Category Archives: Uncategorized

LetsEncrypt on Azure App Service for Linux

Azure App Service for Linux is a pretty neat offering from Azure. You get all of the DevOps features you want (A/B Testing, Hosted Application, Tiered Support, Button-click scaling, lots of templates and more!) without the headache of managing VM’s.

9 years ago, I wrote a quacky little website called “Duckiehunt“. Unfortunately, I didn’t pay the tech debt and things kept breaking until it was abandoned. I’m now using Duckiehunt as a learning ground for Azure’s services and alternatives.

Azure App Service for Linux was the perfect fit. However, back in 2008 SSL wasn’t as ubiquitous. Now, it’s a badge of shame to NOT have it. Azure does offer an App Service Certificate, but I’d like to find a cheaper/more open solution.

Enter Let’sEncrypt from Mozilla and the EFF. If you don’t know, EFF are the unsung heroes of the internet. They fight tirelessly to support your freedom and rights on the internet. Mozilla and EFF offer Let’sEncrypt as a free way to encrypt websites via CertBot. Now I’ll dig into the technical details behind encrypting an App Service for Linux with Let’sEncrypt.

Step #1: Get CertBot
Because I’m on OSX, I was able to run: brew install certbot. For the full range of options, CertBot’s webpage has what you need.

Step #2: Create Cert locally

Before CertBot can create the certificate for you, it must first validate you own the domain. It will prompt you for a few questions, and then ask you to create a file on the webhost and add content to that file for validation.

Thankfully, Azure App Service for Linux provides a terminal access to your container so you can make these modifications yourself.

âžœ sudo certbot certonly -d –manual

Create a file containing just this data:


And make it available on your web server at this URL: STRING 2%

Press Enter to Continue

Step #3: Add the validation file to you website

I then went to the Kudu instance of my App Service and ran:

➜ mkdir /var/www/html/.well-known/acme-challenge/
âžœ echo “%RANDOM STRING 2%” > %RANDOM STRING 1%

At this point, the validation is in place and it’s time to continue with Chatbot by pressing “Enter”.

Waiting for verification…
Cleaning up challenges

– Congratulations! Your certificate and chain have been saved at:
Your key file has been saved at:
Your cert will expire on 2017-11-12. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
“certbot renew”
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt:
Donating to EFF:

Huzzah! I’ve now got a certificate. Time to upload.

Step #4: Upload the certificate to Azure
Azure has a pretty descriptive set of steps for associating a certificate to your App Service, which I was able to follow.

Openssl will ask for a Password which you need to keep as you upload the cert to Azure.

➜ cd /etc/letsencrypt/live/
➜ openssl pkcs12 -export -out myserver.pfx -inkey privkey.pem -in fullchain.pem
Enter Export Password:
Verifying – Enter Export Password:
➜ cp myserver.pfx ~/Desktop

Step #5: Bind the certificate to your App Service

From here on you’re ready to Bind your SSL Certificate to your App Service. I’ll let Microsoft’s documentation lead the way from here.
Step #6: Bask in doing your part to secure the internet.

In summary, the process was pretty painless.

  • I used Let’sEncrypt to create a new Certificate for my App Service for Linux by creating a file that Let’sEncrypt could use to validate I owned the site.
  • I then encrypted that certificate to upload to Azure.
  • Once it was uploaded, I bound that certificate to my domain and voila! A more secure Duckiehunt

One bummer is that the certificate is intended to expire in 3 months instead of the industry standard of 12 months. The renewal process looks pretty easy, but that’s a different blog post.

–Tommy feels that he’s done his part in making the world a bit safer.

Fulfillment of a childhood dream.

Like most children of the 80’s, I loved playing with LEGO. By mixing and matching bricks, you could physically manifest your imagination.

My first LEGO set was the Blacktron – Renegade.

Blacktron Renegade

By following the instructions, I was able to explore space and move strange and dangerous cargo from distant planets. By moving the wings around, I was able to make the Batwing and fly around Gotham. (Well before anyone else realized that potential.)

This was an immensely rewarding experience that I’ve carried with me through my professional career.

Naturally, the toys of the child lead us to adulthood. I knew I wanted to spend my life building. Creating. Spawning new ideas. I wanted to physically manifest my ideas into structures that others would see, admire and even work/play/live in. When I learned that you could get a job doing this, I was elated. I knew this was exactly what I wanted to do. My mission in life was set.

One fateful day, when I was sharing my new life mission with my Godmother she informed me: “To be an architect you have to know how to draw.” Anyone who’s seen me sign a check, write on a whiteboard, or even attempt to draw a square knows artistry genes were not bestowed upon me. I was crushed. My life’s mission was aborted and I was unsure what to do with myself.

My first drawing of the Falgout Family (I ran out of time for arms)
To quote my wife: “Those are people? I thought those were windows…”

I drew this
I drew this. Not sure what my obsession with blue people was. That drawing is nightmare fuel for me.

In High School, when Career Day came I didn’t care about any session other than the local architect. As torturous as it was, I still wanted to know what it was like. All I remember was “hard work…something something…dedication”.

Fast forward to the last 12 months. I made an exciting and brave leap to join Microsoft, and am now a “Cloud Solution Architect”. I’m an Architect. I’m a real, bonafide Architect. (I’m literally crying as I write this as I’m so overwhelmed with a sense of accomplishment.) My bricks aren’t 8x8x9.6 mm, they’re CPU Cores. I no longer have one toychest, I have 36 datacenter regions, spanned across the world.

Thankfully, I’m not planning to give up on those plastic pieces of creativity, as I’ve currently got a Star Destroyer hanging from the ceiling of my man cave. And even more sets left to complete.

LEGO Star Destroyer hanging from the ceiling.

If I could go back and comfort my younger self during that heartbreaking moment, I’m sure I would have told him: “hard work…something something…dedication”.

//build 2017

//build is a developer-centric conference Microsoft hosts every year. Since I never expected to work for Microsoft, I wasn’t even aware of //build. So, when my manager asked me if I was excited to attend and I told him no, I now know why that was the naive answer.

AWS has a head start on cloud services over Azure. But if this conference was any indication, Microsoft is taking this all the more serious.

Here’s some of the announcements that really caught my eye:

Click here for my detailed conference notes.

  • CosmosDB: Originally the distributed storage behind DocumentDB, CosmosDB allows not only a document store, but a MongoDB API, a key-value store and a graph database (Gremlin). That alone is pretty impressive; however, the portion that impresses me the most is how CosmosDB handles consistency. Traditionally, a database will offer either strong or eventual consistency.

    However, CosmosDB goes far beyond those two models and introduces 3 more that are all available as a turn-key solution. (Bounded Staleness, Session and Consistent Prefix (a new model of their own design))

    As a data guy, this is impressive to say the least. Not just because I work here, but because this is a new level of choice that I haven’t seen before and am excited about.

  • Speaking of being a data guy, offering Postgres and MySQL as a service made me giddier than it probably should. That said, AWS has had it for a while, so I’m more excited that we’re catching up.
  • AI: There’s no denying that machine intelligence is on the rise. Netflix’s $1,000,000 prize was just the start, and the pot has gotten bigger. The teams demo’ed Object detection and identification in manufacturing rooms, that led to a “sledgehammer selfie”. You had to be there.
  • Skype: While Skype may not be sexy technology, if it can provide an email transcript of a meeting with a list of action items (assigned by voice commands) as the demo provided, that might change.
  • Powerpoint + AI: Powerpoint isn’t really sexy either. Even less than Skype. In fact, I’d put it along the same sexiness as Orkut. But the demo of speech-to-text + text translation got a huge round of applause (the demo showed a Spanish presenter translated to Chinese in seconds.)
  • ServiceFabric: The team announced a GA for 5.6, and while it was already available, Windows + Linux containers. It can also ingest docker-compose files, which is interesting, but sent a mixed message to the OSS community.
  • Fluent Design: I’m color blind, so visual design is often lost on me. Other people seemed excited about it. So, that’s nice.
  • Lin on Win: Ubuntu Bash on Windows is nothing new. But now you can download Ubuntu, Fedora and SUSE from the App store instead of enabling “developer mode”. Oh yeah, iTunes is on App Store now too. Dude.
  • Hololens: Microsoft’s current Hololens is very neat, but costs ~$3000. Microsoft announced is a $399 model from Acer, which will be available in time for the holidays. Microsoft’s Hololens uses a transparent screen in front of your eyes to overlay augmented reality, and the Acer model provides a complete-view screen with cameras on the side to augment. There were 19 mixed reality experiences (vendors/partners) attending //build.

  • The parties: Microsoft spared no expense in ensuring that the guests enjoyed themselves. My highlight was walking around CenturyLink Field (home of the Seattle Seahawks) and screaming “Who Dat!”. Rock-aoke (Karaoke with a live-band) was a huge hit too.

Want to pretend you were there from experiencing my photos? Now you can!

See you next year!

Tinkering with Oracle DB in a container.

TL;DR: Size matters.

After Oracle’s surprise announcement of their containerization of Oracle DB, Oracle WebLogic and a few of their other core technologies, I decided to test it out for myself. (Speaking authentically, I’m leery of their commitment; however, I recognize that I work on Open Source at Microsoft, so who am I to judge?)

My end-goal is to get Oracle DB 12.2 running in a container on Kubernetes inside Azure Container Service. This is Part 1 of my walkthrough from 0 to operational.

Build and Verify the Container

Unlike most Docker projects, Oracle does not have a public image on Docker Hub. To get started, you’ll need to:

Clone the github repo

git clone
Receiving objects: 100% (5643/5643), 425.77 MiB | 5.41 MiB/s, done.

Wait…what?! 425MB?!

After some sleuthing, it appears they once included the OracleLinux binaries in the git repo but have not purged them. Poor Github. I have a tremendous amount of appreciation for their architects and support engineers. Below is the SHA1 of the blob, the # of bytes of each file and the path.


git clone
Cloning into 'docker-images'...
remote: Counting objects: 5643, done.
remote: Compressing objects: 100% (35/35), done.
remote: Total 5643 (delta 12), reused 0 (delta 0), pack-reused 5607
Receiving objects: 100% (5643/5643), 425.77 MiB | 5.41 MiB/s, done.
Resolving deltas: 100% (3164/3164), done.

git:(master) git rev-list --objects --all \
| git cat-file --batch-check='%(objecttype) %(objectname) %(objectsize) %(rest)' \
| awk '/^blob/ {print substr($0,6)}' \
| sort --numeric-sort --key=2 | tail -7

35eda80405d711ae557905633d9f9b8d756afb94 42358832 OracleLinux/7.0/oraclelinux-7.0.tar.xz
e359def3dde981199ea692bbb26c24bd37e6fd68 42765288 OracleLinux/7.1/oraclelinux-7.1.tar.xz
0956d25bcb27f804cfc37f2a519a5cfb35af0955 43951872 OracleLinux/6.8/oraclelinux-6.8-rootfs.tar.xz
6de0b5011f509e53623ab0170fbc72e8bb53b501 43953520 OracleLinux/6.9/oraclelinux-6.9-rootfs.tar.xz
b05b9f4971b6d28330545fadc234eb423815dd59 47275816 OracleLinux/7.2/oraclelinux-7.2-rootfs.tar.xz
9b07a976e61ed2cf3a02173bf8c2d829977f2406 49130232 OracleLinux/7.3/oraclelinux-7.3-rootfs.tar.xz
3b7610a3df4892e9cf4f5d01eb3d55bcd3f2ad54 50369896 OracleLinux/6.7/oraclelinux-6.7-rootfs.tar.xz

Click to hide details

Moving right along…

Download the Oracle DB instance from their website

Since Oracle does not allow anyone else to distribute their software, you must go to their site, register (Larry Ellison now has my email), and download. Unfortunately, the login process does not allow me to “wget” the file and put on a remote machine, so I must download locally via browser. I chose “Oracle Database 12c Release 2”

-rw-r--r--@ 1 thfalgou staff 3.2G Apr 27 10:07

Another 3.2GB.

I now have an alternate version of Sir Mix A Lot’s infamous song going in my head: I LIKE BIG BINARIES AND I CANNOT LIE…

Moving right along…

Run their from the Github Repo

The documentation isn’t explicit about where to store the downloaded image. (in my case the ‘OracleDatabase/dockerfiles/’ directory)

Now the moment of truth. From the “OracleDatabase/dockerfiles” directory, run


dockerfiles git:(master) time ./ -v -s
Building image 'oracle/database:' ...
Sending build context to Docker daemon 3.454 GB^M^M
Step 1/16 : FROM oraclelinux:7-slim
---> 442ebf722584
Pages and pages of output. So much text that my iTerm buffer no longer had the initial command.
Oracle Database Docker Image for 'se2' version is ready to be extended:

--> oracle/database:

Build completed in 658 seconds.

./ -v -s 3.68s user 8.15s system 1% cpu 10:57.49 total

Click to hide details

10 Minutes later, the container is finally built. 10 minutes. 10!

Perhaps I’m being overly dramatic; however, the Docker Ecosystem has lots of high expectations and one of those is rapid development and deployment through small, composable artifacts. Granted, building and deploying a new version of database is not a common occurrence; however, the process it not conducive to DevOps. That said, this is their first foray into this, so I’m still excited to see the change.

dockerfiles git:(master) docker images
oracle/database f788cd5b4b9d 4 minutes ago 14.8 GB
oraclelinux 7-slim 442ebf722584 6 days ago 114 MB
fedora latest 15895ef0b3b2 7 days ago 231 MB
microsoft/mssql-server-linux latest 7b1c26822d97 7 days ago 1.35 GB
nginx latest 5766334bdaa0 3 weeks ago 183 MB
ubuntu latest 0ef2e08ed3fa 8 weeks ago 130 MB

14GB? I take that back.

Start the container

Let’s get the party started…

dockerfiles git:(master) docker run --name oracledb -p 1521:1521 -p 5500:5500 oracle/database:

LSNRCTL for Linux: Version - Production on 28-APR-2017 03:21:48

Copyright (c) 1991, 2016, Oracle. All rights reserved.

Starting /opt/oracle/product/ please wait...

TNSLSNR for Linux: Version - Production
System parameter file is /opt/oracle/product/
Log messages written to /opt/oracle/diag/tnslsnr/91c68ac2b2bf/listener/alert/log.xml
Copying database files
1% complete

Huzzah! After about 9 minutes, it’s finally started! Let’s test it!

~ docker exec -ti oracledb sqlplus pdbadmin@ORCLPDB1

SQL*Plus: Release Production on Fri Apr 28 03:58:10 2017

Copyright (c) 1982, 2016, Oracle. All rights reserved.

Enter password:

Connected to:
Oracle Database 12c Standard Edition Release - 64bit Production


We’re in!!! It worked!

It is at this point that I realize I’ve already gone through 2 drams of Aberlour and I should probably stop for the night. Provided there is enough interest (and whiskey), I’ll write-up Step 2 of getting this running on Kubernetes in ACS. As for now, I should stop while the world is only mildly spinning.

NOTE 1: If the database auto-generates a password with a “/” in it, I’ve found it doesn’t work. You can change that by running:
docker exec ./

NOTE 2: If you run this multiple times, make sure to run “docker system prune” as it fills up your disk fast. On my 3rd try, I hit the following error, even with lots of space on my disk.
[FATAL] [DBT-06604] The location specified for 'Fast Recovery Area Location' has insufficient free space.
CAUSE: Only (9,793MB) free space is available on the location (/opt/oracle/oradata/fast_recovery_area/ORCLCDB/).
ACTION: Choose a 'Fast Recovery Area Location' that has enough space (minimum of (12,780MB)) or free up space on the specified location.

NOTE 3: It looks like everyone uses Docker now…

DockerCon 2017

After hearing about it for years, I was fortunate enough to attend DockerCon this time around. Since joining Microsoft as a Open Source Technical Evangelist, 80% of my job is either learning or teaching. This was my first OSS conference since joining Microsoft, and I was eager to share with others my experiences.

I was even more excited to find out that a Drew Erny (my Godmother’s grandson) was not only attending, but presenting! It was also a change for me to hobnob with some of the Docker elite and some of the other Microsoft movers and shakers.

I’ve captured all of my conference notes here, but below is my overview of the event and here’s some pictures:


  • Running Linux Containers native on Windows – This demo had a hiccup, but shows some interesting potential
  • Docker Multi-Stage Build – TL;DR – Specify multiple FROM’s separate build env from deploy artifact. For more details
  • MobyProject – Open Source project to help developers create their own Docker-like container platform. This one was unclear at first, until I read a few more articles on it.
  • LinuxKit – A toolkit for building secure, portable and lean operating systems for containers was open sourced live on stage!


  • Topics ranged from enterprise deployments to enterprise scaling to enterprise security and “how to convince your enterprise boss” and “Docker Enterprise. Look at how Enterprisey we are and how Dockery other enterprises are”.
  • Day 1’s keynote felt more developer centric, and Day 2’s felt more enterprise centric. Afterwards, I also noticed the undertone of “Look how Enterprise Docker is” in not just the keynotes, but many of the presentations. Docker is definitely positioning itself to be more respected in the Enterprise world. I get it and completely understand it, but the message was tilted every so slightly towards that slant.
  • NOTE: There used to be rumors of Microsoft buying Docker. If Microsoft had, and then Docker made the same Enterprise slant, there would be a HUGE backlash. Docker has worked hard to be beloved and it shows.


Pre-event Organization:

  • Since I registered late, I missed a number of the critical emails including an FYI to RSVP to a party that was waitlisted by the time I discovered it. Thankfully, by then I had found my own crew to dine and drink with.
  • The DockerCon app was helpful for detailing the tracks and available sessions and adding them to the DockerCon app’s calendar. Would be helpful if it exported to a personal calendar for reminders as I got caught up in the Expo hall many times.

Event Organization:

  • As a coordinator of 1000+ people events, I understand exactly how difficult this is. Your best hope is that no one really notices the blood, sweat and tears that go into setting it up. And it’s now that everything is done that I appreciate how good of a job they did.
  • The was more than adequate signage and information for what is happening and where.
  • This is the first convention I’ve been to that included a swing set, which was awesome. Lots of break-out areas, separated by pallets and bean-bag private spaces.


Ecosystem Expo:

  • Microsoft and IBM were the platinum sponsors and it showed as they were the first two you saw when walking in. Outside of that, there were plenty of vendors eager to talk and lots of great swag. Drones were the most popular prize, but sadly the luck of the Coonass wasn’t with me.
  • Lots of great vendors. I got to pick the brains of talented teams at AWS, Rancher,, Redhat, Docker, Aqua, RedisLabs, 1&1, Citrix, Cloud Native Compute Foundation, Oracle (yes, that Oracle. They provide Oracle server on containers now!)

Lots of great presentations and speakers.

  • “Creating Effective Images” was the top rated and thankfully repeated since I missed it the first time. I highly recommend watching when it becomes available online.
  • Docker Swarm Deep Dive – Drew Erny did a great job of headlining this talk with demos from some of his compatriots. I saw how Docker bakes security into everything they do which will make all of our lives easier. I have been focused on Kubernetes, but the new announcements for Docker Swarm have gotten me really excited, especially how they handle Secrets and image security, software supply chain lifecycle and desktop deployments.

Here’s some great quotes I overheard:

  • “I only use microservices to effectively hide the root cause of any problem I create”
  • “Whatever layer you’re at, the layer below you is just magic”
  • “To quote WuTang: Cache rules everything around me.”
  • “Bro, do you even Load Balance?”
  • “Complaint Driven Development”
  • “According to metrics, you don’t have metrics”
  • This love poem


Prior to DockerCon, I really hoped to attend and meet a few more Microsoft’ers and some Docker’ers(?) but got swept up into the community and the common goal it has for deploying software better, faster, stronger. I can’t wait till next year.

P.S. If you are interested in toying around with Docker, check out: It’s a great walkthrough without the need to install anything (browser based development!)

I work for Microsoft?!

Laziness, Impatience, Hubris

The great Larry Wall claims that these are the three great virtues of a great programmer. And I whole heartedly agree. However, If I were to propose three virtues, they’d be: Inquisitiveness, Acceptance, and Stubbornness.

My name is Tommy Falgout, I’m a new employee at Microsoft and I have no idea what I’m doing.

I don’t know .NET. Or Azure. I don’t own a Windows Phone. Heck, the last Windows OS I “owned” was XP.

What I do have is ~20 years of experience in *nix and Open Source software development. I helped develop the original SMS implementation for GSM, back when phones were only meant for voice. I wrote telecom automation systems in Perl, PHP and MySQL 3.x. I then worked at Yahoo for 9 years where I expanded my brain to build their live events engine to broadcast Obama’s Inauguration, the Royal Wedding and the NFL games (Yahoo used to own NFL streaming rights in the 2000’s) I migrated to Yahoo’s Infrastructure database which was the duct tape keeping everything together and integrated.

As a Technical Evangelist, I’m building upon all that experience as a foundation for this new opportunity. To take Azure to the next level.

The thing is…I don’t know how to Azure yet. But that’s the point of this blog. To detail my findings and explore the union of Open Source and Azure. This will be a dumping ground and lesson’s learned. I’m a big fan of transparency and learning from other people’s mistakes. My hope is that you can learn from mine.

Now to go learn how not to mangle my ARM.

Reflections in the Mirror

I’ve decided to journal again, not because I need something else to do (Father, Husband, Principal Developer @ Yahoo, Scrum Master, President and Founder of DFW Trebuchet, Team Lead for “Trey Bouchet”), but because I’ve lost focus.

I’ve learned that my ambition is often greater than my common sense. While this helps forward my goals, the overuse of my greatest strength soon becomes my greatest weakness. And as I write, erase and re-write these words, it helps me search deeper into myself for my true intent. And I think that’s what I’m really searching for. Similar to how artists chip away a perfectly good stone to release the sculpture underneath, I think it’s time for me to shed those internal monologues and responsibilities that no longer reflect me.

I’ve taken over many responsibilities because I have a vision for how great the endgame will be (DFW Trebuchet, various work projects); however, over time those same passions become a burden as my role devolves from leader to lynchpin. And this is where I continue to work on turning the breakdown to a breakthrough. I’m not sure what it will take, or even how long. However, I’m sure that it will involve me reaching out to my community and garnering their support. Most likely by helping me pull my head out of my ass.

– Snoopykiss is looking to get his groove back.

To our Friends, Family and those in between,

This is the time of year I electronically dust off the addresses of friends and acquaintances, old and new, and ask myself over a cup of hot chocolate, “Do they still live there? How much is postage these days? Do I even know how to write something that isn’t my signature? This is to overwhelming. Maybe I’ll do it next year.” This is also where we’d have a picture of our family in front of a christmas tree showing how big Kara has grown and with a message about how great this year has been.

Fortunately, our lives have been so blessed that one picture couldn’t possibly summarize everything that we’ve experienced this year. So, I present to you this e-essay/card where you can click on links so we both reminisce on what’s happened to the Falgout Family in 2011.

Early on, I reconnected with my family through my long forgotten Falgout family tradition of a bonfire on NYE, as well as celebrating Kara’s birthday in our new Falgout family tradition: Cupcakes! We also got to meet Kara’s namesake celebrity, Katee Sackhoff. And a few other celebrities!

Kathy and I also had a joint birthday celebration which resulted in the best surprise of my 35 years on this planet and an amazing party. But that’s not to say life doesn’t have its falls, with screams of laughter, fear and excitement. In fact, one of my favorite accomplishments of the year was the Trebuchet Contest. Which also had it’s own falls, laughter, fear and excitement.

Somewhere mixed in all this was a trip to Italy, which I had promised Kathy for many years. And we discovered that even thousands of miles away, international cultures have more in common than you think.

For the first time, since moving into the Plano, we participated in Halloween. Verdict: Cute!

I also picked up bowling, which I found out I can be quite good at if I put my mind to it (read: Don’t drink as much).

And who in Dallas could forget the Mavericks finally winning the NBA Championship!

This year was also a resurgence in our friend’s fertility! 12 of our friends are on their way to starting their own families this year. (I sometimes think of ourselves as the Baby Making Hipsters of our friend’s circle.)

Looking back, it’s amazing to see all that has happened this year. It’s an extremely blessed and fortunate life. And it’s enriched by all of our friends and family which support and encourage us and our wacky lifestyle.

Thanks and here’s to outliving the Mayan’s expiration in 2012!
-Tommy, Kathy and Kara Falgout

LEGO Star Destroyer Hanging

A long, long time ago, LEGO announced their new Collectors Star Destroyer. It was their largest set at the time and I being a long time LEGO maniac, I had to have it. It took many weeks to build, and has been one of my prize possessions which I’ve flaunted even more than my hot tub. Friends, relationships and other toys have come and gone, but ol’Desty has always been around.

Now that I have a wife and kid, space has become constrained, and I’ve had to become creative in my toy storage. After mulling it around, I realized the best for Ol’Desty was to prominently display her, hanging from the ceiling. Unfortunately, after some researching the only useful bit of information I found was “use fishing wire”. I could do better than that.

To all my friends who have gotten this far, you can stop reading as the rest will bore you to tiny little brick pieces. To all of the LEGO enthusiasts, on with the gory details!

One of the most fascinating parts of trying to hang the LEGO Star Destroyer (LSD) was taking it apart and seeing how 9 years of being on display has affected the structure. If you’ve built an LSD before, you know that the fuselage is made of four attached triangles and most of the weight settles on the last two-thirds of the structure. You also probably also know that it’s an extremely fragile set, held together by magnets. Great idea, but for me, the bottom panels kept falling off all too often. In the pictures, you can see how the center beams have warped over time, bowing up to 4 3/4″ from the ground (between the two stands) and sagging to 4″ from the ground (at the tip).

On my first attempt, I tried to cradle the LSD by wrapping fishing wire around the entire structure, but that caused it to pinch the panels some places and bow out in others. After a few other experiments with the LSD over a generous glass of whiskey and coke, I found my solution.

I removed all 4 pieces of panelling and tied one long piece of fishing wire into strategic weight points on the triangle frame, using the peg holes of the middle long bricks to wrap the fishing wire around. I then re-attached the panels and fed the fishing wire between the horizontal center crevice. This approach caused the least amount of structural and functional disruption and allowed it to balance right on it’s widthwise center of gravity.

I played around with different locations along the frame and finally found a proper equilibrium (see pics). When hanging, my intent was to tilt the LSD slightly forward so that as you enter the room, a clear view of all of the beautiful deals LEGO put into the model are visible. Along with some more adjustments to the weight distribution, I was able to get the angle I wanted.

Google Sketchup was a great way to plan out exactly where to drill for the ceiling hooks. It also allows me to make some planned adjustments for upcoming LEGO Goodness

It required two people to hoist the LSD up, adjust the tension on the wires and tie off the ends. Once it was all settled and angled properly, the rear wires were significantly tighter than the front, but I believe that this is unavoidable due to the LSD’s weight distribution.

For the rest of the evening, I just sat there, basking at it’s beauty and glowing as it was inspiring to see it hovering ever so menacingly there, and proud of my accomplishment and DIY prowess.


  • Fishing Wire (Sporting goods store)
  • 3 ceiling plant hooks
  • Whiskey, or libation of choice if so desired. (For focusing your LEGO and Engineering Chi)
  • Electric Drill (for pre-drilling the holes in the ceiling)
  • patience

    Example of LSD bowing after 9 years

    Rear support with fishing wire

    Mid support with fishing wire

    Front Support

    Supports w/o bottom panel

    Google Sketchup

  • Techno-Geek-arama

    Jason, Neil and I were invited to speak at the PHP track for the Tulsa Tech Fest It made for a fun road trip as well as a really good lesson learned for trying to code while presenting. In short: Don’t.

    Too many things can go wrong and the unexpected will always happen.

    The presentation I gave on MySQL Scaling and Growth can be found here.

    Thanks to everyone for the support and feedback provided.