Blog | Digital Darragh - Technology & Music

Tech failures

Jan 30, 2019 | Server administration, Technology

I’m good at my job. Hand me a virtual infrastructure build on VMware, Hyper-V or even Xen, active directory, any version of Windows, most Linux distributions, PHP, MySQL, NginX, Postfix, Currier, Exchange, Azure, Office365, GSUite and all that and I’ll give you a system that’s efficient, stable and cost effective. I can even dabble in .net, php, vbs, powershell, bash, SQL and at a stretch, c and mongodb.

So I’m quite confident in what I’m doing normally.

But January has been a complete Fuster Cluck of problems that have either taken me far too long to figure out or are still waiting on my ever growing to do pile of things I need to get around to fixing or finishing.

This kind of thing happens. Integrating technologies doesn’t exactly come with an instruction manual. Sometimes it is a suck it and see situation. So, here’s a few of the things that haven’t gone right in January.

During a meeting last week, I decided it would be brilliant if I could share my Microsoft To do notes to other people in a project that I’m working on. I love Microsoft To do. It’s just so easy to keep track of what I need to be doing and the priorities of different tasks. I would have appreciated the power it would have provided if I could find out what others on this project are doing as well. So, I configured SCCM to connect to Azure then to the Microsoft Education store, I provisioned the To do app and after some messing about, I got it installed on a test machine. It ran perfectly under my test account. Next I installed it on someone elses PC. It finally installed but it’s not available because it requires Exchange online to be enabled. We’re a Google house here so To do is simply not going to work. I wouldn’t mind so much but to even get this far I had to:
- Create an Azure active directory app in Azure.
- Figure out where the private key was located in the Azure UI. Turns out I was in a slightly different place than I should have been. That’s the stupid thing about the Azure UI, you can’t necessarily get to the keys for an application from the properties of that application.
- Then I encountered the problem of how to assign devices to Azure active directory accounts. This is required for the Microsoft Education Store to allow apps to be installed.
- Then finally, most of the documentation said that when you look under Online Licenses in SCCM, you should see the available store apps. What they don’t say is that you will need to manually provision any apps that don’t get provisioned by default.
I was very happily surprised by PFSense. The UI is nearly 100% accessible. I’m delighted because a few years ago it wasn’t that straight forward for a screen reader user to navigate. But getting this running wasn’t all that easy. I wrote a blog post about Configuring PFSense last week. But in summary:
- Routing broke.
- After a rebuild of the config, it worked again. NO idea why.
- Key generation and association for OpenVPN didn’t work as expected. But I got that working eventually.
- Got load balancing working. Yay!
- My Irish Broadband router then decided it was going to see the wrong IP address for the PFSense virtual machine. I’ve flushed that device several times and each time it gets it wrong. It’s seeing an old device. NO idea why. The device is only running at 15% usage and 28% power but it’s user interface is running very slow. That’s a problem for another day.
.net problems have terrorised me for nearly two months now. Here’s the problem:
- I inherited a large application from a company who are no longer supporting it effectively. This application broke as a result of a change that was made outside our control on the infrastructure that is hosting this service.
- I worked with this bad company for about a month. But it was clear to everyone that I was coming up with better ideas to fix this than the people who were actually meant to be developing it. so, in frustration, I tok over the code in december.
- The part of the code that broke as a result of the infrastructure change is now fixed. But the fix depends heavily on .net 6.2. The system was written in .net 4.5 so upgrading it shoudl be straight forward. But no. I was struck again. The code that I’ve written uses newer versions of the libraries that are already in use in .net4.5. Updating those libraries breaks the main application.
- I could go on and on about this but it’s very complicated. I’ve sat at my desk until 3:30am in the morning trying to get my head around this but I’m not getting very far. I have 27 conflicts left. Each time I encounter a conflict, I need to explicitly reference the correct library and version. HOwever, in the event that conflict is communicating with a clas in the main application, directing the code at that class and therefore including it for compilation may or may not add dozens of other conflicts. If I’m lucky, it will just compile. Generally it does, but when it doesn’t, it can set me back days. Each time I find a conflict, I have to open the old version of the code and verify the library / namespace that it was previously using.

Yep. It’s all a complete Fuster cluck.

I’m tired. I’m not getting enough sleep because I’m not good at switching off while I have things that need to be fixed or finished. But then I’m finding it’s very hard to get motivated because i have had such a long string of problems and I’m constantly tired.

Don’t worry. I’ll break through this cycle. Things will start falling into place. I’ll keep working away at it. This isn’t the first or the last time several systems have caused me problems all at the same time.

A note about Microsoft To do. If you haven’t tried it, give it a go. I think you’ll like it. If you find yourself needing that kind of thing.

Connecting to Hyper-V from a non-domain joined PC.

Jan 29, 2019 | Technology, Virtualization, Windows

This isn’t difficult but there are a few steps involved.
There’s no need for me to write everything down. This great guide explains everything you will need to know.
But it’s still not working for me. I’m connecting through a VPN connection on a different network range so it’s probably something related to that.

OpenVPN configuration in PFSense.

Jan 27, 2019 | Linux, Server administration, Technology, Windows

I spent about six hours this weekend installing PFSense, configuring the firewall and setting up OpenVPN. Here’s a quick run through of the problems and the solutions.

LAN to WAN access

I’m not using VLan’s. The main purpose of running PFSense is I wanted to have traffic filtered through a reasonably decent firewall sitting on a virtual machine. All the servers that I’m going to use are on the one hyper-V host. I don’t want to open up a lot of ports going to these services for both general front end access and back end administration.

With the use of a VPN for back end administration, I’ll have three networks in total to set up.

WAN interface.
LAN network
VPN client network.

At the start, prior to configuring OpenVPN, routing between the WAN to the LAN was fine. But after the configuration of OpenVPN I had problems with routing from the LAN out to the WAN.

I wish I could say I found a solution to this. But I didn’t. When I fixed the routing issue, I then lost all access to the LAN. So I restored the factory defaults and began configuration again.

The second time I configured PFSense the routing issues I had were not encountered.

Certificates

When configuring OpenVPN, I had problems generating the client. The first time It said I had no RCL. Second time I had no user cert and the third time the server cert wasn’t from a trusted CA.

Here’s what I did to fix all of that:

Created a new user. This user doesn’t have admin access. This is a good idea for VPN use anyway. This new user has a user certificate assigned. This user certificate is created from the CA on the server.
I don’t know why but the server certificate created by the OpenVPN server wizard wasn’t signed by the Route CA on the server. I also couldn’t delete that certificate. Instead, I just created a second server certificate and in the properties of the server, I selected that new certificate.
No CRL. IF a CRL is required by the OpenVPN server, I’m not sure why it wasn’t created by the wizard. But in the properties of the OpenVPN server, a handy link is provided to bring you right to the CRL tab under the Certificate options.

All of these items were easy to fix. They seem like bugs in the OpenVPN server creation process.

Routing

This one took a while to fix. I was able to access the PFSense LAN address from VPN clients but I couldn’t access any other devices on the PFSense LAN.

Using netstat -r in Windows confirmed that the route was added.
There were no firewall rules blocking traffic. But on the up side, I also added tighter rules to specifically allow the traffic that was needed between VPN devices and the LAN.

I thought it was strange that I could access the LAN devices from the PFSense console. So after a lot of thinking, I finally decided to add the routes from the other direction. From the LAN devices to the OpenVPN network. There’s a way of doing this in OpenVPN I’m sure however if explicitly configuring the routes on the LAN devices, try one of these two commands.

For Windows:
route add 10.0.1.0 mask 255.255.255.0 [PFSenseLANGateway]

For Linux:
ip route add 10.0.1.0/24 via [PFSenseLANGateway]

Finally. It’s all working.

I used PFSense a lot about eight years ago. I had problems at the time running it in a VM. Now though I’m delighted that I’ve started using it again. I love the UI and it’s all very logical. I look forward to using the lode balancer functionality soon as well.

Trying to drag the good out of a busy week.

Jan 21, 2019 | Personal

While walking home from work last Friday evening, I was feeling particularly thankful. It had been a very busy week and I was really looking forward to switching off for a few hours. I reflected to myself: Each week, we all learn something. It might be from a casual conversation, a book, a news report or even online on social media. So here’s a few things that I picked up last week.

I spoke to a medical missionary nurse on the way home from Dublin on Wednesday. She started travelling around the world offering help in 1982. Since then she has helped in Nigeria, Kenya, Gana and brazil. When not working as a nurse and a midwife, she was also helping young nuns to as she put it, “make sure this life suited them”. I found the conversation with this woman fascinating. She explained that many of the areas she worked in transitioned from providing hospital care / primary care facilities to providing community support and preemtive care. The lady didn’t agree with this entirely but she saw the motivation behind it. The young nurses she had once helped to train are hoping that reducing the need for hospitals will reduce the burden on the emerging health care system. She was also telling me that NGO’s such as the red cross took over from medical missionary nurses from the mid to late nineties. At their peak, there were 250 medical missionary nurses in her organization. Now in recent times there are about 150 MMN’s at any one time.
I took three short courses this week on Linked in learning. The first was on Azure architecture fundamentals, the second was on Windows 2019 differences compared to 2016 and the third was specifically related to Active directory on 2019. Each course was about two and a half hours long. I can’t say I learned anything groundbreaking. Especially relating to azure, I had done all of this before but it’s good to go back over the basics in case there’s something that’s been forgotten over time. But still, it was reasonably useful.

Azure Point to Site VPN – Add or replace certificates.

Jan 18, 2019 | Azure, Server administration, Technology

A year ago I set up a new environment for a company who decided to host everything in Azure.

I set up the virtual machines, the storage, the backups and everything that came along with that. I also gave them a Point to Site VPN connection so they could independently make changes and modify / add data as needed.

Today that VPN connection stopped working. Why? Simple. The cert expired. Microsoft have written great documentation on this topic but by default, the root and client certificates only last for one year. That’s for security reasons of course. Each year, you renew your certificates and if someone has a certificate that should no longer be allowed, that cert becomes invalid. Nice and easy.

However, in addition to using certs, I also have accounts that I can modify on the local machines and each group of people have a different route cert so replacing certs isn’t a major problem.

That said, I wanted the certs to last longer than 1 year. I could have made them last 10 years but I thought 3 years was a happy medium.

You could of course create the scripts using a GUI but here’s a faster way that uses Powershell.

$date_now = Get-Date
$extended_date = $date_now.AddYears(3)
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject "CN=P2SRootCert" -KeyExportPolicy Exportable
-HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign -Notafter $extended_date


Now create the client cert using this.

New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature
-Subject “CN=P2SChildCert” -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048
-CertStoreLocation “Cert:\CurrentUser\My” `
-Signer $cert -TextExtension @(“2.5.29.37={text}1.3.6.1.5.5.7.3.2”) -Notafter $extended_date

When you’re ready, open the route cert. Remove the lines at the top and bottom of the file that indicate the start and end of the certificate then in Azure, browse to All Resources \ Your VPN Gateway, Configure Point to Site VPN

Now add the new root certificate.

When you’re ready, download the VPN client. ON the same Screen in the Azure portal, click Download VPN client.

If needed, remember to export your certificate. Include to private key and give the exprrted PFX file a good strong password.

Getting stuck in.

Jan 17, 2019 | Azure, Scripting and programming, Server administration, Technology, Uncategorized

It’s been one of those weeks. There’s no major projects looming but yet there’s a lot of what would be called BAU “Business As Usual” tasks that need attention. BAU tasks are not the most thrilling but never the less they need to be done I suppose.

So. I’m here at my desk. I’m signed in, I’ve the Bose QC35’s on my ears, the Ceol FM energetic stream is playing and I’m ready to go.

Email department about Azure subscription renewal. They have several reserved instances and an Email thread with the sales partner has finally answered the questions that I had so I’m now in a position to make informed decisions so that they can renew their reserved instances and decide on their monetary commit for the next twelve months. ON a separate note, I created that infrastructure in Azure exactly a year ago and it has had 100% up time.
An integration project that has been ticking away needs attention. The people who’s system I’m integrating have no technical problems in particular but I can tell from their responses that they are worrying so I think I’m going to arrange to meet them for a coffee later just to explain what’s happening and to put them at ease.
I’ve been working on a Shiboleth IdP integration project for the last while but I inherited code and instead of objectively looking at it I just dived right in and started trying to make progress. a month in, I’ve had to take a step back and look at what I’m trying to do. The previous developer had tried to reinvent the wheel by manually writing the SAML using an XML writer. That’s fine for login. It’s not ideal but it will work. But for logout, there’s just too much XML to write and the requirements for logout are tooo complex. For example, although you might get the SAML write for sending the logout request, the SPNameQualifier meta data that’s needed is generated by a HTTP request that originates from the IdP. If you query the SP for that directly, it won’t expose the data so it’s very hard to find out what should be written by investigating a working system. Therefore, I’ve found a library that handles the Shiboleth conversation without needing to write all of the SAML by hand. I’ve done some work on this on Tuesday but I will need to spent another few hours on this today.
There’s a career progression task on my list. I’ll explain what that will involve later but that’s another hour gone.

There you have it. It’s going to be a full day.

Please send coffee.

Oh I’m also studying Azure enterprise architecture on Linkedin Learning at the moment. I’ve completed several projects in this area and I’ve attended at least a dozen courses and workshops in the area of Azure as well but cloud platforms are constantly evolving. This particular course uses templates for everything which is a really good idea. Using the web UI is inefficient. So far the infrastructure I’ve been working on is small enough. Forty to fifty servers at most but as I start to look into ASR “Azure Site Recovery” and as high availability workloads are pushed to the cloud, I need to be more confident when deploying high availability resources out in bulk and verifying that configuration remains consistent through using templates and desired state configuration powershell scripts.

That’s what’s in my head this morning. Your welcome to it.

Windows Weekly 603. Paul Thurrott is so very wrong.

Jan 10, 2019 | Accessibility, Podcasts, Server administration, Technology, Windows

Paul Thurrott, a tech journalist behind Thurrott.com contributes to a rather useful podcast on the Twit.tv network every week called Windows Weekly. I’ve listened to this podcast almost every week probably for at least 10 years.

This week, Paul went on one of his many rants but this rant was ill informed, damaging and utterly unhelpful. He makes certain arguements that could be perceived as being against inclusion and accessibility. Here are a few of the quotes from the podcast excerpt.

It’s done in the name of accessibility. That’s a crock.
Accessibility at any cost is just a brain dead mentality.

There’s this belief that anything that you add that is accessible is a win.

No offence to people who cant see or who see poorly and who want to set up Windows 10 on their own but if your vision is that bad the act of setting up Windows 10 is not a priority. In the background, Leo laughs. Paul continues: It’s something that is going happen once and you probably have someone else that can help you with that.

I have recorded a podcast that includes several extracts from this week’s Windows Weekly. Between the extracts, I have given my considered views on certain parts of Paul’s rant.

I would really hope that Paul listens to this and more importantly that as many people as possible who heard the latest Windows Weekly hears this as well.

Please comment here on the Blog. Facebook comments and Twitter mentions are great but it would be really nice to have the comments right under the post. Thanks.

IN this podcast, there are a number of audio recordings used. Here they are in full.

Differing opinion

An author on a site called BSG has shared an alternative opinion. The author states:

The blog has gone quite a while without me writing about twitter drama, but that is about to come to an end now. Blind twitter is all riled up and flipping out over something someone said on the Windows Weekly podcast. Spoiler alert, all the rage and offense is being blown out of per portion and there is 0 reason for any of it. People just seem to want to be offended, but of course I’ll show why this is all based on someone taking everything out of context to manufacture outrage.

The link to the full post is here.

I assume the someone the author is talking about is me. I have a few points in response and I have left a comment on that post but for your conveenience, I will include my comment here as well:

You have expressed a few interesting opinions and I except that you are entitled to them. However, I disagree that the origional blog post / podcast was out of context. I deliberately left most of the Windows Weekly podcast in my recording so as I couldn’t be accused of taking things out of context. I also provided a link to the Twit.TV Windows Weekly 603 show so that people could listen to it in full. In addition, I provided a link to a Youtube video showing the full Windows 10 setup experience.

My podcast is here for anyone who is interested: http://www.digitaldarragh.com/2019/01/10/windows-weekly-603-paul-thurrott-is-so-very-wrong/

And to show that I hold no ill will toward BSG for your differing opinion, I will include a link to your post as an edit to my origional piece.

I have been on social media for 10 years and I have had a blog for nearly 20 years. I stand by my content and my record. I have never insighted negativity toward another person however in this instance, I firmly believe that paul Thurrott’s comments were distructive, damaging, incorrect and misleading. Time and time again during the podcast and in messages, I have explained that my issue isn’t with the windows 10 setup. Microsoft can disable that feature I wouldn’t give it a second thought. As many have pointed out, it’s not an accessibility consideration. The huge problem I have here is in the way Paul Thurrott ranted. I have listened to Paul on podcasts for nearly ten years now and in the past few years, I have noticed his tendancy to launch into rants. However, this particular one went too far.

I am happy to discuss this with anyone. Including Paul Thurrott directly. My aim here has and is always to ensure that the message that Paul gave on Windows Weekly 603 is corrected. Not that he is attacked directly. And in faireness, I don’t see any indication that he has been personally attacked. In fact, messages to him on social media have been well worded and considered.

One final point. I respectfully submit that you consider that your take on Paul’s thought’s may be very different if you worked in the tech industry.

The podcast has now been listened to over 380 times. It has had 18 responses on Twitter, 4 on Facebook and 9 comments here on the blog. Not many in the grand scheme of things but for this low traffic blog it’s significant. I remain hopeful that the objective of this post will be achieved and TwiT will correct Paul Thurrott’s statements on Windows Weekly 604 due to be aired this Wednesday 16th January.

We got a new pup. We must be mad!

Jan 9, 2019 | Personal

About two years ago we started to notice that our children were nervous and sometimes even afraid around other dogs. It’s really strange because we have a dog at home and they are around it every day. We would teach them to have a healthy respect of dogs but we encouraged the contact when possible.

Rc Nama and Réalta drinking from the same bowl. About a year ago, Nama, my guide dog had a few negative encounters with other dogs. He was attacked a few times by loose dogs and after a few of these encounters, he decided that he would attack before they attacked him.

We decided a year ago that we would get another dog as a pet. It makes sense. Nama gets ongoing exposure to another dog and so too do the children. The pup will also help with keeping Nama engaged with everyone in the house and more mobile. When the pup gets attention, Nama joins in. It’s great because he was enjoying his bed a little too much.

Enter stage left Réalta. She’s a Lurcher pup that’s now about 12 weeks old. Her father is a Greyhound Collie cross. Her mother is a Greyhound Collie Whippet cross.

Back in August, I was talking to a friend during Music at the Gate. I mentioned that we were actively looking for a lurcher but the right one. We had visited a few dogs but hadn’t found the right temperament. I didn’t know that the man I was talk to actually bread lurchers! He promised me that he would find a breeding pair that he would trust to provide a really great pup with the temperament that we were looking for. Four months later I get a call to tell me that the pup was ready and it would be dropped off a few weeks later.

Réalta arrived a few weeks before Christmas. She’s getting on really well. Oh Réalta for anyone who doesn’t speak Irish is the word star. Because Réalta is one of the best traditional groups ever and star because…. you know…… Christmas, stars, all that kind of stuff.

So here’s the thing. Pups are nuts! Crazy! Wild! Untamed! We should have called her zoom because she has two speeds. Stop and zoom! Or maybe bounce because sometimes she stops, zooms then bounces off the fridge, a door or a wall. IT’s kind of funny. She flies through the house, through the living room, out through the hall, into the kitchen and tries to make a slight left adjustment to avoid the corner of the fridge. Sometimes she doesn’t quite make it though and there’s a crash followed by a tiny whimper. Sometimes she over compensates and her four paws go from under her and she slides across the floor for a second until she rights herself. It’s really funny. It doesn’t bother her of course. Two seconds later she’s off zooming around the place again without a care in the world.

It was great getting a new pup right before Christmas. It added to the energy in the house over our favourite time of the year. It was also nice that I was off for about two and a half weeks so I got to spend a lot of time with her. But now the fun begins. We’re establishing a more rigid routine now that we’re back to our normal daily activities. Getting up in the morning is now a crazy blur of craziness. I remember the days when I’d have a few minutes to get up, grab some breakfast and a cup of coffee, take a leisurely shower, sort out Nama then head to work. Now it’s something like this:

*. Get up.

Go down stairs

Turn the alarm off

Nama jumps out of bed. I tell him to settle quietly.

I grab Réalta from her bed

I bring her outside because if I leave her for any time at all, she’ll pee on the floor.

When she’s peed I let Nama then relieve himself and I try to get dog food ready. While I’m doing that, Réalta goes zooming around the garden. I need to go grab her then rush back so Nama doesn’t manage to get to the food before I do.

I feed Nama then bring Réalta to eat. If I don’t have both food bowls prepared quick enough, both dogs will make too much noise. Nama will start dancing and Réalta will start crying and barking.

Both dogs eat. Then it’s back outside to the dog run but it takes some convincing. I bring Réalta in but she needs some convincing to relieve herself. She finally finishes then I sort out Nama.

After I’ve sorted Nama out I go find Réalta again. She’s gone zooming around the garden again so I have to go find her again. Then Nama does the same so I have to talk to him nicely so he comes back as well.

I go inside and start to make breakfast. Meanwhile I’m talking to Nama so he has attention and I’m occasionally distracting Réalta from playing with my laptop case, the swim bag that Emma has out in preparation for today, the bottom of the kitchen chairs and everything else that has caught her attention in that millisecond.

By the time I’ve had breakfast and had a coffee, I’m wrecked! I get into the shower, rush to get dressed then fly out the door glad to go to work for a break for a few hours.

I pity Emma then because she has Réalta still zooming around the house and two children to get ready for school.

It’s just nuts!

But I wouldn’t trade her though. The children are really enjoying having the pup around and Nama is a lot more sociable.

Introduction to SAML authentication.

Jan 7, 2019 | Server administration, Technology

You have an application that requires authentication. You would like to use your existing authentication system to validate your users however exposing that authentication system directly to the Internet or to the application would be dangerous or just undesirable. A federated log in system sits between your authentication infrastructure and your application. Using an agreed communication and encryption standard, sensitive account data is validated and the required account attributes are exposed to your application without ever exposing sensitive authentication details or the authentication and authorization system such as active directory.

Workflow

User visits the application and clicks a login link.
That login link sends an authentication request over to the federated login system.
The federated login system takes the credentials and validates them with active directory or a similar LDAP infrastructure.
The federated login takes the result of the login request and responds with it in an agreed format to the application.
The application takes the exposed account details from the response XML and provides application authorization as needed.

Useful terms

SP or Service Provider
The application making authentication requests to the IdP Identity Provider.
Assertion Consumer Service URL
The response URL that will be used by the IdP server to send users back to the service provider .
Unique ID
An identifier for this specific application.
SAML Endpoint
The URL of the IdP server that will handle authentication requests.

Useful debug resource

Decode and encode SAML requests and responses using this great tool:
href=”http://rnd.feide.no/simplesaml/module.php/saml2debug/debug.php”>http://rnd.feide.no/simplesaml/module.php/saml2debug/debug.php

Notes on NameID

Documentation on name identifiers:
https://wiki.shibboleth.net/confluence/display/CONCEPT/NameIdentifiers

A transient identifier is intended to be used in one session. A persistent identifier is intended to be used across multiple sessions.
An identifier that is permanent is not revocable. So will persist during the lifetime of the session.
The following article would indicate that the NameID format is not required as the conf/saml/nameid.xml file should have a list of format identifiers to go through to determine the right one. However specifying a NameID format is more efficient as it cuts out that check on the IDP end. https://wiki.shibboleth.net/confluence/display/IDP30/NameIDGenerationConfiguration

Example NameID

urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

urn:oasis:names:tc:SAML:2.0:nameid-format:transient

SAML2 spec documentation

The full SAML spec can be found here.

Silly season is over.

Jan 6, 2019 | Personal

Emma my wife wearing a cat mask playing with my son and daughter Another Christmas is over. Christmas is my favourite time of the year. I hate the marketing side of things. But fortunately we very rarely have a television on in this house and when we do, we tend to stick to streaming services such as Netflix so advertisements have minimal impact on our household. The reason I enjoy Christmas is it’s always a great opportunity to spend far too much time with family and friends. I say far too much time because invariably we gravitate to a particular house each year. Recently it’s because Méabh and Rían are getting enjoyment from the other children in that house. I hear some people say that after the hype leading up to Christmas they are just tired of it and within a few days they don’t know what to do. I’ve never found that. I managed to take just over two weeks off this year. I spent a lot of time with the children, the dogs and my wife. I also got to spend about two days working on things that I wanted to spend time on. I could easily spend another two weeks doing the same. No day is boring. There’s always something to be done, someone to visit or somewhere interesting to travel to. IT’s the lack of defined things to do that makes Christmas so enjoyable for me.

Walking with my two children and my guide dog through Laurence's street shopping centre. My son is on my back. My daughter is holding my hand. Tomorrow, I’m back to work, the children are back to school and life will return to normal. I’m reasonably okay with that. There are a few things that I want to get stuck into in work and I’m looking forward to ramping up the music side of things in anticipation of the Fleadh in Drogheda in August. It’s going to be a busy 8 months until the next decent block of time off. It’s an eight months where I’ll have a lot to do but if I play my cards right, the hard work will be rewarding and the commitment will pay off.

I hope that what ever you did, you had a very enjoyable Christmas break.

« Older Entries

Next Entries »