Michael Waterman

Fixing Packer + Proxmox template build failures: “can’t lock file … got timeout”

November 29, 2025 / Michael Waterman / 0 Comments

While automating my Proxmox environment with Packer, most of the workflow worked flawlessly: Ubuntu autoinstall, cloud-init, SSH provisioning, and qemu-guest-agent all behaved exactly as expected. But every build consistently failed at the very last step, converting the VM into a template, which was very annoying.

Despite the VM installing perfectly, Proxmox refused to stop it cleanly and returned a persistent lock-related error. This led to a surprisingly long troubleshooting process, which eventually revealed a simple root cause: stale lock files left behind from earlier interrupted builds……sigh

In this post, I’ll share the exact error, the steps I went through to diagnose it, and how cleaning up these old lock files immediately restored stable, repeatable builds, it’s been a few very long days…

A better Power(Shell) experience on Windows Server Core

November 9, 2025 / Michael Waterman / 0 Comments

While setting up my new Proxmox lab, I decided to give my Windows Server Core templates a small Power-up, literally. One thing that always bothered me about Server Core is the small, fixed-size PowerShell window you get by default after logging in.

Secure LUKS containers on Linux

October 14, 2025 / Michael Waterman / 0 Comments

Lately, I’ve been refining parts of my Linux workflow to make them both more secure and practical. One of those improvements came from something simple but powerful, using encrypted containers instead of relying solely on full-disk encryption.

In this post, I’ll walk you through how I built a secure, self-contained LUKS container on Linux, explain what’s really happening behind the scenes, and share a few lessons learned along the way, including troubleshooting tips and two small Bash scripts that make mounting and unmounting effortless.

PKI – Part 6: Demystifying the CAPolicy.inf file

May 18, 2025 / Michael Waterman / 2 Comments

Ever heard of the capolicy.inf file? It’s like a digital instruction manual for a Certificate Authority (CA) server. It pre-configures the CA and has a say in how certificates are set up or renewed. In other words, it’s a behind-the-scenes helper that ensures everything is governed with digital certificates. In this blog post, I’ll break down what this file does and why it matters in plain and simple terms.

Part 5 – PKI Best Practices: Creating Unique Object Identifiers (OIDs)

May 10, 2025 / Michael Waterman / 2 Comments

Introduction: Why OIDs matter in PKI

When building or managing a Public Key Infrastructure (PKI), precision and uniqueness are not optional, they’re very essential. Don’t be one of many, be your unique self! One key element that reflects this is the Object Identifier (OID). OIDs are globally unique values used to identify everything from certificate policies and application purposes to custom certificate extensions and cryptographic algorithms.

Detecting weak passwords in Active Directory

April 10, 2025 / Michael Waterman / 5 Comments

A little while ago, I wrote about the shift toward passwordless authentication and why we need to rethink our dependency on traditional passwords. While I’m still convinced that passwordless is the future, and the sooner we get there, the better. At the same time I also see the reality most environments are still dealing with.

How FIDO2 works, a technical deep dive

April 2, 2025 / Michael Waterman / 12 Comments

Earlier this year, I completed my bachelor thesis in Cybersecurity, diving into one of the most exciting developments in the world of authentication (well, that’s my personal opinion anyways), FIDO2 and Passkeys. My research focused on how passwordless authentication can reshape the way we secure digital identities, not only from a technical point of view, but also in terms of user experience, adoption , and the shift in mental models required to move beyond passwords.

Enable RDP hardware acceleration on a Linux VM in Microsoft Hyper-V

March 5, 2025 / Michael Waterman / 6 Comments

How to pass through a GPU and optimize remote performance in Ubuntu

Running a GPU-accelerated remote desktop on a Linux virtual machine (VM) in Microsoft Hyper-V can significantly improve performance for graphical applications, GPU intensive workloads, and even remote testing. However, Hyper-V does not support full PCI passthrough like VMware or Proxmox. Instead, it provides Discrete Device Assignment (DDA), which allows passing a GPU directly to a VM.

Urgent need for European technological sovereignty in Cybersecurity

February 2, 2025 / Michael Waterman / 1 Comment

I usually don’t focus on geopolitics, but the recent uncontrolled developments in cybersecurity, digital infrastructure, and artificial intelligence are too alarming to ignore. The recent shifts in the United States raise critical questions about Europe’s digital future and independence.

Step-by-Step Guide to Windows Event Forwarding and NTLMv1 Monitoring

June 29, 2024 / Michael Waterman / 22 Comments

Did you know that Windows has had a built-in capability to function as a SIEM (Security Information and Event Management) system for years, provided you stay within the Windows ecosystem? This powerful feature, known as Windows Event Forwarding (WEF), allows you to centralize event logs from multiple Windows machines, giving you a comprehensive view of your network’s activities.