Ubiquiti UniFi Activity Logging to Wazuh XDR+SIEM Integration

I have been running the Wazuh XDR and SIEM platform for nearly two years for my company server and lab environments in order to monitor and act on cybersecurity threats to my infrastructure. While there are more comprehensive enterprise commercial SIEM products in the market, Wazuh, without a doubt, has its place and is currently my go-to recommendation for mid-sized organisations needing a SIEM platform.

One significant missing piece within my own Wazuh environment was a lack of native integration with Ubiquiti UniFi products. Specifically, I am referring to Wazuh decoders and rules for UniFi OS and Networks. I can’t think of a bigger missing data source in a SIEM than perimeter firewall, router, and network logs.

TL;DR: Stop missing critical UniFi network logs in Wazuh! You can use these custom Wazuh decoders and rules for Ubiquiti UniFi from my forked unifi-wazuh GitHub repository: https://github.com/mattsimpson/unifi-wazuh

Or, continue reading for the background and full instructions.

Continue Reading…

The 4+1 Day Work Week: A Framework for Growth and Collaboration

This is for my friends and colleagues who missed CANHEIT this year and wanted to hear my talk.

Professional growth in higher education IT often takes a backseat to the daily demands of our roles. Yet, as education, technology, and our profession evolve, so must we. How can IT professionals expand their skills, follow their interests, broaden their expertise, build institutional relationships, and stay motivated—all while continuing to deliver value to their institutions?

The 4+1 Day Work Week is a model that challenges the status quo. Four days a week, I have the privilege of being the Director of IT for the Faculty of Health Sciences at Queen’s University. One day a week, I step into an entirely different cybersecurity-focused role within our central Information Security Office. This arrangement is more than just a schedule change; it’s a deliberate effort to foster collaboration, gain institutional perspective, and contribute knowledge across departments. It’s an investment in both professional development and institutional strength.

This talk explores my experiences so far with this approach—the impact of working across silos, the logistical and cultural adjustments required, and the unexpected ways it fuels professional engagement. More importantly, I believe it provides a framework that others can adapt. Whether through structured secondments, job-shadowing, or collaborative initiatives, IT professionals can take steps to break routine, build connections, and enhance both their careers and their institutions.

What could this look like for you? By rethinking traditional work structures, we can create opportunities that not only make us better IT professionals but also strengthen the institutions we serve.

Lessons Learned Building a Consortium

Building Together: Part Two

Part one of my “Building Together” series, Ingredients for Successful Collaboration, covered the origin story of the Elentra Consortium, an international open-source (turned community-source) software consortium in Canada, the United States, and Singapore. I also defined what I believe are the key ingredients that made our collaboration successful in the first place. If you have not yet read part one, I recommend starting there.

In part two, I will cover the lessons we learned while building and operating our consortium for over a decade. Some of these lessons we got perfectly correct from the start, others we had to learn the hard way.

Continue Reading…

Ingredients for Successful Collaboration

Building Together: Part One

Last year, my friend and colleague Zhen Gu and I gave a well-received presentation at the AAMC IT in Academic Medicine conference in Washington, DC, called “Building Together: Lessons Learned Building a Consortium.” Creating this talk was fun but challenging, as it forced me to distill a tremendous amount of experience gained over fifteen years building an international open-source (turned community-source) software consortium. After presenting our talk again in the fall at the Elentra Engage conference in Pasadena, California, I felt that our important work would translate beautifully into an article for my website.

In this two-part series, I will share some incredible lessons learned while building our consortium alongside 20+ universities. I will provide my unique perspective on the most significant opportunities and challenges of working together, the importance and power of building community, the balance of governance, and the ingredients we believe are necessary to collaborate successfully.

Continue Reading…

Show Me the Views

At this point, I feel like my blog has become a place to store solutions to technical issues that have caused me frustration. Definitely not my intent, but it is what it is.

This week I wanted to do something I thought should be pretty straightforward: dump/export all of the views from a specific MariaDB/MySQL database. I only wanted the views, no tables, none of the data, just the views. There were several partial solutions on other websites, Stackoverflow replies, and from ChatGPT, but nothing I found was a complete solution. The following was my final solution:

mysql --user=root \
      --password=password \
      --host=localhost \
      --skip-column-names \
      --batch \
      -e "SELECT table_name FROM tables WHERE table_type = 'VIEW' AND table_schema = 'the_database_name'" \
      INFORMATION_SCHEMA | xargs \
mysqldump --user=root \
      --password=password \
      --host=localhost \
      the_database_name > the_database-views.sql

Lastly, don’t forget to update both hard coded instances of root, password, localhost, and the_database_name with your actual MariaDB/MySQL username, password, host, and database name.

If you have a better solution, please feel free to let me know and I will update this post accordingly.

Docker Desktop for Mac Won’t Start?

Docker logo

I have been using Docker Desktop for well over five years with very few problems besides the typical host-to-container mount performance issues. After a recent upgrade to Docker Desktop, I was surprised to notice that Docker Desktop would no longer start. It just reported a “Docker Desktop starting…” message and wouldn’t continue.

I tried the typically suggested approaches:

  1. Checked to ensure I was running the latest build of Docker Desktop
  2. Via the Docker > Troubleshoot menu
    • Clean / Purge data
    • Reset to factory defaults
    • Uninstall
  3. Reinstall Docker
    • Remove Docker from /Applications and empty Trash
    • Restart the computer
    • Reinstall Docker Desktop for Mac

Finally, after about two hours, a post on forums.docker.com by zcqian put me on the right track, so I wanted to promote it, along with some refinements and my complete solution (try parts or the complete procedure).

  1. Restart the computer, and make sure Docker is not running. If it is trying to start, then stop it and close it.
  2. Open your Applications folder and delete Docker, then empty the Trash (or brew uninstall docker).
  3. Open Terminal and type:
    rm -rf ~/Library/Group\ Containers/group.com.docker
    rm -rf ~/Library/Containers/com.docker.*
    rm -rf ~/Library/Application\ Support/Docker\ Desktop
  4. Download Docker Desktop again, and copy Docker to your /Applications folder (or brew install --cask docker).
  5. Open Docker.

With any luck, you will now be back up and running again. Feel free to leave a comment if these steps change over time, and I will update this post accordingly.

A Selfish Plan to Change the World

Amid all the uncertainty and turmoil caused by this global COVID-19 pandemic, one thing I am grateful for is a newly kindled excitement to read physical books. As someone who is on screens nearly half the day, every day, I really enjoy the experience of disconnecting and reading a good printed book.

Today I wanted to take a moment to spread the word about A Selfish Plan to Change the World by Justin Dillon.

What if your search for meaning could solve the world’s problems? What if everything you are passionate about could save a life or change history?

In this paradigm-shifting new book, Dillon reveals the secret to a life of deep and lasting significance: the discovery that our need for meaning is inextricably linked to the needs of the world. Drawing upon his own unlikely transformation from touring musician to founder of a global movement and telling the stories of other surprising world-changers, Dillon shows how to create a life of deep purpose by stepping into the problems of the world. Taking readers on a journey from sweatshops in India to punk rock concerts in Ireland, Dillon exposes the limitations of the “giving back” approach involving donations and volunteerism to reveal the unexpected power of “giving in” to pursue self-interest in a way that alters the very dynamics of the world’s most challenging problems.

A Selfish Plan to Change the World is your “self-help-others” guide to a life that matters, demonstrating how you can repurpose your existing talents, backstory, and networks to improve the lives of others. Changing the world no longer belongs only to martyrs and professional do-gooders. You can live an extraordinary life. You can change the world. All you ever needed was a plan.

As I work towards finding my own riot throughout my life, I will certainly refer back to this life changing book. I hope this helps someone else as well.

Application Loader missing from Xcode 11

Two weeks ago, I happily upgraded my Macbook Pro to macOS 10.15 (Catalina), which worked out well. As expected, it feels like a solid, stable operating system, and the update was painless.

Some of Apple’s tooling was also upgraded, including Xcode 11.1. Today I needed to update one of our iOS applications, and as usual, I fired up Xcode > Open Developer Tool > Application Loader. Where is Application Loader? Am I tired? Nope… it’s gone.

From xCode 11 Release Notes:

Xcode supports uploading apps from the Organizer window or from the command line with xcodebuild or xcrun altool. Application Loader is no longer included with Xcode. (29008875)

Well, to hopefully save someone else some painful internet gold mining, you now have two options:

1. If you want to use a GUI you can use the Apple Transporter application, which does the same thing only prettier.

2. If you want to use the command line, Cœur posted this on StackOverflow:

xcrun altool --validate-app --file "$IPA_PATH" --username "$APP_STORE_USERNAME" --password @keychain:"Application Loader: $APP_STORE_USERNAME"

xcrun altool --upload-app --file "$IPA_PATH" --username "$APP_STORE_USERNAME" --password @keychain:"Application Loader: $APP_STORE_USERNAME"

Happy app uploading.

New .dev gTLD

In 2017 web developers worldwide were caught by surprise when Google announced that Chrome 63+ would force HTTPS (via a preloaded HSTS header) on all .dev domains. This move was frustrating to many developers because .dev names were routinely used during the local development process, and now, unless you want to install an SSL certificate, that practice would no longer work. For example, if I was creating a new website for https://mattsimpson.ca, I previously would have used an unregistered, locally routed, mattsimpson.dev name on my computer during development, but now I would have to use something else. But what?

Well, it turns out that Mike West at Google kindly suggested a better standard, an official standard, where *.localhost is actually routed to localhost, and aptly named “Let ‘localhost’ be localhost.” This brilliantly simple standard would also negate the need for developers to, in many cases, manually modify their local /etc/hosts file in order to use a new local virtual host.

Besides the fact that this take-over-on-squatted-territory was an inconvenience to so many developers, I genuinely applaud Google’s efforts to enforce HTTPS where it can, and I appreciate the leadership demonstrated by providing a better technical solution for web developers.

All this to say, the .dev gold-rush is on now. Get yours. I’ve picked up https://mattsimpson.dev and also a few other nice ones, including a brilliant one for my daughter Myer (https://myer.dev), who will have the coolest domain if she ever chooses to become a developer in the future.

Home Voice Automation is a Bad Idea… with Children

As I plugged in my Amazon Echo Dot today, an event that happens only once in a while, I remembered that owning this sort of technology is a probably bad idea… when you have three young kids.

Approximately 25-30% of households have children under nine years old, and out of those households, a high percentage have more than one child. Have you been privy to a troop of kids harass a piece of technology before? If not, you should pull up a chair, put on your patience cap, and watch chaos ensue. You wouldn’t think an AI could get angry… well, as it turns out, three kids can make Alexa want to turn herself off.

The whole event caused everyone in the room (AI included) to become frustrated and confused. Then it was turned off… until next time when I forget how frustrating it is.

Do you have stories with children and voice automation? Share if you’d like.