Tech's Head

People constantly ask me what I do for a living. The “real” answer can be found on the home page. Most of the time I spend my day reading, surfing on the Internet and talking to peers in the IT industry. This blog is about whatever I run into in my reading, web surfing, and conversations. It will not be limited to IT, but will run the gamut of anything that runs through my head.

As 2023 is coming to an end, I came to the realization that I have been in business for 20 years.

I started McKeand Consulting, LLC in 2003 in Maryland. At the time, I had just left my job at a consulting firm in Annapolis due to burn out. I was the Senior Microsoft Engineer, Product Manager (I figured out what to put into computers we assembled for clients), and Microsoft Team Lead (separate from SME – I also had to manage the Junior Microsoft staff). Staying on top of the constantly changing environment of desktop and server technology was a major task in itself. Let alone keeping on top of all the Microsoft based clients the firm had. Even after I left the firm, I would be called by the owner of the firm from time to time to assist with some of the clients I had worked with in the past. I also had to fix issues my replacement caused.

Once we moved to Texas, things changed. I now live in a small town in rural Texas. There are only a few potential sites with the scale of what I had worked with in the Washington, DC – Baltimore, MD – Annapolis, MD Triangle. Most of the larger sites in the area have their own IT Staff – most of which are super territorial about their network and will die before asking for help. The rest are small to extra-small. I even have a couple of clients that are a single computer. One has his secretary print out his email and give it to him on paper.

So, I went from managing a team that worked on medium to large networks to setting up printers, replacing computers (copying files from the hard drive of the old computer), and helping people manage their passwords. The rare client that has a larger network, I have done too good of a job making them stable enough to not need me too often. I do have a client that is a left over from the consulting firm in Annapolis, that I have been working with for most of the time MC has been around. And of that time, I have been to his office once for a couple of days – everything else has been remote. I even migrated their Exchange Server (with an upgrade) from 17 hours away (Texans measure distances in hours – that would be over 1100+ miles).

So, what is the future of McKeand Consulting?  I don’t know. I put an outbound message on my voicemail saying I’m focusing on other projects. What are those projects? I’m not saying. I will only say that they are only mildly technically IT related. Computers are involved, but only tangentially.

What are my long-term plans? I don’t have any. I will probably continue to do the same 4 things, which recently changed to 5. For a long time, I have been joking that I do 4 things: Read the Instructions, Take the Default Settings, Watch the Status Bar Go By, and finally Google the Error Message When It Doesn’t Run. I have recently added a fifth: Help Reset the Password. That one quickly went from number 5 to number 1 rather quickly. I will probably continue to do these things for my existing clients, but I probably won’t be looking for new clients. Just don’t tell my wife…

Names are important. I get steamed when people continue to mispronounce my last name or when someone corrects my pronunciation of the town I live in. But, where names are really important are in networks. One of the most common issues I face regularly in networking is name resolution.

Why is this important? Let me start at the beginning. Most users take for granted when they fire up their computer and connect to a network that they will be able to go out on the internet and get to Facebook (I still think it is a fad). But, for that to happen, there are several things that have to happen in the background for that to work.

On a TCP/IP network, every computer or device must have a unique address (IP). These can be statically set - causing some administrative overhead of tracking what addresses are free (you have to have an IP before you can search for a free address). The easier solution is to dynamically assign addresses - this requires a machine on the network usually using the Dynamic Host Configuration Protocol (DHCP) to give out the addresses (and other settings I'll get to latter) and track who has what address. Thus, preventing the dreaded IP conflict (two machines having the same IP address), which happens more often than not on statically assigned networks.

The tracking is done based on the MAC address of the network interface. This SHOULD be a unique string of twelve hexadecimal numbers. The first six identify the manufacture of the network interface and the last six identify the unique device. Ask me what happens when you change the MAC addresses of several network interfaces on the same network to the same string. You could do that back in the day... But that is a topic for another day. 

The DHCP server gives out more than IP addresses.  At a minimum, the host is given an IP address, a Subnet mask, a Gateway address,  and a DNS server. The Subnet mask helps the host to determine what other hosts are on the same network (i.e. have the same range of IP addresses). And the Gateway address is where the host should send data that is intended for another network (i.e. outside the range of IP address used on their network). There are  many more things that DHCP gave give out. Such as Time Server, Network Name, and even what IRC servers are on the network. But for this discussion I will focus on IP, Subnet Mask, Router/Gateway and DNS Server.

The DNS server (Domain Name Service) is where the name resolution magic happens. Computers communicate with numbers - even what we see as text are actually numbers to the computer. www.mckeand.biz is much easier to remember than 24.314.19.168 for us humans. So DNS translates the www.mckeand.biz to an IP address. There are other records in DNS that can give information about a domain (such as mckeand.biz), but again that is off topic.

So, What is the topic? Name resolution always bites me in the back side. I have spent more hours that I want to admit chasing issues on a network that turned out to be name resolution. The issue popped up yesterday at what should of been an hour or two at my church updating the network. I replaced three 10/100 switches with new Ubiquiti Unifi managed gigabit switches. That went well enough, I was able to integrate them into the Unifi Console (I already manage the four wireless AP on the site) without an issue. The Unifi Security Gateway (USG) on the other hand fight me tooth and nail. I could not get it to integrate to save my life. The process is called Adoption in Ubiquiti's vernacular. It is a simple process, I've done it many times at many locations.

  1. I connect the device I want to adopt to the network.
  2. Find the IP address assigned via DHCP.
  3. Use Secure Shell (SSH) to connect to the device.
  4. Issue a set-inform command: set-inform http://unifi.mckeand.biz:8080/inform
  5. Go to the Unifi controller and adopt the device
  6. Issue the set-inform command again.

The device would show up in the console and manage the device.

But, the USG would not adopt. Not until I entered the IP address of my controller. This should of told me something was up. The USG has two interfaces (actually three, but one is disabled). Each interface should have an unique set of IP settings. The LAN interface is statically assigned - most servers and network equipment should be static. The WAN interface in this case is dynamic - uses DHCP. The ATT uVerse modem/router thing insists on all dynamic, in general this should not be an issue. There is a mechanism to have the public IP of the modem assigned to a device on the LAN (DMZ+ is what they call it). Fine, I had the modem give the public address to the USG via DHCP. The modem also gives out its own address as DNS. Normally, this would not be a problem, but the modem's LAN side is in the 192.168.1.x range as is the LAN side of the USG. So the USG is told use 192.168.1.254 as a DNS. When the USG tries to look up unifi.mckeand.biz by talking to 192.168.1.254 which it assumes is somewhere on the LAN interface, it fails. This is why I was able to adopt the USG using the IP address of the Unifi controller.

This continued to be an issue because I could not get the firmware of the USG to update. I dug around and found how to override the DNS supplied by the uVerse modem. I then was able to force the firmware update via SSH. I think I am done breaking things at the church.

 

 

Back in 2009 I started a blog on Blogger. I have not posted anything there in almost 7 years. That blog can be found here: BlogSpot

I intend on posting here on a more regular basis. My interests have not changed by much. I will be adding stuff on 3D Printing. I may include time lapse videos of some of my prints. I have also been building model steam engines in Fusion360, I may show videos of some of those models.

I read this article in my news feed this morning: The Best Internet Security: Layers of Protection, and Good Habits from Wirecutter. 

This is what I have been telling client for a few years now. This approach works to keep your system and personal information safe.

The most important part is good habits. Just the realization that <insert large tech related company> is not going to reach out to you to tell you that you have a problem will go a long way to protecting yourself. By large tech firms I mean: Apple, Dell Computers, HP Computers. The only time they are going to reach out to you is when you have a service agreement with them. You would know if you did, you would be paying a large part of someones salary on an annual basis.

Another good habit is to not open attachments that you are not expecting. Just because it says it is from someone you know, does not mean it is safe to open. Many ransomware attacks start from what is supposed to be an invoice attached to an email.

On a related note: the IRS is not going to call you on the phone because they are about to send the police to arrest you. Why would they give you a heads up on the arrival of the police? They will attempt to contact you via registered mail (signature required).