest <git repo>/test_foo.py

Where I See Myself in 5 Years

I want to be in a position where I can make a difference. I want to help build and create things that change people, and change the world – even if it’s in a little way. I want to make businesspeople feel powerful about their technologies, and make technologies feel appreciated by their business.

Specifically, I want to be architecting and helping to build solutions that use modern technology stacks. I want to be challenged – like being asked to integrate legacy systems that just can’t be changed, and to make it all work seamlessly. I want to be constantly learning, bringing new technology possibilities to the business, and helping decide which ones are a good fit.