FitnessFaq’s Begin Bodyweight

Needing to rebuild my strength base I Purchased FitnessFaqs Begin Bodyweight and Limitless Legs last year. I did not realize how weak I was and how high my bodyweight had gotten relative to my strength levels. Begin Bodyweight is an upper body 3 day week program focusing on the basic pushing and pulling. Dip, pushup, pullups, chinups, rows, handstand, and some core work are all included.

I began the program 3 days a week using the straight bar for pullup and chinups but the volume was a bit much to begin and ended up with some tennis elbow. I rested and began again using rings for the pullups and chinups and going to two days a week vs three and am now been following the program for about 6 months. I am currently on level four attempting to increase my pullup/chinups and dip number.

I modified the training frequency again after reading this article about training frequency by Lyle Mcdonald. Training an upper/lower split 3 times per week has been working well. I am now in my mid 40’s and been experimenting with lower frequency with good success. This also gives me the benefit of working on my cardio the other 3 days and one day off a week. My hopes with some improved lifestyle changes I will be able to handle greater volume in the future.

The program is excellent it comes with an e-book, photo book, videos and training programs with 6 levels each being 8 weeks but I have been running the same program for much longer to meet the minimums. The progressions work well and this program can scale from beginners to advance via harder progressions or adding weight.

If you are looking for well thought out programs focused primarly on calisthenics you Daniel Vadnal is an excellent resource and all his courses are worth spending money on.

I am now able to do rings based pullups and straight bar dips without any shoulder or other pain. That was one of my goals last year so I would consider this one of the more valuable programs.

Assign variable in Django Templates

I am learning Django by programming a site for tracking my workouts training-log.net. I was struggling with a template that I needed to assign a variable to be used later in the template. It seems like this is not available by default in Django’s standard templates. I came across simple_tags and that seemed to fit the bill.

First step is create a templatetags directory at the same level as templates, migrations etc.

Inside that directory create a __init__.py and a file to store your tags for me mine was called workout_tags.py.

Inside that file you can setup a couple tags and use context to store the variable.

from django import template

register = template.Library()

@register.simple_tag(takes_context=True)
def set_current_set_id(context,val):
   context["current_set"] = val
   return ""
    
@register.simple_tag(takes_context=True)
def get_current_set_id(context):
    if context["current_set"] != None:
      return context["current_set"]
    else:
      return "A99"

Then inside the template you can easily assign and retrieve the values.

   {% set_current_set_id "A3" %}
   {% get_current_set_id %}

This seems to work and reading the documentations this was the best method I could find.

Year One Giant Pumpkin Experiment

This year we decided to try growing a “Giant Pumpkin”. We knew nothing about giant pumpkin growing so did a bit a reading and research but still made way to many mistakes so not sure what we will end up with.

I began by reading Growing Giant Pumpkins by Jason Johns this gave me a start but ended up winging most of it.

We ended up with a few different Giant Pumpkin seeds from Amazon Canailles 10 pack, Park Seed Dills Atlantic Giant and some big box store Giant Pumpkin seeds. Not understanding the importance of proper seeds I did not track which was which but I think my best plant this year came from the Park Seed Dills Atlantic Giant.

We began the seeds in peat moss pots on May 1. Wyoming has a growing season that can frost as late as June 11 so I thought 4-5 weeks should be enough. I think it should have been earlier next week we will begin growing mid to late April indoors.

Next year I will be sure and label each plant and make sure I know what seed is actually planted and where.

Growing direction – First True Leaf

Our large plant was planted near a fence and it also grew the direction of the fences so we had to guide it around the fence limiting the already limited area we were using for growing. Next year I will mark the pot so I know what direction it will grow when planting.

We planted June 11th with very little soil preparation just dug a hole and added a few bags of garden soil. I used black plastic this year to help keep the soil warm and retain water. Next year we will do more soil prep adding manure October 2022.

We had two pumpkins on the vine the first one was growing well until we let the second pumpkin on the vine and then the pumpkin began turning white and rotting. Still not sure if it was related to fungus or something else.

Rotting Pumpkin?

The second pumpkin is continuing to grow into the middle of September but due to late start not sure if it will fully ripen.

Attempting to grow a large pumpkin has been enjoyable and look forward to trying again in 2023 if life allows.

UPDATE 9/24/2022

We finally harvested on 9/24/2022 it weighed in at 40lbs. Not impressive in the world of giant pumpkins but happy with our first year attempt.

Two Rules For Fortigate Beginners

After managing a small number of Fortigates for a handful of years I have came up with two rules that I wished I would have known when I started. There are numerous best practices but these two have caused me the most pain recently.

  1. Never install a dot zero release of the Fortigate firmware and more specifically wait till .4 or .5 or later before upgrading. For example if you are on 6.2.7 and would like to upgrade to the latest currently at this time it is 6.4.x wait until 6.4.5. Each main release branch includes large number of new features and each of the dot releases include fixes. I have made the mistake twice when starting out and the firewalls became unstable and difficult to maintain and upgrade.
  2. Always use zones for building policies. Zones allow you to add and remove interfaces from a zone and inherit all policies associated with that zone. If you build policies directly against interfaces when you need to add interfaces that fall into similar zones you have to rebuild all of those policies for the new interface vs adding the interface to a zone and being done. Zones really shine when doing upgrades from one hardware platform to the next when interface names and counts differ. You can easily remove all interfaces from the zone transfer the config and add the new interfaces to the correct zone.

Those are two simple rules that would have saved me a lot of time.

Azure Application Insights On-Prem Web Farm

On each of the nodes of the web farm with a shared config run the following commands.


Download: https://www.powershellgallery.com/packages/Az.ApplicationMonitor/

$pathToNupkg = "C:\temp\az.applicationmonitor.1.1.2.nupkg"
$pathToZip = ([io.path]::ChangeExtension($pathToNupkg, "zip"))
$pathToNupkg | rename-item -newname $pathToZip
$pathInstalledModule = "$Env:ProgramFiles\WindowsPowerShell\Modules\az.applicationmonitor"
Expand-Archive -LiteralPath $pathToZip -DestinationPath $pathInstalledModule


Enable-ApplicationInsightsMonitoring -InstrumentationKey xxxxx-xxx-xxx-xxxxx -IgnoreSharedConfig -EnableInstrumentationEngine

After the commands have been run go into IIS on one of the machines in the web farm and add a module with name ManagedHttpModuleHelper pointing to Microsoft.AppInsights.IIS.ManagedHttpModuleHelper.ManagedHttpModuleHelper in the dropdown box.

https://docs.microsoft.com/en-us/azure/azure-monitor/app/status-monitor-v2-overview

Vmware workstation error code 0xc00000005

Kept getting error code 0xc00000005 when trying to install windows 2019 as a guest on VMware workstation. I uninstalled and tried VirtualBox and got a different error. Searching the log files lead me to the following post about hyper-v interference. I had uninstalled Hyper-v but there must have been some hyper-v feature left. The following commands worked.

bcdedit /set hypervisorlaunchtype off

DISM /Online /Disable-Feature:Microsoft-Hyper-V

Finally passing the CISSP certification

After multiple starts and stops I finally was forced to take the CISSP November 23rd as I was not able to postpone the cert further.

I have been working as a sysadmin/security analyst in a single location for over 20 years. When working at the same job for so long, there is a risk of not growing and learning to help keep up with the industry. I take certs to help fill the gaps.

I started studying for the CISSP two years ago but life continued to get in the way.  I thought I  was prepped and ready to go when COVID hit and I was forced to postpone.  After rescheduling multiple times I was forced to take it because pearson vue wouldn’t allow me to reschedule any later.

Users in the reddit.com/r/cissp group recommended taking 3-4k questions and using multiple study guides and resources.  Although that seems like overkill it ended up being about right for me to understand the material well enough.  

I hear a lot of complaints about the CISSP, but I found it to be valuable coming from a purely technical role all these years it helped me fit the various “pieces” together.  Being forced to spend more time looking at security from a management point was very valuable.  CISSP gave me value due to the preparation required to sit and pass the test.

I used the following resources.

https://reddit.com/r/cissp – This is a valuable resource helping me to know what to study and what resources.

https://thorteaches.com/ – Thor does a good job of breaking down the material and giving a good overview.  I watched all the videos and answered all the questions.  The questions were slightly repetitive but still good.

Sybex official study guide and questions.  – This was one of the better resources read the book twice and go through all the question in the online test bank.

https://www.cccure.education/home – Good questions used this towards the end of my preparation.

https://www.studynotesandtheory.com/ – I like Luke’s videos, his questions are very challenging but may be of value.

Boson CISSP Practice questions.

Eric Conrad’s 11th hour and CISSP study guide books were a good review and worthwhile to read once or twice.

Glad to have it over now I am looking into Azure certifications or Offensive Security AWAE certification.

Fortigate to Fortigate VXLAN – Disaster Recovery

Been working on a solution for a disaster recovery one of the goals was a stretched layer 2 network. Since we would need a similar firewall with similar rules at the DR location I have been investigating vxlan over and IPSEC tunnel.

This is the current test config I will update it when more testing has been completed.

config sys global
 set hostname FIREWALL1
end

config system interface
    edit "wan1"
        set vdom "root"
        set mode static
        set ip 173.1.1.1 255.255.255.0
        set allowaccess ping fgfm
        set type physical
        set role wan
        set snmp-index 1
    next
end

config vpn ipsec phase1-interface
    edit "to_HQ2"
        set interface "wan1"
        set peertype any
        set net-device disable
        set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1
        set wizard-type static-fortigate
        set remote-gw 173.1.1.2
        set psksecret supersecret
    next
end
   
config vpn ipsec phase2-interface
    edit "to_HQ2"
        set phase1name "to_HQ2"
        set proposal aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305
        set comments "VPN: to_HQ2 (Created by VPN wizard)1"
        set src-addr-type ip
        set dst-addr-type ip
        set src-start-ip 1.1.1.1
        set dst-start-ip 1.1.1.2
    next
end


config system vxlan
    edit "vxlan1"
        set interface "to_HQ2"
        set vni 1000
        set remote-ip "1.1.1.2"
    next
end



config system interface
   edit "to_HQ2"
        set vdom "root"
        set ip 1.1.1.1 255.255.255.255
        set type tunnel
        set remote-ip 1.1.1.2 255.255.255.255
        set snmp-index 8
        set interface "wan1"
    next
   edit vlan100
     set vdom root
     set vlanid 100
     set interface dmz
   next
   edit vxlan100
     set type vlan
     set vlanid 100
     set vdom root
     set interface vxlan1
   next
end


config system switch-interface
  edit sw1
    set vdom root
    set member vlan100 vxlan100
  next
end
config system interface 
edit "sw1"
        set vdom "root"
        set ip 192.168.4.1 255.255.255.0
        set type switch
        set snmp-index 12
next
end
config router static
    edit 1
        set dst 1.1.1.2 255.255.255.255
        set device "to_HQ2"
    next
end


//////////  FIREWALL 2

config sys global
 set hostname FIREWALL2
end

config system interface
    edit "wan1"
        set vdom "root"
        set mode static
        set ip 173.1.1.2 255.255.255.0
        set allowaccess ping fgfm
        set type physical
        set role wan
        set snmp-index 1
    next
end

config vpn ipsec phase1-interface
    edit "to_HQ1"
        set interface "wan1"
        set peertype any
        set net-device disable
        set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1
        set wizard-type static-fortigate
        set remote-gw 173.1.1.1
        set psksecret supersecret
    next
end
   
config vpn ipsec phase2-interface
    edit "to_HQ1"
        set phase1name "to_HQ1"
        set proposal aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305
        set src-addr-type ip
        set dst-addr-type ip
        set src-start-ip 1.1.1.2
        set dst-start-ip 1.1.1.1
    next
end


config system vxlan
    edit "vxlan1"
        set interface "to_HQ1"
        set vni 1000
        set remote-ip "1.1.1.1"
    next
end



config system interface
   edit "to_HQ1"
        set vdom "root"
        set ip 1.1.1.2 255.255.255.255
        set type tunnel
        set remote-ip 1.1.1.1 255.255.255.255
        set snmp-index 8
        set interface "wan1"
    next

   edit vlan100
     set vdom root
     set vlanid 100
     set interface dmz
   next
   edit vxlan100
     set type vlan
     set vlanid 100
     set vdom root
     set interface vxlan1
   next
end


config system switch-interface
  edit sw1
    set vdom root
    set member vlan100 vxlan100
  next
end
config system interface 


edit "sw1"
        set vdom "root"
        set ip 192.168.4.2 255.255.255.0
        set type switch
        set snmp-index 12
next
end

config router static
    edit 1
        set dst 1.1.1.1 255.255.255.255
        set device "to_HQ1"
    next
end



Packet Capture without Wireshark

I needed to capture packets off a production web server but did not want to add additional unnecessary software to production like wireshark or similar.

I came across some dated articles on Netsh that looked promising. But the tool used to convert to packet capture seemed to be deprecated. Luckily the following tool allows you to convert ETL to packet capture so it can be opened in wireshark.

Here is a basic example.

netsh trace start capture=yes report=disabled
netsh trace stop

Copy the .etl file to a machine with wireshark.

etl2pcapng.exe NetTrace.etl out.pcapng

https://github.com/microsoft/etl2pcapng to convert the file.