Working from home in a time of Coronavirus

Introduction

I’d noticed that once our team had shifted to mandatory remote work, it seemed to take our team a bit off guard. Working from home was something I’d championed a while before this came about, though I hadn’t planned for it to happen so suddenly. I spent a couple months researching a number of books and articles, and came away with some common themes I’ll share with you below.

This is from the perspective from someone working at Microsoft, and so using Teams rather than Slack or Zoom, but the principles should transfer over using like functionality.

The daily routine

  • Initiating the day Creating a ritual for the beginning of the day helps to level set your head. This replaces your commute. This can be a walk around the block, a run, meditation, or whatever works for you. This can also be the time where you decide what’s the one win you want to get from the day.
  • The Workspace It helps to create a workspace at home, which is zoned for work so you can mentally be at work, and minimize distractions.
    • Some may be disciplined enough to work wherever, and switch up their work environment to the couch, the back porch, a coffee shop, or a coworking space. Just be mindful of distractions, and productivity impact.
    • Ensure you have the gear needed to create a productive work environment. Ars Technica has a decent starter list.
  • During the day You’ve probably heard that breaks during work are important. A good guideline from research is to follow a Basic Rest-Activity Cycle (BRAC) also known as the ultradian rhythm (contrasted with your sleep circadian rhythm). The guideline for following this is to take a 20 minute break every 90 minutes but you can make breaks as little as 10 minutes, and the break interval up to 120 minutes.

    You can use apps like PowerPom , Stretchly , or my personal favorite, Forest for IOS and android to encourage your computer or phone to remind you. If you’re already doing the pomadoro method, this accomplishes basically the same thing.
  • Finishing the day Creating an end of work ritual is also helpful. You can use the cues from this simple website to wrap up your day, but whatever you do, find a way to shut your brain off. Write down anything you need to remember from the day before, and decompress.
  • See Also:

How to succeed when no one can see you

  • Amplify your Work When working remotely, the key is to overshare what you’re working on. That means never assume people know your intentions, requirements, current blockers, etc unless you share them. These can be shared in a group meeting, a standup, or on a work progress board (if everyone uses it). You must confirm, not only that you put it out there, but it is seen by others in whatever medium you use.
  • Share your successes Related to the above, don’t be afraid to share your accomplishments. This is another way to be seen, and to have others use the work you’ve done.
  • Foster a Culture of Gratitude Did you know Teams has a praise app ? Whether you decide to use this, or another method, do your best to recognize others who are doing great work. It’s important not only to be seen, but to show the team you see others who are also trying to make their work visible.

Being part of the team

  • Find ways to share stuff about yourself with others When people commiserate, it creates camaraderie. If your team has a common chat area, participate. This doesn’t have to happen in a group setting, it can be when you’re collaborating with another team member. The theme here is to be proactive in this step, especially since most engineers tend to be introverts. The more you trust others, the more they’ll trust you.

Burners Off – Why I’m moving from Chef to Ansible

Thoughts on the new Chef license agreement

Back in April I’d learned that Chef was changing their licensing structure for Chef. I’ve been considering what to do over the year. This isn’t a hot take, but a response after months of consideration. I’ve been working with Chef software for about 7 years, so I’m fairly invested in it.

In a nutshell

Chef is basically changing their license from an Open Core model a Dual License model starting with Chef 15. This not only includes the server, but all client and server tools associated with Chef, Inspec and Automate.

This doesn’t feel right

I’d received a presentation from some folks from the Chef sales and engineering arm with some key points to frame the change (in no particular order):

  • 2018 was a great year for them.
  • They’re still committed to and are doubling down on open source.
  • They’re open sourcing all product code now including automate.

I’ll start with the great year in 2018 comment. Since Chef is a big part of my job, I’ve followed them and key players for a number of years. What would be more intriguing is if Chef was more honest than the claims they made. I’ve seen a fairly significant amount of turnover with engineers (many have gone to Azure) and sales staff over the last few years. It
seems every year or two I meet with a new sales staff. I can only speculate as to the reasons, but high turnover is never a good thing.

Software, Licensing, and Getting Paid

They’d also referenced that this was backed up by the SFOSC authored by Chef’s own Adam Jacob. Though it seems to fly in the face of freedom 0 referenced there “The freedom to run the program as you wish, for any purpose”.

Last, there’s a reason why Chef had to create their own license instead of using an off the shelf one. This isn’t normal for the community. No matter what Chef claims, they’ve ceased to be an Open Source company, at least in the traditional sense. There is no Open Source company doing this that I can find. QT is close, since with a commercial license: “you also have access to the official Qt Support and close strategic relationship with The Qt Company to make sure your development goals are met.”.

In some cases, Chef is also doing the right thing by owning a bunch of their recipes since they’re more or less turning into an open source but closed usage company. Other things raise some questions, like their Hackathon, where they’re getting people work on their own bugs for a software that they have to pay for if they’re using it for a company (which is
more than likely).

Blowback

To me it begs the question, who make a change that will so obviously anger your community? What’s the goal? Obviously, try and make more money. But I could see possibilities such as trying to stay in the black, or looking to be aquired. Again it’s all speculation, but it also shows the lack of transparancy. This isn’t a move who’s first intention is to benefit the community, it’s intended to benefit themselves.

The real issue here is that engineers rarely have budget for software to get things done in operations. We choose tools like Ubuntu, Chef, Github, Kubernetes, etc because we don’t have to ask management for budget. In my multi-decade tenure of doing this sort of thing, I can honestly say that asking your boss north of $100k/year for software that you can get running (or was previously) free rarely works out well in the end.

Chef Licensing Complications

Digging into their actual licensing, there are a number of complications and conflicts if you dig deep enough. Their FAQ
answer carries the most information:

  • Source Code remains governed by the Apache 2.0 license. It is the same code and license that existed before April 2.
  • Binary will be governed by the Chef commercial relationship or the Chef End User License which grants a limited license to individuals and some experimentation/educational uses for businesses.
    • “Use and run the Software on such computers solely for Your personal, non-Commercial Purposes or Experimental Use.”
  • Businesses who wish to deploy a Chef binary will need commercial relationship with Chef.
  • All trademarks remain the property of Chef. Use of the source code and binary are always subject to the Chef Trademark Policy.

Also, their trademark policy says that you can’t just recompile their software
with their marks:

We consider your compilation of our open source code into a distribution for use in your business to be your distribution, not Chef’s distribution. Therefore, the resulting distribution must have enough of the Chef Marks removed from the source code so as to not confuse users as to the origin of the distribution.


There is an effort (called Cinc) trying to do just that: remove the branding f
rom Chef to make it more “free” like the RedHat/CentOS model, but doing this is against their End user license

You must not, directly or indirectly:

(c) remove, delete, alter, or obscure any trademarks or any copyright, trademark, patent, or other intellectual property or proprietary rights notices provided on or with the Software, including any copy thereof

One thing that was mentioned during the presentation was forking. If you’ve been in this industry for any length of time
, you’ve probably seen sort of thing happen again and again. I foresee either a fork, or reimplimentation like Goiadi, a Chef server written in Go. This sort of thing happens all the time, there are other notable examples which I’d hope would happen with Chef:

MySQL -> MariaDB
Nagios -> Icinga
Openoffice -> Libreoffice
Hudson -> Jenkins

Chef does have a guideline for forks which contradicts the above. My Concerns with Cinc:

  • The team developing it is extremely small, about 2-3 people that I’ve seen on the Slack channel. With OSS projects, a large team is needed as people change jobs, get reduced time due to familial responsibilities, etc. In my experience I don’t see this as a team with long term viability. Cinc is not supported or backed by Chef. Chef has not promised to avoid breaking changes to the project.
  • There is no legal support from Chef that Cinc is compliant. Chef mentions Cinc in documentation, but Cinc hasn’t been formall “blessed” by their legal team.
  • Due to Chef’s latest behavior. If Cinc were to be successful, and threaten their revenue stream, they would likely they’d change or enforce the rules further to correct that.
  • The Chef server (Cinc-server) is still a ways out, most of their effort is on the client “Chef Infra”.
    Other products like inspec are on the backburner.

Making the switch

I was hoping for some major fork activity to have happened at Chef Summit, however I suspect that many people are doing what I’m doing. With Chef putting pressure on folks like me to either pay up, or move on, I suspect some will run Chef non-compliant. There is nothing stopping them from doing so. As for me I’ve made the decision to run a compliant version while I start to convert to Ansible.

I’ve been in the industry long enough to have switched Configuration Management platforms several times. Cfengine, Cfengine2, Cfengine3, Chef. To me this smells once again like a player that is slowly sinking into the background. No Chef’s not dying, I don’t suspect it will ever. However, it’s less and less going to be the choice for a greenfield deployment.
If you look at the number of forum members, github stars, and the forks, the current leader is Ansible, and it’s one I hope to get another 7 years of milage out of. For those of you interested, they do have a push model like Chef, so it’s possible to at least have a similar architecture.

So it’s burners off. Time to put way my knife, cookbooks and recipes. Time now to run with the sci-fi themes of Ansible, and working with playbooks and yaml.

A Cmd/Windows/Powershell Rosetta

Here’s a copy of some Onenote notes I  made about 4 years ago when I was a Linux user desperately trying to learn Windows (and this was before WSL). Back in my day we were forced to use Cygwin or MinGW! There are some other similar guides out there. Hopefully this helps someone! I’ve done some light editing, but this is mostly my notes in raw form.

A powershell survival guide:

http://social.technet.microsoft.com/wiki/contents/articles/183.windows-powershell-survival-guide.aspx

Rosetta

Powershell Linux/Unix Windows CMD PS Alias
get-acl whoami whoami whoami
get-alias aliases   gal
clear-host clear cls clear
get-volume df    
 

repair-volume

fdisk chkdisk  
enter-pssession ssh   etsn
Get-ChildItem ls dir ls, dir
Remove-Item rm del rm, del
Get-Process

Get-Service

ps tasklist ps
Get-Location pwd   pwd
Move-Item mv move mv
Stop-Process kill taskkill kill
Get-History h [f7] h,history
Set-Location cd cd cd
Get-Content cat type cat,gc,type
Copy-item cp copy cp
Tee-Object tee   tee
New-Item -type file touch   ni
Get-ChildItem Env:/gci Env: env set env (sometimes)
Get-Help man help man, help
Select-String grep findstr sls
  logout shutdown /l

logoff

 
Get-ChildItem find where gci
Sort-Object sort   sort
Get-Content -totalcount

Select-Object -first

head   gc

select

Get-Service update-rc.d/chkconfig sc config gsv
start-service service start /etc/init.d/<service>start net start/sc start sasv
get-content <file> -tail <n>

select -last <x>

tail -n <x>   gc
Get-Service service –status-all/   Gsv
Get-Netipaddress/New-NetIpAddress Ifconfig ipconfig  
Get-NetAdapaterStatistics ifconfig    
adduser   net user  
Get-Command which, alias <command> where gcm
Test-NetConnection ping ping  
Test-NetConnection -Traceroute traceroute tracert  
Test-Netconnection -Port tcping    
Test-Connection ping ping  
   

ldd

dumpbin /dependents “file.exe”

(dumpbin comes with visual studio)

 
foreach {“{0}” -f ($_ -split ‘\s+’)} or

foreach {($_ -split ‘\s+’)[0]}

awk ‘{ print $1}’    
 

measure-object -line

wc -l   measure
measure-command time    
 

stop-computer

shutdown -h now shutdown /s /t 0  
   

w

qwinsta,rwinsta  
set-alias alias command=   sal
get-culture locale    
 

get-date

date    
  dd if=/dev/random of=/temp/file size=1gb  fsutil file createnew 1gbtest (1gb)  
write-eventlog logger eventcreate  
Rename-computer newhostname hostname  new-hostname    
Add-Computer -DomainName ADDOMAIN Joindomain-cli ADDOMAIN adminuser (using powerbroker) otherwise…winbind    
Test-ComputerSecureChannel -credential domain\admin -Repair      
New-netfirewallrule iptables    

uptime:

$wmi = Get-WmiObject -Class Win32_OperatingSystem;$wmi.ConvertToDateTime($wmi.LocalDateTime) – $wmi.ConvertToDateTime($wmi.LastBootUpTime)

 

 

 

Process Magic

Get a process with a listening port:

netstat -aon|sls LISTENING|sls  port

Use WMI to get a procid

get-wmiobject win32_process -filter "ProcessID like '1234'"

Use WMI to get a process with owners

Get-WMIObject Win32_Process -filter 'name="explorer.exe"' -computername 'localhost' | ForEach-Object { $owner = $_.GetOwner(); '{0}\{1}' -f $owner.Domain, $owner.User } | Sort-Object | Get-Unique

Use WMI to get something similar to ps auxww

Get-WmiObject Win32_Process -Filter "Name like '%java%'" | select-Object ProcessId,CommandLine|format-list

qwista, query session

 

Powershell Commands are in Verb-Noun form. You can search for them:

get-command (list of commands)

get-command -Verb Get (your verb choice)

get-command -Noun String (your noun choice)

Get-Help man (man works)

 

Get detailed info about a drive

Fsutil fsinfo ntfsinfo c:

GUI: Computer Management

# Like du -s

gci . | %{$f=$_; gci -r $_.FullName| measure-object -property length -sum | select @{Name=”Name”; Expression={$f}} , @{Name=”Sum (MB)”; Expression={ “{0:N3}” -f ($_.sum / 1MB) }}, Sum } | sort Sum -desc | format-table -Property Name,”Sum (MB)”, Sum -autosize

 

Command similar to Linux find:

# This will find mp* files

Get-ChildItem “file_location” -Recurse -Include “*.mp*”,”*.m4*” | foreach-object {$_.Fullname}

Remote session in windows (like ssh)

ssh enter-pssession ComputerName –credential UserName,

Needs port 5985 open

# Open up firewall on the server

netsh firewall add portopening TCP 5985 “Winrm 2.0 port 5985″

or the new way

netsh advfirewall firewall add rule name=”Winrm 2.0 Port 5985″ dir=in action=allow protocol=TCP localport=5985

# Trusting the remote host

winrm set winrm/config/client @{TrustedHosts=”RemoteComputerName”}

Making a profile (equiv edit .profile):

New-Item -path $profile -type file -force

Pipe things:

get-command | select-string -pattern “Start”

Select-String vs Where-Object

Frequently, output of commands is formatted in object columns. Select-string won’t grok it, but where-object (where) will. You’ll just need to specify the object name:

get-service|where {$_.DisplayName -like “*Apache*”}

Additional Info on using “Where-Object” to pass multiple conditions

Example:

dir E:\temp | Where-Object { $_.PSIsContainer -and $_.Name -like ‘t*’ }

 

#You will often need to add parentheses to group expressions on either side of the -and and -or operators

Get some vim

Vim doesn’t really work remotely, nor does any editor.

You can do some fun pipe tricks to download the file, and reupload it, but your best bet is probably just to go into file explorer, and edit the file that way.

 

Reference

Command Shell Overview

Windows Command Line Reference

Powershell Cheatsheet

 

Switching from Mac to Windows

For a lot of tech geeks, there seems to be a lot of interest lately in switching from Mac to Windows. Especially in light of the fact that Apple is killing off the escape and function keys, and Windows has just added Linux functionality.

I was, like a lot of Linux geeks a Windows hater for years and years. I then got completely burned out by an OSS loving startup and got an offer from Microsoft which, after working there, caused me to reconsider my blind brand loyalty. I use a lot of Microsoft stuff now out of convenience, but I also use a lot of OSS at work. Believe it or not, by and large Microsoft internally has taken a “best tool for the job” approach, with the caveat that you should at least should try theirs first.

That seems to be the first step in switching. A lot of folks consider themselves to be “An Apple Person” or “A Windows Person” or even “A Linux Person”. Lets stop right here and be pragmatic as most geeks are want to be. You want something that gets the job done, right? Who cares if it’s Mac or Linux. Vim or Emacs. Postgres or MySQL. Ruby or Python. You get my point. We live in an age where there are a lot of wonderful tools that we can choose from. So lets celebrate that (and not slag the choices of others).

So after using Windows for a bit, what do I like about the Windows ecosystem? Why else would you want to switch? Here’s some things I enjoy about being a Linux admin that uses Windows

Why Switch?

Hardware choice: This could be a negative, since there are a lot of vendors that produce great hardware that rivals Apple. It also tends to be cheaper. I’ll admit they don’t tend to hold their value as well for resale as Apple because…well it’s easy to pick up newer cheaper hardware. However, you can get a laptop a lot like a Macbook Pro, or you can get a laptop with a built in ethernet and VGA port with a removable battery.

Apps: As any Mac user knows, you still from time to time run into some software or hardware that needs Windows to run or update. The nice thing is that you can run them now! The sad thing is there are a number of Mac apps you may need to find an equivalent to. Oh and you can still run iTunes if you really want to.

Linux: Windows Subsystem for Linux (WSL) makes it possible to now run Linux apps. Which as most Mac folks know is what they really wish they were running on their Mac. Sure homebrew allows you to run a lot of apps on the Unix portion of Mac, but a lot of us know Ubuntu better than some of the non-standard things OS X uses like launchd. That said WSL isn’t perfect (ping doesn’t work yet). And you’ll still need to learn a lot of Windows things to make full use of Windows. You can think of WSL as a native Linux running under Windows, but it’s not exactly Windows aware from an internals perspective.

I won’t get into switching to desktop Linux. I’ve tried it myself over the years and for me, it’s just not there yet. I just want to use something that works, and I’ve personally had a lot of issues with desktop Linux that I haven’t had with Windows or OS X. Your mileage may vary of course.

The Geek Learning Curve

So some things you’ll want to do if you switch to Windows:

Learn Powershell: Yes you can use Bash in Windows, but it doesn’t do all the Windows system stuff you’d like (like dive into WMI objects, start/stop windows services, or scheduled tasks). This is a bit easier than you think, but it will make understanding Windows easier. Powershell is very similar to languages like bash and ruby. Though unlike bash, instead of parsing text output all the time, you’ll be parsing objects which you’ll wonder why bash doesn’t do after you’re use to it. Once you realize that Windows, Linux and OS X basically all do more or less the same thing under the hood, it becomes a lot easier. You just need to find the equivalents. Here’s a good place to start.

SysInternals: If you’re a Linux geek, and like to really know what’s going on with your OS. You’ll probably want to use the Windows Sysinternals Suite. Procmon is by far the most useful of all the tools, but the rest will give you better insight to the system that the tools that come with windows lack. There’s even a book just published on this.

Find the apps to make you productive: You can find a lot of equivilants for OS X on the internet, but some essentials I use as a Linux admin are ConEmu, Visual Studio Code, Enabling WSL, enabling chocolatey in the Windows Oneget repository (Oneget is a windows app management repo like apt or yum), vim and git.

Read some Blogs: You’ll probably want to read some blogs to get you up to speed. Hey Scripting Guy is great for learning Powershell. And Scott Hanselman has a lot of great Windows tricks he shares. There are also of course subreddits dedicated to this stuff.

What am I using?

So when I switch off my old Macbook Pro, I wanted something that was a little better than it. My criteria was:

  • Needs to have a fingerprint reader. I wanted Windows Hello, which uses biometric authentication. However, after trying the facial recognition, I found it annoying that it would just unlock without my telling it. That meant the Surfacebook Pro was out for me.
  • Needs to be a 2-in-1 PC. Which means it needs to be able to convert to tablet mode somehow. I like to read PDFs on my computer without it being in “keyboard in front of me” mode. It’s also nice to watch longer videos without the keyboard in front of me.
  • Needs to be touch screen, which the above basically requires. I use touch surprisingly often, though I know people who don’t. It can really save on mouse travelling/targeting to just poke the thing you want. If you go to tablet mode, yes obviously you’ll need this.
  • Runs Windows Signature: This was a nice to have. I could probably take a PC and flatten it with a new version of Windows to remove the crapware, but I’d rather it be ready out of the box.

The winner ended up being a Lenovo X1 Yoga. Now there are many other laptops out there to fit whatever your requirements are. I like the design of Lenovo because it’s tough and tends to favor function slightly over form. I really don’t care about brushed aluminum, but if you do, then vendors like HP, Dell, and Asus and Microsoft also make laptops that you may consider.

 

 

 

Do we really need backups anymore?

Like many good sysadmins I’ve been pretty good about keeping backups at home. I’ve done so for a number of years, going through free solutions like boxbackup a while back, and then trying other big name solutions out such as Mozy, CrashPlan and Carbonite. So I got a notice recently that my backups payment was due again. Costs for backups have risen a bit since I remember. It used to cost me about $75 a year and now it’s closer to $120-$150 which made me think…how badly do I need this service?

Let’s back up a bit (pun intended)…

In the old days before everyone was talking about The Cloud you really needed backups. Your e-mail was stored all pretty much on your computer. Your music collection. All those documents on your computer that formerly were in your file cabinet were there. Your contacts list. Your financial stuff. Your photos. All this stuff was on one big Single Point of Failure.

Times have changed…

All the things above typically aren’t on your computer anymore. A lot of people use Pandora or Spotify making the Music Collection obsolete.  iTunes came out with iTunes Match which stored your music in their cloud for you if you still like things that way. If you use Google or Microsoft, they store your e-mail, they have fairly cheap to free drive solutions you can store your documents away including financial stuff. You can use their bank, or Mint for keeping up with finances. Most people take pictures with their phone and there are options to automatically upload your photos to Onedrive, Google Photo, or Dropbox. And they have nice photo album options anyhow so why not put all your photos there?

I started to think about what would happen if I lost my computer right now. What would I freak out about? What would I lose? The answer started to quickly become “not much”. Looking through my hard drive, I realized my computer is turning more and more turn into a client in the cloud server world, and I’m alright with that. I uninstalled my backup software, and didn’t look back.

SSH in Windows the Linux Way

Everyone that uses Windows ends up using putty, which bothers me because putty (and it’s fork, kitty) has its own separate program, with its own terminal. I’m used to being in the command line doing whatever it is.

These days my console is ConEmu. If you’re suffering through the stock powershell console, I highly recommend trying it out along with PSReadLine. Once you’ve set those up you’ll start to have a console closer to the one you loved in Linuxland (if that’s what you’ve longed for).

For ssh, there are a couple options:

  • Install MinGW+MinGW-Get
  • Install Cygwin with openssh.

You may have one of these things installed. If not it’s easy enough to use chocolatey to install them.

You’ll want to verify the ssh your %PATH% is directing you to. MinGW-Get, Conemu, and Github will all install ssh for you and it may be unclear which one you’re using:

which ssh

If you’re a powershell user you may want to set an alias to the ssh you prefer in your Profile.ps1. I prefer the cygwin one, but of course it’s your choice.

set-alias ssh C:\cygwin64\bin\ssh.exe

ssh configs

If you use cygwin, you can edit your ssh configs in:

C:\cygwin64\home\$ENV:USERNAME\.ssh\

Git’s ssh will look for your things in:

C:\Program Files (x86)\Git\etc\.ssh\
 I ended up using procmon from Sysinternals to find these config locations, which for you Linux people does a lot of the same thing that lsof does. Enjoy!

Fixing Onenote’s “Sorry, another account from your organization is already signed in on this computer” on OS X

I spent this afternoon fixing this, so I thought I’d share what I found.

It seems that when trying to sign into OneNote on OS X using Office 365, one can run into trouble signing in, especially if you’ve used OneNote on the system before with another Office 365 account.

I’d originally tried to find the files that OneNote was using using lsof on the command line. While I still recommend this, truthfully I don’t think this is what fixed it. I’d start doing this with Office Uninstalled is that Office and OneNote are somewhat intertwined, and you’ll probably hork up your Office install by performing these steps and will need to reinstall it anyhow.

In any case, you should get a list of files that OneNote is hanging on to when in runs. With OneNote15 on OS X Yosemite I found the following:

/private/var/folders/73/6xk183y162z0mxydn8lrqtp40000gn/T/com.microsoft.onenote.mac
/private/var/folders/qm/v7b29f9d2zb3z4mbbjc9sxww0000gp/C/com.microsoft.onenote.mac
/Users/kris/Library/Containers/com.microsoft.onenote.mac
'/Users/kris/Library/Group Containers/UBF8T346G9.Office'
'/Users/kris/Library/Saved Application State/com.microsoft.onenote.mac.savedState'
'/Library/Logs/DiagnosticReports/Microsoft OneNote'

For the command line savvy, just do the following to find your OneNote files, on my system, using locate seemed to ignore many of the directories in question:

find / -iname onenote

This will find the directories above for your user. Uninstall OneNote. I installed mine from the app store, so that required me to go to launchpad, find onenote, hold down the mouse button till it jiggles and press the circle x that appeared.

Afterwards, delete the directories you discovered since the uninstall process won’t.

Next is the step that I think really fixed the issue.
* Open up the Keychain Access app.
* Select “Passwords” on the right under “Categories”
* Search for “Office”
* Delete everything you find in there, you’ll likely see a few items such as:
** Microsoft Office Identities Cache 2
** Microsoft Office Identities Settings 2
** A credential key with a GUID for a name. It’ll have a blue @ sign.

After that, install OneNote, and try to sign in. In my case, the error was no longer present, and I was able to sign in using my Office 365 account.

How to use your own domain with outlook.com

Introduction
I’ve been around the e-mail block a few times. I’ve used Google apps with Gmail, Office 365, and Outlook.com. Outlook.com seems to have a pretty interesting offering I’ve been happy with so after a lot of going around trying to figure out some of how it works, I decided to share some of my discoveries.

There are some blogs that say use domains.live.com to register a new account with Outlook.com. Stop. Don’t do it. Why? Because you’ll only get to register that one e-mail address, verifying others will be impossible. Plus I’ve discovered, it’s not really the “right” way to do things. Domains.live.com is likely only around for legacy reasons.

So what’s the right way?

If you want to host your own domain there are a few options. These days Office 365 and Google Apps are your best “business class” options. Both are great. However, your Google Apps account will be a Google account like any other home google account, with access to the same services as any normal Google user. Microsoft decided not to do that, so in the Microsoft world, you have two choices for e-mail:

     * Microsoft accounts: These are evolutions from previous microsoft account types. Such as live.com, hotmail.com, msn.com. Microsoft has made many attempts at a single sign in (much like Google has) and this is the current term for them. You can also have a domain based account through domains.live.com much like you could with Google. This service isn’t available any longer to non-paying customers with Google. However, Google doesn’t have the dual accounts paradigm that Microsoft does.

     * Office 365 accounts: These are domain based accounts which you’ll use do sign into office 365. It it useful only within the Office365 realm that you create when you have the service. Also, multiple sign on doesn’t work so well so if you have two Office 365 accounts to sign in at once, you’ll need to create a separate browser session.

What does Office 365 have?
With even a basic Office 365 account (NOT counting Home Premium, that is a weird service not really related to Office 365 at all). You get
* Domain based e-mails
* Webmail with mail, calendar, contacts, etc
* Your own web hosting service
* Lync messaging within your business or domain
* Onedrive for Business (which is basically just a Sharepoint filesystem NOT linked to consumer Onedrive at all)
* Internal Sharepoint site
* Powershell integration so you can script creation and reporting commands
* 5 downloads of MS Office per user (with Small Business Premium)
* Office Online (Microsoft’s answer to Google Apps…which was Google’s answer to Office)
* Mobile integration is just exchange. Though they have a neat iPad/iPhone app: OWA.
* 2 factor authentication only for Midsize plans or higher.
* Supports Exchange, IMAP, and POP
* Real support
* 99.9% uptime guarantee

For e-mails it’s pretty much just Hosted Exchange:
* Shared mailboxes
* Distribution lists (external, or forced internal only)
* All the aliases you want for users

So if you’re wanting to host your domain there, that’s what you get for your money. Unfortunately it’s overkill for me in some areas and lacking in others.

What does Outlook.com have?
* Outlook.com mail app for Android
* 2 factor authentication
* Webmail with mail, calendar, contacts, etc
* Supports Activesync, IMAP, and POP
* Chat integration with Skype, Google Chat, and Facebook

It’s a lot less, but the important things for me were:
* The android app
* Skype integration
* The webmail for Outlook.com just seems better.

In other words, Outlook seems tailored for the home user, using Office 365 can be an awkward fit.

So how DO you use outlook.com with your own domain?
Really the best way is to go to your domain registrar and use a forwarding service. If not use one from someone like dyn.com or dnsmadeeasy.com. Neither require you host the domain there, and they have ok rates. Otherwise you could set up your own, but I’m guessing you’re trying to get out of the hosting your own e-mail business if you’re reading this. I use name.com which suits my needs.

So create a normal outlook.com account (Which is really a Microsoft Account) with a name of your choice. The beauty is you can your account name very easily, and if you verify your e-mail, you can actually switch your account to use that e-mail to log in. This is why using domains.live.com isn’t really with it.

Once you log into your outlook.com account.Click on the top right to “Account Settings”.
From here you should see an overview page, with the option to create aliases. As long as you can receive e-mail to that address, you can verify it as an alias, and you can start forwarding that e-mail to your outlook.com address later.

You may have some assumptions about what an alias is…

Fun facts about Outlook.com aliases:
* They allow the user to use that address to log into Microsoft services
* They allow the user to send e-mail from that address
* Your primary alias is use as your default “From:” address.
* You can have 1 primary alias and a limit of 10 other aliases.

If you create an alias on one account and need to transfer it.
* One you let the alias go, it ends up in limbo for 30 days.
* Old Microsoft accounts themselves will lay dormant for 270 days (9 months).

You do NOT need to create an alias to receive forwarded e-mails to that account.

Caveats
You may find that forwarding your e-mail to outlook.com from certain forwarders results in bounces from what I’m guessing are SPF restrictions. In my testing so far, name.com doesn’t seem to have this issue, but I’ve had this issue forwarding from Office365 to Outlook.com. Some of these include Facebook, Twitter, Linkedin, Living Social, and others. I recommend extensive testing before cutting things over. One workaround of course is just use your Microsoft Account for these periodic spam notifications. It’s not like your friends are going to see it.

An Introduction to Sensu

Introduction
Sensu is an open source monitoring service for the cloud by Sonian the diagram below explains most of how it works quite well, but it has several components in order to make it scalable:
RabbitMQ is really the central “server” in terms of where checks come from, and where the results go. Here’s the flow of a rabbitmq check.
  • Server gets a new check that the client needs to execute. It puts that into rabbitmq.
  • Client checks rabbitmq for any checks to execute, it sees a check it should perform, so it gets the data from rabbitmq, and executes the command.
  • Client takes the results of the command, and puts that into rabbitmq
  • Server checks for command results, sees that a client put in a result. It posts it to the dashboard.
Metrics (Graphite):
  • Server sees a metric, as directed by the handler, it puts it into the rabbitmq for Graphite’s carbon service.
  • Carbon takes that data from rabbitmq and puts it into graph.
Features:
Built for the cloud. Sensu is made to have clients just magically appear. There is no individual client specification in the config files in Sensu. Likewise, Sensu has a REST based API where clients can be just as easily removed.
Scalable. Since the central service uses rabbitmq, which itself is quite scalable and can be run HA if necessary, It also has discrete components which can all also be made redundant.
Integration with Graphite. Sensu checks by design, integrate with graphing engines like graphite. Also no clients need to be registered in graphite for them to appear.
Server Components:
Sensu server has 4 chief server components:
sensu-server
The server initiates checks on clients, receives the output of the checks feeds them to handlers. (As of version 0.9.2, clients can also execute checks that the server doesn’t know about and the server will still process their results, more on these ‘standalone checks’ in a future article.)
Sensu-server relies on a Redis instance to keep persistent data. It also relies heavily (as do most sensu components) on access to rabbitmq for passing data between itself and sensu-client nodes.
sensu-api
A REST API that provides access to various pieces of data maintained on the sensu-server in Redis. You will typically run this on the same server as your sensu-server or Redis instance. It is mostly used by internal sensu components at this time.
sensu-dashboard
A minimal dashboard providing an overview of the current state of your Sensu infrastructure and the ability to perform actions, such as temporarily silencing alerts.
sensu-admin
A better web dashboard providing an overview of the current state of your Sensu infrastructure and the ability to perform actions, such as temporarily silencing alerts.
Checks
Client
  • There are two types of plugins that checks run: metrics (handled by graphite), and checks (handled by sensu).
  • Clients get groups of checks called subscriptions. Subscriptions are defined on the server. Clients can get multiple subscriptions.
  • Clients must have the plugin that they are running locally. The plugin must by executable.
  • Clients must be able to reach the rabbitmq server defined in /etc/sensu/config.json
  • Client’s definitions are in /etc/conf.d/client.json. Any *json files in this directory will be parsed.
  • Client definitions are ruled by chef.
Sample client.json
{
   “client”: {
“name”: “app0”,
“address”: “10.80.123.123”,
“subscriptions”: [ “linux” ]
   }
}
 
Server
When adding server checks you’ll need to restart the server. At times this can be painful and you need to kill -9 the process.
Fast facts about checks:
  • Server Check Configurations: netmon1.pointinside.com:/etc/sensu/conf.d
  • Check Format: JSON
Sample metric check (JSON):
“vmstat_metrics”: {
“type”: “metric”,
“handlers”: [“graphite”], 
“command”: “/etc/sensu/plugins/vmstat-metrics.rb –scheme stats.:::name:::”,
“interval”: 60,
“subscribers”: [ “linux” ]
}
Sample alert check:
“mem_check”: {
    “handler”: “default”,
      “command”: “/etc/sensu/plugins/check-mem.sh -w 10 -c 5”,
      “interval”: 60,
      “subscribers”: [ “linux” ]
    }
The handler defines what happens with the check output. There are many custom handlers out there. Of course the standard is an e-mail handler:
   “email_techops”: {
      “type”: “pipe”,
      “command”: “mail -s ‘sensu alert’ techops@pointinside.com”
   }
References:

Web Operations at a startup, the first 30 days…

Hitting the ground running

I’d recently found myself working at a startup fulfilling their needs for Web Operations. I thought I’d document and give advice for anyone else in the same situation.

Most howtos give you advice for the first 100 days. By most conventional wisdom, you need 90 days to really figure out what’s going on in an organization. Most medium and large organizations let you do this at a relatively leisurely pace. Being at a startup where things are changing at a blistering place, it’s easy to get turned around.

Make Lists, get it out of your head

You’ll find new information daily. Information about things you’ll need to know. Information about things you don’t. You won’t really know what’s what at this point. What you will want to do is centralize it in a place like Evernote. I’m not saying use a notepad, but you’ll want to make it searchable because by the end of a month you’ll probably have forgotten much of what you wrote down at first.

I found that I had so much to think about it was actually keeping me up at night. Take a page from David Allen, and write this stuff down. Honestly, I made a list called “All The Things” since we didn’t even have a ticket tracking system at the time and wrote down, literally, all the things people wanted, or expected to get done that fell under my purview. You’ll get better sleep knowing you don’t have to hold anything in your head.

It won’t be enough to make a list of All The Things. You’ll want to prioritize them as well. You may want assistance from your manager on some of these. Try and figure out what you’ll do in 2 weeks, 4 weeks, etc. Don’t try and put too much on your plate, don’t change the world in a day. You’ll want to focus on quick wins when you can just to get some early recognition.

Communicate

You’ve probably done this at your former position, don’t neglect it now. Figure how how your boss wants status weekly, and take this opportunity to do weekly one on ones with your directs. The longer you wait the less likely you’ll do it. Get good habits in place as soon as you can. It’s a new job. Make new habits!

Of course, also identify your peers and talk to them whenever possible. It’ll be easy in the future to have adverse relationships with them since their goals may not align with yours. However, they’ll also be most important allies in helping you and the company achieve goals.

Gather Subject Matter

What do you need to focus on. What’s lacking in the company. Do they need better documentation, monitoring, uptime, is there a ton of legacy stuff needing upgrading, are there too many requests being jammed through the hopper, all the above?

You’ll want to gather tasks and group them together so you can focus on like tasks at once. See the First Hundred Days Reference below, and don’t forget the Limoncelli test.

You’ll also want to document everything you find, especially if its lacking. Otherwise, read read read about everything that works there, and definitely use time in your one on ones to find any other bugs under the rug.

References
The First Hundred Days