I like to travel, f*ck with technology, and partake in the occasional tropical drink.
I am also a co-host on The NBD Show podcast.
Follow Me


The following was a blog post generated by ChatGPT using the prompt "write me a blog post about ChatGPT." 

ChatGPT is a variant of the popular GPT-3 language model developed by OpenAI. It was specifically designed to improve the performance of conversation-based language models, such as chatbots and virtual assistants.

One of the key features of ChatGPT is its ability to generate coherent and realistic responses to a wide range of prompts. This is achieved through the use of a large and diverse training dataset, which allows the model to learn about various topics and language patterns.

One of the main benefits of using ChatGPT is its ability to handle long-form conversations and maintain context over multiple turns. This is in contrast to traditional chatbots, which often rely on simple rules or pattern matching to generate responses, and are prone to breaking down when faced with more complex or unexpected inputs.

Another advantage of ChatGPT is its ability to handle a wide range of tasks and respond appropriately to different types of prompts. This includes tasks such as answering questions, providing information, and engaging in casual conversation.

One potential application of ChatGPT is in the development of virtual assistants or chatbots for customer service. These systems can handle a wide range of tasks and queries, freeing up human agents to focus on more complex or urgent issues.

Overall, ChatGPT is a powerful tool for improving the performance of conversation-based language models, and has the potential to revolutionize the way we interact with chatbots and virtual assistants.



SC Hot Buttered Rum Batter

1 teaspoon freshly ground cinnamon
1 teaspoon freshly ground nutmeg
1 teaspoon freshly ground black pepper
3/4 teaspoon ground cloves
1/2 teaspoon ground allspice
1/2 teaspoon ground anise seed
2 cups salted butter
4 cups packed golden brown sugar
2 tablespoons Brer Rabbit Mild Molasses
1 teaspoon vanilla extract

Combine the spices in a small bowl and set aside. Melt the butter in a saucepan over low heat, add sugar and stir constantly. Add molasses and vanilla extract and stir. Finally, stir in the spice mixture. Continue to stir on lowest possible heat until all items mix thoroughly and butter does not create a separate layer, about 15 minutes. Let cool slightly and while still soft, pour batter into storage containers. Seal airtight after batter has cooled completely. It will keep until the expiration date of the butter used.

Now that you've done the hard work, make yourself a Smuggler's Cove Hot Buttered Rum by combining 3 barspoons of the above batter and 1 1/2 ounces of blended aged rum in an Irish Coffee glass, top with 6 ounces of hot water and stir. Serve with a cinnamon stick, but feel free to garnish with whipped cream and some freshly grated nutmeg if you so desire. I'm sure Martin, Rebecca, and the Trader wouldn't mind.


  • 1 cup light or dark brown sugar
  • 2 tablespoons water
  • 6 tablespoon butter
  • 1/2 teaspoon  salt
  • 1/2 teaspoon cider vinegar
  • 3/4 cup heavy cream divided
  • 1/2 teaspoon rum extract
  • 4 bottles (12 oz. bottles) cream soda


  1. In a small saucepan over medium, combine the brown sugar and water. Bring to a gentle boil and cook, stirring often, until the mixture reads 240 F on a candy thermometer.
  2. Stir in the butter, salt, vinegar and 1/4 heavy cream. Set aside to cool to room temperature.
  3. Once the mixture has cooled, stir in the rum extract.
  4. In a medium bowl, combine 2 tablespoons of the brown sugar mixture and the remaining 1/2 cup of heavy cream. Use an electric mixer to beat until just thickened, but not completely whipped, about 2 to 3 minutes.
  5. To serve, divide the brown sugar mixture between 4 tall glasses (about 1/4 cup for each glass). Add 1/4 cup of cream soda to each glass, then stir to combine. Fill each glass nearly to the top with additional cream soda, then spoon the whipped topping over each.



So Open SSL announced that they are going to release details of a Critical OpenSSL vulnerability that  affects versions 3.0.0 to 3.0.6. There is rumbling that this vulnerability may be a major deal likened to the everyone's favorite CVE of 2014, heartbleed. 


Open SSL will be releasing their patch/update Tuesday 1st November 2022 between 1300-1700 UTC

But unlike heartbleed this OpenSSL vulnerability might not have the same impact to security and network infrastructure that heartbleed had. So far most security and network infrastructure companies are looking ok. As you would expect many of these companies don't run the most bleeding edge versions of open source libraries for this very reason. Also many times stability and security take president over new features. 


What I wanted to do is put links to OSS (Open Source Software) lists that are used in different vendors platforms. I started out hopeful but for many of the companies it is very difficult to find. I will post hem as i run across them.


Cisco - https://www.cisco.com/c/en/us/about/legal/open-source-documentation-responsive.html

Palo Alto Networks - https://docs.paloaltonetworks.com/oss-listings/pan-os-oss-listings

Juniper - 

Fortinet -

Aruba - 

Arista - 

Extreme Networks - 

Checkpoint - 

F5 - 

Citrix ADC -



Are you planning a trip to London? If you're an apple user think about getting/bringing an apple watch before you go. We just got back from London and first off their public transit is bar non the best I have used. Between the underground and the buses in London, we were never more than a 5-minute walk to anything we wanted to see in London.

In addition to public transit, tap-to-pay is everywhere in the UK, even the village pub we ate in had a tap-to-pay terminal. I only had to unsheathe a credit card once the entire trip and, to be honest, it was probably a user error.

So back to setting up Apple Pay and the Watch....

First setting up apple pay is pretty straightforward if you haven't done it. On your phone, if you open the wallet app you will see a little + sign in the upper right corner if you touch on the plus symbol it will walk you through adding your credit card to apple pay. For traveling overseas make sure you add a card with no foreign transaction fees. Once the card is added you should make this card your default card so it will come up automatically when you double-click to bring up tap-to-pay.

Once your card is added you will want to go into your setting app under wallet and go to the express transit settings and select the credit card you just added. What this does is set up express transit to let you tap in and out of the UK underground with no need to download an app or buy an Oyster card.
For the apple watch, you will want to add the same card via the wallet app. Usually, the cards that have been configured on the phone will show up in the watch app, but you will need to verify the security code to authorize the watch to use those cards. Once the card is added you can go to the wallet settings in the watch app on your phone and configure a default card, you will also want to add the card you want to use for express transit. This will need to be configured on the watch through the watch application on your phone.

Now that it is configured how do I use my phone or apple watch for London transit?
On the Tube/Underground when you tap your phone or watch on the turn stall sensor (the yellow plastic disk) the gates will open and it will register at what station you entered. Once you get to your destination you will need to tap the sensor at the exit gates using the same device you used to enter the underground, each device is unique and will even work if there is no cell service. The TFL will determine where you tapped in and where you tapped out and will bill the card you had configured for express transit directly. It's as simple as that.
If you are planning a trip to the UK I would recommend setting up Apple Pay and especially the express transit if you are going to London. It was a major convenience and took my major concern about using public transit and threw it out the window.


Cisco Live 2022 is in full effect in Las Vegas, They say there are 16k attendees in person this year but inn the Mandalay Bay Conference center it seems pretty empty. Not that I am complaining... I wanted to post up some of the slide decks of talks that looked interesting.  I assume you can register online and see the same decks but I wanted to post them here so I can go back and have a place to see them later.

Cisco SD-WAN: Start Here - BRKENT-2108

Start your SD-WAN journey here, we will explain the platform architecture, the different components of the solution and how they interact with each other and secured the user to application traffic.


Architecting Next Generation Wireless Network with Catalyst Wi-Fi 6E Access Points - BRKEWN-2024
This session deep dives into the newly introduced Wi-Fi6E standard in 6GHz band.  

Designing MPLS based IP VPNs - BRKMPL-2102

This session describes the implementation of IP Virtual Private Networks (IP VPNs) using MPLS.

Cisco IT's Journey to SASE for remote work - BRKCOC-2032

This session will discuss how Cisco IT is using some of Cisco's latest cloud security solutions, alongside SDWAN as a Service from Cisco Plus, to supply high performance and reliable remote worker and branch connectivity.

Cisco SD-WAN - The Usual Suspects - BRKENT-2183
In Cisco SD-WAN, establishing your WAN Edge routers as a part of the overlay is essential to building and operating a successful network.


Enabling Cloud Services at the Edge with App Hosting on Catalyst 9000 - BRKENS-1090
Did you know that you can run applications natively on Catalyst 9000 series platforms to enable Cloud services?

How to Securely Build a Product - BRKARC-2021

INTERACTIVE SESSION Security threats are very real today. Product security must be designed in from the start, not added as an afterthought.

Simple Leaf/Spine with a touch of TOR - Network Designs for the Modern Data Center - BRKDCN-2229

There are times when your Leaf/Spine network runs out of ports (even as it never should). No worries, there are ways how to scale further and no, we don't talk about FEX :-) Let us guide you through a Leaf/Spine network and an additional TOR (Top of Rack) layer. 


7 Ways to Fail - on Wi-Fi 6(E) - BRKEWN-1742
It is all about how to do Wireless networks ‘wrong’ and if you understand why it’s wrong, it’s easier to do it right the next time.


High Density Wi-Fi Design, Deployment, and Optimization - BRKEWN-2087
This session will cover an array of detailed tips, tricks, and tools for configuring and optimizing High Density WiFi networks in today's most challenging environments, including valuable real-world insights on how the latest Cisco Catalyst Access Points, antennas, and Catalyst wireless controllers can be leveraged to deliver an optimized and reliable user experience.

Hierarchical SD-WAN Overview and Principles - BRKENT-2292

Hierarchical SD-WAN is a new foundational capability that underpins the journey to multi-cloud and SDCI. This major evolution of Cisco SD-WAN introduces new capabilities to support a truly scalable 2-level customer overlay, improve Cloud OnRamp for MultiCloud and expand Managed Service Providers solutions. 

Advanced Troubleshooting of cat8k,asr1k, ISR and SD-WAN Edge Made Easy - BRKTRS-3475

In this session, we will explain the architecture of the Catalyst 8000, ASR1000 / ISR / CSR / XE SD-WAN Edge series and demonstrate forensic techniques for control plane and data plane. We will also see how common but complex feature such as SD-WAN Edge, crypto (IPsec), Zone Based Firewall and NAT can be troubleshot easily in practice.  




There is a new flavor of protocol reflection attacks on the streets!  

The TCP Middlebox reflection attack is the first reflection attack to utilize the TCP protocol. Traditionally the TCP protocol was not susceptible to spoofed source packets because of its state based nature (three way handshake).  Researchers at University of Maryland and the University of Colorado discovered that many network devices, such as load balancers, proxies, and firewalls, could be susceptible to specifically-crafted packets that could generate amplified traffic (up to 65x) at a victim.  These devices could be inherently susceptible to the spoofing because many of these devices have to contend with Asynchronous network traffic and out of order packets.


Akamai did a really great write up on what they saw and how they mitigated the attack. https://www.akamai.com/blog/security/tcp-middlebox-reflection


Shadow Server also has a write up. https://www.shadowserver.org/news/over-18-8-million-ips-vulnerable-to-middlebox-tcp-reflection-ddos-attacks/

So on to your firewalls:

The out of the box Palo Alto Firewalls do not appear to have any mitigation configured by default to protect against this attack.  But its not the end of the world.  Palo Alto and many other security vendors have low level TCP protection that basically normalizes TCP traffic and cuts out the flood attacks, malformed protocol attacks, etc., before they are even processed by your firewall. This minimizes  impact on the device resources like CPU and memory for these types of attacks.


In the Palo Alto world this is called "Zone Protection Profiles". If you run BPA (Best Practice Assessment) - which you should - then the Zone Protection Profiles are often flagged if you don't have them configured. 


The zone protection profile is pretty strait-forward to set up but, before you start, you need to do a little research and investigation into your device

  1. You need to determine the maximum CPS or connections per second your device can handle. This is a list of devices and their specs on the Palo Alto Networks site. https://www.paloaltonetworks.com/products/product-selection
  2. Next you will want capture some metrics around how many CPS your devices are seeing. https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/zone-protection-and-dos-protection/zone-defense/take-baseline-cps-measurements-for-setting-flood-thresholds/how-to-measure-cps
  3. Next you will want to do a few calculations and configure your zone protection profile. https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/zone-protection-and-dos-protection/zone-defense/zone-protection-profiles


Here is the "Cool SH*T Props" to Palo Alto Networks...when you create a zone protection profile, by default under the Packet Based Protection > and > 'TCP Drop the TCP SYN with Data' and 'TCP SYN ACK with Data' are already checked. This means when you apply your newly configured zone protection profile to your security zone it will protect you from current Middlebox vulnerability by dropping any of the cleverly crafted SYN packets because they would be larger then 0 bytes.



So I wanted to post a little bonus. Here is a quick and easy flood protection calculator I threw together in google sheets, just add your average CPS.


It's official!  Formula 1 has announced their newest US Grand Prix in Sin City.  I admit, I watched some Formula 1 in the late 90s but kind of fell out of following it...but since becoming a Covid hermit, and stumbling across Netflix's Drive to Survive, I am back in. 


Thanks to Netflix's Drive to Survive and the dramatic conclusion to the 2021 season driver championship, Formula 1 has taken hold in the US and F1 is taking advantage of the increased popularity.  Over the last few years there has been only 1 US GP at CODA in Austin, but the 2022 F1 calendar will be racing in Miami at the Miami International Autodrome for the first time. 


Lets get down to what we came for: the Las Vegas GP... 


The track is going to be a high-speed street course that races through the streets of Las Vegas and down the Strip.  It will be 3.8 miles long and have an estimated top speed of 212 mph.  With 14 corners, 3 straits, and 2 DRS zones the experts are predicting this is going to be low drag, high-speed course like Monza or Spa. 


Race Circuit

The race dates have not officially been released, but the rumors are it will be the weekend after Thanksgiving.  Also to take advantage of the venue, it will be a Saturday night race 10pm to midnight-ish... That time-frame makes sense because it would be early Sunday morning in Europe and afternoon in Asia and the Middle East.  Also how spectacular will it look having those cars racing through all the sights and lights of Las Vegas at night??  Seriously this could be a spectacular race.  


Prior to the race they will resurface all the roads that will be raced on to ensure they are smooth and ready for racing, and I cant imagine the amount of lighting and infrastructure they will need to build to accommodate the race. That would be an interesting documentary, behind the scenes of what it takes to put on the Las Vegas GP... Just Saying! 


Formula 1 Live Las Vegas Announcement

There is not a lot of information about race specifics since we are still a ways out.  I imagine people including myself might be booking rooms.  But before you book - one word of warning - last time I looked hotels in Las Vegas do not allow the windows to be opened so if you were expecting to book a room over-looking the strip, it may not be what you where hoping for, but we will wait and see.  


One thing is for sure, those of us who have been to Las Vegas and been on the strip know how epic the occasional Lambo or Ferarri sounds when they blaze by.  I cant wait to hear 20 F1 cars tearing down the same road - it will be epic.


Driver Reactions about Las Vegas Race


Best guess course route


I wanted to provide some links to Las Vegas GP resources. Its pretty few and far between but I will add them as I come across them.







  • 1 oz. Malibu rum
  • 1/2 oz. Kahlua
  • 1/2 oz. dark cocoa liquor
  • 1 C hot chocolate
  • Whipped cream and chocolate shavings for topping if desired.



Prepare hot chocolate as per your recipe. Add rum and Kahlua. Top with whipped cream and shavings if used.