Wednesday, January 4, 2017

Who am I? Who are you?

What part(s) of our body are permanent? That is, what parts grow, then never get replaced/recycled/regrown?

If all if it, then we are NEVER the same person from moment to moment in the most literaly sense.

Since we appear to have consistency from day to day, the process must be somewhat slow. What about year to year or decade to decade? Is the process that slow though? If not, how are we consistent across so much time in appearance, personality, habits and such?

DNA likely accounts for much of this, but how much? If none, then where does it come from? If all then the moment we're concieved, we ARE who we are. We may make choices along the way, but those choices are a result of who we are so those choices are determined in the most fundamental sense, the moment we're conceived.

If it's not entirely DNA that dictates who we are, then how much of it is DNA (nature) and how much is otherwise (nurture) and where is that nurture recorded/maintained in ourselves? Our brain? How fast does it regenerate itself? If not at all, then our brain IS who WE ARE. If it regenerates over time, then either that period of time is how often we change OR there's some other part of us that dictates who we are.

Perhaps DNA kickstarts us, our brain is US from day to day, and as it regenerates, it's influenced by who we are (what we do, think, etc..) and so we end up with consistency. In that case, we could halt that consistency up to the point of who we are from our DNA, by interurrupting our decisions and environment completely.

What part of ME is seeking these answers? Why do so many humans seem to have the same quest? Is that explained by DNA or circumstance? If the former, we all are likely to find us here eventually. If the later, some cultures will never ask these questions because they will never come into contact with those who do. How could we know though because if you're asking these questions, you can't go ask others or lead them to the question without putting it in their "minds". It's a bit like (to quote Alan Watts) saying, "Don't think of a pink elephant while taking your medicine." Once heard, one cannot avoid the thought because it's already been comprehended.

Saturday, November 5, 2016

Relaxing in a houseboat on the Amstel, overlooking the Magere Brug - Perspective

The tour boats full of people taking in the sights keep sliding by. The sun occasionally teases me with it's warmth, but mostly stays hidden behind clouds that promise more rain, but that doesn't really bother me; I have an umbrella for that.

I'm sitting on a cute little couch, in the parlor for a beautiful houseboat and it feels like one of the 100's of cafe's nearby. Across the river are homes that have existed more than 5 times longer than I have. At any given moment, I can see more people on bicycles than cars and boats combined and that's saying something because there are a LOT of boats here on the river and the nearby canals I can see.

The Michelangelo, one of the boats belonging to "LOVERS canal cruises" just did a graceful pirouette to turn around and head back up river. A lot of the tour boats do that right here, in front of my little home for the week and I wonder why. Not all of them though and the ones that continue down river have a very tight squeeze to get through if they want to go under the Magere Brug, the "Skinny Bridge" that is an extremely old, manually operated, wooden draw-bridge meant only for pedestrians and cyclists and even they have to be careful as they pass each other over the top.

How did I end up here? Just last week my 2 year-old daughter was to undergo a dangerous surgery to remove a chunk from her left lung where a pocket has formed that held group a streptococcus; an infection that nearly took her life. It looks like her body is finally dealing with the pocket that was leftover so the surgery was canceled, much like my life had been when we found out the doctors wanted to do the surgery. My wife Jessica and I both stopped making plans. I resigned from my latest venture; something I'd been close to doing anyway after 2.5 years of the most unreal stress and accomplishments I could never have imagined. I say that as a US Marine that's had more than a few challenges in life too. That journey took me to New Zealand, introduced me to famous musicians and made me an "Executive Producer" working for the likes of Samsung and Red Bull at the largest music festivals in North American. Hell, I got to be the first one (literally "ME") to do a major 360, live-streaming production for and to YouTube to help them show off their newest feature.

I'm just a geek that likes to learn, explore, play with technology and quietly build relationships with others of a like mind though. Few people really know my name. Fewer have any idea what skills I posess, I'm nothing close to important by the social and cultural standards that surround me, yet I find myself in a position that is about as likely as winning the lottery back home I think. I grew up poor with very few privileges save for being a white, male which lately feels as much like a curse as anything given all the resentment aired in the media from those who aren't "white" or "male" which I think is more people than not.

All I do know is that right now I've got peace and I hope that my perspective on this moment is clear and my appreciation for it is deep and complete.

Thanks to my friend Tim for inviting me to his home town to help "consult" for him and making this all possible. Thanks to Kelly for making me feel so welcome every time I see her. Thanks to Ben, Wim and everyone at VRDays for throwing a great event and showing me so much hospitality. Most of all though, thank you to my wife Jessica for giving me her blessing to go on this trip and find this moment of peace while she stays home taking care of my 3 treasured children even though I've been traveling so much and have to leave again only a day after I get back home. Without her, Andrew, Jolie and Ayla back home, I think I'd only be lonely in this moment, but instead I feel loved everywhere I go.

Monday, June 6, 2016

Building ffmpeg with opencl support on Linux (AWS Linux AMI)

The last year I've learned more about video, live production, DIT, editing, encoding, players, codecs and ffmpeg than I could have imagined there was to know (and that only of course proved that there's 1,000x more to learn), but one particular part of this journey has proven VERY difficult so I wanted to share some of that.

ffmpeg is an open-source project and there are NO definitive binaries for any platform. There ARE some great builds out there which are well-maintained and very useful, but they aren't "official" and they weren't meeting all my needs so I had to setup a basic build environment which proved difficult itself for me even though I've been compiling on Linux (building Android Kernels even) for some 15 years.

I've put together a GIST to share the key points (an updated ffmpeg build with x264, x265, aac and opencl acceleration in particular) and I'm still evolving it. Find that gist HERE.

If you already know how to build, this should be a great reference. If you don't and want to use this with no real experience, please know that this was done an an AWS G2 instance (nvidia grid GPUs) running an AWS Linux AMI so it won't copy/paste/work just anywhere, but if you're running a distro with YUM and have an nvidia card, it should be pretty close at the least.

Tuesday, January 26, 2016

Who IS a "professional"?

I subscribe to very few blogs and today an article was posted on what may be my favorite, and it got me thinking. The following started as a reply, but I decided it might be appropriate here too.

In the last couple years, I've been forced to reevaluate myself in light of my career. I've spent nearly 2 decades in software in one form or another and despite being able to make some pretty hefty claims; they always sounded exaggerated to my own ears, when coming out of my mouth so I felt awkward calling myself a professional even though I can't imagine many people refuting the claim. Still, I was reluctant to claim the title until my personal interest in virtual reality, backed by my years of photography and a years of "playing around" with a variety of video technologies saw me into the role of CTO in an up-and-coming VR company which in turn found me working side-by-side with (not employed by or for to be clear) the production team for RedBull, with the streaming engineers they use to broadcast to the Internet, and helping Samsung give 1,000's their first experience with VR at the largest music festivals in North America. 

This article [] resonates with me because by most objective definitions, I'm a professional software developer and DBA, but I didn't feel like it and few labeled me as such who had the knowledge and experience to do so (worth mentioning that I work from home and am not even surrounded by co-workers or peers often in that field). On the other hand, I'm quite new to the "professional" field of photography, videography and VR, yet I don't mind saying that I'm one of very few people in the world who has done a real-time video production broadcasting to VR and I've been complimented by some rather significant people in the industry both explicitly and implicitly and a large part of that comes down to the fact that we show up to do what we do amongst 10k's of people, have to deal with incredible challenges on the fly and have yet to fail.

Am I more of a "professional" for having spent decades in a field, or for successfully doing something new and difficult? I think you raise a great point and I'm presently of the mind that I am on both accounts, but for very different reasons in each field. In the end, not even others with experience in these fields; paid or not, could do what I do readily (and for pay) and that seems like a good basis to label me a professional in general and in those fields. It does not mean that others are not are not either though, so where do we stop applying the label OR is the label possibly less meaningful in this world where knowledge and experience are such different beasts?

Was Einstein a professional in physics when he was a "only" a patent clerk, but generating his Theory of Relativity, or did he not earn that title until he quit and started receiving funding and/or recognition for that theory?

Is a soldier a professional right after boot-camp, or not until he's fought in a war [and killed an enemy?]

Friday, August 14, 2015

FINALLY working on my pilots license for real

I've had a few false-starts towards my powered license, but each time I lost the motivation just enough and didn't really undestand why until a few weeks ago when I was in Chicago (doing a production at Lollapalooza to bring to the public for the first time) when a friend hooked me up with an instructor and we took a Cessna 172 out, did a touch-n-go at Midway, flew out over lake Michagan than did some slow-flight work before returning, all after dark.

That same friend got me interested in gliding simulators such as Condor and Silent Wings, some months ago. I've been building and playing with toy/model/rc gliders my entire life and I've always been fascinated. Somehow though, I never made the connection and suddenly I realized that it's not so much "flight" that I'm interested in as "unpowered flight" (soaring, gliding, para-gliding, para-sailing, etc..). This realization motivated me to locate an instruction school nearby and I was luck to find (owned by a family that's been gliding for decades and largely managed by a champion aerobatic glider pilot). I think I've found that hobby I've been looking for my entire life. No sound but the wind, almost nothing obstructing my view of the world, and the perfect balance between me, nature and machine.

This was the first of 3 flights this day and despite decades of simulator time, I was surprised at how much higher my cognitive load was compared to when I'm in a sim and what I expected (I knew it would be at least somewhat higher).

By flight #3 (with plenty of coaching an an instructor ready to take the controls at any moment of course), I was largely handling takeoff, tow, release, flight, pattern, descent and landing.

I was also pleasantly surprised at how nice the 2-33 was to fly despite my preconceptions about how "poor" a glider it is. In reality, it's magnitudes nicer to fly that a 162/172 (by my tastes) which makes me even more excited at the idea of making my way to the Grob 103a and such.

Tuesday, October 7, 2014

Adventures in Git OR How to fork folders in one Repo to their own repo with history

In short, I had one repo, with multiple folders where each really represented its own project and I needed to fork each folder to a separate repo WITH history. This is the solution I came up with. This does require git 1.8.4 (git subtree split).

git subtree split --prefix=sourceFolderInAnyExistingProject -b anyNewBranchNameForFork

mkdir ../someNewRepoFolder

cd ../someNewRepoFolder

git init --bare

cd backToOriginalWorkingFolder

git push ../someNewRepoFolder anyNewBranchNameForFork:master

cd ../someNewRepoFolder

git remote add origin YourNewRepoRemote

git push -u origin --all

cd ..

rm -rf somenewRepoFolder

git clone YournewRepoRemote someNewRepoFolder

Sorry if that's not clear enough, but basically, you use git subtree split to take ANY folder presently in a repo and create a branch that's filtered to have just that folder and all the history for it. Then you create a bare repo, push the branch into it, then push that repo (without working folder) to your new repo, then either trash the folder or clone the repo into another one and BAM, you've forked not only an existing repo, but just one folder in it if you prefer (I had many "projects" in one repo that needed to be forked individually so this was useful for me) and history stays intact.

Friday, April 4, 2014

SuperAdmin (GodMode) folder for Windows 8.1

I didn't think there were any cool tricks left for Windows that I wasn't aware of but I just learned otherwise.

Create a folder using one of the following names based on your version of Windows and have access to a SuperAdmin folder that makes finding all sorts of admin shortcuts as easy to find as they always SHOULD have been. I've only tested the 8.1 but am under the impression that it should work for 7 and 8 also.

Windows 8.1 - SuperAdmin.{ED7BA470-8E54-465E-825C-99712043E01C}

Friday, March 7, 2014

SSL Certs for IIS with PFX once and for all - SSL and IIS Explained

The problem is more common than dirt but the solutions provided are so often entirely incorrect and obscure and that's likely because the "Linux and Apache" folks are trying to use their standard approach with MS platforms that like to do their own thing.

Here's what you need to understand:

CSR - Certificate Signing Request: A CSR is how you ask for a certificate and provides things like your identify, the use, etc..

KEY - Private Key: When someone uses the public key that you share with the world (like that which your web server will give the client and they will use to encrypt traffic), your possession of the private key is how you prove (as a web site) that you are master. You encrypt using your private key and the client decrypts with your public key. ANYONE can have your public key and thus anyone can decrypt but since you are the only one with a private key, it is guaranteed (when you control that key correctly) that if the public key works, traffic must have come from you. Similarly, anything encrypted with your public key can ONLY be decrypted using your private key.

CER/CRT/CERT/CERTIFICATE - Public Key: See KEY explanation

PFX: Along comes microsoft and their proprietary way of doing things and the confusion that follows. IIS expects a PFX but the format has nothing to do with the standards world of PKI, keys and certs really. So how do you give them a PFX that includes the private key (needed to encrypted/decrypt your web traffic)? The intended way is for you to generate the CSR using IIS then give that CSR to your CA (internal or public) then get a key back based on the private key known by the creator of the CSR (IIS). This is where things are "all wrong" in the public CA business (from the perspective of us using IIS but really, they have it right). Most likely you created the CSR using your CA or the company reselling for them (cheapssl, gogetssl, etc..). When you do this, they give you a private key to keep safe and a public key to use but IIS/Windows has no concept of the private key so you're dead in the water from the start.

The solution:

Use IIS "Server Certificates" UI to "Generate Certificate Request" (the details of this request are out of the scope of this article but those details are critical). This will give you a CSR prepped for IIS. You then give that CSR to your CA and ask for a certificate. Then you take the CER/CRT file they give you, go back to IIS, "Complete Certificate Request" in the same place you generated the request. It may ask for a .CER and you might have a .CRT. They are the same thing. Just change the extension or use the *.* extension drop-down to select your .CRT. Now provide a proper "friendly name" (*,,, etc..) THIS IS IMPORTANT! This MUST match what you setup the CSR for and what your CA provided you. If you asked for a wildcard, your CA must have approved and generated a wildcard and you must use the same. If your CSR was generated for, you MUST provide the same at this step.

Now select the PERSONAL store (No, not webhost). This will import your CRT in the personal store where it can be associated with the private key generated by IIS when it created the CSR. THIS IS WHERE ALL THE PROBLEMS COME FROM. This is what causes SO many headaches. The CRT you got from your CA and the KEY they gave you are useless here unless you do as others might suggest and go play around with other tools like openssl (which can work but why bother when you can do it the way IIS intended?)

Now you should see your cert in the server certificates list and if you open it, you should see something like, "You have a private key that corresponds to this certificate".

Now if you can use the Export function (IIS 8 provides this in the same place as the "request" and "complete request" links) or use the Certificate MMC then navigate to the personal store and export from there to the PFX format. You need to provide a strong password to protect this file because it will have the entire certificate chain AND your private key. In other words, this PFX has the keys to the entire "domain" (speaking figuratively).

Chances are that you don't even need the PFX now because you already have the certificate inside IIS but if you're using the centralized certificate store like I am, you do AND the file name is critical. For wildcard certs, the name MUST be (assuming your request was for * If you asked for, then the filename must be because this is how SNI and centralized SSL store will look for the right one.

In summary, the easy way to install an SSL cert into IIS:
  1. Generate your CSR using IIS
  2. Provide that CSR to your CA
  3. "Complete Request" using the CER/CRT you get back from the CA
  4. [optional] Export to PFX and protect with a strong password
  5. Live long and encrypt

Tuesday, March 4, 2014

My first experience with VMware vCHS - Part 2 - vCloud Connector

This is the 2nd in a vCHS series. You can find the previous entry HERE.

OnPrem - vCloud Connector (general label for a collection of systems and configuration)

If you don't know what vCloud is or about the vConnector, right now all you need to know is that you can't do actual migrations (it creates vApp templates from powered down VMs) and the only other thing is really useful for are stretch migrations (a vShield networking trick that are only useful in some very rare situations.

VCC does NOT allow you to use the vSphere client to manage vCHS any more than you can do on the web (for the most part, it just gives you a window to the web interface and does some back-end management that you can also initiate from the web).
  • vCloud Connector Server - Provided as a zip containing an OVF that can be easily added to any host onPrem. Once you've installed, visit https://assignedip:5480/ (port 5480 is a theme so learn it). Once you've configured networking, set the time-zone and changed the password, contine to the Node which is the same process.
  • vCloud Connector Node- Provided as a zip containing an OVF that can be easily added to any host onPrem. Once you've installed, visit https://assignedip:5480/
    • Once you've installed the node and done the same basic config (IP/Time-zone/Password), you need to go to the Node/Cloud menu and register your vCenter to the node (the node manages vCenter and the VCCS manages the node).
    • Next you can go back to the VCCS and "register the node".
    • Now we want to register the vCHS node to your VCCS.
      • This is what allows you to use your vCenter to manage onPrem and vCHS together (and any other nodes you register). This is where I hit some frustrating resistance.
      • To register vCHS node you need the Node URL (given to me in my onboarding email), VCD Org Name (not given to me and I had to deduce that it was provided in vCHS vCloud Director. It is the unique ID at the very top of the page, next to the navigation arrows. For me it was MXXXXXXX-XXX. You also need a username and password which you might think should be the same you log into the vCHS portal with but it apparently is not.
      • After a few failed attempts, I was able to navigate to the vCloud Director, My Cloud, Logs, Events and see the failed attempts. Despite multiple emails and a phone call to vCHS support, I presently do not have the credentials I need so I'm stuck with the connector for now. More to come.....
      • UPDATE: After speaking with vCHS support, it sounds like my credentials are out of sync in one of their DBs and I was doing everything right. Now I wait for them to tell me it's fixed.
      • The solution came fairly quickly (less than 2 hours) and I had my vCHS node registered with VCCS.
If you have questions, please feel free to ask in comments. This was someone brief but it's because once it's working, it's really very straight-forward until/unless you try a stretch deploy (which I haven't).

Next will be an entry on vCHS networking.

My first experience with VMware vCHS - Part 1 - Setup and IPSEC

Prologue to vCHS Migration

I've decided to do a few articles regarding my migration to VMware vCHS (cloud hosting) solution and this is the 1st in the series.

I've had a few significant technical issues but the support has been as good as I can imagine. Last night I even met up with the specialty sales-rep assigned to my account and we spent nearly 3 hours talking over dinner about things in general and my project. VMware is not only doing more than I could hope to get me up and running but they're also looking at how they can help me through their "success stories" to help promote our business in a mutually beneficial manner which is wonderful because after 10 years of seeing 20%+ growth per year, we're likely going to explode this year leaving those gains in the dust and any help they provide will only strengthen our growth.

By the way, the "Customer Success Team" isn't a hollow catch-phrase. It reminds me of my experience as a consumer with American Express. They JUMP every time I need help. We have scheduled 2 hours calls (that we 3 hours) where they literally sat on the phone with me to walk through issues and wait for me to learn and question them AND did it with a wonderful attitude (sincerely eager to help).

In summary, the migration has been rough, but when do they go smooth? That said, I can't imagine a better infrastructure than they're giving me and their support is the best I've seen for any product/service anywhere save perhaps for high-end auto purchase experiences I've had.

I would HIGHLY recommend vCHS to anyone that needs a rock-solid, highly flexible hosting solution that covers everything from end-end.

At the moment we have 3 units of the VPS solution (they have dedicated and shared, VPS is the shared solution) which includes 15GHz dedicated CPU (you really can't talk cores or speed with the way they work), 30Ghz Burst, 60GB Ram (dedicated) and 2TB of SAN storage that is SSD cached and I'm constantly seeing 150MB-250MB/s with <2ms latency and my SQL Server is running as fast as it was locally with dual-quad xeons on a 8-disk RAID 10 over 15kSAS drives.

My first experience with VMware vCHS - Part1 - Setup and IPSEC

My present hosting provider hasn't been a pleasant experience. I seem to have some bad luck this way. My last experience was with RackSpace who has very good service in so many ways, but I found out the hard way that their security is severely lacking and when they make a mistake that cost me $10,000's, they had NO interest in taking responsibility and I'm not big on law suits so I dealt with the months (almost years) of heartache, moved on and tried Central Host (the hosting division of 8x8 which has since been bought up by Black Lotus.

My experience with 8x8 was a nightmare and I'm still feeling the pain as Black Lotus does their best to clean up the data center I'm in. They've also made amazing efforts to make things right with me but I'll leave that for my other blog. In the end, they offered me an incredible deal (~$2,000/mo for dedicated virtual hosts, 6-core HT, 3.5Ghz Xeon CPUs, 32GB ram, 2TB SATA RAID with 200GB SSD caching, 24 IPS and each of 2 hosts were at different data-centers) but they use App-Assure (Xen and/or Kvm) and I'm a Vmware guy interested in uptime and performance more than raw performance and didn't want to learn new systems either. VCenter is amazing and I know how to keep my business running with it so I went with vCHS. I also appreciate the way vCHS scales compared to typical virtual hosting solutions. I don't have to worry about "hosts".

The way the actual provisioning went was very straight forward. I got an email once the contract was signed and they told me provisioning had started. Once provisioning was done, I got an email with vCloud login and password setup links. I set my password, logged in, and headed over to the edge network configuration interface in the vCloud Director portal (the things they haven't made more simple and put into the vCHS portal and accessed through a full-blow vCloud Director instance which I prefer anyway not having really taken to the vSphere Web interface as it is).

Since I use pfSense (presently 2.1 and everything below assumes that) at all my other data-centers, I did a quick search and ended up using THIS guide as a reference to catch the nuances of their IPSec implementation (main/aggressive, which encryption he got working, etc..)

From there I went to my only gateway, edge gateway services, enabled VPN, setup the public IP, then added my tunnel (they combine phase 1 and phase 2 into a single UI). I quickly found that they use main and not aggressive which I should have caught from the tutorial I found. This is where I had my first issue. vCloud directory gateway status shows "System Alerts" with a red icon that was clickable and I wanted to see what it had to say so I clicked it and watched the entire UI refresh. I tried this a few times before giving up. I'm guessing it's a popup blocker issue at this point but since the directory comes up in a new window with no address bar and uses Flash (grr, WHY would they do that with such a new system???!!!) so there was no way to tell quickly and so I gave up there and went back to pfSense logs to see how things are going.

As so often is the case when doing IPSEC between pfSense and anything other than pfSense, I had to figure out what IPSEC standards they use. Here's what I found and I hope it saves someone some time. It's taken me years to get to a point where this doesn't become an all-night project:

If you know what you're doing and want to skim the settings, just know that even though vCHS asks for "Peer ID", it only supports Main mode which only supports IPs are IDs so Peer ID MUST be the remote gateway IP. This stinks for those of us trying to use more advanced methods to get around dynamic IPs. Really, "Peer ID" should read "Peer IP" and the only reason you have to provide both it AND "Peer IP" (which should read "Peer Gateway IP") is because they do support NAT-T.

Once I realized my mistake with the Peer ID, I had to delete the entry and create a new one then got an error about "Configuring Edge Gateway Services". I refreshed and it disappeared so I figured it was a fluke until I was seeing the same errors about IDs and when I check vCHS, the settings were back to the first entry so I deleted and tried again tripple-checking using the settings below and THEN I got a connection (I already had phase 2 setup. See below Phase 1 for settings). Once everything was working, my IPSec log had only 3 entries before a full connection (since there were so few options or advanced features being used).

Phase 1
  • Main Mode
  • Name: Anything descriptive you like
  • Description: More descriptive stuff you like
  • Enable this VPN: checked (default)
  • Establish VPN to: "a remote network"
  • Local Endpoint: (predefined external IP endpoint at the vCHS end)
  • Local ID: The vCHS public IP assigned to the local endpoint (pfsense: Remote Gateway and Peer identifier)
  • Peer ID: The IP of the remote gateway (pfsense: My identifier, My IP Address)
  • Peer IP: The IP of the remote gateway
  • Encryption protocol: AES-256 (pfsense: same for Phase 1 Encryption algorithm)
  • pfsense-Hash: SHA1
  • pfsense-DH Key Group: 2 (1024 bit)
  • pfsense-Lifetime: 28800
  • pfsense-Nat-T: Disable (if you need it, enable and update the Local ID on vCHS accordingly)

Phase 2 (pfsense)
  • Mode: Tunner IPv4
  • Local Network: Lan subnet
  • Remote Network: CIDR format for remote subnet (ex.
  • Protocol: ESP
  • Encryption: AES 256 (they only appear to support AES at this time)
  • Hash: SHA1
  • PDF key group: 2 (1024bit) (they support off also)