2019-11-06 So it begins...
It was the day after Fireworks Night, and all through the house, not a creature
was stirring, not even !BANG! Oh. Oh dear.
Well, never mind that. It's past Halloween and past Fireworks Night, so I guess
Christmas is the next item on the calendar. Time for mince pies and mulled
wine and all that good stuff - myself, I stay away from it at least until
December starts but it's in the stores from October, so if it's your thing
knock yourself out I guess.
Unfortunately, it's also the time of year for "'Certain areas of the country'
hate our poppies" and "You can't say Merry Christmas any more" and other
shitty nonsense to do the rounds on social media. It's got to the point now
that the Royal British Legion (they of the poppies) have had to issue a
over the years saying that the former is total rubbish (it's also dog-whistle
racist to boot, as those 'certain areas' being talked around are never predominantly white
and middle class, but the RBL didn't address that one). The latter is a
slipperier customer, given that it's so vague and personal-point-of-view ranty
to begin with - I can easily put up an
to counter that opinion but it's not particularly well-sourced or
authoritative. Frankly, though, if your particular rant is well-travelled
enough to be included in a
and debunked there too, I feel I don't need to put too much time in.
These social media posts are "interesting" to me because they seem like examples of
in the wild. An idea with all of emotional resonance, a reason/desire for the host
to spread it and a coat of reasonability surrounding a hijack payload designed to
turn a reasonable person into an infection vector. It spreads through the networks
of modern social media, from host to host, and even those immune to its payload
start to question their own beliefs once it starts appearing everywhere. As an
engineer and a citizen of the Internet, I feel like I should understand how this
kind of thing works. I really don't, though, and it's increasingly clear to me
that some people do. Maybe if I'd put some time into the (at my school)
generally derided "easy soft classes" of sociology and media studies I'd be
better equipped to understand - I've certainly been schooled often enough by
friends who did study those subjects to recognise a gap in my mental armoury. I
think it's harder and harder as time goes on to justify putting all of your time
into learning the new computer languages and server technologies of the day without
putting some time into psychology and human sciences. Ad companies and other
groups who want to make people think particular ways (e.g. political parties) have
people that specialise in messaging and "spin" and making groups of people think
in a particular direction for a few weeks at a time. We, the people of the
Internet, need better defences.
That got dark and a little tinfoil-hatty, but well, it's hard not to in this
climate of lies in the news, lies on the net and apparent weakness or
unwillingness of legal justice. Over the next few weeks I'm going to give some
time and money to Full Fact,
who are an independent fact-checking charity, and if you have either spare I'd
encourage you to do so too. Their site is a good read and a good resource when
you spot another piece of poisonous nonsense floating by, and we need
organisations like them now more than ever, what with Brexit and the ongoing
Tory Omnishambles in the UK and the rise of Trump and the ruin of the
Republican party in the US.
Enough about the world. As a wise person somewhere on the internet said, "We
became a global species overnight, and it's giving us PTSD". We're set up for things happening in our local area and to our little community, and now that we see glimpses of a thousand other communities a day via Twitter and Facebook and so on, it's hard to keep up with all the changes and problems people are having, even though the rate hasn't changed - we just see more of them. The world is full
of darkness but little lights still burn in our hearts, and it's wise to cherish
them if you can. Happy Equinox, welcome the dark of the year and look for the
rising of the spring. Keep safe, so far as you can, and guard the backs of
your friends and neighbours through the long nights.
2019-01-25 New Firewall
I've just finished installing a new firewall machine for my home network, and
I thought I'd write about it here in the interest of having something to write
about, and because it's useful to talk about how things went so other people
can learn from your experience. So here goes.
The firewall's hardware is an NA204 network server appliance from
Mini-ITX.com, with a Seagate Barracuda 500GB hard
disk. I had the Mini-ITX store build it, which means it comes with a 3-year
warranty - can't argue with that. The NA204 is based on the Jetway JNF9HG-2930
motherboard, which has a quad-core Intel N2930 Celeron processor clocked at
1.83GHz, 4GB of RAM and integrated Intel graphics. In addition to all that,
this unit has a daughterboard with four gigabit Ethernet ports, which makes
it ideal for jobs like this.
Softwarewise, we're running pfsense 2.4.4
which is based on FreeBSD 11.2. It's
a UNIX, which means I can get into its guts if I need to (though I'm not as
familiar with it as I am with Linux). That became relevant during the
install, as I'll mention later.
The installation process was pretty standard, at first. I burned the pfsense
installer to CD from an ISO image (after checking the checksum), slipped the
disc into a USB optical drive and plugged it into the front panel of the NA204,
along with a monitor and keyboard. The UEFI on the motherboard picked up the
optical drive without any problems, and gave me an option to boot from it (press
F7 during startup to pop up a boot menu), and the installer ... choked. It
gave me the a nice ascii-art welcome screen and started scrawling bootup
information on the screen, and then just stopped.
It turns out that on certain graphics cards, the FreeBSD 11.2 installer is known
to fail to correctly discover the properties of the screen, and it tries to set
the resolution to a size the GPU can't support, and the GPU gives up and dies.
Thankfully, it's an easy problem to fix. As
The Geek Pub's "pfsense-hangs-at-booting"
states, there's a kernel parameter (kern.vty="sc") that will set the resolution
and disable discovery, so I passed that to the installer kernel at boot time
and then dropped the relevant parameter into the bootloader config
(/boot/loader.conf) with vi so that it would always apply in the future.
At that point, the install proceeded to completion and it was on to
configuration, firstly of the interfaces. I thought this was pretty neat. To
tell the machine that a particular interface is the WAN port, for example, you unplug all network cables from the machine and then select "WAN port", "auto" and
plug a network cable that has a device of some kind on the other end. pfsense
will then notice the Link Up event from that cable being plugged in, and
associate the port it came from with that interface. And so on for the other
ports (LAN and WAN are required for obvious reasons, and I assigned the other
two interfaces to WIFI and DMZ for future use). Very neat. A DHCP server came
up automatically on the LAN port, which had set itself to 192.168.1.1 by default.
Unfortunately, my ISP's modem's wifi router was handing out .1.x addresses.
I'd disconnected from the wifi but not disabled the wifi adaptor. This meant
that my wifi card had 192.168.1.1, and was hanging on to it in case it
reconnected. There then followed
a tiresome dance of my plugging a cable between my laptop and the firewall and
trying to go to the firewall's webconfig page to finish setting it up, and my
laptop saying "...there's nothing there." Of course, I pinged it to see if the
web browser was lying, and I got a response! It took a depressingly long time
to work out that the response I was getting was from my own wifi card. Then I
reset the firewall's LAN port and DHCP to 192.168.2.x and everything started
So there you have it: the story of my pfsense install. I'm liking pfsense,
because it's highly configurable and exposes a lot of options. That same option
profusion makes it... probably not ideal for inexperienced users - I've been
maintaining house-LANs for years and I don't understand some of the options yet.
But, if you're looking for a tough, reliable, configurable firewall I'd
recommend pfsense. And if you want a machine to run it on, the NA204 is really
2018-10-22 Living in a box
OK, new flat, new start - in theory, at least. It's a month and two days
since I moved in here ("here" being Milton, a couple of miles north of where
I used to be), and everything is still everywhere but things are starting to
get sorted out. The kitchen is usable if I'm willing to shift stuff about to
make room on the worksurfaces, and I can walk into and out of all the rooms
and more or less use them for their assigned purpose. Still need to assemble
the media centre and get the packed clothes off the sofa, but it's not too
bad for somewhere I live.
This is not forever. It's a small flat with a cheap rent and slightly
questionable facilities, on a 12-month contract with the option to extend at
expiry. Long enough to get my feet under me, have a damned good sort-out and
get rid of some stuff I don't need. Long enough to get my head back together
and find somewhere to live longer term.
In other news, hey, glasshalfempty's up again. The new place struggles to
manage 1Mbps, so I'm not hosting the site in my living room any more - we're
coming to you live from a linode in Frankfurt and I upgraded the site to use
Python3 while I was at it. Easier to upgrade now, while there's not much to
2018-07-20 Life in boxes, 2018 edition
An out-of-band update here, to note the following: I've just received two
months' notice on my flat, meaning that the landlord wants to take possession
of it no later than the 20th of September. This kind of thing is why I hate
renting - the lack of control, the lack of warning, the difficulty of planning
anything when you don't know when someone you've never met is going to pull the
rug out from under your feet. It sucks. It happens. Gotta get over it.
So, I've rented a storage unit and ordered in some flatpacked moving boxes, and
I'm going to start looking for another rental in the next few days. I was
planning on trying to buy a place of my own over the coming winter, but that's
out the airlock now: there's no real chance of exchanging, completing and
moving in two months and once I'm moved to a new place I should probably stay
there for at least six months/a year (since that'll be the initial rental
contract). The move, at least, gives me an opportunity to declutter and
reorganise in a way that's difficult when everything is in its familiar place
- I'm aiming to shed up to 20% of my equipment volume, which should make the
second move substantially easier when the time comes.
Let's see what happens. I'm going to a LARP event next weekend and a
convention the weekend after, both booked months ago, so I'll survey the market
and move stuff to storage until after the con, then start looking in earnest.
2018-02-28 Technical Debt
It's been a very long time.
Some of the wait is because I kept being busy, having better, more urgent or somehow more distracting things to do. Some of it is because the feedback loop through the old site is broken (along with the old site), so I don't remember that it's important or interesting to some people. Some of it is because the hardware upgrade stalled amidst a series of sick hard disks a couple of years ago, and I haven't gotten back to it. Doesn't really matter.
I've been drowning in details for the last few years, I think, and hadn't realised until very recently. I don't like putting things online that aren't the best I have: if people are going to have the opportunity to critique something I've made, I'd like it to be as good as I can make it. Less than perfection, say some parts of my mind, is waste. There are at least three versions of New GHE that will never see the light of day, because I abandoned them because they were wrong or incomplete or poorly designed.
I'm going to try not to care about that any more. This is an experiment, but fundamentally I'm an information designer/software engineer/technical author/whatever. I trained as an embedded software developer, and a computer and AI scientist. I never trained as a web designer. I've never claimed that my websites are the best they can be, and chances are that this one won't be. It'll be as secure as I can make it, because that sort of thing matters, but it won't have lots of features or use up-to-the-minute CSS or be perfectly standards compliant at all times.
Here's the very beginning of Glasshalfempty 3.0, or 3.0.0-alpha1, I think we'd call it at work - the first alpha version of 3.0. It's incomplete and probably buggy, there isn't even a blog here yet, just a framework and some HTML and CSS. I'll bring more things online in time.
But I got some queries from old friends recently that made me wonder why it wasn't online, and I found I had no good answer, only excuses. So here we are. Join me round the campfire, I guess in companiable silence for now. Blogging, commenting, all that fun stuff, is in the future, so silence is the only option you have anyway.