Lost Time and Shifting Priorities

TL;DR: I got pulled away and now I’m back with new ideas.

It’s been a some time since I posted an update. I added a list of ISACs to kick off the cyber sec portion of the blog and I have some How-To’s in the works but that’s as far as I got. I was pulled away with some rapid fire family and personal issues (one of these involved a raccoon), job interviews, and a coding project. Now with some free time in the foreseeable future, I can contribute to the blog again.

My xcp-ng project is dead for now. This was my main focus for a while and the initial install was pretty straightforward. In fact, the licensed Xen Orchestra was easy to deploy, but it didn’t make for good writing. I decided to try something a little more complicated so we could get a good article out of it, which was to deploy the free version to Debian Trixie. This comes with the challenge of using the CLI in xcp-ng, as the built in XO Lite doesn’t support managing storage at this time. There are a number of things in the XO Lite GUI that are yet to be implemented, so there was no way in the GUI to add the Trixie ISO to the system. I don’t mean mounting an ISO to a VM, there just wasn’t a way to upload a new ISO to the server.

I downloaded using wget and fumbled about with the xcp-ng cli for a while but despite building a Local ISO SR, creating a VM, mounting an ISO to it, then verifying the boot order, the VM would never show my storage devices as bootable devices. While this is something I could overcome with time and research, some shifting priorities had me use the hardware I was playing with as a new Proxmox node, and so the project is at least on a hiatus until I get new (second hand) hardware.

In the time I was away from writing, I attended a Security presentation from a local ISAC that talked about compromising AI models. In addition to compromising the AI itself, I also considered how the models themselves could be used maliciously against other systems. Even stepping away from the security aspect, there’s seems to be a big misunderstanding in non-technical roles about what AI can do and how to use it. This gave me some ideas and topics for future security articles, but I’m a sucker for writing a good How-To too.

I like the idea of writing a “vibe coding” tutorial, followed by a tutorial on how I use AI models to be more effective. The coding project I mentioned above is a very simple node/express/mongo API, and I think the majority of it could be written with an AI model and the right prompts. I have my doubts about the end product based on vibes, so the exercise is sure to be fun. I’m really looking forward to this because there have been great strides with LLMs in the last few years, and learning to use them correctly can be a boon for productivity.

Finally, and I’m not sure that I’ll get to this, but my domain controllers “need” to be replaced. My home lab and servers use Active Directory installed on Microsoft Server 2022. I’d like to upgrade these to 2025, but also switch from domain.local, to local.calmatlas.com at the same time. There are some pro’s and con’s and some decisions to be made about changing my domain name, which could make an article in itself, and an article with some homegrown migration scripts could be fun too. In the end, this is near the bottom of my priority list, so we’ll see if it comes to fruition.