blogmonster

Timestamps in Active Directory properties

Mon, 01 Jan 1900 00:00:00 CST

Many AD properties that contain timestamps are in the FILETIME format, not Unix time (seconds since epoch) or etc. Convert with:

https://learn.microsoft.com/en-us/dotnet/api/system.datetime.tofiletime https://learn.microsoft.com/en-us/dotnet/api/system.datetime.fromfiletime

Reset Active Directory machine password

Mon, 01 Jan 1900 00:00:00 CST

These commands must be run on the workstation. Resetting the local machine’s password will update it locally and also on the specified domain controller. This will fix trust relationship errors on login.

HTTP response codes

Mon, 01 Jan 1900 00:00:00 CST

RFC 9110

Docker entrypoint injection

Mon, 01 Jan 1900 00:00:00 CST

Docker containers are configured with ENTRYPOINTs, or commands that are run when the container is initialized. This can be something like the container base image’s /sbin/init or tinyinit. Sometimes however, there is a need to run something before a container’s normal entrypoint. Under Docker Compose this is as easy as injecting a command before the container entrypoint:

I was inspired by @regbo on GitHub and their use of YAML conventions to make injecting scripts easier.

Temporary user profile created on login

Mon, 01 Jan 1900 00:00:00 CST

Permissions of existing user may not allow them to log in, or NTUSER.DAT may be missing. This will usually create a new folder in C:\Users named like ., for example myuser123.DOMAIN. Observed outcome is user missing files in their user profile, which is very confusing for end users. This can stack if it happens again, creating more user folders.

Most easily solved by either resetting permission inheritance on user folder, or deleting via sysdm.cpl after copying any important files out.

YubiKey ykman automation

Mon, 01 Jan 1900 00:00:00 CST

Codes must be Google totp:// scheme, one per line.

Open in Gitweb

Water heaters

Mon, 01 Jan 1900 00:00:00 CST

Water heaters are just big pressurized water tanks with heating elements and temperature sensors inside them. Many are dual stage to provide more efficient operation, with cool water flowing from the bottom and hot water pulled from the top, with two elements heating both areas when necessary.1 Water heaters use anodes to attract contaminants in the water. Sacrificial anodes are destroyed by this process and should be replaced every 3 years or so, while powered anodes use electricity to attract particulates and last longer. Water heaters should be flushed every six months to a year, with variance allowed for water quality and hardness.

Water Heater Maintenance - The Home Depot

KQL fundamentals

Mon, 01 Jan 1900 00:00:00 CST

Microsoft 365 eDiscovery uses a queru language called KQL. It’s finnicky.

The KQL syntax supports a sequence of expressions (the expression-list element) without any operator between the expressions. In this case, there is an implicit operator between the expressions. The implicit operator is either AND (section 2.1.2) or OR (section 2.1.8).

PowerShell v5 session history

Mon, 01 Jan 1900 00:00:00 CST

Session history (with e.g. Get-History) is separately handled from PSReadLine history, accessed with arrow keys. PSReadLine history is saved here and seems to never be emptied:

PSReadLine history can be retrieved using:

Common Name in Active Directory

Mon, 01 Jan 1900 00:00:00 CST

The Common Name or CN is a property of LDAP objects to describe their well-known, common names. Active Directory inherits this property in its schemas and relies on it for naming many different types of objects. It is the most used Relative Distinguished Name (RDN) in an AD forest. In AD nomenclature, and tools like Active Directory Users and Computers, it is often called the “Full Name”.

Example in ADUC:

ESXi maintenance cheatsheet

Mon, 01 Jan 1900 00:00:00 CST

This document was written targeting ESXi 6 and 7. Newer/older versions may differ.

ESPECIALLY NOW THAT BROADCOM BOUGHT VMWARE AND DESTROYED ALL HISTORIC LINKS EPIC

Hard match AAD accounts

Mon, 01 Jan 1900 00:00:00 CST

Cloud-only accounts that have previously had an on-premises account associated with them may still have an immutableId property set on their AAD user. This is a unique value that identifies an on-premises AD account by base64-encoding an AD account’s objectGuid. If immutableId is already set, no other account can be synced under the same UPN or email address, both unintentionally as a result of username or email clashing, or intentionally to fix unsynced accounts like Microsoft recommends.

The immutableId value normally cannot be set by any AAD/Office 365/Microsoft 365 web interfaces, toolkits, or cmdlets; but Microsoft Graph can for some reason. You can assign it like so:

What does approb mean?

Mon, 01 Jan 1900 00:00:00 CST

Saw a manga that used “approb” as translation of SFX. Translator I believe is non-native. Source: Maou-sama ni Shoukan sareta kedo Kotoba ga Tsuujinai - Vol. 3, Ch. 19

approb is likely short for approbante, which is a scholarly borrowed Latin term meaning “with approval of”. So the translator likely intended to convey a sense of scholarly approval or backing for her performance.

security camera search queries

Mon, 01 Jan 1900 00:00:00 CST

These were found on some *chan board forever ago.

Remove bugged Veeam snapshots in VMware

Mon, 01 Jan 1900 00:00:00 CST

When a Veeam backup or replication job for a VMware VM starts, it creates a VM snapshot. This snapshot can stick around if vCenter is unreachable when Veeam attempts to remove the snapshot; Veeam may also not attempt to remove the snapshot at all in some failure states.

VM snapshots are costly to disk reads since every read must traverse through each snapshot to find the most up-to-date block. Creating new snapshots also takes longer with a build up of older snapshots. Therefore, it is best to minimize VM snapshots in production.

Zettelkasten notetaking

Mon, 01 Jan 1900 00:00:00 CST

Keep small, atomic notes, that succinctly describe the idea and link to other notes. Consider tags for input/source of the note, topic, and output/purpose, depending on need. Capture information without judgement with focus on observing the thought, not presentation.

2022 Zettelkasten Obsidian Workflow ⚡️ Simple Set Up How To Take Smart Notes (3 methods no one's talking about)

Solarus: A child’s attempt to design an RTS

Mon, 01 Jan 1900 00:00:00 CST

A long time ago when I was a wee lad, I had a sudden desire to create an RTS, so I wrote a design doc. I had not and still haven’t played much by way of RTS games, so the end result is very primitive and probably unbalanced. But I think it’s a fun look back, so here it is, largely unedited and as it was many many years ago.

This initial version of the doc was mostly a brain dump of what I thought would be cool. As such, there is not much logic behind any of the choices.

head and tail in pure zsh

Mon, 01 Jan 1900 00:00:00 CST

It is very common to use head and tail in shells. But as far as I can tell, they are not deployed as builtins for any shell and are instead separate binaries, which isn’t good for optimization. This is true for zsh as well. But, at least with zsh, parameter expansion can replace the need for them easily. For example, if you wanted to pick the first editor from a list of potential choices:

You could easily replace head with:

Updating Exchange certificates

Mon, 01 Jan 1900 00:00:00 CST

Federation makes free/busy times and on-prem calendar/contact sharing available through Exchange Online. Process to renew is different if the cert has already expired. https://learn.microsoft.com/en-us/exchange/renew-the-federation-certificate-exchange-2013-help https://social.technet.microsoft.com/Forums/en-US/c863b6c9-9456-47f2-a1e1-db1787acc83f/unable-to-publish-next-federation-certificate

TlsCertificateName must be formatted like issuer DN~~subject name, e.g.:~~

Exchange mailbox permission

Mon, 01 Jan 1900 00:00:00 CST
Managed using a list of DNs in the authOrig property on mailbox and distribution group AD objects.

Maybe the type is not set in the schema, so the snapin can’t initialize it, or it just doesn’t support the DN type. PowerShell or ECP has to be used in these cases.

What’s the difference between vSphere and vCenter?

Mon, 01 Jan 1900 00:00:00 CST
what’s the deal with airplane food

https://en.wikipedia.org/wiki/VMware_vSphere https://en.wikipedia.org/wiki/vCenter

Calculated properties in Select-Object

Mon, 01 Jan 1900 00:00:00 CST
Calculated properties can be used in Select-Object to format results in a particular way:

Shortcuts of n and e can be used for the keys, i.e.

What is a cyberdeck?

Mon, 01 Jan 1900 00:00:00 CST
HMD devices and HIDs are a critical component in any futuristic or cyberpunk world. William Gibson coined the term and idea for such a device, a cyberdeck, in his 1984 novel Neuromancer. A Commodore-like keyboard (deck) connected to either a neural interface, HMD, or small deck-mounted display. Later iterations of the same idea like from Mike Pondsmith's Cyberpunk series espouse the keyboard and just keep the neural interface.

https://blog.rfox.eu/en/Hardware/Cyberdecks.html

XML filter for username in Event Viewer

Mon, 01 Jan 1900 00:00:00 CST
When querying for event 4625 (user lockout) or other similar events on DCs, you can filter by username using the below XML query in addition to whatever else might be necessary.

Why organization is important in Zettelkasten

Mon, 01 Jan 1900 00:00:00 CST
Simply shoving a bunch of notes in a binder with no way to intelligently sort or look any of it up later results in the effective loss of that information. It’s no different from writing yourself a paper note, and putting it into a lit fireplace. The entire purpose of Zettelkasten notetaking is to make small, discrete, connected, and searchable notes that come together to form a larger concept; rather than making a single, large, monolithic, heavily edited document or set of documents to describe that concept, where information can be lost in the noise; or making undocumented, disconnected, variable length, standalone notes without context that do not come together to form a meaningful whole.

User profile unable to login for first time

Mon, 01 Jan 1900 00:00:00 CST
Permissions of C:\Users\Default may be broken, and the user logging in may not have permissions to copy the files for their user profile. This is especially common when upgrading Exchange Server. Check by looking in Event Viewer source User Profile General for Warnings, Event ID 1509. You might see an event a description like this:

To fix this, just enable permission inheritance for the affected files.

Self-enrichment with Zettelkasten—or, How I Learned To Stop Worrying And Start Writing

Wed, 08 Feb 2023 00:00:00 CST
The Zettelkasten/slip-box system is a methodology whereby the writer takes small, atomic notes, designed to be linked to other notes and topics. A comprehensive thought might be made up of multiple notes, all linked to and relying on each other for context and further knowledge. The original method used physical cards and containers, hence the name (Zettelkasten is German for slip-box) but nowadays there are plenty of digital tools to accomplish a similar goal. This blog and even this very post actually live in my own slip-box, and as with most other posts here started out as individual small notes, later composed into a larger comprehensive post for publishing.

When it comes to notetaking, there is research showing that physically writing something down can help you remember it better. Personally my handwriting is garbage, I don’t like the feeling of a pencil on paper, and I can write much much faster with a keyboard, so that’s how I lean. However, writing digitally and the ease at which one can restructure and rewrite notes led to me heavily focusing on the note presentation over the actual subject matter; even if it wasn’t being written on a physical notepad, I would imagine that helped break whatever association I could have had between the physical action of typing and the memory, seeing as how I would often not recall notes I would write.

Everything Everywhere All At Once and The Paradox of Nihilism

Sun, 05 Mar 2023 00:00:00 CST
I’m not the first person to talk about this movie. Rather, it has been incredibly popular, and it brought in over a hundred million to the box office. And I also am not alone, I think, in how many people were able to associate with it, felt seen by it.

Of course, there were also plenty that could not get past the absurd nature of the movie, or got hung up on the cheesy plot elements and tropes. And that’s fine—aside from its central themes and objective, it isn’t anywhere close to a perfect movie. I get it.

A brief Filestash review

Wed, 28 Feb 2024 00:00:00 CST
Filestash (GitHub, docs) is a one size fits all, yet customizable, yet functional out-of-box solution for web-based file browsing. I’ve been looking for a long time for a fast and functional product to solve that very problem, and so far not had to look any further. As someone that has heavily used Nextcloud, and eventually got used to its quirks, many bugs, and general slowness, having a piece of software that doesn’t get in my way and works really fast is a particular godsend.

Navigating files is easy, fast, and comprehensive. It feels as responsive as a native file browser, and since it’s delivered as a single-page app, there are no pesky page loads or refreshes between directories. As expected with such brisk navigation, it’s also easy to share, upload, move, and delete files, with multi-select and drag-and-drop interface where even the breadcrumb can be used as a drop target. Very smart design.

The best “XR” glasses to date—with caveats

Wed, 12 Jul 2023 00:00:00 CST
The VITURE One XR Glasses are, as of this writing, certainly the best on-head/wearable displays on the market. But they are not without their flaws.

ed.: It’s been over half a year since I wrote this article. Viture have been doing a lot with the One, and have even released a new model, so I would encourage prospective readers of this article to also check out Viture’s up-to-date documentation here in case they’ve resolved issues or provided workarounds for things I’ve mentioned. I’ve since sold my glasses so any further updates to this article are unlikely.

Automatic IIS Certificates on Windows Server with DNS Server Verification

Thu, 06 Jun 2024 00:00:00 CST
For far too long, Linux sysadmins have been taking full advantage of Let’s Encrypt and ACME certificate generation. Sure, certbot does run on Windows Server, but… not very well, in my experience. And deploying to IIS is usually a pain, as well as dns-01 domain verification for DNS Server.

Enter Posh-ACME. A simple PowerShell module to automate ACME certificate generation, domain verification, and renewal, with the same ease as those dirty penguinistas.

Who needs a backpack?

Mon, 13 Feb 2023 00:00:00 CST
I used to be the kind of person that thought I never needed a bag or backpack. I carried light and didn’t have anything I needed to take with me, other than keys, wallet, pens, multi-tool, flashlight… Okay, it seems like a lot, but it all fits within my large jeans pockets. But what if I’m not wearing the jeans, or I have extra things I need to carry? Oh, I’ve been blessed with functioning hands, so it’s fine, right?

So I thought.

PowerShell's Strange Comma Operator

Fri, 16 Aug 2024 00:00:00 CST
I have reached an enlightening moment in the land of PowerShell.

As it turns out, the comma in PowerShell is an operator—both binary and unary.

NGINX Gotchas

Fri, 22 Sep 2023 00:00:00 CST
NGINX is a wild beast of a program. It is one of the most straightforward but as a result one of the more intelligently complex proxy servers out there. And due to its rich feature set, it can be used for much more than just simple proxying. But that complexity and those features make it often unwieldy to use; combined with numerous bugs that have existed so long they’ve essentially become features, because changing them could break hundreds of thousands of websites were they to change. Here I’ve collected some of the “gotcha” moments I’ve experienced in my time using it. I will update this article should I come up with any more.

Martin Fjordvald made a nice article about this that I think explains it perfectly:

Obsidian nested tag search caveats

Tue, 20 Jan 2026 00:00:00 CST
I took a break from my vault for a while, but eventually came crawling back—I realized how much I missed it. And in updating my vault plugins and getting it set back up on devices I hadn’t yet installed it on, I ended up going back over some of my notes. In the process, I ran into a curious situation: What if I want to search for a tag, without returning nested ones?

This isn’t a new ask, and while I think this use-case goes against how tags are designed, Obsidian and Zettelkasten (if you adhere to it) are tools that should be customizable to the user. So, if you really want to do it, you should be able to.

Worldbuilding as an exercise into philosophy

Sat, 18 Feb 2023 00:00:00 CST
In the past, philosophy was considered in many cultures to be the ancient equivalent of what we now call science. There was much unknown, so it was often so that equal parts philosophy and theology were used to make sense of the world. Where logic failed, God could be invoked—the true importance of theology, to placate and satisfy our innate craving of knowledge where we had none. But for those that wanted more, that believed there to be a deeper meaning in everything, that wanted to explore and understand, philosophy saw its embers stoked.

Philosophers toiled over not just answering the unanswerable, but knowing the questions those answers demanded be asked. They used their inquisition, reason, and intellect to investigate and define the nature of the world and its fundamental questions with their theories, and that often led to them having great social and sometimes even political power. But since we as a species have begun to more thoroughly understand the world and conquer the unknown, philosophy has significantly degraded; and now appears to be merely relegated to those classes in school that next to no one wanted to take, and maybe the occasional podcast.

How and Why to Use Tags in Obsidian

Sat, 02 Dec 2023 00:00:00 CST
I have read and watched a good number of dissertations on applying metadata to Zettelkasten, and especially how that works from a software perspective. Much of the discourse centered around tagging documents, which is not a foreign concept to me, given my technological background. However, none of the schemes people proposed really gelled with me, so I decided to come up with my own. But before I reveal my cards (or slips… get it…), let’s go over what we’ll be working with.

Recommended reading before continuing:

NVIDIA in a Non-GNU Environment

Wed, 08 Feb 2023 00:00:00 CST
NVIDIA proprietary drivers on Linux expect a GNU userland and glibc. With some effort, they can be made to work under musl on Alpine Linux. Other distros may be possible as well, though I have not personally attempted this. Alpine provides packages for glibc compatibility, so you’ll likely need to compile it manually if there is no package or framework to support it already for your distro of choice. There is already plenty of documentation on getting this working, and I provide some of those resources below, so I will not dwell on it too much.

The NVIDIA Container Toolkit is a shim Docker runtime, and NVIDIA expects all Docker environments to use it. It works identically to the usual runtime in most respects, except that it exposes some configuration settings to manage how NVIDIA resources are allocated, and pushes up-to-date libraries into the container. Crucially, it is not actually required to get NVIDIA cards working in containers and is only really useful for the stated purpose. This is especially beneficial in non-GNU environments where the Container Toolkit is much more difficult to get running than the drivers.

Git Submodules are Fun

Mon, 10 Mar 2025 00:00:00 CST
Updated 9/22/25: More corrections and better description of how gitlinks work internally. Updated 5/13/25: Corrected some mistakes and added more example scripts.

As usual, because Git is a confusing, convoluted mess of nested questionably-designed wrapper commands that often do not accurately describe their actual functionality, submodules are not as simple as they appear on the surface, and misunderstanding them can lead to headache.

Deleting records

Mon, 01 Jan 1900 00:00:00 CST
Cog wheel → Record Delete can be used to remove records. Its functionality changes based on the screen you are on. For example, on DRUS, it removes the selected Resource; on NAE, it removes individual Person records.

Removing Person records may also remove linked records from other files. You may get an error when removing Person records if it is not possible to remove related records.

Notes about Ellucian Colleague

Mon, 01 Jan 1900 00:00:00 CST
If you’re here, you already know what Colleague is, and either an Internet search or a friend of a friend (or me) referred you. (And you very much know what it is if you know it as Datatel or Datatel Colleague…)

And if you don’t know what Colleague is, leave while you have your sanity.

DMI

Mon, 01 Jan 1900 00:00:00 CST
The DMI (Datatel Messaging Interface) is a message queue and broker protocol that communicates between DMI Listeners and other Colleague utilities, including the the DMI Registry. Some forms/screens that interact directly with the DMI protocol/messagebus, DMI Registry, or DMI Listeners are named as such (DRUS, DPWP...).

DMI Listeners are Java-based programs that interpret commands between two software components that do not have a common command set, such as LDAP and DMI to provide user logins via LDAP.

Where Used

Mon, 01 Jan 1900 00:00:00 CST
Where Used on the selection card identifies files that have records associated with the selected Colleague ID. Having a record in a file does not necessarily mean that the record is enabled/used—eg. do not assume a user is an employee just because they have a record in EMPLOYES or HRPER, they could have an employment end date and no longer be employed. (In this particular example, it is better to check EMPS.)

Mappings are available in VAL under valcode WHERE.USED.FILES

LDAP integration

Mon, 01 Jan 1900 00:00:00 CST
LDAP is powered by the Ellucian LDAP Agent. The Agent facilitates API requests between Colleague SaaS and LDAP servers such as Active Directory. LSCP can be used to configure LDAP integration, and LDSL can turn sync on or off. The LDAP Agent communicates to the Colleague API, and Colleague triggers API requests using EDX.

A Sync Level of 0 is off; no API calls will be sent to the agent, and any calls received from the agent will be silently ignored. Sync Level 1 is effectively unused. Level 2 is on.

EDX

Mon, 01 Jan 1900 00:00:00 CST
While DMI and DMI Listeners work for the interchange and ingressing of information in Colleague, EDX (Envision Data Exchange) is the new transport used to export information from Colleague, especially for Colleague SaaS. It does not interface with DMI Listeners and instead has its own format and functionality. Document definitions (file EDX.DOC.DEF) store criteria that EDX will parse and triggers that will fire when they match to a rule. These triggers then send data to subscribing applications, such as the Ellucian LDAP Agent or Ethos Integration.

🚩purpose/📝list

Staff file

Mon, 01 Jan 1900 00:00:00 CST
Staff records (STAFF file) are used to define some specific accesses intended for non-operators in Colleague. Staff records function as a central hub between the other primary employee records, including Operator ID (SOD), Person (NAE), and Web Users (DRUS). They also contain various privacy and authorization controls, such as:

🚩purpose/📝list

Unlocking users

Mon, 01 Jan 1900 00:00:00 CST
When detailing down into a form or screen, the resources used are locked. If you do not log out of Colleague (e.g. you close the window without clicking log out), the resource will remain locked for anywhere from 15 to 30 minutes before the session or lock expires. This can also happen if there is a SQL or Colleague script error that interrupts a save. You can use LRCS to unlock users, forms, and screens.

For more information, including the SQL query to investigate and unlock, see Ellucian Hub Article #000005834.

Files & Tables

Mon, 01 Jan 1900 00:00:00 CST
Colleague was originally designed to run on the multivalue file-based database UniData (part of the U2 suite), so while most Colleague installations now run on some kind of SQL backend, Colleague UI, Ellucian documentation, and Colleague Studio source code may refer to tables as “files” and rows as “records”. For example, the “PERSON file” is actually the person table in the Colleague SQL database, and the WHERE.USED.FILES valcode (see VAL) refers to shorthand names of tables, not files. Due to this mixing of terminology, “file” may also refer to actual directories and files on the Colleague server where non-obvious, such as _HOLD_.

The _HOLD_ directory lives under apphome and contains per-user folders where they can store whatever they want. If it can be exported from Colleague, it can likely be saved to _HOLD_ instead. Most automatic processes write to _HOLD_ and use it as a cache, unless specified otherwise. Users can then view these files or export them at a later date. UTFB lets you read the output of files without exporting them.

Save Lists

Mon, 01 Jan 1900 00:00:00 CST
Save Lists are lists of users, forms, mnemonics, and other information that a user can save and reference later. Most bulk forms use Save Lists, so it's important to know how to create and modify them. Save Lists are populated using SQL queries. The query can be edited and previewed from SLCR. You can use SLED to edit a Saved List manually, without using a query; you can also edit the last query run results before passing the list on to another screen or process. The query will only run when called from SLCR, either manually or from a scheduled process. You can also prevent the query from running when saving SLCR, in case you want to keep changes to a query statement without nuking the existing results.

Background processes and scheduled tasks

Mon, 01 Jan 1900 00:00:00 CST
Processes running in the background in Colleague are called phantom processes. Phantoms can be scheduled, and these are called outstanding or scheduled phantom processes, and are handled by the Envision Process Handler system. Scheduled processes are assigned to an Operator record, a scheduling queue, and the screen that is responsible for creating the process. When creating a phantom process, the Background Execution Type determines if it is a one-time run ("P", Phantom Process) or if a new schedule should be created ("E", Envision Process Handler).

🚩purpose/📝list

Employees file

Mon, 01 Jan 1900 00:00:00 CST
Employees (EMPLOYES file) are used by the HR module for Human Resources to keep track of active employees, their wages, the organizational structure, and more. Employee records do not require a Web User or Operator record. Some of this information is also stored in the HR Person (HRPER) file.

Organizational Roles

Mon, 01 Jan 1900 00:00:00 CST
Organizational Roles, Org Roles, or just Roles (ORG file) are like security classes, but for Self Service and some other newer Colleague products, and are managed through AROR. They are applied to Resources specifically and do not require an Operator record.

🚩purpose/📝list

Operators file

Mon, 01 Jan 1900 00:00:00 CST
Colleague Operator accounts (OPERS file) are created using SOD. This sets the Colleague login username and allows access to Colleague UI, WebAdvisor, and Colleague Studio. Operator records can exist without an associated Web User record.

Security classes in Colleague are attached to OPERS records, and this is what determines access to most of Colleague and associated applications. However, interactive access to applications is a separate field, unique to Operator records.

Colleague updates

Mon, 01 Jan 1900 00:00:00 CST
Updates are served in packages provided by Ellucian. They must be downloaded, staged, and installed in sequence. CPIE and MSUG are used for these tasks, respectively.

App Listeners

Mon, 01 Jan 1900 00:00:00 CST
Like DMI Listeners that wait for information before taking action, App Listeners wait on various Colleague database-aware apps and can act on that information. Colleague UI is managed under an App Listener. SBAL can be used to bounce (i.e. bring down and then back up) App Listeners, such as UI.

Registry & Resources

Mon, 01 Jan 1900 00:00:00 CST
The DMI Registry, or more formally the Resource Database, contains what used to be called Web Users, now Resources. The Web User terminology is well-cemented in Colleague so you will see them used interchangeably. Some screens relating to the Registry use Web User (WUIP, WUPR...), while others use Resource (AROR, EPDB...) but they are effectively the same things. The "Resource" terminology was introduced with the new security model for Self Service, as Web Users were initially coined for Self Service’s deprecated predecessor, WebAdvisor. Web Users are stored in the table ORG_ENTITY_ENV—as such, Resources are also associated with the acronym OEE. Confusing, right?

Person records are required to create Web Users, and Person IDs created in DRUS are linked to the Web Users. Person records are set up in NAE.

exposure stops

Mon, 01 Jan 1900 00:00:00 CST
In photography, a stop is a relative unit of measurement denoting overall exposure of a photograph. Each stop is always double the exposure of the previous stop, and half of the next stop. For example, to raise the shutter speed by “two stops” means to make it two times as bright by doubling the time the shutter is open.

The term stop comes from aperture stop, the physical medium used to block incoming light in an optical system. One-stop units are also known as EVs (Exposure Values). Additionally, shutters, film, sensors, and apertures that take in more light significantly faster (and as such produce fully-exposed images faster) are also known to be “faster”. For example, a 50mm prime lens with a large aperture of f/1.4 would be considered a “fast” lens, and ISO 3200 film is “fast” film. Conversely, the same lens at f/16 would be “slow”, and ISO 100 “slow” film.

crop factor

Mon, 01 Jan 1900 00:00:00 CST
Crop factors can be used to approximate equivalencies between full frame and crop sensor cameras to take similar pictures using different hardware, and to compare and contrast the strengths and weaknesses of camera bodies and lenses.

For two cameras with a full frame and crop sensor respectively, but using lenses with equivalent focal lengths, the resulting field of view on the smaller camera will be reduced by its sensor’s crop factor. For example, a full frame camera with a 32 mm focal length will have a field of view 1.6x as narrow on an APS-C camera. To get an equivalent focal length, the APS-C camera would need a lens with a \(\frac{32\ \mathrm{mm}}{1.6} = 20\ \mathrm{mm}\) focal length, or the APS-C shooter would need to stand further back to capture more of the surrounding scene. This is simply due to the sensor being smaller than the sensor/film on a full frame camera, which is thus not able to take in the same amount of light per square millimeter.

focal point

Mon, 01 Jan 1900 00:00:00 CST
A camera lens’ focal point is the point at which the light reflected from an object at a distance converges into one point when passed through the lens elements. If the light captured converges before or after the camera sensor or film, it will appear blurry, and the range within objects appear in focus is called the depth of field. Focus can be adjusted, usually by moving the lens closer to and further away from the camera sensor or film, and doing so allows for different distances in the captured image to appear in focus.

The focal point/range of a lens can be moved closer to the front of the lens system with extension tubes, which intentionally puts the lens’ convergence point in front of what the camera is designed for. This allows for any lens to be used for macrophotography. Similarly, teleconverters are lenses that attach to other lenses, using their own additional elements to enlarge the resulting image, which also decreases lens speed due to the loss of light around the magnified frame.

depth of field

Mon, 01 Jan 1900 00:00:00 CST
The size (or depth) around the focal point that the camera remains in focus—or, the distance between the closest and farthest objects in a photo that remain acceptably sharp. A shallow, narrow, or thin depth of field results in a faster growing blur from the focal point; while a deep, wide, or large depth of field reduces incremental blurring and produces a sharper image even for items that are out of focus.

The point at which the subject of a picture is considered acceptably within focus is known as the circle of confusion. Clearly defined intersections of cones of unfocused light that are captured in the final image are known as bokeh.

crop sensor

Mon, 01 Jan 1900 00:00:00 CST
Crop sensor cameras are compared in size to “full frame” 35 mm sensors, or to be exact, 36×24 mm.

focal length

Mon, 01 Jan 1900 00:00:00 CST
A camera lens’ focal length is the distance (usually given in millimeters) from the first lens element to the focal point. The focal length is a description of how aggressively a lens system converges light—the longer a focal length, the more acute the angle of the refracted light, while shorter lengths necessarily refract more sharply to reach focus within the smaller distance. Focal length determines the resulting field of view, with longer focal lengths providing more magnification than shorter lengths.

aperture

Mon, 01 Jan 1900 00:00:00 CST
The aperture is the opening that lets light into a camera. Aperture size is directly proportional to the depth of field and exposure of photos. The size of the aperture is often measured in stops, specifically f-stops, known as the f-number. Aperture stops are inverse, so a larger f-number results in a smaller entrance pupil, while a small f-number describes a wide open aperture.

bokeh

Mon, 01 Jan 1900 00:00:00 CST
The visible circular slices of cones of converging light that are captured on a camera sensor are known as bokeh. It is caused by light entering the lens and being focused in front or behind the sensor, where rather than being focused to a point, the converging cone-shaped light is intersected and appears more spread out. Bokeh gets bigger and changes shape based on the size and shape respectively of the aperture stop. Cameras with fixed, circular apertures have circular bokeh, while adjustable apertures reflect the inner edge of the aperture stop. Overall lens construction also determines bokeh shape—some lenses can reduce, eliminate, or emphasize bokeh; while older, poorly constructed, or intentionally designed lenses and filters can have swirly, uneven, or shaped bokeh. Exposure can also play a role, emphasizing the brighter parts of bokeh the more exposed the image is, or becoming less defined if the source of the bokeh is moving or the lens is unstable.