Posts on Alex Norell

How To Set Up YubiKey On macOS

Tue, 30 Jul 2024 12:00:00 -0700

This is a follow up to the How To Set Up GPG on macOS guide We’ll build on the GPG key configuration to move the storage off the machine itself to a physical key. We’ll also cover setting up the YubiKey for other services and uses, like WebAuthn.

By the end of the guide you will:

Disable YubiKey OTP
Move GPG keys to a YubiKey
Disable the macOS Smart Card prompt
Add a YubiKey to Web Services
Disable SMS Authentication

Some requirements:

How To Set Up GPG On macOS

Mon, 29 Jul 2024 12:00:00 -0700

This guide covers everything you need for setting up GPG on macOS for software development. By the end of this guide, you will accomplish the following:

Create a primary GPG key
Create an authentication key for use with SSH
Create a signing key for git commit signatures
Deploy these keys to GitHub
Remove the primary private key to follow best practices

Some requirements:

You have brew installed
You have a password manager set up

What is GPG

GNU Privacy Guard (GPG) is an encryption software that enables secure communication and data storage. It is an implementation of the OpenPGP standard, but has become the defacto standard implementation. GPG uses a hybrid approach combining symmetric-key cryptography for speed and public-key cryptography for secure key exchange. can utilize GPG for signing and verifying documents, encrypting emails, and safeguarding files. Secure email providers like Proton Mail use it for encryption of emails and files.

Smart Whole House Fan

Tue, 16 Jul 2024 12:00:00 -0700

We added a whole house fan to our house to bring in fresh air and aid in cooling down the house in the evening. The fan is fully controllable with Home Assistant using a couple ZWave relays.

System Design

We went with a slightly oversized unit than our square footage and climate zone need. The unit we chose was the Quiet Cool QC ES-4700 which provides two speeds, high at 4,195 CFM and low at 2,304 CFM. The fan has two control lines that determine speed. Normally, these lines are hooked up to Quiet Cool’s own smart fan control system to control the speed or a timer switch and control switch.

2024 Ski Season

Sat, 01 Jun 2024 12:00:00 -0700

Ski Log

Days	Mountains	Vertical Feet
80	40	1.35M

Road Trip

We made the decision this year to do the road trip that we had been wanting to do the previous 2 years. The goal was to ski as many places as we could on our two passes and make our way up to Canada for a couple weeks. The road trip didn’t have a set end date, but we had a rough plan of what we wanted to do.

2023 Ski Season

Fri, 14 Jul 2023 12:00:00 -0700

The previous year we dipped our toes into the ski bum road trip lifestyle with a month long trip. It was awesome to spend so much time on the road and really learn what we like and don’t like.

I switched my pass this year to the Ikon Pass to get more days at the places I love and to expand the number of places that I am able to ski. It also didn’t help that Altera removed their mountains from the Mountain Collective pass, taking away all the California mountains. I also felt a bit limited in the number of days I could ski with the Mountain Collective pass, only getting 2 days at each of the partner resorts. Ikon gave me unlimited at the Altera owned mountains and 7 days at the rest of the mountains I would want to ski.

2022 Ski Season

Wed, 01 Jun 2022 12:00:00 -0700

We bought Mountain Collective passes for the third year in a row. The pandemic wasn’t fully over and we really wanted to do a road trip to hit all of the western US mountains. We had bought a truck after buying our house and were planning on using that to get around the mountains.

The Plan

Road trip around the US Rockies in our truck
Spend a longer period of time in each city

The Truck

We purchased a 2006 Chevrolet Silverado in July 2021 as a second vehicle mainly for the house projects we were planning on doing with our new house. It had four wheel drive and I also outfitted it with new snow tires and a truck bed cover at the beginning of 2022 in preparation for our trip.

Interview: Startup Infrastructure Design

Sat, 29 May 2021 09:57:26 -0700

Prompt

As we scale, we need to streamline our code deployment and infrastructure to be as efficient and robust as possible so that we can iterate quickly. These are some of the challenges that you’d be solving.

Problem

What tools/processes do you use for cloud infrastructure management, security, and auditing?
We are a small, fast moving startup. With this in mind, how would you think about build vs buy?
How would you construct a CI/CD pipeline on AWS with a React frontend, NodeJS backend, and pool of worker jobs?
How would you setup an ElasticSearch cluster for search with 100 million records in it, mostly free text across multiple languages?

Answers

I’m going to tackle these questions using only AWS services because I know them and I know that they work well together. These questions can be answered in a lot of different ways with varying amounts of development and managements costs associated with them. Let’s just assume that the cost of going with an AWS provided solution is still less than hiring more engineers to build it all yourself.

2021 Ski Season

Sat, 01 May 2021 12:00:00 -0700

COVID-19 really screwed this year up for us. We had Mountain Collective Passes, but we didn’t feel comfortable traveling, and we didn’t travel for skiing until after Mariah had received her first vaccine shot. Due to all this, we only skied three times, and all of them at Palisades Tahoe.

Ski Trip Log

Days	Mountains	Vertical Feet
3	2	50.4K

March Trip

We drove up the night before and stayed at the Best Western Plus in Truckee for two nights before driving home.

IoT Village Virtual CTF

Sat, 01 May 2021 10:31:33 -0700

Last week, IoTVillage hosted a virtual Capture the Flag (CTF) event. The purpose of the event is to use known exploits on devices to retrieve information from within the device. This information is known as a flag and can really be anything; from the MD5 of a particular function, to the contents of a file in the system.

The CTF is set up as a 3 tiered network with vulnerable devices in each network. You connect into the network via a VPN and it drops you into level one. There are no instructions other than the name of product and what we need to retrieve from the device. These devices are all IoT devices with known vulnerabilities: Network Attached Storage Devices, IP Cameras, Consumer Routers, etc.

State of the Desk 2021

Sun, 31 Jan 2021 15:19:45 -0800

An overview of my home office desk.

Add Cloudfront to a Website

Sat, 22 Aug 2020 12:00:00 -0700

The domain I’m using, norell.dev, requires the site to be served via HTTPS, or else the browser won’t display it. Google, the owners of the gTLD, requires HSTS for the domain.

From the get.dev page:

Your security is our priority. The .dev top-level domain is included on the HSTS preload list, making HTTPS required on all connections to .dev websites and pages without needing individual HSTS registration or configuration. Security is built in.

Add External Domain in AWS and create record for S3

Wed, 19 Aug 2020 21:21:09 -0700

I have a domain name, norell.dev that is registered outside of AWS. I would like to use it for my development within AWS, but Amazon doesn’t support the .dev domain name. Google is the gTLD owner, and Amazon and Google don’t play well together. Even though Amazon won’t let me transfer my domain to be registered in Route53, I can still configure it to be used using Hosted Zones.

I will follow this guide to get it set up.

Host Website in AWS S3

Tue, 18 Aug 2020 23:06:28 -0700

I want to deploy a copy of this website to AWS S3, and set up all of the necessary infrastructure using terraform. This post will go over the steps that were taken to achieve this.

Set up provider

This will be using AWS, so the terraform provider must be set. This will use the latest terraform version, 0.13.

The provider is defined below, and located in main.tf

provider "aws" {
 version = "~> 3.0"
 region = "us-west-1"
}

Set up backend

This project will use S3 as the backend for storing the terraform state files. I created an S3 bucket using the AWS cli.

Switching to Netlify for static hosting

Sun, 16 Aug 2020 12:59:51 -0700

Previously I had my website hosted in a GCP instance behind nginx. That really was too much overhead for what I actually needed for this site.

A couple of the downsides:

Manual setup of the entire GCP instance
No CI pipeline
No CDN
Expensive

Manual Set Up

I go over in my previous post, Creating and Deploying This Website. In summary, I was previously using the free tier of GCP to host a nano sized instance that contained nGINX and several static websites. I needed to set up certbot manually for each of these websites. I also needed to set up users and SSH credentials to lock down the machine.

2020 Ski Season

Wed, 01 Apr 2020 12:00:00 -0700

This was the first year I got back into skiing after graduating from college, and my wife and I decided to get Mountain Collective passes. We figured this would motivate us to explore and experience a variety of resorts instead of just sticking to our usual routine of driving up to Tahoe. It was an exciting way to jump back into my love for skiing while also turning it into an adventure for both of us.

Creating and Deploying This Website

Tue, 12 Nov 2019 00:00:00 +0000

A detailed explanation on how this website is generated and hosted.