Friday, June 1, 2018

Installing WSL+Ubunutu+Docker on Windows 10/2019 1803

How's that for a needfully-long title? This article comes years after my first taste of Docker and some weeks after diving deep to migrate a legacy app, to node.js, to docker containers so it can be managed and run more effectively.

There is a LOT to share, but for the moment I'm going to focus on the biggest pain-point in getting to really appreciate what Docker can do for a Windows developer; getting Docker running in an environment friendly to all you'll find about Docker on Linux or OSX!

In a nut-shell, you need WSL (which effectively connects a "distro" to Windows low-level APIs). Then you need an environment/distro to actually work in. I'm using Ubuntu here and some of the script is sensitive to that, but there are many other distros available now so you have freedom. Once you have Ubuntu and WSL, you can install Docker-CE. You need CE specifically to work nicely with WSL, otherwise you can use the regular Docker, but then why are you reading this?!

To help ensure my environments were consistent (and because I had to try this dozens of times before it all worked for me), I've created a bash script and in the comments are 4 PowerShell commands you can use to get started with nothing more than a working install of Windows 10 1803 or Server 2019 Preview 1803. I'll let the script explain the details and I make no guarantees about this script so test in a safe place, but I rely on it :)

**Bash script**

Friday, April 28, 2017

Uninstall OneDrive from Windows 10 - half-baked

OneDrive is a "cloud-file" service by Microsoft which is not unlike Google Drive, DropBox, Box, SugarSync and like Drive also provides some nifty web-based tools.

OneDrive is NOT critical to any aspect of Windows. OneDrive is treated by MS as an app (nota  service) in all respects except the implementation in Windows which is atrocious.

You can disable the "Start with Windows" option then exit it (like any other systray service), but it will pop back up later and harass you if you've not set it up. That sort of behavior is more what you'd expect from a "Windows Feature" which you'd turn off using the Windows "Programs and Features" dialog.

That's NOT how OneDrive is to be managed though so if you don't use and don't want to see it, be prepared for the most absurd "configuration" I've ever seen from MS. Even a registry change would be easier than this mess....

WHY? Microsoft, WHY are you pushing OneDrive at me SO HARD that you're doing stupid crap like this? Either make it part of the OS (and a service we can just simply disable) or make it a Feature that can be managed reasonably.

Wednesday, January 4, 2017

Who am I? Who are you?

What part(s) of our body are permanent? That is, what parts grow, then never get replaced/recycled/regrown?

If all if it, then we are NEVER the same person from moment to moment in the most literaly sense.

Since we appear to have consistency from day to day, the process must be somewhat slow. What about year to year or decade to decade? Is the process that slow though? If not, how are we consistent across so much time in appearance, personality, habits and such?

DNA likely accounts for much of this, but how much? If none, then where does it come from? If all then the moment we're concieved, we ARE who we are. We may make choices along the way, but those choices are a result of who we are so those choices are determined in the most fundamental sense, the moment we're conceived.

If it's not entirely DNA that dictates who we are, then how much of it is DNA (nature) and how much is otherwise (nurture) and where is that nurture recorded/maintained in ourselves? Our brain? How fast does it regenerate itself? If not at all, then our brain IS who WE ARE. If it regenerates over time, then either that period of time is how often we change OR there's some other part of us that dictates who we are.

Perhaps DNA kickstarts us, our brain is US from day to day, and as it regenerates, it's influenced by who we are (what we do, think, etc..) and so we end up with consistency. In that case, we could halt that consistency up to the point of who we are from our DNA, by interurrupting our decisions and environment completely.

What part of ME is seeking these answers? Why do so many humans seem to have the same quest? Is that explained by DNA or circumstance? If the former, we all are likely to find us here eventually. If the later, some cultures will never ask these questions because they will never come into contact with those who do. How could we know though because if you're asking these questions, you can't go ask others or lead them to the question without putting it in their "minds". It's a bit like (to quote Alan Watts) saying, "Don't think of a pink elephant while taking your medicine." Once heard, one cannot avoid the thought because it's already been comprehended.

Saturday, November 5, 2016

Relaxing in a houseboat on the Amstel, overlooking the Magere Brug - Perspective

The tour boats full of people taking in the sights keep sliding by. The sun occasionally teases me with it's warmth, but mostly stays hidden behind clouds that promise more rain, but that doesn't really bother me; I have an umbrella for that.

I'm sitting on a cute little couch, in the parlor for a beautiful houseboat and it feels like one of the 100's of cafe's nearby. Across the river are homes that have existed more than 5 times longer than I have. At any given moment, I can see more people on bicycles than cars and boats combined and that's saying something because there are a LOT of boats here on the river and the nearby canals I can see.

The Michelangelo, one of the boats belonging to "LOVERS canal cruises" just did a graceful pirouette to turn around and head back up river. A lot of the tour boats do that right here, in front of my little home for the week and I wonder why. Not all of them though and the ones that continue down river have a very tight squeeze to get through if they want to go under the Magere Brug, the "Skinny Bridge" that is an extremely old, manually operated, wooden draw-bridge meant only for pedestrians and cyclists and even they have to be careful as they pass each other over the top.

How did I end up here? Just last week my 2 year-old daughter was to undergo a dangerous surgery to remove a chunk from her left lung where a pocket has formed that held group a streptococcus; an infection that nearly took her life. It looks like her body is finally dealing with the pocket that was leftover so the surgery was canceled, much like my life had been when we found out the doctors wanted to do the surgery. My wife Jessica and I both stopped making plans. I resigned from my latest venture; something I'd been close to doing anyway after 2.5 years of the most unreal stress and accomplishments I could never have imagined. I say that as a US Marine that's had more than a few challenges in life too. That journey took me to New Zealand, introduced me to famous musicians and made me an "Executive Producer" working for the likes of Samsung and Red Bull at the largest music festivals in North American. Hell, I got to be the first one (literally "ME") to do a major 360, live-streaming production for and to YouTube to help them show off their newest feature.

I'm just a geek that likes to learn, explore, play with technology and quietly build relationships with others of a like mind though. Few people really know my name. Fewer have any idea what skills I posess, I'm nothing close to important by the social and cultural standards that surround me, yet I find myself in a position that is about as likely as winning the lottery back home I think. I grew up poor with very few privileges save for being a white, male which lately feels as much like a curse as anything given all the resentment aired in the media from those who aren't "white" or "male" which I think is more people than not.

All I do know is that right now I've got peace and I hope that my perspective on this moment is clear and my appreciation for it is deep and complete.

Thanks to my friend Tim for inviting me to his home town to help "consult" for him and making this all possible. Thanks to Kelly for making me feel so welcome every time I see her. Thanks to Ben, Wim and everyone at VRDays for throwing a great event and showing me so much hospitality. Most of all though, thank you to my wife Jessica for giving me her blessing to go on this trip and find this moment of peace while she stays home taking care of my 3 treasured children even though I've been traveling so much and have to leave again only a day after I get back home. Without her, Andrew, Jolie and Ayla back home, I think I'd only be lonely in this moment, but instead I feel loved everywhere I go.

Monday, June 6, 2016

Building ffmpeg with opencl support on Linux (AWS Linux AMI)

The last year I've learned more about video, live production, DIT, editing, encoding, players, codecs and ffmpeg than I could have imagined there was to know (and that only of course proved that there's 1,000x more to learn), but one particular part of this journey has proven VERY difficult so I wanted to share some of that.

ffmpeg is an open-source project and there are NO definitive binaries for any platform. There ARE some great builds out there which are well-maintained and very useful, but they aren't "official" and they weren't meeting all my needs so I had to setup a basic build environment which proved difficult itself for me even though I've been compiling on Linux (building Android Kernels even) for some 15 years.

I've put together a GIST to share the key points (an updated ffmpeg build with x264, x265, aac and opencl acceleration in particular) and I'm still evolving it. Find that gist HERE.

If you already know how to build, this should be a great reference. If you don't and want to use this with no real experience, please know that this was done an an AWS G2 instance (nvidia grid GPUs) running an AWS Linux AMI so it won't copy/paste/work just anywhere, but if you're running a distro with YUM and have an nvidia card, it should be pretty close at the least.

Tuesday, January 26, 2016

Who IS a "professional"?

I subscribe to very few blogs and today an article was posted on what may be my favorite, and it got me thinking. The following started as a reply, but I decided it might be appropriate here too.

In the last couple years, I've been forced to reevaluate myself in light of my career. I've spent nearly 2 decades in software in one form or another and despite being able to make some pretty hefty claims; they always sounded exaggerated to my own ears, when coming out of my mouth so I felt awkward calling myself a professional even though I can't imagine many people refuting the claim. Still, I was reluctant to claim the title until my personal interest in virtual reality, backed by my years of photography and a years of "playing around" with a variety of video technologies saw me into the role of CTO in an up-and-coming VR company which in turn found me working side-by-side with (not employed by or for to be clear) the production team for RedBull, with the streaming engineers they use to broadcast to the Internet, and helping Samsung give 1,000's their first experience with VR at the largest music festivals in North America. 

This article [] resonates with me because by most objective definitions, I'm a professional software developer and DBA, but I didn't feel like it and few labeled me as such who had the knowledge and experience to do so (worth mentioning that I work from home and am not even surrounded by co-workers or peers often in that field). On the other hand, I'm quite new to the "professional" field of photography, videography and VR, yet I don't mind saying that I'm one of very few people in the world who has done a real-time video production broadcasting to VR and I've been complimented by some rather significant people in the industry both explicitly and implicitly and a large part of that comes down to the fact that we show up to do what we do amongst 10k's of people, have to deal with incredible challenges on the fly and have yet to fail.

Am I more of a "professional" for having spent decades in a field, or for successfully doing something new and difficult? I think you raise a great point and I'm presently of the mind that I am on both accounts, but for very different reasons in each field. In the end, not even others with experience in these fields; paid or not, could do what I do readily (and for pay) and that seems like a good basis to label me a professional in general and in those fields. It does not mean that others are not are not either though, so where do we stop applying the label OR is the label possibly less meaningful in this world where knowledge and experience are such different beasts?

Was Einstein a professional in physics when he was a "only" a patent clerk, but generating his Theory of Relativity, or did he not earn that title until he quit and started receiving funding and/or recognition for that theory?

Is a soldier a professional right after boot-camp, or not until he's fought in a war [and killed an enemy?]

Friday, August 14, 2015

FINALLY working on my pilots license for real

I've had a few false-starts towards my powered license, but each time I lost the motivation just enough and didn't really undestand why until a few weeks ago when I was in Chicago (doing a production at Lollapalooza to bring to the public for the first time) when a friend hooked me up with an instructor and we took a Cessna 172 out, did a touch-n-go at Midway, flew out over lake Michagan than did some slow-flight work before returning, all after dark.

That same friend got me interested in gliding simulators such as Condor and Silent Wings, some months ago. I've been building and playing with toy/model/rc gliders my entire life and I've always been fascinated. Somehow though, I never made the connection and suddenly I realized that it's not so much "flight" that I'm interested in as "unpowered flight" (soaring, gliding, para-gliding, para-sailing, etc..). This realization motivated me to locate an instruction school nearby and I was luck to find (owned by a family that's been gliding for decades and largely managed by a champion aerobatic glider pilot). I think I've found that hobby I've been looking for my entire life. No sound but the wind, almost nothing obstructing my view of the world, and the perfect balance between me, nature and machine.

This was the first of 3 flights this day and despite decades of simulator time, I was surprised at how much higher my cognitive load was compared to when I'm in a sim and what I expected (I knew it would be at least somewhat higher).

By flight #3 (with plenty of coaching an an instructor ready to take the controls at any moment of course), I was largely handling takeoff, tow, release, flight, pattern, descent and landing.

I was also pleasantly surprised at how nice the 2-33 was to fly despite my preconceptions about how "poor" a glider it is. In reality, it's magnitudes nicer to fly that a 162/172 (by my tastes) which makes me even more excited at the idea of making my way to the Grob 103a and such.

Tuesday, October 7, 2014

Adventures in Git OR How to fork folders in one Repo to their own repo with history

In short, I had one repo, with multiple folders where each really represented its own project and I needed to fork each folder to a separate repo WITH history. This is the solution I came up with. This does require git 1.8.4 (git subtree split).

git subtree split --prefix=sourceFolderInAnyExistingProject -b anyNewBranchNameForFork

mkdir ../someNewRepoFolder

cd ../someNewRepoFolder

git init --bare

cd backToOriginalWorkingFolder

git push ../someNewRepoFolder anyNewBranchNameForFork:master

cd ../someNewRepoFolder

git remote add origin YourNewRepoRemote

git push -u origin --all

cd ..

rm -rf somenewRepoFolder

git clone YournewRepoRemote someNewRepoFolder

Sorry if that's not clear enough, but basically, you use git subtree split to take ANY folder presently in a repo and create a branch that's filtered to have just that folder and all the history for it. Then you create a bare repo, push the branch into it, then push that repo (without working folder) to your new repo, then either trash the folder or clone the repo into another one and BAM, you've forked not only an existing repo, but just one folder in it if you prefer (I had many "projects" in one repo that needed to be forked individually so this was useful for me) and history stays intact.

Friday, April 4, 2014

SuperAdmin (GodMode) folder for Windows 8.1

I didn't think there were any cool tricks left for Windows that I wasn't aware of but I just learned otherwise.

Create a folder using one of the following names based on your version of Windows and have access to a SuperAdmin folder that makes finding all sorts of admin shortcuts as easy to find as they always SHOULD have been. I've only tested the 8.1 but am under the impression that it should work for 7 and 8 also.

Windows 8.1 - SuperAdmin.{ED7BA470-8E54-465E-825C-99712043E01C}

Friday, March 7, 2014

SSL Certs for IIS with PFX once and for all - SSL and IIS Explained

The problem is more common than dirt but the solutions provided are so often entirely incorrect and obscure and that's likely because the "Linux and Apache" folks are trying to use their standard approach with MS platforms that like to do their own thing.

Here's what you need to understand:

CSR - Certificate Signing Request: A CSR is how you ask for a certificate and provides things like your identify, the use, etc..

KEY - Private Key: When someone uses the public key that you share with the world (like that which your web server will give the client and they will use to encrypt traffic), your possession of the private key is how you prove (as a web site) that you are master. You encrypt using your private key and the client decrypts with your public key. ANYONE can have your public key and thus anyone can decrypt but since you are the only one with a private key, it is guaranteed (when you control that key correctly) that if the public key works, traffic must have come from you. Similarly, anything encrypted with your public key can ONLY be decrypted using your private key.

CER/CRT/CERT/CERTIFICATE - Public Key: See KEY explanation

PFX: Along comes microsoft and their proprietary way of doing things and the confusion that follows. IIS expects a PFX but the format has nothing to do with the standards world of PKI, keys and certs really. So how do you give them a PFX that includes the private key (needed to encrypted/decrypt your web traffic)? The intended way is for you to generate the CSR using IIS then give that CSR to your CA (internal or public) then get a key back based on the private key known by the creator of the CSR (IIS). This is where things are "all wrong" in the public CA business (from the perspective of us using IIS but really, they have it right). Most likely you created the CSR using your CA or the company reselling for them (cheapssl, gogetssl, etc..). When you do this, they give you a private key to keep safe and a public key to use but IIS/Windows has no concept of the private key so you're dead in the water from the start.

The solution:

Use IIS "Server Certificates" UI to "Generate Certificate Request" (the details of this request are out of the scope of this article but those details are critical). This will give you a CSR prepped for IIS. You then give that CSR to your CA and ask for a certificate. Then you take the CER/CRT file they give you, go back to IIS, "Complete Certificate Request" in the same place you generated the request. It may ask for a .CER and you might have a .CRT. They are the same thing. Just change the extension or use the *.* extension drop-down to select your .CRT. Now provide a proper "friendly name" (*,,, etc..) THIS IS IMPORTANT! This MUST match what you setup the CSR for and what your CA provided you. If you asked for a wildcard, your CA must have approved and generated a wildcard and you must use the same. If your CSR was generated for, you MUST provide the same at this step.

Now select the PERSONAL store (No, not webhost). This will import your CRT in the personal store where it can be associated with the private key generated by IIS when it created the CSR. THIS IS WHERE ALL THE PROBLEMS COME FROM. This is what causes SO many headaches. The CRT you got from your CA and the KEY they gave you are useless here unless you do as others might suggest and go play around with other tools like openssl (which can work but why bother when you can do it the way IIS intended?)

Now you should see your cert in the server certificates list and if you open it, you should see something like, "You have a private key that corresponds to this certificate".

Now if you can use the Export function (IIS 8 provides this in the same place as the "request" and "complete request" links) or use the Certificate MMC then navigate to the personal store and export from there to the PFX format. You need to provide a strong password to protect this file because it will have the entire certificate chain AND your private key. In other words, this PFX has the keys to the entire "domain" (speaking figuratively).

Chances are that you don't even need the PFX now because you already have the certificate inside IIS but if you're using the centralized certificate store like I am, you do AND the file name is critical. For wildcard certs, the name MUST be (assuming your request was for * If you asked for, then the filename must be because this is how SNI and centralized SSL store will look for the right one.

In summary, the easy way to install an SSL cert into IIS:
  1. Generate your CSR using IIS
  2. Provide that CSR to your CA
  3. "Complete Request" using the CER/CRT you get back from the CA
  4. [optional] Export to PFX and protect with a strong password
  5. Live long and encrypt
Update (20191201): Even today, I am using this post as I have to renew SSL for a stack that lives both on IIS and Node.js. Because of this, I also need the private key file so if you've done step #4 above and need a .key also, the following might save you some googling. Be sure to protect your .key file when you do this though!

`openssl pkcs12 -in exported.pfx -nocerts -out key.pem -nodes`
`openssl rsa -in key.pem -out server.key`

Now you you can use server.key and the cer/crt you were provided.