Gone Analogue

Gone Analogue

A few weeks ago I wrote about doing wet photography again. I’m now two films in, and it’s as good as I remember it. My films aren’t working out perfectly. I’m making mistakes. A lot of them. Bad metering. Bad film handling. Bad dropping-the-film-out-of-the-Patterson-tank-during-the-developing-process. Bad walking-into-the-still-wet-film-leaving-lint-everywhere.

But, it doesn’t matter. I’m finding it incredibly relaxing. Incredibly fulfilling. And that’s exactly what I need, and exactly what I was hoping for. The last time I developed a film by hand was in year 10, and all the smells bring me right back to those hallways. Those buildings. I wholeheartedly recommend it.

If you’re a Fediversian, you can find me on my PixelFed instance. If you’re not, you should consider getting a Mastodon account at the very friendly aus.social, from where you can follow me here (@karloskar@karloskar.org), my Mastodon account (@TechnicalKO@aus.social), and my PixelFed instance (@KO@photos.karloskar.org). The other good place to find my photographs (other than right here!), is at Flickr.

I will do a post on my workflow, and general setup, once I’ve streamlined it a bit more.

Wellington Street
One of the first photographs I scanned from my first Ilford HP5+ 400 film.


Going Analogue

Going Analogue

It’s no secret that I like technology, and I do, if I’m going to be absolutely honest with myself (and what better a place for that than in a place where about 56.1% of the world’s population can read it), think that I’m quite good at it. Quite good at software, and also quite good at hardware. Last week I repaired a motherboard on a motion controller, and it booted right up after many hours with a soldering iron and replacing components.

But I’m also tired. Maybe verging on exhausted.

Tired of “instant”. I’m tired of the process of taking a photograph is see, snap, review (probably redo these three steps a few times), then post, hashtag. After that it’s largely forgotten, with the exception of collecting notifications from bots.

This ties in with me dumping my Fitbit. Dumping Facebook. Dumping Instagram.

So, what is my plan?

My plan is to go analogue for photographs. Not exclusively, but significantly more than I have in the last…20 years.

I bought my first digital SLR in 200…and…5…I think. Since then I’ve been chasing crisper, less noise, and faster. Better lenses. Better/bigger sensors. The last camera I bought was a Canon 5D, and I have used that camera extensively. But the trap of reviewing, even on the back of that crappy LCD on the back, gets me nearly every time. I don’t sit back and trust that I have done the right thing, trusted my gut and taken a passable photograph.

So, now – to the plan. The plan is to not only start shooting film again, but I’m going to develop my own film, too. At this stage I’ll develop to film and probably scan the shots I want to do something with, but there’s nothing (except space in the laundry) that will prevent me from getting an enlarger, paper,some trays, some more chemicals, and printing my own.

I asked my old photography teacher from high school if he had any developing tanks left, and not only did he have a Patterson tank, he also had a Minolta XG-1 with lenses and a flash that he wasn’t using any more. So I now own that, and I’m very pleased.

I’ve bought some film, and have taken a few pictures. But I don’t know if they’re any good until I develop them, and today I organised the equipment I need for that, beyond the tank. I ordered the developer, stop bath, and fixer from B&H in New York (for about $40 less than it would cost to buy locally – including shipping from the US). I ordered a couple of volumetric flasks for mixing chemicals, and some storage bottles. And a portable darkroom bag for loading the film onto the spools and into the Patterson tanks.

I’m very excited about this, and can’t wait to share the results. I will probably load the scanned photographs onto https://photos.karloskar.org/KO

I need to invent a word that means analogue and digital combined to a level that suits me.


Why do I use Signal?

Why do I use Signal?

Signal, if you haven’t already heard of it, is an encrypted messaging app for both Android and iOS. My experience with Signal doesn’t extend into the iOS realm, but the experience won’t be that different, with the exception of iMessage being thrown into the mix.

There are many good articles about what Signal does, and how it does it. You can start by reading the app’s own page here: https://signal.org. There is no real point, I don’t think, to rewrite something that someone else has already written, probably in a much more elegant way.

Why do I use Signal? I like my communications to be encrypted. Not because I’m worried about law enforcement intercepting what I’m sending to my friends. Not because I’m worried about people stealing my phone and hacking into my SMSes. I like my comms to be encrypted because of all the companies profiting from knowing information about me. I don’t know if a regular SMS is being scanned for keywords by my telco, and that information is being sold to advertisers. But if you switch to an encrypted messaging app, there’s no way for them to do that.

When I talk to people, I often get the question of “How is it different from Whatsapp?”, and while in a broad way it does very much the same thing, there are two differences that sets it apart.

The first is that it replaces your standard SMS app, and only needs your mobile number to work. It will send a regular, unencrypted SMS to your buddies who don’t have Signal, and seamlessly switch to encrypted comms when they finally listen to you and install Signal too. You don’t need to remember how you communicate with whom. It’s all there in the one app. And, as a bit of a cherry on top, the company is a not-for-profit run by privacy wonks.

The second is that it’s not owned by Facebook. Even though Facebook can’t necessarily read what’s in the messages that are sent with Whatsapp, it does give them a map of who is communicating with whom. And the less Facebook knows about me, the happier I am.

Touching briefly on the iMessage thing, it’s, to me, much the same as Whatsapp, but maybe slightly worse. Unless Apple have devised some new cryptographic methods for messaging, they must have access to the encryption keys used for messages if you can recover the messages from iCloud to a new device without access to the old device. This is bad, and means they could potentially read the messages too.

Download Signal today and give it a go: https://signal.org/


Less Tech.

Less Tech.

I really like numbers. I like graphs. I like plots. I like tables. I like SQL queries. It was pretty predictable that I’d like having a Fitbit on my wrist. No surprise that I’d find myself poring over the graphs in the app, checking my resting heart-rate (56-58 bpm when I’ve not had any red wine for a couple of days, 61-63 bpm when I have, FYI), my active hours, how many steps I’ve done and when, and probably because I can be a bit* competitive at times, how my steps stack up against my Fitbit friends steps.

But – what did I have the Fitbit for? I had it to help me keep track of my exercise (check) and improve my fitness levels. It just didn’t help improve my fitness. It didn’t push me to do more steps. It didn’t motivate me to run. It didn’t really help me improve at all. So it’s gone.

When I stopped wearing it, I felt quite a bit of relief, which I didn’t expect. I thought I’d miss it. Miss having those graphs, and tables of information to sift through. But instead, I felt liberated. When I go for a walk, I’m going because I want to. Because it feels nice. Because it’s good for me. Not so that I can compete against other people, who most likely aren’t competing back. To be completely honest, there have been a couple of times I’ve gone for a walk and thought that it’d be nice to have the steps recorded because it would have added a decent chunk to my tally, but then I quickly realise that it’s not important. It’s important that I’m moving – it’s not important that I’m winning.

Anxiety levels: slightly lower than they were before.
Plan: figure out what to get rid of next.

SQL Server Management Studio – as another user

SQL Server Management Studio – as another user

Skip skip skip all the preamble junk…

My work, amongst many other things, involves managing a small herd of Microsoft SQL servers and a series of small web-apps. When I work from home, from my non-domain-joined machine, I want to be able to run the SQL Server Management Studio (SSMS). I could RDP (or whatever) in to a machine on the domain, but it feels neater to just run it from the local PC where I’m working.

I’d tried this before, but because of two (or maybe one and a half) little hurdles and bits of weirdness, I couldn’t get it going until today.

The half hurdle is that the executable for SSMS is a lot like smss.exe. But very different. Don’t try to launch smss.exe this way.

The full hurdle is what stumped me for longest. When SSMS starts, it will still show your local computer/domain name and local username in the login section. This is ok. Just connect anyway.

SSMS 17 (and maybe earlier versions) adds the path to the executable to the PATH environmental variable, so you don’t need to worry about including the whole path to the executable when you run the command I’m about to show.

Just get on with it…less jibber-jabber.

Here’s the deal.

Create a shortcut pointing to the following:

runas /netonly /user:domain\username ssms

You’ll be promted for your password when it starts.

Let’s Encrypt Wildcards and IIS

Let’s Encrypt Wildcards and IIS

Introduction

Late last year, Let’s Encrypt, that wonderful semi-automated free SSL certificate service, announced that they would be adding support for wildcard certificates. A standard SSL certificate only covers the specific domains and sub-domains it was issued for, and needs to be modified or adjusted to allow more sub-domains. While it’s not a big deal to make these changes, a wildcard SSL certificate is a really simple way of covering yourself for all the different sub-domains you might have, and might want down the track.

Getting the wildcard certificate (or even a “normal” certificate) from Let’s Encrypt can seem daunting at first, but with the right information, it goes smoothly most of the time.

This post is going to cover how to get a hold of a wildcard SSL certificate from Let’s Encrypt, and then how to get that SSL certificate into your Windows box to use with IIS. I’m going to gloss over the parts where the pfx file is being copied from Linux to Windows, assuming that you know how to use ssh/scp/pscp to move files about.

Ready? Right. Onwards.

Requirements

You’ll need to have access to:

  • A linux machine, where you are a sudoer (or root) (I did this with an Ubuntu 16.04LTS box).
  • Your public DNS zone for the domain you’re trying to get the certificate for.
  • Your IIS box.

Assumptions

I’m going to assume you have SSH access to your Linux machine, and that you know how to use it. Also that you know how to add TXT record to your public DNS zone.

You’ll need to move your freshly minted pfx file from the Linux machine to the Windows machine. I use PuTTY and pscp to move files to and from Linux boxes from Windows. I think you should too.

I’m also assuming you know how to change which SSL certificate a binding is using in IIS.

Let’s do this:

Most of this will be done in the Linux machine, so connect to it with PuTTY.

Download certbot-auto by running the command

wget https://dl.eff.org/certbot-auto

Then make it executable by running

chmod u+x certbot-auto

Certbot-auto is a glorious script that makes everything happen pretty much automatically. It will grab all the required dependencies, it’ll request the certificate for you, tell you what to put in your TXT record, then put the certificate in a sensible spot for you.

Let’s request that certificate for your favourite domain, *.example.com.

sudo ./certbot-auto certonly -d *.example.com --manual --preferred-challenges dns-01

As it’s your first time running certbot-auto, it will probably download and install a bunch of apt packages. Once it’s done, it will request the certificate, and assuming everything has gone well, prompt you to create the TXT record for your domain.

TXT Record

Now is the time to create the TXT record with the string provided by certbot for _acme-challenge.example.com. If you’re unsure how to do this, as your hosting provider to help. Or a friendly friend.

Once you’ve set it up, it’s time to hit Enter to finish certbot’s job. Wait for that to happen, then it’s time to move on to exporting the keys into a format Windows can handle.

Exporting

Your newly minted SSL certificate will be found in the following directory:

/etc/letsencrypt/live/example.com/

together with a README file, and three other files. That live folder is locked down, so you can only get to it as root. You can either switch to root, or you can sudo the following command from your home folder (I recommend the latter, but do the former).

So, from your home directory, run the following command:

sudo openssl pkcs12 -export -out example.com.pfx -inkey /etc/letsencrypt/live/example.com/privkey.pem -in /etc/letsencrypt/live/example.com/fullchain.pem

Enter a password when prompted, and you will have generated a PKCS #12 archive of the SSL certificate. This format is very easy to import into IIS in the next step.

Importing the key into IIS

The final two steps are to import the key into IIS, then change the binding to the newly imported certificate. I’m doing this in IIS7 on Server 2008R2, but shouldn’t be too different in newer versions.

Copy the file from your Linux box to the Windows server (most likely with PSCP), then start up the IIS manager.

Open the Server Certificates feature, then click on “Import…” under actions in the top right hand corner. Find the file, enter the password you picked, and you’re done. Change the bindings for the sites you would like to use this new SSL certificate, and you’re done.

Bonus – Installing Certificate into UniFi

sudo keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore path-to-your-exported-pfx -srcstoretype PKCS12