Glass Half Empty

2019-11-06 So it begins...

It was the day after Fireworks Night, and all through the house, not a creature was stirring, not even !BANG! Oh. Oh dear.

Well, never mind that. It's past Halloween and past Fireworks Night, so I guess Christmas is the next item on the calendar. Time for mince pies and mulled wine and all that good stuff - myself, I stay away from it at least until December starts but it's in the stores from October, so if it's your thing knock yourself out I guess.

Unfortunately, it's also the time of year for "'Certain areas of the country' hate our poppies" and "You can't say Merry Christmas any more" and other shitty nonsense to do the rounds on social media. It's got to the point now that the Royal British Legion (they of the poppies) have had to issue a series of statements over the years saying that the former is total rubbish (it's also dog-whistle racist to boot, as those 'certain areas' being talked around are never predominantly white and middle class, but the RBL didn't address that one). The latter is a slipperier customer, given that it's so vague and personal-point-of-view ranty to begin with - I can easily put up an opinion-piece to counter that opinion but it's not particularly well-sourced or authoritative. Frankly, though, if your particular rant is well-travelled enough to be included in a wikipedia page and debunked there too, I feel I don't need to put too much time in.

These social media posts are "interesting" to me because they seem like examples of weaponised memes in the wild. An idea with all of emotional resonance, a reason/desire for the host to spread it and a coat of reasonability surrounding a hijack payload designed to turn a reasonable person into an infection vector. It spreads through the networks of modern social media, from host to host, and even those immune to its payload start to question their own beliefs once it starts appearing everywhere. As an engineer and a citizen of the Internet, I feel like I should understand how this kind of thing works. I really don't, though, and it's increasingly clear to me that some people do. Maybe if I'd put some time into the (at my school) generally derided "easy soft classes" of sociology and media studies I'd be better equipped to understand - I've certainly been schooled often enough by friends who did study those subjects to recognise a gap in my mental armoury. I think it's harder and harder as time goes on to justify putting all of your time into learning the new computer languages and server technologies of the day without putting some time into psychology and human sciences. Ad companies and other groups who want to make people think particular ways (e.g. political parties) have people that specialise in messaging and "spin" and making groups of people think in a particular direction for a few weeks at a time. We, the people of the Internet, need better defences.

That got dark and a little tinfoil-hatty, but well, it's hard not to in this climate of lies in the news, lies on the net and apparent weakness or unwillingness of legal justice. Over the next few weeks I'm going to give some time and money to Full Fact, who are an independent fact-checking charity, and if you have either spare I'd encourage you to do so too. Their site is a good read and a good resource when you spot another piece of poisonous nonsense floating by, and we need organisations like them now more than ever, what with Brexit and the ongoing Tory Omnishambles in the UK and the rise of Trump and the ruin of the Republican party in the US.

Enough about the world. As a wise person somewhere on the internet said, "We became a global species overnight, and it's giving us PTSD". We're set up for things happening in our local area and to our little community, and now that we see glimpses of a thousand other communities a day via Twitter and Facebook and so on, it's hard to keep up with all the changes and problems people are having, even though the rate hasn't changed - we just see more of them. The world is full of darkness but little lights still burn in our hearts, and it's wise to cherish them if you can. Happy Equinox, welcome the dark of the year and look for the rising of the spring. Keep safe, so far as you can, and guard the backs of your friends and neighbours through the long nights.

2019-01-25 New Firewall

I've just finished installing a new firewall machine for my home network, and I thought I'd write about it here in the interest of having something to write about, and because it's useful to talk about how things went so other people can learn from your experience. So here goes.

The firewall's hardware is an NA204 network server appliance from, with a Seagate Barracuda 500GB hard disk. I had the Mini-ITX store build it, which means it comes with a 3-year warranty - can't argue with that. The NA204 is based on the Jetway JNF9HG-2930 motherboard, which has a quad-core Intel N2930 Celeron processor clocked at 1.83GHz, 4GB of RAM and integrated Intel graphics. In addition to all that, this unit has a daughterboard with four gigabit Ethernet ports, which makes it ideal for jobs like this.

Softwarewise, we're running pfsense 2.4.4 (docs), which is based on FreeBSD 11.2. It's a UNIX, which means I can get into its guts if I need to (though I'm not as familiar with it as I am with Linux). That became relevant during the install, as I'll mention later.

The installation process was pretty standard, at first. I burned the pfsense installer to CD from an ISO image (after checking the checksum), slipped the disc into a USB optical drive and plugged it into the front panel of the NA204, along with a monitor and keyboard. The UEFI on the motherboard picked up the optical drive without any problems, and gave me an option to boot from it (press F7 during startup to pop up a boot menu), and the installer ... choked. It gave me the a nice ascii-art welcome screen and started scrawling bootup information on the screen, and then just stopped.

It turns out that on certain graphics cards, the FreeBSD 11.2 installer is known to fail to correctly discover the properties of the screen, and it tries to set the resolution to a size the GPU can't support, and the GPU gives up and dies. Thankfully, it's an easy problem to fix. As The Geek Pub's "pfsense-hangs-at-booting" states, there's a kernel parameter (kern.vty="sc") that will set the resolution and disable discovery, so I passed that to the installer kernel at boot time and then dropped the relevant parameter into the bootloader config (/boot/loader.conf) with vi so that it would always apply in the future.

At that point, the install proceeded to completion and it was on to configuration, firstly of the interfaces. I thought this was pretty neat. To tell the machine that a particular interface is the WAN port, for example, you unplug all network cables from the machine and then select "WAN port", "auto" and plug a network cable that has a device of some kind on the other end. pfsense will then notice the Link Up event from that cable being plugged in, and associate the port it came from with that interface. And so on for the other ports (LAN and WAN are required for obvious reasons, and I assigned the other two interfaces to WIFI and DMZ for future use). Very neat. A DHCP server came up automatically on the LAN port, which had set itself to by default.

Unfortunately, my ISP's modem's wifi router was handing out .1.x addresses. I'd disconnected from the wifi but not disabled the wifi adaptor. This meant that my wifi card had, and was hanging on to it in case it reconnected. There then followed a tiresome dance of my plugging a cable between my laptop and the firewall and trying to go to the firewall's webconfig page to finish setting it up, and my laptop saying "...there's nothing there." Of course, I pinged it to see if the web browser was lying, and I got a response! It took a depressingly long time to work out that the response I was getting was from my own wifi card. Then I reset the firewall's LAN port and DHCP to 192.168.2.x and everything started working.

So there you have it: the story of my pfsense install. I'm liking pfsense, because it's highly configurable and exposes a lot of options. That same option profusion makes it... probably not ideal for inexperienced users - I've been maintaining house-LANs for years and I don't understand some of the options yet. But, if you're looking for a tough, reliable, configurable firewall I'd recommend pfsense. And if you want a machine to run it on, the NA204 is really rather nice.

2018-10-22 Living in a box

OK, new flat, new start - in theory, at least. It's a month and two days since I moved in here ("here" being Milton, a couple of miles north of where I used to be), and everything is still everywhere but things are starting to get sorted out. The kitchen is usable if I'm willing to shift stuff about to make room on the worksurfaces, and I can walk into and out of all the rooms and more or less use them for their assigned purpose. Still need to assemble the media centre and get the packed clothes off the sofa, but it's not too bad for somewhere I live.

This is not forever. It's a small flat with a cheap rent and slightly questionable facilities, on a 12-month contract with the option to extend at expiry. Long enough to get my feet under me, have a damned good sort-out and get rid of some stuff I don't need. Long enough to get my head back together and find somewhere to live longer term.

In other news, hey, glasshalfempty's up again. The new place struggles to manage 1Mbps, so I'm not hosting the site in my living room any more - we're coming to you live from a linode in Frankfurt and I upgraded the site to use Python3 while I was at it. Easier to upgrade now, while there's not much to upgrade.


2018-07-20 Life in boxes, 2018 edition

An out-of-band update here, to note the following: I've just received two months' notice on my flat, meaning that the landlord wants to take possession of it no later than the 20th of September. This kind of thing is why I hate renting - the lack of control, the lack of warning, the difficulty of planning anything when you don't know when someone you've never met is going to pull the rug out from under your feet. It sucks. It happens. Gotta get over it.

So, I've rented a storage unit and ordered in some flatpacked moving boxes, and I'm going to start looking for another rental in the next few days. I was planning on trying to buy a place of my own over the coming winter, but that's out the airlock now: there's no real chance of exchanging, completing and moving in two months and once I'm moved to a new place I should probably stay there for at least six months/a year (since that'll be the initial rental contract). The move, at least, gives me an opportunity to declutter and reorganise in a way that's difficult when everything is in its familiar place - I'm aiming to shed up to 20% of my equipment volume, which should make the second move substantially easier when the time comes.

Let's see what happens. I'm going to a LARP event next weekend and a convention the weekend after, both booked months ago, so I'll survey the market and move stuff to storage until after the con, then start looking in earnest.

2018-02-28 Technical Debt

It's been a very long time.

Some of the wait is because I kept being busy, having better, more urgent or somehow more distracting things to do. Some of it is because the feedback loop through the old site is broken (along with the old site), so I don't remember that it's important or interesting to some people. Some of it is because the hardware upgrade stalled amidst a series of sick hard disks a couple of years ago, and I haven't gotten back to it. Doesn't really matter.

I've been drowning in details for the last few years, I think, and hadn't realised until very recently. I don't like putting things online that aren't the best I have: if people are going to have the opportunity to critique something I've made, I'd like it to be as good as I can make it. Less than perfection, say some parts of my mind, is waste. There are at least three versions of New GHE that will never see the light of day, because I abandoned them because they were wrong or incomplete or poorly designed.

I'm going to try not to care about that any more. This is an experiment, but fundamentally I'm an information designer/software engineer/technical author/whatever. I trained as an embedded software developer, and a computer and AI scientist. I never trained as a web designer. I've never claimed that my websites are the best they can be, and chances are that this one won't be. It'll be as secure as I can make it, because that sort of thing matters, but it won't have lots of features or use up-to-the-minute CSS or be perfectly standards compliant at all times.

Here's the very beginning of Glasshalfempty 3.0, or 3.0.0-alpha1, I think we'd call it at work - the first alpha version of 3.0. It's incomplete and probably buggy, there isn't even a blog here yet, just a framework and some HTML and CSS. I'll bring more things online in time.

But I got some queries from old friends recently that made me wonder why it wasn't online, and I found I had no good answer, only excuses. So here we are. Join me round the campfire, I guess in companiable silence for now. Blogging, commenting, all that fun stuff, is in the future, so silence is the only option you have anyway.