Day 63

These 2 months really felt like 2 years if you translate dog years into human year.

The first 3 weeks went by quite fast, since we had vacation. But the last 4 weeks seemed like ages … The combination of work, walking the dogs, paying attention that he does not do anything stupid, destroy the house or picking up and eat garbage from the ground is occupying the last nerves in our minds.

Also the new project at work where there are constant half day workshops are not really helping.

At least, there are now some light shining through. The CEH theory exam is done and on Monday, there is a deadline to finish one project …

Shield Security and Content-Security-Policy Headers

I managed to block myself out again since June und was too lazy to fix it.

Somehow Shield Security is not able to load the CAPTCHA with the current CSP headers (and I have no clue what the correct syntax is, or rather, what kind plugins every tool is using to set the right one)

So much for this nerdy post.

And yes, life has been busy somehow.

The Cheap Studio Setup

It has been 3 months since the last article. Initially, I wanted to write something in May, but back then, I successfully locked myself out by logging in with the wrong username saved in my password manager. Since I am having 3 weeks off, and not going anywhere, I got around to fix this tiny issue together with replacing LastPass with Bitwarden.

After 3 years at the current company, I also got on the promotion track to manager. The panel itself consists of presenting 4 slides in 15 minutes about yourself and your future business case (how you would bring money into the company). 10 minutes Q&A come on top of the presentation itself. Since the covid situation has been still ongoing, the format has been changed from face-to-face presentation to virtual Teams session.

I thought in the beginning that the business case itself is just a mere convincing situation that you would present to the panel, which only needs to make sense. Whether many of the assumption that you make are true, or how it in the end the results (in terms of revenue) will turn out in the future, are not the main criteria of the assessment. And also, imagining the panel viewing 15 presentations within 24 hours, which follow the same guidelines, with focus on corporate values, the listening capability of the panel will drastically decrease and in the end, what they will remember, beside their notes, would be only the impression that you left behind.

That’s why I thought I would come up with a rather different, or not so usual presentation format, so that the panel can remember me.

With the usual Teams setup, the algorithm cuts your portrait out and you can maybe change your background picture. However, given the fact that while presenting, there will be no screen sharing allowed, it will be difficult to have the panel concentrate on you and have the slides in front of them at the same time. Therefore, I came up with the following:

  • Software
    • OBS Studio (Link) – Free
    • iOS Camera App for OBS Studio (Link) – 16 CHF
  • Hardware
    • A green table cover for garden table from Migros – 11 CHF
    • Duct tape – Free
    • Mobile Wardrobe – Free (had it before)
    • iPhone tripod – Free (had it before)
    • (optional) Røde NT-UBS bought on ricardo – 120 CHF

This allowed me to put up key slides or statements on the “camera” and a high quality image of myself and a clear cut portrait. Compared to the usual images, this did give the panel a good professional impression.

I also tried Droidcam, which streams the video via WiFi, however, the app itself gets stuck after 15 minutes, even if you buy the Pro version. Also the latency is not very low and can have delay when not using the same audio source.

Also to mention, the performance actually depends on the image quality that the laptop is processing. OBS Studio and the camera input are not multi-core optimized and I only observed one core working. When the image quality is set too high, then the laptop cannot delivery the camera stream without lag.

So long for this one. A quick write-up without gossips :D.

AZ-500 Exam Prep Guide

After the AZ-900 Azure Fundamentals certification, I also received a voucher for the AZ-500. Back then in September, I thought why not. And the preparation I did actually did not fall short in terms of the total amount of time spent on the materials, although it was across almost 4 months of time, bits and bits, always after work or on weekends. This post should provide a very short overview of what I did and how the different materials have helped me for the exam, so that you can maybe reduce the amount of time spent on preparation.


I have read through the following materials

Official Learning Modules

The modules themselves are not bad. Well described materials and sandboxes are provided for you to test out the actual implementation steps. The sandbox was also easy to deploy although there are some modules requiring trial premium licenses that did not work me (the trial licenses did not provision after clicking on them). Therefore I would suggest to go through the possible practise exercises if you have never implemented anything in Azure. I even created a transcript, which is a copy of the content of the modules in one file. In the end, that was not 100% helpful, since with 400 pages, it is difficult to read through for learning.

Udemy Practice Test

The test collections I did were covering the right topics, however, the questions do not go along the lines of the real exam questions. Although a case study is conceptualized, the question options are not well thought through. Even some ridiculous options are given such as “Tralse”, or “False, and I should start looking for a new job”.


This is THE preparation material, just as the collection provided for AZ-900. It contains 168 questions coming from the actual exams (30% of the questions appeared actually in the exam). I don’t know the real sources behind this, but it is the best one available. The provider lists the answers, however, many people also discuss below the questions, and for some, the correct answer is discussed within there. Therefore, when you go through the questions, make sure to check out the discussion section, especially when there are more than 10 messages (indication that the given answer by the website could be wrong).

The Exam

For the exam, I got 60 questions, where 5 are grouped into a separate section in the end and attached to a case study (the Chicago and SF company case). So, I did not get any of the simulation questions. I managed to pass with a score of 763 out of 1000.

Questions that I got wrong were mostly within security incident / operations (only about 50% correct). Therefore, if you can spend more time within the log analytics module or security center, it would better your chances.

Phaser3, VPS, Content-Security-Policy

When I came back from skiing in Flims, the lockdown was about to start again. In order to finish the card games that we started back there, I was looking for the game on app store or any websites. I found none with a quick search, so I thought, why not try to program a one myself?

A quick google returned me with Phaser3 and an available framework for a card game. Following the instructions and some quick stackoverflow searches, I was able to setup some basic functionalities. The game flow of course is very buggy, you have to enter by the pre-defined order, you were able to play empty cards and the server can’t determine the winner in each round so that it can automatically count scores.

In order to publish the game, I also had to change the server type. I had a plesk web hosting from hosttech, which was ready to use and dummy ready. You had wordpress pre-installed and the settings were more or less done for you. You just click some tools together and ready you go. For Phaser3 games, I needed to serve the client files and listen to the server logic on node.js. After a quick search, I switched to a new VPS provider which is even less expensive than the previous plesk hosting. Some quick installs later, I was ready to run the game.

With new setup, comes new problems. I wanted to make sure that things are running securely, at least on obvious aspects. After the wordpress migration, I setup https and ran a quick scan. Content Security Policy headers apparently needed to be set to prevent some x-site scripting stuff so I just blindly went with the first tutorials. Now wordpress has a lot of different plugins, includes and inline scripts which are potentially not safe. Therefore, the editor is broken, the galleries are gone and here we are. I can’t add new images and even drafting in javascript mode did not work. What to do, what to do. After some intense weeks together with work, AZ-500 (luckily passed barely above threshold), I will just leave the site quickly as it is. Maybe it would require a fresh install of wordpress, or maybe I need another more “clean” CMS for the “blog”.

I guess as long as there is no fancy posts coming up, I am not rushing to fix this anytime soon. Next post up I think will be a easy AZ-500 comment, just to justify all the time I spent on this, so that I want to keep something that I can remember of and try to optimize this post with SEP and see if potentially more clicks would come in. (Do I really want that?)