IdM Rockstar

Encrypt The Last 4 Of An SSN!

.: Adam — Wed, 22 Feb 2012 16:45:52 +0000

There is a situation that seems too common in this industry. Companies are storing the last four digits of a users social security number in a data repository in clear text. I’m going to put this next part on it’s only line to reaaaaly stress my point:

DON’T EVER STORE THE LAST 4 OF AN SSN IN CLEAR TEXT!

First we need to ask ourselves “why” they think it’s ok to do this. Generally the response is, “well, it’s ok because it’s not the full SSN”. My best guess is that they never put any real thought into this, because the last four digits of a social security number is the most important part!

Ask yourself, “Why do you guard your SSN so tightly?” and you’ll probably come back with something like, “I don’t want people to steal my identity”.

Well… you don’t need the full SSN. Well, maybe for more elaborate things, like opening a line of credit, but not for any of your day-to-day stuff. Think about it. When someone wants to validate you are who you say, they ask you a couple questions that everyone knows (name, phone, etc), and then the über secure, “What’s the last four of your SSN?”

Everyone verifies you now via the last four of your SSN! You want a bunch of help desk personel (maybe even off-shore) to have the last four of your SSN? Yeah… didn’t think so.

Also, not sure if you already know this or not, but the last four of your SSN are the ONLY numbers that are serial. The first three have to do with where you filed for your SSN. It’s a location code. The second two are a grouping (most not even used) and they are determined by when you where born (the year). You can find out the code behind it here:

http://stevemorse.org/ssn/ssn.html

So, let’s say you were born in Delaware. Then the first three digits are either 221 or 222. Let’s say you were born in 1973; the middle two digits would be 50. Not very random huh?

Now you’re just down to just the last four (the one’s companies want to leave unencrypted) and there’s only 10,000 possibilities. Sure, a malicious user calling up AT&T is going to have a tough time guessing 1 in 10,000 but if there’s an online app that has you “verify” the last four of your SSN, they’ve basically created a brute force tool to “verify” that you’ve guessed the correct answer =). Also, phishing the last four from someone isn’t terribly difficult. Ironically, this is because of the same reasons that a company thinks it’s ok to leave the last 4 unencrypted. Most people think you can’t do anything with just the last 4, and the rest are random.

You can read more, right from the Social Security Administration (http://www.ssa.gov/history/ssn/geocard.html).

So, this is my public outcry to everyone to push companies to stop using the last 4 as a security measure! I don’t want everyone knowing my SSN, and neither should you. Until there’s a better citizen numbering system implemented (which is probably going to be pretty soon), these guys need to come up with something better.

Maybe ask for the first 3? LOL!

I guess I should reword my opening statement to:

DON’T EVER STORE THE LAST 4 OF AN SSN ~~IN CLEAR TEXT~~!

And even more importantly you should adopt this one:

DON’T EVER STORE THE ~~LAST 4 OF AN~~ SSN ~~IN CLEAR TEXT~~!

Because, really, it’s not needed. I mean c’mon, if Facebook or Google hasn’t asked for it, and they know more about you than you do, it’s just not necessary.

.: Adam

MSSQL 2008 DBCC Shrinkfile not working

.: Adam — Tue, 30 Aug 2011 05:48:56 +0000

I had a HUGE dilemma, my DB server locked up because the HDD filled up due to the transaction log file getting over 50GB (Daaamn!)

Now, I am not a DB admin… at all. So I turned to Google. I was told to run DBCC Shrinkfile and all would be ok. Wrong. Nothing Happened. Turns out, my database was somehow stuck in Replication mode for the log_reuse_wait_desc in sys.databases. After a few days of Google-scrounging, I foud this gem:

Run this scheduled task: sp_removedbreplication

No i backed up my database, and then ran the DBCC Shrinkfile command and BAM! It’s all good now =)

.: Adam

OIM Refresh / Clone between environments

.: Adam — Sat, 27 Aug 2011 20:35:54 +0000

So you want to replicate your production data into your test environment. You understand all the reasons you shouldn’t do this, but your client wants it done anyway. Soooo, here’s a generic outline of the steps you’ll need to do. After this is done, don’t forget that you need to “refresh” all your resources (AD, OID, etc), so that all the accounts match up.

Refreshing OIM from existing environment

MUST DO THIS BEFORE YOU ERASE CURRENT ENVIRONMENT

- Stop all WebLogic Application Servers, Nodes, and Manager
- Copy the soon-to-be-refreshed environment details to an Excel sheet
- Copy all IT Resource information and details
- Copy current XELSYSADM email address
- Copy the details of the scheduled tasks that have environment specific data – Copy the details of environment specific lookup definitions

Refresh Steps

- Log into each node on environment to be refreshed and sudo into root and run the following – cd /opt/oracle/oim91/xellerate/config
- cp .xldatabasekey .xldatabasekey-STAGE
- cp /software/oracle/OIM/productionDBKey/.xldatabasekey .

- Answer ‘y’ to overwrite the old file

- Have someone rest the XELSYSADM password in OID to what the current environments password should be (OID is the repo for OAM in this instance)

- Have the DBA team change the oimuser (OIM data owner) password to what it should be for this environment

- Make sure the oimuser account is unlocked

- If any WebLogic services are up, they need to be stopped and restarted. You will have to kill them at the process level (kill -9)

- Start WebLogic

- open dev design console
- login as xelsysadm with production password – Wipe out all addresses for every IT resource

- If an application server doesn’t start, you will have to do it manually (example):

- Either have someone else change the password in OID for XELSYSADM to the production password or change it yourself if possible

- Open the OIM Web Console
- Login as XELSYSADM with the production password
- (If you login through OAM, but not into OIM, you need to disable SSO for OIM) – Click on My Account on the top left and then click Change Password
- Change the password to what the current environments password should be

Note: if the password you’re changing to doesn’t fit the password policy, you’ll have to delete the policy in the Design Console ( Resource Management > Resource Objects > Name = Xellerate User) Make sure to re-add it when done. Blue columns need to be double-clicked and selected. Not typed in. (Default | base password policy | 1)

- On the left, click Account Profile under My Account
- Modify the email address to match what it should be in the new environment

- Open the OIM Design Console and modify the IT Resources – Click on Resource Management on the left

- Click on Manage IT Resource – Click Search
- Click on OID Server
- Click the Edit button

- Fill in the correct information for this environment (See corresponding Excel document IT Resources) – Click Save
- Click on Users > Manage
- Select User ID from the first dropdown and XELSYSADM for the value

- Click on Search User button
- From the drop-down, select Resource Profile
- For OID User, click on Edit
- Change the password to the new password and click Save
- Log out of the Web console and re-login with the new password to verify that it’s working

- Open the OIM Design Console – Expand Resource Management – Open IT Resources
- Click the New icon

- Name: Test Mail Server
- Double-Click the Type field and select Mail Server
- Click the Save icon
- Double-click new test mail server to configure it
- Fill in the correct information for this environment (See corresponding Excel document IT Resources) – Click the Save icon
- Expand Administration
- Double-click System Configuration
- Click the Search icon
- Select the System Configuration Table tab at the bottom
- Double-click the number next to Email Server to configure it
- Change the value to ‘Test Mail Server’ (no quotes)
- Click the Save icon
- Open Task Scheduler on the left
- Click the Search button and then select the Task Scheduler Table tab at the bottom
- Edit all scheduled tasks that have environment specific variables from saved data

- Update the attributes for the new environment (server names) – Click Save

- Using the IT Resource information stored in the Excel doc before everything was wiped out, update the IT Resources

- Open a SQL DB Editor and login to the Database
- Run this SQL command:
- update USR SET USR_EMAIL=‘test@domain.com’; – Commit changes and then quit
- commit;

- Verify that the /etc/hosts file on each server has all the necessary host names and IP translations for this environment

- Truncate the AUD_JMS table (sql command: truncate table AUD_JMS). Restart all application servers.

OIM Table Structure from 9.0.1.1

.: Adam — Thu, 25 Aug 2011 18:53:42 +0000

Rajnish Bhatia has provided the community with an AWESOME resource. He’s listed out all the tables of OIM and what they correlate to. I have personally referenced this table a ton of times, and I know others have as well. I’m mirroring it here for data integrity.

Please go to his website (http://rajnishbhatia19.blogspot.com/2008/08/oim-tables-descriptions-9011.html) and check out his other articles.

Great stuff!

.: Adam

From Rajnish:

The following table lists the purpose of each table within OIM.

Note: Custom Tables are created for user defined Object / Process Forms.

TABLE NAME IN OIM	DESCRIPTION OF TABLE
AAD	List To Define The Administrators For Each Organization And Their Delegated Admin Privileges
AAP	Table for storing Resource – Organization level parameter Values
ACP	ACP – Link Table That Holds Reference To ACT And PKG Tables, Table That Defines The Objects (Resources) Allowed For A Particular Organization
ACS	Link Table for Account Table(ACT) and Server Table(SVR)
ACT	Defines information about all organizations created through Xellerate
ADJ	Contains the Java API information for the constructor with parameters and method name with parameters chosen for an adapter task of type JAVA, UTILITY, TAME,REMOTE, or XLAPI.
ADL	Contains the all of the necessary parameters for an adapter task of type IF, ELSE IF,FOR, WHILE, SET, and VARIABLE tasks. These type of tasks are known as LOGICTASKS
ADM	Data mapping between parameters input/output parameters and source/sink
ADP	Defines an adapter created through the Adapter Factory
ADS	Database,schema and procedure name selections which define a stored procedure adaptertask
ADT	Defines a task attached to an adapter
ADU	Contains the web service and method chosen for a task of the Adapter Factory
ADV	Adapter variable table contains variables that have been created for specific adapters.
AFM	Links an adapter with a form
AGS	Holds the definition of organization/contact groups
AOA	Contains the OpenAdapter property file for OpenAdapter
APA	To store attestation process administrators
APD	To store attestation Process definition
APT	To store the attestation tasks
ARS	Contains custom response codes for ‘Process Task’ Adapters only
ATD	To store entitlement details for each attestation task
ATP	Defines input and output parameters for the constructor and method of an adapter taskof type JAVA, UTILITY, TAME, REMOTE, and XLAPI
ATR	To store attestation requests
ATS	Stores which services or can be ordered by which organizations and which rates apply
AUD	Define the Auditors
AUD_JMS
CRT	Trusted Certificate Information
DAV	Stores the runtime data mappings for ‘Entity’ & ‘Rule Generator’ adapters. The data source being an Xellerate form or child table,or a user defined process form.
DEP	Dependencies among Tasks Within A Workflow Process
DOB	Data Resource definition consisting of the fully qualified class name of the dataobject
DVT	Defines the one to many relationship between Data Resources and Event Handlers (this includes adapters)
EIF	Export Import Files. Each row contains one single file used in export/import operation. For export there is only one file
EIH	Export Import History. Each row represents one Data Deployment Management session.
EIL	DB Based lock for export operation. Used to make sure only one user can import at atime. This is currently not managed through data objects
EIO	Export Import Objects. Each row represents one object exported/imported
EIS	Substitutions used during import process
EMD	Core –Email Definition Information Table That Holds The Email Template Definitions
ERR	Error codes
ESD	Encrypted columns not within the bounds of the SDK
EVT	Defines event handlers by providing a process and class name. In addition the scheduling time of when the event handler can execute is set to pre (insert, update, delete) or post (insert, update, delete)
FUG	List to define the administrators for each user defined object in the ‘StructureUtility’ form or for each user defined field in the ‘User Defined FieldDefinition’ form
GPG	List to define the (nested) group members of User Group in the ‘User Group’ form.
GPP	List to define the Administrators and their delegated admin rights over a User Group
GPY	Joins Properties (PTY) and Groups (UGP).
IEI	Table where all the imports and exports are defined
LAY	Table where the layouts are defined for the various imports and exports
LIT	Import/export table.
LKU	Lookup definition entries
LKV	Lookup values
LOB	Import/export table.
LOC	Holds information about locations
MAP	XML MapSchema Information
MAV	Stores the runtime data mappings for ‘Process Task’ adapters. The data source being a process form, Location, User, Organization, Process, IT Resource, orLiteral data.
MEV	E-mail notification events
MIL	Holds information about tasks of a process
MSG	Defines the user groups that have permission to set the status of a process task.
MST	Task Status And Object Status Information. Holds All The Task Status To Object Status Mappings
OBA	Object Authorizer Information
OBD	Object Dependencies
OBI	Object Instance Information
OBJ	Resource Object definition information.
ODF	Holds Object To Process Form Data Flow Mappings.
ODV	Object Events/Adapters Information
OIO	Object Instance Request Target Organization Information.
OIU	Object Instance Request Target User Information.
OOD	Object Instance Request Target Organization Dependency Information.
ORC	This Entity Holds The Detail On Each Order. This Could Be Considered The Items Section Of An Invoice. This Entity Is The Instance Of A Particular Process
ORD	Holds information that is necessary to complete an order regardless of a processbeing ordered
ORF	Resource Reconciliation Fields
ORR	Object Reconciliation Action Rules
OSH	Task Instance Assignment History
OSI	Holds information about tasks that are created for an order
OST	Object Status Information
OUD	Object Instance Request Target User Dependency Information. Holds The Dependency Between Different Resource Instances Provisioned To A User.
OUG	List to define the administrators for each Resource
PCQ	Holds the challenging questions and answers for a user
PDF	Package data flow table holds the data flow relationships between packages
PHO	Holds all communication addresses for this contact — e.g., contact telephone numbers,fax numbers, e-mail, etc.
PKD	Package dependency table holds the dependency relationships between child packages of a parent package
PKG	Consists of names and system keys of service processes, which consist of a group ofservices from the TOS table. Defines a Process in Xellerate.
PKH	Package Hierarchy Table Holds The Parent-child Relationships Between Processes
POC	Stores values for the child tables of the Object/Process form of a resource being provisioned by an access policy
POF	Policy field table holds the field value pairs that constitute the definition of apolicy
POG	Join table between Policy and User Groups, Specifies the groups to whom an access policy will apply.
POL	Policy Table Holds A Policy, Defines An Access Policy In The System
POP	Policy Package Join Table Holds The Packages That A Particular Policy Orders For User, Defines Which Resources Will Be Provisioned Or Denied For A Particular Access Policy.
PRF	Process Reconciliation Field Mappings
PRO	Defines a process name, scheduling frequency, and priority. A process is made up of oneor more tasks
PTY	Client Properties Table
PUG	List to define The Administrators And Their Delegated Admin Rights For Each Process.
PWR	Table forPassword Rule Policies
PXD	Table that holds the list of all Proxies Defined
QUE	Administrative queues definition
QUM	Administrative queue members
RAV	Stores the runtime data mappings for ‘Pre-populate’ adapters. The data source being an Xellerate form or child table, or a user defined form
RCA	Reconciliation Event Organizations Matched
RCB	Reconciliation Event Invalid Data
RCD	Reconciliation Event Data
RCE	Reconciliation Events
RCH	Reconciliation Event Action History
RCM	Reconciliation Event Multi-Valued Attribute Data
RCP	Reconciliation Event Processes Matched
RCU	Reconciliation Event Users Matched
REP	Table that contains all information about reports in the system
REQ	This table holds request information
RES	This table is used to stored adapter resources entered by the user.
RGM	Table for Response Code Generated Milestones
RGP	Rules To Apply To A User Group, Defines The Auto-group Membership Rules Attached To AParticular Group.
RGS	Defines all known registries. These are used by Web Service tasks in an Adapter to communicate with a web service
RIO	Request Organizations Resolved Object Instances
RIU	Request Users Resolved Object Instances
RLO	This table contains directory URLs which are referenced by Adapter Factoryjar/class files.
RML	Rules To Apply To Task, Defines The Task Assignment Rules Attached To A Process Task.
ROP	Rules To Apply To An Object-process Pair, Defines The Process Determination Rules Attached To A Resource Object.
RPC	Reconciliation Event Process Child Table Matches
RPG	Link table between Group table and Report Table. Specifies which group has accessto which reports
RPP	Parameters passed to report.
RPT	Stores information related to the creation of reports
RPW	Rules To Apply To A Password Policy, Defines The Policy Determination Rules Attached To A Password Policy.
RQA	Request target organization information.
RQC	Request comment information
RQD	Contains self-registration request data for web admin.
RQE	Request administrative queues
RQH	Requeststatus history
RQO	Request object information.
RQU	Request object target user information
RQY	Request Organizations Requiring Resolution
RQZ	Request Users Requiring Resolution
RRE	Reconciliation User Matching Rule Elements
RRL	Reconciliation User Matching Rules
RRT	Reconciliation User Matching Rule Element Properties
RSC	Defines the All The Possible Response Code For A Process Task.
RUE	Defines the Elements In A Rule Definition.
RUG	List to define the administrators for each Request
RUL	Rule definitions
RVM	Holds Recovery Milestones
SCH	Holds specific information about an instance of a ask such as its status orscheduled dates
SDC	Column metadata.
SDH	Meta-Table Hierarchy.
SDK	User define data object meta data definition
SDL	SDK version labels
SDP	User defined column properties
SEL	Data Object Permissions For Groups On A Specified Data object
SIT	The SIT table contains information about sites. Sites are subsets of locations.
SPD	IT Resource parameter definition
SRE	Defines Which Pre-populate Rule Generator Will Run For A Field Of User Defined DataObject.
SRP	Should be replaced by the rate table from a billing system. Here it holdspecific rates for specific services.
SRS	IT Resource – IT Resource join
STA	Status Codes
SUG
SVD	IT Resource type definition
SVP	IT Resource property definition
SVR	IT Resource instance definition
SVS	IT Resource – Site Join
TAP	Holds parameter values for a task, which is an instantiation of Valid Task,i.e. value for parameter Company Name, etc.
TAS	Holds instances of Valid Task. Examples of Valid Tasks would be reports, imports, etc. Valid TaskParameters indicate what parameters can be assassigned to an instance of a task, i.e
TDV	Used by event manager/data objects, joins data objects, types of service, and events
TLG	Keeps logof SQL transactions.
TMP	Indicates which tasks are in a process. Tasks are defined in table; this way, one task can be in many processes.
TOD	To do list settings table.
TOS	Holds information about a process
TSA	Stores initialization params (name/value pairs) forscheduler tasks
TSK	Scheduler task definition information
UDP	User-defined field table
UGP	Defines a group of users
UHD	User Policy Profile History Details table
ULN	This table hold UHD allow / deny list
UNM	“UnDoMilestone” Feature
UPA
UPA_FIELDS	Stores changes only for user profile audit history in de-normalized format
UPA_GRP_MEMBERSHIP	Stores groups membership history in de-normalized format
UPA_RESOURCE	Stores user profile resource history in de-normalized format
UPA_USR	Stores user profile history in de-normalized format
UPD	User Policy Profile Details table
UPH	User Policy Profile History table
UPL	User-defined field table
UPP	User Policy Profile table
UPT	User-defined field table
UPY	Joins Properties (PTY) and User (USR) tables.
USG	This table stores which users are in which groups.
USR	Stores all information regarding a user.
UWP	Window sequence, nesting in CarrierBase explorer for each user group.
VTK	Defines automation task types such as reports, imports, and exports.
VTP	Valid Task Parameters. Indicates which parameters can be defined for an instance of a task.
WIN	Windows table: Windows keys, descriptions, and class names.
XSD	This table holds Xellerate System Data

Rename the ObSSOCookie in OAM

.: Adam — Wed, 10 Aug 2011 20:41:43 +0000

So let’s say that you’re working in an environment that happens to have Oracle Access Manager (OAM) installed twice. Yep, two instances. Why? Most likely because larger corporations and institutions tend to make decisions that have no real thought behind them. Anywho, a problem that will arise is that if you’re using a global cookie with the .domain.com as your suffix, they will conflict and overwrite eachother. This will cause a wonderful behavior of being SSO’d into one system and when you visit the other system it will overwrite the cookie and kill your other session for you. Why? Because OAM uses a cookie name of ObSSOCookie as the default name. By method of standard practice and IT reasoning, your impulse would be to rename one of the cookies so that there are two separate cookies and that they can be used independently. Weeellllll, surprise surprise, you can’t. Oracle Access Manager will NOT allow you to change the name of the cookie. The official response from Oracle on this is that, “it’s a security issue”. I’m calling B.S. and attributing this to the bad practice of hard-coded variables.

So, yeah. If for whatever reason, you want to change the name of the ObSSOCookie that Oracle Access Manager uses for it’s single sign on purposes, you can’t.

On behalf of Oracle / Oblix… sorry =)

.: Adam

Twitter Weekly Updates for 2011-07-03

.: Adam — Sun, 03 Jul 2011 11:07:00 +0000

Who's got a G+ account? I wanna add ya. #

Who works for $40/hr all inclusive?!

.: Adam — Wed, 27 Apr 2011 22:03:46 +0000

I know I can’t be the only one out there, so I gotta know, who the hell actually says “yeah, that sounds like a good deal!”?

Here’s a job description I just received:

Hello
Hope you’re doing well

Title : ITIM resource
Location-US – New York
Duration -12 months
Rate-$40p/Hr

Technical Skills:

Excellent knowledge on Tivoli –TIM/TAM
Should have knowledge on SiteMinder integration with WebServer, OID, Application Server
Good knowledge on Websphere Application and Portal Server
Should have WAS Administration Knowledge
Should have Portal administration experience.

Anyone worth their salt in this industry isn’t going to accept that. So what’s this really mean? It means that the client put out a bid for lets say $130/hr for this position because they’re smart and know they need someone half-way decent. Next comes these guys…my little Indian staffed headhunter agencies that have no problems pitching someone completely useless with the requested technology. And they get paid for this? This is bullshit! No middleman should get a chunk of the hourly just for finding a resource to do a gig. A finders fee, I understand, but this is ridiculous!

You think these guys even tech out the resources they pitch back to the client? Hell no. The only question they need answered is how much you’ll do the job for, other than that, they don’t give a rats ass. You know what I hear when I respond with, “I don’t even have experience with XXX” ? They tell me it’s ok and they’ll submit it anyway. OR(!) a couple of them even told me, “Why don’t you just add it on there, and then we’ll submit it.” !!!

Companies : ^^^^ These are the people you’re getting to staff a position you probably know little about!

It all seems normal, because it’s been going on for so long, that no one really questions it, but take a look at it from the consultants point of view. The company is paying an hourly fee for a service which is rendered by the consultant. The headhunter then takes their vig off the top before the consultant see’s a dime! It’s almost like the consultants are the one’s paying to have the gig.

Ok, I’ll subside on my rant… it’s just frustrating to get phone calls and emails every day with garbage like this. Because in the end the consultant is getting ripped off, and the client is getting a shoddy resource. Everyone looses except the scam artist in the middle.

My message to companies hiring consultants: Using headhunter agencies is fine, but make sure you’re getting a legit resource and they’re not a Visa mule, or getting suckered.

My message to the headhunters: FAIR SHARE! I get it, you definitely deserve a piece of the pie, and I have no problem giving it to you, but if you call me with a thick Indian accent and ask me to work for $40/hr, I will laugh at you and hang up.

My message to the consultants: Stick up for what you’re worth! Just because a bunch of dolts are saying yes to lower wages so that they can learn on the job and set the client back more time than they can afford, doesn’t mean you need to cave in.

You get what you pay for. So know what you’re paying for.

.: Adam

Part 10 – Starting Oracle Database and Directories

.: Adam — Wed, 20 Apr 2011 01:36:22 +0000

Part 10 – Starting Oracle Database and Directories

This video tutorial will walk you though differnt ways to startup and stop various database and directory services.

FIN

The original source videos are available for download via Vimeo.com You’ll have to sign in to download them though. To get there, click on the “Vimeo” logo in the video.

If you have any questions, please post them below. I’m pretty tied up at the moment, but others will be able to help too!

Thanks!

.: Adam

Part 9 – WebLogic Server and Domain Start-up Options

.: Adam — Wed, 20 Apr 2011 01:33:04 +0000

Part 9 – WebLogic Server and Domain Start-up Options

This video tutorial will walk you though ways to startup and stop the WebLogic Server and WebLogic domains.

Next >> Part 10 – Starting Oracle Database and Directories

The original source videos are available for download via Vimeo.com You’ll have to sign in to download them though. To get there, click on the “Vimeo” logo in the video.

If you have any questions, please post them below. I’m pretty tied up at the moment, but others will be able to help too!

Thanks!

.: Adam

Part 8 – Configuration of Oracle Identity Manager 11g

.: Adam — Wed, 20 Apr 2011 01:29:57 +0000

Part 8 – Configuration of Oracle Identity Manager 11g

This video tutorial will walk you though the configuration of Oracle Identity and Access Manager 11g. These tools include:

Oracle Access Manager 11g
Oracle Adaptive Access Manager 11g
Oracle Identity Navigator 11g
Oracle Identity Manager 11g
Platform Security Services
Authorization Policy Manager

Next >> Part 9 – WebLogic Server and Domain Start-up Options

The original source videos are available for download via Vimeo.com You’ll have to sign in to download them though. To get there, click on the “Vimeo” logo in the video.

If you have any questions, please post them below. I’m pretty tied up at the moment, but others will be able to help too!

Thanks!

.: Adam