misc Articles



  • Sun 06 September 2020
  • misc

Unix $5$ and $6$ hashes from the command line

Until recently I had been reliant on random Perl and Python one-liners to generate $5$ and $6$ hashes (as well as $1$ - AHEM, Juniper...) when I needed to email someone a password or set up Ansible for mail accounts on SmartOS. Today I learned that OpenSSL 1.1.1 (2018 …

  • Mon 31 August 2020
  • misc

Modern Car Party Trick (DMM and ATC/ATM fuse block)

When I was a teenager, I got pretty good at tracking down parasitic draws in older cars with flakey wiring harnesses by pulling (tubular glass cartridge) fuses one at a time and reading the wiring harness schematic. On the plus side cars back then were short on random electronic doo-dads …

  • Mon 24 August 2020
  • misc

Don't use Signal if you value privacy

A couple of months ago I became a Signal user. For about 18 hours. Then I noped right out. Why did I suddenly quit using a messaging app that is said to be a privay-oriented platform? Mere hours after I joined, I started getting messages from people on my contacts …

  • Sat 15 August 2020
  • misc

The Spoon Trick (sheet metal forming in the home)

A couple of years ago when Argos was a puppy, he chewed on my Ridge Wallet and put a bunch of tiny puppy-teeth-sized dents in the titanium side panels. While they have a lifetime warranty I didn't think it really covered puppy damage as opposed to normal wear and tear …

  • Fri 14 August 2020
  • misc

If you use Ansible and you use Emacs...

Here at ClueTrust we have been using Ansible for several years now. Recently monorepos have gained a fair amount of mindshare because Google and Facebook use them. We are not Google nor are we followers of cargo cult software development methodologies. For a variety of reasons, we look at a …

  • Sat 01 August 2020
  • misc

Ethanol-Free Gasoline in VA

Yesterday I dropped by the BP station in Warrenton to pick up a gallon of ethanol-free gasoline for the chain saws and string trimmers. There's a lot of folklore surrounding E10 (which is a default case for pump gas these days). What is gasoline anyway? A naive guess might be …

  • Fri 10 July 2020
  • misc

Passing the CDL Pre-Trip Test in Virginia

About a year ago I came to realize that I didn't have the right license for operating a particular truck that I'd been driving periodically for a number of years. So I set about to fix it. What makes a vehicle require a commercial driver's license? There are small vehicle …

  • Thu 09 July 2020
  • misc

Farewell to Jekyll

A bit over four years ago I fired Drupal in favor of Jekyll. Any static site generator is a huge step in the right direction from using a CMS that averages a security vulnerability patch per month, and Jekyll was one of the first. That said, time has not been …

  • Wed 06 May 2020
  • misc

How I signed up for a FiOS negative discount of $10/month

The other day I decided that I'd take advantage of my employee discount on FiOS, offered through my job. Unfortunately, when all was said and done, my bill ended up being $50/month higher and I didn't catch this before I accepted the deal. After multiple hours on the phone …

  • Fri 27 March 2020
  • misc

Travelogue - OpenSSH 8.2 Yubikey U2F/FIDO2 Support

At ClueTrust we’re constantly re-evaluating our security posture based on both perceived threat and what level of effort it takes to implement various security technologies. In short, being a small shop we're always conscious of the "effort" component of the effort/reward ratio. Here in the future in 2020 …

  • Thu 26 March 2020
  • misc

Password Recovery and Upgrading Software on a Juniper EX switch

A year and a half or so ago we bought some secondhand Juniper EX4200 switches for deployment to do OOB, camera, wifi, and other applications where inexpensive POE switches were appropriate, and the fact that they were EOL didn't represent a barrier to acceptance. The team was a little concerned …

  • Sun 01 March 2020
  • misc

Electrify America - the most profitable mea culpa ever

I won't bore you with a rehash of Dieselgate except to note that as a finale Volkswagen paid a couple billion dollars as fines and further committed to spend $2 billion for clean-emissions infrastructure. In 2017 they created a subsidiary called Electrify America to implement this, with a commitment to …

  • Thu 20 February 2020
  • misc

Lets Encrypt, DNS-01, and a side of Certificate Transparency

Gaige and I have been using Let's Encrypt for creating certificates for use with SSL/TLS services since Lets Encrypt was an invite-only beta. Naturally this included expansion to our day job a year or a little more ago (more on that later). This is a bit of a travelogue …

  • Tue 18 February 2020
  • misc

Swapping out locks on a GSA security container

In the DC area, surplus Class 5 and 6 GSA security containers are often available through the usual channels (DRMO, craigslist, etc). They're great for storing things like hard drives waiting to go to get destroyed, laptops with your CA on them, trays of expensive RAM sticks, handguns, etc. The …

  • Wed 12 February 2020
  • misc

Rebuilding the Ansible jumphost under fire

You only really appreciate just how much you've come to rely on a particular tool in your bag of tricks when you're suddenly deprived of it. Today, I was trying to (manually - strike one) add awscli to my (production, strike 2) Ansible jumphost. Something went off the rails and I …

  • Sat 01 February 2020
  • misc

Good-enough security and Polycom phone network configuration notes

As I've previously mentioned, Gaige and I have an assortment of Polycom VVX and old Cisco 7960 phones floating around which we do VoIP on. The 7960s might not be long for the world though - I recently threatened a friend who had a line on some freebies that I'd toss …

  • Thu 12 December 2019
  • misc

Things I won't do again

I was in a hurry and "didn't have time to properly clean out all sensitive data" from a work in progress, so I handed Gaige a tarball. Not a pointer to a repo or a tarball that included a local repo... a tarball. Then I made some tweaks myself. You …

  • Mon 23 September 2019
  • misc

systemd - dissatisfaction guaranteed

Hating on systemd is widely considered good sport. That said, rants are rarely backed up with good observations about why it's unsatisfactory, merely complaints about it being different from sysvinit. I've written before about making systemd do what I want, and have had decent experience bending it to my will …

  • Fri 06 September 2019
  • misc

running VyOS from USB

At ClueTrust we have had good experiences running from high quality USB sticks, for software that is designed to run off USB or SD cards such as ESXi and SmartOS. VyOS is not one of those software packages. It appears to try to swap to the usb stick, which results …

  • Tue 20 August 2019
  • misc

techmikeny knows how to box a server

I recently bought a server from techmikeny.com after seeing an unboxing photoset on Reddit. They own a foam machine and know how to use it. I'm quite tired of dealing with secondhand servers that arrive broken because they were improperly packed. The photoset I saw on Reddit gave me …

  • Mon 19 August 2019
  • misc

In praise of PC-11

We put our nice knives (Wusthof and Henckels stainless) in the dishwasher like the barbarians we are. A dozen or so years ago, my housemate had a mishap with a paring knife that resulted in it falling on the heating element in the bottom of the dishwasher which melted a …

  • Thu 08 August 2019
  • misc

Good tools, less money

I recently became aware of a couple of interesting resources for getting good quality tools without going broke. The first one is a list from 2014 entitled 10 Hand Tool Brands That Don’t Get The Love They Deserve (local copy here). Personal favorites on that list include Proto (yes …

  • Thu 08 August 2019
  • misc

Hey Dell, where did you hide the boot order in your BIOS?

I always forget this and just spent a half hour looking for it and googling online. You know how the less important stories are always hidden "below the fold"? Dell did this for the BIOS boot order settings. Because who would ever want to set to boot off the thumb …

  • Wed 07 August 2019
  • misc

Tractor Feature Shopping List

In August 2011, fresh off buying a house and needing something to look after the yard I went tractor shopping. What I ended up buying was a sound choice given the information available to me at the time, and I'm grateful to my salesman for wanting to make sure that …

  • Tue 06 August 2019
  • misc

Keeping the portable EVSE from walking away

Continuing on with the theme of electric car chargers, most electric car manufacturers include one with the car. These vary in niceness from the fairly basic Level One-only example that came with my 2015 Nissan Leaf to the Tesla Mobile Connector aka UMC, which does Level One charging on a …

  • Sun 30 June 2019
  • misc

A little disappointment in the car charger metering department

I installed my electric car charger (EVSE) at the end of 2013. It wasn't on a separate meter since I did the analysis of being on Dominion's Schedule EV (local mirror) and concluded that while it would result in a marginally lower power bill, the restrictions on meter placement due …

  • Thu 27 June 2019
  • misc

Dedicated Power Service for a small fleet of electric car chargers

I've previously written about choosing an electric car charger (EVSE) and thinking about it in terms of how long someone stays at a location and how much of a charge they can expect to get during their visit. A friend is the proprietor of a retreat center and has owned …

  • Wed 13 March 2019
  • misc

An Experiment in Datacenter Power Use Reduction

As previously mentioned, ClueTrust has a standard SmartOS server deployment of a DL160g6 with 2 x Intel L5520 Nehalem EP CPUs, 72gb of RAM in the form of 18 x 4gb ECC DDR3 sticks, and 4 x WD Red drives of various sizes depending on when we installed the particular …

  • Mon 04 March 2019
  • misc

dnssec-keygen is partially deprecated for tsig generation

Yesterday, Gaige brought to my attention that dnssec-keygen(1) seems to be deprecated for TSIG purposes. The specific quote from the man page is: TSIG keys can also be generated by setting the value to one of HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512. As with DH, specifying these values …

  • Sun 03 March 2019
  • misc

Certbot is pets, not cattle

I've long been a fan of LetsEncrypt, though not as early an adopter as I could have been since early tooling was extremely Linux-centric and that's not where we're at, at least in our shop. A substantial fraction of LetsEncrypt's success has been via the use of CertBot. If you're …

  • Mon 28 January 2019
  • misc

Overwriting the partition table on a Mac

Unlike most parts of MacOS, er, sorry, macOS... Disk Utility has gotten worse over time instead of better. Things that it used to be easy to do through the gui are now missing. In most cases it's still possible to get where you need to be via the command line …

  • Sun 27 January 2019
  • misc

4kn vs 512e drives

If you follow the evolution of hard drive technology much at all you're probably aware of something called "AF" ( Advanced Format, not to be confused with "af" as the kids say in text messages or tweets). Basically, the 512 byte sectors which we've had since the 60s are deprecated in …

  • Sat 05 January 2019
  • misc

Host Attached Storage and Home-Colo Server Notes 2019q1 Edition

How things stand now For the past few years my home storage setup has been basically a clone of what I have in colo, albeit with larger drives - SmartOS on a DL160g6 with 72gb of RAM, four 8TB WD Reds (WD80EFZX) on the built-in AHCI controller, configured as RAIDZ2 with …

  • Fri 04 January 2019
  • misc

JunOS EX port mirroring

Quick cheat sheet for mirroring a port to a span port: {% highlight c %} rs@woodburn-bigswitch> show configuration ethernet-switching-options analyzer spanport { ratio 1; input { ingress { interface ge-0/0/0.0; } egress { interface ge-0/0/0.0; } } output { interface { ge-0/0/1.0; } } } rs@woodburn-bigswitch> {% endhighlight %} and for mirroring all ingress traffic …

  • Thu 03 January 2019
  • misc

Community Edition Blues

Lately, I've been playing around with FastNetMon, to wit their community edition on GitHub. Why the community edition? Well, I'd like to say it's because I'm cheap but that's no excuse since FastNetMon Advanced has a very liberal T&E license. It has many ways to ingest traffic including PF_RING …

  • Wed 02 January 2019
  • misc

If your espresso machine was a used car, what would it be?

Recently, my espresso machine extracted a little bit of maintenance budget from me. The pressurestat (like a thermostat, but runs off boiler steam pressure rather than temperature) had developed a slow leak, resulting in a periodic puff-of-steam sound as a drip of water hit a steam filled pipe. To be …

  • Mon 10 December 2018
  • misc

Lessons learned from appliance delivery guys

A week ago we took delivery on a par of appliances - a washer and a dryer. Well, actually three appliances; there are two washers in one - the base for the frontloader washer contains a tiny toploader washer. I watched the setup team work and as you'd expect they've got stuff …

  • Tue 04 December 2018
  • misc

Another Cheetah Mount

In the wake of previously noted successes with Cheetah Mounts when it came time to mount a TV at my mother-in-law's new house, we bought her an updated and improved version of the articulated mount I bought in 2017 for us How do you improve on a mount upon which …

  • Fri 30 November 2018
  • misc

Disk prices

Triumph of Amazon APIs here - I recently learned of diskprices.com which apparently populates itself automatically with best prices per unit stored and lets you search based on various simple criteria. Site is pretty simple, no ad roll, curious as to how it's financed. Check it out.

  • Sat 24 November 2018
  • misc

Cameras on the Intercounty Connector (ICC) in MD

For those of you who might have been wondering, the toll cameras on the ICC do in fact work. I had a transponder read failure while driving there the other day (maybe a lane change while going through the gate is enough to do this) and got a letter in …

  • Fri 23 November 2018
  • misc

Stop speccing Cat6 cable

One of the things I encountered in $DAYJOB is that my predecessors seemed oddly preoccupied with speccing Cat6 cable rather than Cat5e cable, for all applications. Why? For up to and including 1000baseT (gigabit ethernet), Cat6 is no better than Cat5e. It does not increase the length of a run …

  • Tue 13 November 2018
  • misc

ZFS reading list

We've been doing a lot of ZFS work around here lately, partially motivated by a sick (but not failed!) zpool after a power failure, partially motivated by some experimentation with an eye to what our next generation SmartOS environment is going to look like. At this point it's probably useful …

  • Mon 12 November 2018
  • misc

Cablemodem Readings

A couple of months ago my friend Bryan sent me a screen shot of the status page on his cablemodem (often available at http://192.168.100.1 depending on the manufacturer and model of your cablemodem) and asked for my thoughts. Here's what I wrote him in reply: This …

  • Thu 01 November 2018
  • misc

Bye bye Asterisk

For about a decade, Gaige and I have run Astlinux as our preferred phone system, with upstream VoIP service from voip.ms, who asr told us about back in 2008 when they were his customer. Fast forward to the past month. My mother-in-law just had a house built in Virginia …

  • Fri 12 October 2018
  • misc

exporting homebrew (configuration, not beverages)

Sorry to disappoint if you thought this was about beer and not the package manager for macOS. If you have a Mac and you aren't using Homebrew, you should. By way of background, my main Mac (a MacBook Pro (Retina, 15-inch, Mid 2015) - the last version with a hardware escape …

  • Tue 02 October 2018
  • misc

Bill's BOM - a Large Home Network Upgrade

Back in April, I had an opportunity to upgrade a friend and colleague's home network. Broadly, the existing home network had long-in-the-tooth 100mbit switches, 100mbit media converters feeding 1994-date-code OM1 fiber to the guest cottage and the barn, a few Apple AirPort access points, and a 10+ year old router …

  • Sun 30 September 2018
  • misc

Raspberry Pi vs. CloudKey

Recently, we've been rolling out a bunch of Ubiquiti Networks UAP-AC-PRO-E Access Points, first to $CTO's, $CEO's, and my house, and once we were satisfied that they worked OK, $DAYJOB's offices and datacenters. These access points need a controller in order to work. The data doesn't flow through the controller …

  • Fri 28 September 2018
  • misc

Packet capture while looking for a chatty host

Been trying to track down exactly what an intermittently super noisy host is doing. Lacking netflow in this environment (and wanting an actual packet capture of the device in the act) we were thrown back on using a SPAN port and a laptop running tcpdump. It's well known that one …

  • Tue 25 September 2018
  • misc

Using trigonometry to calculate conduit bending

The folks at Dengarden have a lot of conduit bending resources. If you're familiar with the way that conduit bending is usually taught, it's via shortcuts and rote memorization of how to do things like offsets, kicks, bends, etc. Suppose you studied trigonometry in high school, as most of us …

  • Fri 15 June 2018
  • misc

Insecticide Blues

That moment when you break out a fresh can of the "kills wasps, hornets, and other hymenoptera with a 15 foot stream" stuff... and realize that it's nowhere near as effective as WD-40, brake cleaner, inverted cans of dust-off, and whatever other field-expedient paper wasp killer you've grabbed in recent …

  • Tue 12 June 2018
  • misc

Kahlua recipe

I made a batch of homemade Kahlua recently (like you do when you have a commercial espresso machine sitting on your kitchen counter). Had more than one person ask me for the recipe. Information wants to be free, right? Besides, I found the original recipe which is my starting point …

  • Mon 11 June 2018
  • misc

BFT Heater Mod

For as long as I've owned my '89 F250, I've been annoyed by the fact that it seems to run warmer than it ought to in the cabin. I had written this off to the diesel engine running warm, but there was always this nagging suspicion in the back of …

  • Mon 04 June 2018
  • misc

Camping trip report -- lag screws and pop-ups

Melody goes to Burning Man and she told me about a trick people use to keep tents from blowing away on the playa. If pounding rebar into the ground doesn't suit me as a tool-using higher primate, then busting a gut prying it back out again when breaking camp is …

  • Sun 03 June 2018
  • misc

Apple, iOS, and the Principle of Least Astonishment

One of the things that Apple design paradigms pride themselves on is the Principle of Least Astonishment - designs that match users' experience and expectations, as well as their mental models. If you use USB to plug your iPad into your computer, click the radio button that says "This Computer - A …

  • Sat 07 April 2018
  • misc

Non-Gravity Drain for Plumbed-In Espresso Machine

It's been a little more than two and a half years since I set up an experimental drain for my plumbed-in Rancilio S26 (commercial espresso machine), and I can report that it's working out well. Background: There's no convenient drain in the corner of the kitchen where I wanted my …

  • Wed 04 April 2018
  • misc

easyrsa3 redux - crl expiry

I run a personal instance of Splunk behind a client cert protected NGiNX proxy. Suddenly it stopped working. Nothing seemed to have changed. Nothing in my logs either, it was just giving me the 400 page that the client side cert had failed. Nothing in the logs of any use …

  • Sun 11 March 2018
  • misc

New Dominion Blue Book is out...

Back when I wrote about Schedule EV and why it didn't make sense for me, I made reference to the Dominion Blue Book - our local power company's provisioning manual. I recently learned that there's a new version out as of last summer. Still no Schedule EV for me, despite having …

  • Sun 11 March 2018
  • misc

zfs send with netcat revsited

Some years ago I wrote about using zfs send with netcat (only across trusted networks! to overcome the performance issues (cipher speed, internal window size, etc) inherent in sending the zfs send over an ssh connection. Month before last, or maybe it was the month before that, Gaige and I …

  • Wed 14 February 2018
  • misc

I actually did a bad thing...

I recently wrote about almost accidentally overloading my basement slab with a huge pile of tile that we're storing. As the saying goes, "garbage in, gospel out" - I had made my calculations based on some faulty assumptions, which I fortunately caught before I went to the trouble of buying a …

  • Sun 11 February 2018
  • misc

codicil to the systemd post

A few months ago I wrote a blog post that included a brief introduction to systemd that included the following instructions: {% raw %} sudo cp autossh.service /etc/systemd/system/ ; sudo systemctl enable autossh.service ; sudo reboot "The first report is always wrong" is a sentiment attributed variously to Sun Tzu …

  • Fri 09 February 2018
  • misc

I almost did a bad thing...

Mrs. RS and I have long wanted to get rid of the ugly beige wall to wall carpet in our house, and we finally got material selected, a contractor lined up, and a plan to tile the entire house except the kitchen (which hasn't been remodeled yet, no need to …

  • Wed 07 February 2018
  • misc

I bought high quality air fittings for my air hoses

A couple of Christmases ago I bought some assortments of genuine Milton IM air fittings - one as a stocking stuffer for a friend and one for my air hoses and compressor at home. They sat in the air tools box for a couple of years. But the other day before …

  • Tue 06 February 2018
  • misc

IPv6 ICMP is not ICMP

It's a super easy thing to fat finger or flake out on, but an IPv6 firewall rule such as: {% raw %} root@testhost:~# grep icmp /etc/ipf/ipf6.conf pass in quick proto icmp from any to any pass out quick proto icmp from any to any root@testhost:~# isn't going …

  • Mon 05 February 2018
  • misc

Goodbye hpacucli, hello ssacli

Several months ago I wrote a fairly detailed explanation of how to monitor HP server hardware. Today, I was installing Ubuntu 16.04 (Xenial) and was a little surprised when: {% raw %} root@testhost:~# apt-get -y install hpacucli threw an error. No such package. Well drat. hphealth installed fine. Time to …

  • Wed 01 November 2017
  • misc

ssh forwarding in Ansible-land

In a little over two years of using Ansible heavily, I've been burned a couple of times by deployment-from-svn-and-git mysteriously breaking. Of course, it's never svn or git that breaks, it's ssh authentication agent forwarding, and it's probably exacerbated or at least made weirder by my insistnce upon persisting ssh …

  • Tue 24 October 2017
  • misc

SI prefixes (just because you can, doesn't mean you should)

Milli-rant here. In recent years, particularly in electronics, I've noticed a tendency to use every SI prefix available. For instance, a 0.1 µF power rail decoupling capacitor might be quoted as 100 nF. This is a good way to end up with off-by-three-orders-of-magnitude problems. Use the traditionally scaled units …

  • Fri 20 October 2017
  • misc

Do-over from scratch in Splunk Universal Forwarder

Lately I've been playing with Splunk, centralizing my mail server logs and getting telemetry from a Raspberry Pi 2 that I stashed at a location where I'm trying to smoke out flaky Internet connectivity. My configuration is a little bit unusual in that I'm manually configuring the hosts where the …

  • Thu 05 October 2017
  • misc

SmartOS LX brand zone and native ipfilter

I've written about SmartOS several times in the past; plain SmartOS without Triton/SDC is our virtualization platform of choice at ClueTrust. LX brand zones are not KVMs and not native zones, but they're closer to the latter than the former. At a high level, they're a native zone (talk …

  • Wed 13 September 2017
  • misc

What Kind Of Wheels Does My Trailer Take?

Got a trailer? We have three of them in the side yard here (had four, but my pal Mike took his boat to Cape Cod with him). Of those three, one is an old generator base and has Dayton style wheels (the 1 piece rims where the spokes are integral …

  • Mon 11 September 2017
  • misc

ssh(1) and Geriatric iLO2 revisited, and a diversion to iLO3

I recently wrote about getting MacOS 10.11 to work properly with iLO2 and iLO3 on some old HP servers. Then in the interim I upgraded to macOS Sierra (10.12) and stuff stopped working, but only on iLO3 not iLO2. Defaults have changed. Gotta be more explicit. The following …

  • Fri 08 September 2017
  • misc

Two thumbs up to Cheetah Mounts

In December 2015, I bought a pair of wall mounts for TVs at our house - a fairly standard slight tilt model for the craft room and an articulated one for the living room. Being the kind of guy I am, I saved all of the extra screws from both mounts …

  • Thu 07 September 2017
  • misc

Socks proxy on Firefox on Mac (without touching system settings)

It's periodically convenient to be able to point a web browser at someplace remote and not connected directly to the Internet (i'm looking at you, HP iLO) without firing up a VPN or resorting to poking holes in a firewall. In this case, the built-in socks5 proxy in openssh (ssh …

  • Wed 06 September 2017
  • misc

Killing video autoplay on Safari/Mac

I finally decided I'd had enough with autoplay videos, which are a preferred way of shoving advertising right up in your grill these days. They're completely annoying when going to cnn.com and several other sites. Increasing numbers of web properties have upped the ante in recent months by deploying …

  • Thu 17 August 2017
  • misc

autossh, systemd, and a Raspberry Pi

I recently had occasion to build a Raspberry Pi to leave sitting on someone else's network, ssh home with a bunch of tunnels configured, and keep things nailed up "forever". Unfortunately headless initial configuration (i.e. turning on sshd without needing to be hooked up to video and mouse) does …

  • Wed 09 August 2017
  • misc

Open Source voting machines

This is about as political as I hope to get in this blog. Please bear with me. There was recently an op-ed in the New York Times advocating open source voting machines as a safeguard against security vulnerabilities that can be exploited for the purposes of election fraud. Careful observers …

  • Tue 08 August 2017
  • misc

Hey Whirlpool...

My wife and I bought a nice new (OK, saved a few hundred on scratch and dent special, but that's not the point) Whirlpool refrigerator last Saturday. Fridge on the top, freezer drawer on the bottom. Big enough that we couldn't get it through the door of the house without …

  • Wed 26 July 2017
  • misc

ssh(1) and Geriatric iLO2

Most of my world is virtualized these days, so not that much going on IPMI/BMC/iLO/DRAC-wise on a day to day basis. But what when you're playing with hypervisors that really really want to be running on bare metal? Time to get something cheap and cheerful with CPUs …

  • Sun 23 July 2017
  • misc

Short Linux Rant, Summer 2017

In Ubuntu 16.04 Server, mkfs(8) still defaults to ext2, a filesystem that predates FAT32, unless you explicitly tell it that you want to use a filesystem from this millenium. I can only assume that other Linux distributions do likewise. What is wrong with these people?

  • Thu 20 July 2017
  • misc

Monitoring HP servers

The HP to HPE transition has left those of us with home labs and no support contracts in the lurch - you can't download Service Pack for Proliant and new iLO images anymore without providing a contract number - this would be less of a problem if ciphers for TLS weren't currently …

  • Wed 19 July 2017
  • misc

Picoreview of the Amazon Fire HD8 tablet

Bought a 2017 Amazon Fire HD8 tablet (16g, no "special offers") on Prime Day (hereafter referred to as the "Fire Sale"). It "went missing" (Amazon's words, not mine) somewhere in the melee of USPS handoff in Baltimore. This will probably only go to reinforce any stereotypes regarding Baltimore which you …

  • Fri 19 May 2017
  • misc

LDAP/AD integration on the Mac

Today, after literally decades of being used to being treated as a second class citizen by IT, I learned that LDAP integration on the Mac is now sufficiently well evolved that it is possible to change one's password from the Usernames and Passwords control panel.

  • Tue 09 May 2017
  • misc

Adventures with Logstash Grok

I just got over a multi-day odyssey where I thought I was going mad, trying to get Logstash working. For those who are unaware, Logstash, is a component of the ELK Stack (which they now want you to call Elastic Stack) which facilitates ingesting logs from arbitrary places, optionally turning …

  • Mon 08 May 2017
  • misc

Juniper EX Power Supply Sound Levels

In recent years, prices have come way down on used Juniper EX-series top-of-rack switches, and devices like the EX3200 and EX4200 are looking increasingly tempting as network-nerd household switches. There's more than one flavor of modular power supply for these switches. Broadly, they come in 930 watt and 320 watt …

  • Tue 18 April 2017
  • misc

A Brief Conversation with a Taxi Driver in a Leaf

As I've previously written about extensively, my daily driver is a 2015 Nissan Leaf. The lease (leafse?) runs out at the end of July and I'm looking to finagle the timeframe on handing it in so I can get a spiffy new 2018 Leaf with whatever Chevy-Bolt-and-Tesla-3-prompted range extensions it …

  • Sun 16 April 2017
  • misc

Simple rule for DHCP Relay in Juniper PROTECT-RE filter

Most folks who run Juniper routers are familiar with the ability/requirement to have a PROTECT-RE filter in place to keep someone from whacking your routing engine with breakin attempts, ICMP flooding, etc. DHCP Relay is a proxy agent that runs on the router and allows me to run a …

  • Wed 22 March 2017
  • misc

World's Tiniest Fiber Build

Last weekend, I finished the World's Tiniest Fiber Build - a couple hundred feet worth of buried fiber serving a pair of outbuildings (a detached garage and the mother-in-law cottage) at a friend's place. Here's a brief list of the stuff we used to do it. Fiber The key to this …

  • Wed 08 March 2017
  • misc

Making a Ubuntu Thumb Drive on a Mac

I just wrote this up for a friend, I figured why not add it to my blog so that we can add it to the list of other how-tos on the Internet. This was done with MacOS 10.11 and is all CLI-based; more likely to be durable into the …

  • Wed 01 March 2017
  • misc

Cloud Reliability Expectations

In case you didn't hear, Amazon's S3 service took a massive header yesterday. In the aftermath of various email threads, slack chatter, and a few snarky comments in text messages and in person, I sat down last night with an adult beverage to contemplate where things went wrong. Pretty far …

  • Sat 18 February 2017
  • misc

Some Improvements to my NGiNX configuration

I recently became weary of errors of the form {% raw %} Trusted domain error. "72.205.144.131" tried to access using "192.0.2.16" as host. in my NextCloud logs. It turns out that there is a lot of random stuff out there that is just scanning the Internet …

  • Thu 02 February 2017
  • misc

New Naming Convention for SSIDs

For a long time now, the 2.4 GHz ISM band has been, to put it charitably, a swamp. With leakage radiation from microwave ovens, bluetooth, wireless remote controls, and God-only-knows-what-else, it's amazing that 802.11g passes traffic at all. You'd really rather have people be on one of the …

  • Tue 24 January 2017
  • misc

Conduit to the Garage

A few weeks ago one of the crew (we'll call him Joe for the purposes of this discussion... because that's actually his name) dropped me email looking for a bit of electric car related advice. Joe said: "So we are likely to finish the basement in our house next year …

  • Tue 24 January 2017
  • misc

New Old Stock from Comcast

I dropped by my friend Carrie's apartment to do some cable tv wiring. When we unpacked the settop boxes (brand new, with the protective film still over their displays), we were perplexed - Comcast gave her a pair of Cisco RNG100 boxes that only have composite and s/video (remember that …

  • Fri 13 January 2017
  • misc

Solaris on Intel physical disk device

In SmartOS (and modern Solaris on Intel in general), the "whole physical disk" device is the "p0" suffix. I keep having to search for this whenever I go to rewrite a SmartOS boot device (usb thumb drive) without physically swapping the media, so I'm putting it here. So, this works …

  • Tue 10 January 2017
  • misc

Better Nozzle for a Grease Gun

Are you inclined toward the kind of high mass hobbies that result in you owning tractors, machine tools, steam engines, coastal patrol vessels, heavy trucks, or other things of that ilk? Even if you just do maintenance on your own pickup truck, if you own the kind of tools or …

  • Tue 13 December 2016
  • misc

Espresso Machine Shopping List

A friend is purchasing a Rancilio Silvia for a home espresso machine. A reliable, time-tested prosumer machine with well-understood shortcomings (not much of a steam machine), which should serve her well. She's planning to put a PID thermostat on it from day one. I've previously written about my multi-year experience …

  • Thu 08 December 2016
  • misc

Funky X.509 certificate chain

This morning a friend of mine was grousing about his new X.509 certificates from a commercial CA. He'd put together a certificate bundle with the intermediate CA certs and it was working fine with both NGiNX and Apache, but somehow it wasn't working with his mail server (Exim) as …

  • Fri 02 December 2016
  • misc

Repairing a Cooler

Kim and I have a total of three Igloo 94 quart marine coolers (the big white ones that people take deep sea fishing with them). They have a great reputation for durability and come in at a reasonable price (around $130 at West Marine if I recall correctly). You can …

  • Thu 01 December 2016
  • misc

Migrating from easyrsa2 to easyrsa3

I finally decideed to clean up my act and migrate from easyrsa2 to easyrsa3. I started out with easyrsa2 because that's what comes with VyOS, which I've previously written about. It doesn't seem to be maintained anymore though, and exhibits some dated behaviors which I wanted to be rid of …

  • Tue 22 November 2016
  • misc

Completely erasing the disk on a MacBook Pro

I recently had occasion to "completely" (or nearly so) erase the disk on a MacBook Pro with a solid state disk. There are varying assertions about "you don't need to worry about doing that if you have an SSD" and "you don't have to worry if the disk is encrypted …

  • Fri 11 November 2016
  • misc

Ethical constraints in writing HOWTOs

My colleague Wes recently sent me a link to makezine article on making an adaptor octopus for running welders, plasma cutters, etc. Wes' comment was "I feel like there are a lot of ways for this to go badly for someone who isn't already familiar enough with this stuff to …

  • Fri 11 November 2016
  • misc

Verizon FiOS DHCP notes

My FiOS setup at home is a little bit non-standard. Like many network geeks, I want a little bit more than the Verizon-provided Actiontec router will provide, such as multiple vlans, bigger subnets, an IPv6 tunnel, etc. I run the Actiontec behind a Ubiquiti EdgeRouter Lite, which speaks Ethernet to …

  • Wed 02 November 2016
  • misc

Pay Phones at IAD

We all laughed at Die Hard 2 when Lt. John McClane (Bruce Willis) made a phone call on a PacBell pay phone at Washington Dulles International Airport, thousands of miles from the nearest Pacific Bell territory. If not PacBell, then who was the LEC there? Not C&P like much …

  • Tue 01 November 2016
  • misc

Preventing drive-bys with client certs

As I mentioned in a previous post, it's easy to gen up X.509 certificates running your own private certificate authority (CA). But what good will that do you? Those certs aren't trusted by any browsers, so what's the point? The answer is that trust works in more than one …

  • Mon 31 October 2016
  • misc

Issue X.509 certificates from a local CA with easyrsa3

As part of writing up how to run OpenVPN on VyOS, I wrote about how to create a certificate authority with easy-rsa version 2 since that's what comes with the VyOS distribution. easy-rsa3 is current and what you get when you pull from github. Organizationally (directory hierarchy wise) it's a …

  • Sun 30 October 2016
  • misc

Added a favicon

I just created a favicon (random clear background lightning bolt) for technotes.seastrom.com. I had contemplated just turning off logging of errors for attempts to grab /favicon.ico but it's not the aughts anymore, and there are a bunch of favicon variants - Big, small, bookmark, iPad, Android... the list …

  • Sat 29 October 2016
  • misc

New capacitors in my Kilpsch Heresys

Speaker design hasn't changed much in the past 50 years, and stereo equipment that I lusted after in high school in the 80s is very affordable these days. Craigslist is your friend and CL/eBay search engines such as Searchtempest which can export OPML for import into your favorite RSS …

  • Thu 27 October 2016
  • misc

DNSSEC Ceremony 27

Today was an unusual day. Perhaps the most interesting DNSSEC Key Signing Key (KSK) ceremony since Ceremony 1. It was the first DNSSEC Root KSK ceremony post-ICANN-transition. The organization that is subcontracted to perform the IANA function is called PTI, which might stand for Post-Transition IANA, but actually stands for …

  • Thu 27 October 2016
  • misc

Time Warner is not Time Warner Cable

I've had a bunch of people ask me in recent days if the AT&T / Time Warner deal is going to mean a better deal for me. It won't, because Time Warner and Time Warner Cable are not the same company. I even have a stock response: “you know how …

  • Mon 17 October 2016
  • misc

Gaige got the DL360g6 iLO2 talking to the QFX-5100

I like off-lease hardware. Yep, I'm cheap, not parsimonious but fiscally responsible. It's amazing what you can pick up for under $200 (including shipping and warranty) in the used market. In the case in point, a pair of HP DL360G6es which made good lab concept machines. I lent them to …


  • Mon 19 September 2016
  • misc

HandbrakeCLI maximum threads

My preferred method for transcoding mpeg2-ts streams recorded off my FiOS QAM cable tv with an HDHomeRun Prime is HandBrake. It does better than ffmpeg at dealing with slightly dirty video where the frames per second is not constant; ffmpeg fails to keep the audio in sync with the video …

  • Tue 13 September 2016
  • misc

Further Notes on Configuring MySQL in Ansible

A few months ago I wrote about changing MySQL's password in Ansible. A few more notes about the surrounding ecosystem are probably in order if the time I wasted tonight is any indication (even though I'd already solved this problem once and in fact had the recipe in another ansible …

  • Mon 12 September 2016
  • misc

Traveling with Guns

Back before some priority-changing life events, I used to do a lot of firearms training ("sometimes an instructor, always as a student" as one of my late mentors used to remind us). As often as not this required travel, sometimes by car, sometimes by plane. One of the provisions of …

  • Sun 11 September 2016
  • misc

Choosing an Electric Car Charger

I've had a 2015 Nissan Leaf as my daily driver for a little over two years. In that timeframe, I've charged multiple times from every flavor of electric car charger that the Leaf supports. It's not surprising that I often get asked which kind of electric car charger (actually EVSE …

  • Mon 05 September 2016
  • misc

Testing the LetsEncrypt IPv6-ready claims

A little over a month ago, the folks at LetsEncrypt sent out a blog entry that claimed "Let’s Encrypt is happy to announce full support for IPv6". "Full support" is a little short on specifics, and I've made some vendors cringe in these last years by asserting that "IPv6 …

  • Mon 22 August 2016
  • misc

Mikrotik and IPv6 on cable (tested with legacy-TWC and Comcast)

So you want native IPv6 on your cable connection and you're in Comcast or former Time Warner Cable footprint? This is pretty easy with a DOCSIS 3.0 cablemodem that is on the approved-for-IPv6 list [*] and a Mikrotik router. Only difficulty is that even though I'm hinting for a /56 …

  • Sun 21 August 2016
  • misc

Graylog2 is off the table...

I've been shopping around for a while for a decent log-eater-and-analysis tool for use in the BroColo. I gave some cursory thought to using Splunk, but Splunk License vs. Second-Hand 1-Ton Diesel Pickup Truck seems to be an either-or proposition money-wise. Graylog2 seems to have some mindshare so I figured …

  • Tue 16 August 2016
  • misc

FiOS technology overview and QAM Video scan results

Background For the past five years we've been Verizon FiOS customers. They're the only wired MSO that we have to choose from, though there is CLEC fiber on our street that I've asked (unsuccessfully so far) about getting service on. We're generally happy with our service, despite lack of IPv6 …

  • Sat 13 August 2016
  • misc

Two Years and 24000 miles in a Nissan Leaf

I had good intentions regarding writing a review on my Leaf at the one year mark (as we say here in the South, "he means well..."), but never got around to it. As penance, here's a somewhat fuller review of my two years and 24k miles in a Nissan Leaf …

  • Tue 09 August 2016
  • misc

Useful Mikrotik Incantations

Previously I undermined my credibility by admitting that I sometimes find a cheap-and-cheerful Mikrotik router to be the right technology to deploy. Why not complete the deed with the cheat sheet of useful-but-potentially-hard-to-find commands for same? {% raw %} /queue tree print rate interval=5 {% endraw %} prints queues at 5 second interval …

  • Sat 30 July 2016
  • misc

Next Steps with LetsEncrypt

Suppose you've just had your first success with LetsEncrypt. What's your next step? You probably want to start offering 301 redirects so that everyone gets their content over https instead of http, and then turn on HSTS with a nice long timeout (I recommend a year) so their browsers won't …

  • Tue 05 July 2016
  • misc

Reflashing an LSI disk controller

Avago (formerly LSI Corp) is the manufacturer of the preferred disk controllers for use with ZFS, whether under FreeBSD or Solaris derivatives such as OmniOS or SmartOS. In no small part this is because LSI supports an alternate firmware image called IT (for Initiator-Target), which turns the controller into the …

  • Fri 17 June 2016
  • misc

Changing MySQL's root password in Ansible

Ansible's docs are pretty good, but their mysql_user: module documentation is a little short on a good example for changing the mysql root user's password. Naively following a randomly picked example will result in a root user without the GRANT privilege (with ensuing horrible confusion), or possibly not being able …

  • Thu 16 June 2016
  • misc

Ending a line with a backslash in Ansible YAML

Ansible's lineinfile: doesn't make it easy to end a line with a backslash my use case (yes, the line goes off the right side, so cut and paste to see that line="..." ends with \x5C"... {% raw %} - lineinfile: dest=/opt/local/lib/svc/method/mysqld state=present line=" --basedir=/opt/local …

  • Sun 12 June 2016
  • misc

Identifying hydraulic connectors

I recently picked up both a set of forks (for moving pallets etc) and a grapple (a big claw for ripping up roots, moving rocks, etc) for the front of the tractor. Both are awesome and I wonder how I ever got by without them. But I could say that …

  • Sun 08 May 2016
  • misc

Less automation with Ansible

I've been automating a lot of my world with Ansible lately. But sometimes I want a little less automation than Ansible is willing to provide. Case in point is my "hmail" (that's "hosted mail", not "hate mail") environment. There are several SmartOS VMs here, a dozen at last count, to …

  • Tue 19 April 2016
  • misc

VPN on VyOS - L2TP/IPSEC

I've used Mikrotik's RouterOS operating system for a while, mainly in the form of tiny MIPS-based routers sold under the Routerboard brand. In late 2012, Ubiquiti - a maker of little SoC-based wireless equipment - announced its first router product, the EdgeRouter Lite. Built around a dual core, 500 MHz Cavium Octeon …

  • Tue 19 April 2016
  • misc

VPN on VyOS - OpenVPN

In a previous blog post, I described my experience with setting up VyOS under KVM with an accompanying configuration for an L2TP/IPSEC VPN for laptops, iDevices, etc. For various reasons, including the ability to run over TCP/443 for better NAT traversal, I wanted to get OpenVPN working, which …

  • Sun 03 April 2016
  • misc

Buying in bulk

White mulch (undyed wood mulch which I think may be mostly oak) may be had for $24 for 3 yards at River Bend Sawmill on Cochran Mill Rd outside Leesburg. Google Maps is correct (don't bother looking for a web site). As of a few days ago, Cochran Mill Rd …

  • Mon 28 March 2016
  • misc

HP DL360G6 with amnesia

If an HP DL360G6 (and likely other HP stuff as well) forgets who it is in ILO - including blank serial number, blank product ID, and all-zeroes "UUID" (the dash format is correct but it's not a proper UUID) you should immediately suspect a dead (or missing!) bios battery. The battery …

  • Mon 21 March 2016
  • misc

more notes on Letsencrypt

Always cautious and keeping in mind the story of Mabel, which was one of the tales behind "always mount a scratch monkey", I had the foresight to use a scratch domain name for experimenting with Letsencrypt. The whole idea behind letsencrypt is to automate the process of issuing certs and …

  • Fri 18 March 2016
  • misc

Let's Encrypt revisited

I registered for last fall's beta program for Let's Encrypt. After wasting far too much time goofing around with it I decided that it was not ready for prime time and definitely not worth the effort if you had at least two of: Facility with openssl(1) and issuing CSRs …

  • Sun 13 March 2016
  • misc

Home Expo notes - garage doors

We're going to be building a master suite on our house some day soon, likely in 2017. There will be a garage underneath, with 3 1/2 bays (3 bays with doors on them, one bay for shop space until that glorious day when I get to build an outbuilding …

  • Sun 13 March 2016
  • misc

Please include the sheet music

This isn't strictly a technology note, but it's nerdy and pedantic, therefore in-scope. Please bear with me. Kim and I got married in October 2011. The vast majority of the wedding planning was hers, but I had some ideas about the service, some of them very specific. One of the …

  • Fri 04 March 2016
  • misc

ISO8601 date quickly from the CLI

Increasing amounts of stuff these days uses ISO 8601 date format. Of course, date(1) isn't one of them, at least without a nice clean single flag on the command line. If you need "now" in ISO 8601 format in a shell script or staring at you from a terminal …

  • Fri 04 March 2016
  • misc

Sniffing on SmartOS

Promiscuous mode "works" but isn't "supported" in SmartOS. The code is in there so as to support KVM stuff having multiple MAC addresses. The docs don't even say that it works with native zones. But it does, after a fashion. I dedicated a server port to the mirror port on …

  • Thu 03 March 2016
  • misc

"Drupal is fired"

I am tired of doing security updates. Drupal is fired. This blog is now powered by Jekyll.

  • Wed 03 February 2016
  • misc

burning a DVD or CD in MacOS 10.11 El Capitan

Apple did a massive overhaul of Disk Utility in El Cap and it appears that burning DVD images from within Disk Utility is no longer supported. I guess from Apple's perspective, optical is increasingly dead technology. Sometimes, though, out here in the real world, we have to suck it up …

  • Wed 27 January 2016
  • misc

snow clearing and getting the tractor unstuck

In the most recent blizzard, I ended up with a stuck tractor. I meant well in terms of getting tire chains for it, and even got as far as getting the spacers put on the wheels, but didn't manage to actually buy the chains so I could install them. Just …

  • Thu 21 January 2016
  • misc

It's not easy being green

About two and a half years ago when Gaige and I were evaluating SmartOS in the datacenter, we got some 3TB WD Green drives. Gaige had used them in other service with good results. I'd heard that using them on a RAID and in particular under ZFS was not such …

  • Fri 08 January 2016
  • misc

the magic mac rsync flag

Apple's version of rsync on MacOS X has a documented-but-not-widely-appreciated "-E" flag. -E, --extended-attributes Apple specific option to copy extended attributes, resource forks, and ACLs. Requires at least Mac OS X 10.4 or suitably patched rsync. As in this (between old mac and new mac over an ethernet cable …

  • Thu 07 January 2016
  • misc

Last night's fight with Ansible

Domain-specific languages for system configuration automation are nothing new (to name a few, cfengine's roots date to 1993, Puppet to 2005, and Chef to 2009). A relative newcomer called Ansible (2012) has been gaining traction with folks in the networking community, in no small part because it is agentless and …

  • Sun 29 November 2015
  • misc

Revisiting compression software

Back in the dawn of time, there was a Huffman Coding based compression program called Pack (file suffix .z). By the mid 80s, an improved LZW based compression program called compress (file suffix .Z) had gained popularity... and a patent. Remember the GIF patent? Yeah. That. The patent situation was …

  • Fri 31 July 2015
  • misc

that icon doesn't mean what I thought it means

I had a calendar event pop up on my iPhone that was giving me 2 week advance warning of an upcoming event. I kept hitting snooze since I wanted it to remind me again later. Somewhere along the line, a crescent moon icon showed up at the top of my …

  • Tue 21 July 2015
  • misc

active/active

Some months ago we were sitting around at the office at $DAYJOB discussing the relative merits of active/active vs. active/standby architectures. The discussion centered around the polarities of "easy to deploy" vs. "more resilient and worth the effort" One of my colleagues was sleep-deprived so he swears he …

  • Mon 20 July 2015
  • misc

reasonably secure passwords on tap

Tired of setting "changeme" as a temporary password and hoping that people... change it? Having difficulty coming up with a good password to hand to someone, one that isn't "leetspeaky", and is demonstrably secure? A shout-out is due to jamiep for this approach, which sadly won't keep well-meaning-but crummy security …

  • Sun 19 July 2015
  • misc

instructions on ssh keys and keys-only login

It's 2015; last year I deprecated passwords on my friends-and-family hosted-web-content VM. My message was "Get ssh keys or get out". Of course some folks were dragging their feet on this. Come to discover that in at least some cases they were embarrassed to admit that they still use passwords …

  • Sun 19 July 2015
  • misc

rediscovering a fundamental truth of VPN hardware

You know, here in the future in 2015, some things oughtn't be hard. There's a fundamental truth to VPNs (of the LAN to LAN variety in this case, but it may hold for other appliance-y sorts of configurations too) that I re-taught myself today. If you're looking for interoperability between …

  • Sun 21 June 2015
  • misc

apparently I have better sources for weather information

My go-to sources for weather information are http://weather.weatherbug.com/ and http://www.srh.noaa.gov/ridge2/ when it looks like "shit's about to get real" as they say. This morning, while flipping through the guide I I noticed that The Weather Channel has been replaced by Accu-Weather on …

  • Thu 18 June 2015
  • misc

I'm in love with a stripper

My pal Tan did a great job of welding hooks on my tractor's loader bucket a year ago (much nicer than I could have done), and they are so useful that my friends all wanted a set too. So we had a little party at our place last weekend and …

  • Tue 16 June 2015
  • misc

unhappy ZFS zpool

I'm writing some scripts to periodically inspect ZFS pools and parse the output from zpool status, and squawk if something's unhappy. But what exactly does an unhappy zpool look like anyway? To find out, I did a fresh install of SmartOS with a freshly initialized zpool, with a couple of …

  • Wed 10 June 2015
  • misc

Adventures in Modern Rokoding

As readers are no doubt aware I'm an enthusiastic user of Apple products. Note that I didn't say fan - I am a fan of things that don't suck, and Apple generally delivers. But that's not to say that other organizations can't. One product that I particularly like is the video …

  • Wed 10 June 2015
  • misc

SSLv3 on UBNT APs

A couple of weeks ago we went on our annual camping trip. A staple of this trip for the past few years has been some wireless gear made by Ubiquiti which we use to establish a link to the dining hall, and thus improve the wifi coverage in our cabin …

  • Mon 08 June 2015
  • misc

shear pins

A shear pin is like a fuse, but for a mechanical system. It's a part that's designed to fail first while being inexpensive and easily replaceable, so as to prevent the more expensive (and harder to replace) parts of the equipment from damage. Last weekend, in the course of replacing …

  • Fri 17 April 2015
  • misc

Rancilio Silvia - Four Year Review

This blog post was originally written for a friend who's contemplating buying a Silvia and has gotten all sorts of conflicting advice from multiple directions. Kim and I have owned a Silvia for about four and a half years now. You don't have to pay full price for one; I …

  • Thu 02 April 2015
  • misc

Linux grumble OTD

It's been a while since I've posted anything, and not for lack of things to post about... they're just backlogging on my to-do list. But this one's short-and-not-so-sweet. [rseastrom@gem-client-1 ~]$ cat /etc/issue CentOS release 6.6 (Final) Kernel \r on an \m [rseastrom@gem-client-1 ~]$ passwd rseastrom passwd: Only root …

  • Fri 20 February 2015
  • misc

batteries sure don't like the cold

I just got my Leaf back yesterday. It spent the last week in the body shop, having fallen victim to a mishap while parked. Unfortunately, it spent the last week being cold-soaked in our near-record temperatures and not being plugged in. The battery gauge read 55% when I got it …

  • Mon 09 February 2015
  • misc

tractor tutorials

Three and a half years ago my soon-to-be wife and I moved to ten acres in the country. One of the first things we had to buy in order to properly look after the property was a tractor - the one that came with the property ran but was unsafe for …

  • Sun 08 February 2015
  • misc

Elfa top track rail screws

My wife loves the Elfa Platinum hanging shelf system. They make stuff that's suitable for use in civilized living spaces and looks sharp. They also make stuff that's useful in the garage and basement. Everything uses something called Easy Hang Top Track, which is a mutant cousin of DIN rail …

  • Sat 07 February 2015
  • misc

Splicing a big pile of PDFs on a Mac

I recently downloaded a pretty spiffy free ebook ( http://www.cadhistory.net if that's of interest to you ) but it came in the form of a couple of dozen PDF files. I want them as a single file in iBooks on my iPad. What to do? Of course, I've been …

  • Wed 04 February 2015
  • misc

Dear Apple...

Dear Apple, Runway 1L/19R (the fourth runway at Dulles International Airport) opened for service on November 20, 2008 after a couple of years of construction. Apple Maps was released on September 19, 2012, almost four years later, and over two years ago. Yet your (non-photo, line) map still shows …

  • Mon 02 February 2015
  • misc

"Autocorrupt knows..."

In the spirit of DYAC, autocorrupt has been providing me some mighty fine suggested corrections lately. Hagerstown -> Haters town phpmyadmin -> phony admin devops -> devils snmp -> ammo CCIE -> vice

  • Mon 02 February 2015
  • misc

POE vs POE

Among the things that I'm a little bit embarrassed to admit: I'm a bit of a fan of Mikrotik low-end kit. They're often the right choice when you need something cheap and cheerful for a NAT firewall, IPv6 tunnel endpoint, VPN server, or similar. The other day I was in …

  • Wed 07 January 2015
  • misc

Shame on me for using a DNSBL run by clueless children

Just a little while ago I got a jabber message like so: host valhalla.seastrom.com http://valhalla.seastrom.com/ [192.148.252.11]: 550-Access denied - x.y.z.y listed by dnsbl.ahbl.org http://dnsbl.ahbl.org/ 550 List shut down. See: http://www.ahbl.org/content/last-notice-wildcarding-services-jan-1st …

  • Fri 02 January 2015
  • misc

an embarrassment of riches of tiny cheap sbcs

I recently bought the latest computer from Hardkernel ODROID, the ODROID C1. More on that in a subsequent article. One of the things that I like about ODROID is that they seem committed to building a community, even to the point of publishing a slick monthly magazine where people brag …

  • Sun 28 December 2014
  • misc

ditching dnsmasq in ubuntu

Of late, Ubuntu has a distasteful habit of running a sorry local DNS proxy (dnsmasq) rather than talking the nameserver it gets via dhcp directly. If they were going to run a local nameserver there are many better choices (unbound comes immediately to mind) than dnsmasq, which is really intended …

  • Sat 20 December 2014
  • misc

How'd I figure out that dns-servers bit in the last article?

A couple of people asked me how that dns-nameservers thing came to my attention. After all, if I'm running a nameserver on 127.0.0.1 (I am) and the machine comes up all the way (it does), then everything should be copacetic and I would never notice, right? I …

  • Sat 20 December 2014
  • misc

Two thumbs down for ∑dimax's AC450 USB adapter for Mac

I recently became aware of a USB 802.11ac adapter from ∑dimax for the Mac. Having had good luck in the past with cheapie 802.11n adapters from ∑dimax on Linux platforms (notably the cheap ARM stuff that I have blogged about) I figured I'd give it a whirl. Color …

  • Fri 12 December 2014
  • misc

This kind of stunt is why I dislike Linux

Everyone who's configured Debian-flavored Linux to use static addresses (like, say, a server) is familiar with /etc/network/interfaces. This is where you configure your nameservers too. There's a stanza under the interface definition called "dns-nameservers". You can put one or more nameservers there, to be propagated into /etc/resolv …

  • Thu 04 December 2014
  • misc

No Schedule EV for me

Back in August I got a Nissan Leaf. So far I have been enjoying it enormously but I haven't gotten around to doing the special "EV" tariff where they sell you electricity for half off so long as you charge in the middle of the night. I finally called Dominion …

  • Thu 04 December 2014
  • misc

Recursive DNS benchmark statistics on tiny ARM boards

I've been meaning for a while to do some DNS query performance testing against cheap little ARM boards running Linux that I have lying around. Finally got a few minutes to do this. Why? Because I like having local DNS servers near the users' eyeballs - it makes the user experience …

  • Tue 02 December 2014
  • misc

bragging rights

As my colleague Jamie says, "450 gig RAMdisk makes me happy". [root@clmkohpe-de-gen0001 conf]# df -lh /cache/linear/ Filesystem Size Used Avail Use% Mounted on tmpfs 450G 4.0K 450G 1% /cache/linear [root@clmkohpe-de-gen0001 conf]#

  • Sun 16 November 2014
  • misc

Exhaust allergy

I have long joked that while I do a lot of my own car maintenance and repair work, I have an allergy to exhaust systems. This is borne mostly out of painful experiences as a teenager - exhaust is just not the sort of thing one can successfully tackle without at …

  • Thu 13 November 2014
  • misc

MySQL password reset

The SmartOS standard64 14.2.1 image contains a lot of handy stuff pre-installed but not enabled. One odd thing that comes enabled by default is MySQL. Most of the time in my world I just want to kill that with svcadm disable mysql and keep on trucking, but on …

  • Fri 07 November 2014
  • misc

ip6.arpa shortcut

I thought I put this up here before, but apparently I sent it in email to someone... Pro-tip based on almost a dozen years of hand-managing ip6.arpa here: don't hand-construct the records by doing the nybbles manually; you'll screw up far too often. Use dig(1) instead, it does …

  • Thu 06 November 2014
  • misc

Genning up TSIG keys for DNS UPDATE messages

As awesome as they are, not everyone wants to use DynDNS or similar services, mostly because we run our own nameservers and want to update zones hosted there. The way you do this in a reasonably secure (and interoperable) way is with a transaction signature with a (quaintly old fashioned …

  • Thu 06 November 2014
  • misc

updating zones with TSIG, part 2...

In the last entry, I described how to create TSIG keys for MD5. Now I'm going to talk about how to use them. I'm cheap. That means like "normal people" I have residential high speed data service at home. None of this highfalutin "business class" service for me, thank you …

  • Sat 01 November 2014
  • misc

Namespace overload of the day

A dozen or so hours ago I was in the first/biz class lounge in Santiago… The wireless SSID there is called “SALON VIP LAN”.

  • Fri 31 October 2014
  • misc

Today's lectionary

I try to not reblog too much, but since this is a link to an info site not a blog entry it doesn't count, mkay? Ttoday's reading comes from the book of ESNET. The R&E guys know a thing or two about stack tuning. This one is a little …

  • Wed 29 October 2014
  • misc

netcat and zfs send

One of the things we're doing a fair amount of these days is shlepping around ZFS snapshots (both incremental and full) between machines in the same or adjacent racks. Unfortunately, sending them over an SSH connection like this: zfs send zones/med@now | ssh remotehost "zfs recv zones/med" gets …

  • Mon 20 October 2014
  • misc

tcpdump 802.1q errata

I've only tested this on MacOSX 10.9 (Mavericks), but tcpdump(1) exhibits some slightly odd behavior wrt decoding packets that are sniffed from a vlan trunk (i.e. 802.1q encapsulated). To wit, if you do a tcpdump with no flags, along the lines of: tcpdump -n -s 1500 …

  • Thu 16 October 2014
  • misc

Hello OpenSSL folks...

It's 2014q4. Why does "openssl s_client -connect" not know about IPv6? This has been an open bug, with a supplied patch, in OpenSSL since 2006. What's the excuse? http://rt.openssl.org/Ticket/Display.html?id=1365&user=guest&pass=guest

  • Sun 24 August 2014
  • misc

M*A*S*H as a metaphor for the Internet Spottiness of August 12th

Widespread Internet outages and slowdowns that occurred on Tuesday August 12th were covered in IEEE Spectrum in one of the better articles I've read from a getting-it-right perspective. People who read this blog of course are capable of absorbing a little more technical nuance. Routers on the Internet that handle …

  • Tue 19 August 2014
  • misc

Learned something new about BGP yesterday

Yesterday, on a conference call with the ops guys at work, I learned something new about BGP. This is noteworthy for someone who has a personal ASN that's almost old enough to drink, and certainly won't be news to Avi or anyone else who's written an actual BGP implementation, but …

  • Sun 10 August 2014
  • misc

Steel cut oats in rice maker

i really like steel cut oatmeal. Don't eat it often because of the carbs. When we have a bunch of guests over though oatmeal in the rice cooker makes for a very low drag breakfast item. We have a Zojirushi NS-MYC10 rice cooker. This is a "fuzzy logic" rice cooker …

  • Sun 03 August 2014
  • misc

The Shack is about to collapse

Maybe I'm behind the times to be hearing about this, but it's pretty unsurprising that Rat Shack is about to go the way of Laughin-Yet. A cursory examination of their web site (which to be truthful I haven't visited in aeons) shows that house brands are thin on the ground …

  • Mon 21 July 2014
  • misc

valve stem saga

Yesterday while I was on the way to the coffee shop the TPMS light came on in the Smart. Tires weren't flat so I figured I'd sort it out when I got home. But that's not where the saga starts. The saga starts 8 or 9 months ago when some …

  • Fri 18 July 2014
  • misc

a burst of activity

There's been a recent burst of activity on a mailing list I founded 25 years ago... for fans of a computer that was old even then (the DEC PDP-8).

  • Tue 08 July 2014
  • misc

new access point for the house

I don't know how I managed to miss that Apple revved the Airport Express in Summer 2012, but it's a pretty nice little AP. It does IPv6, but use as a home router is not what interested me about it (I already have that covered with a separate device). I …

  • Fri 27 June 2014
  • misc

Shocking...

Kind of like when you get new shoes and are amazing how good they feel, there's nothing quite like swapping out a set of shock absorbers that have north of 60k miles on them. Just sayin'.

  • Wed 25 June 2014
  • misc

I try to like Linux, I really do (and the OS version rant)

I keep giving Linux second, third, fourth chances... hoping that one of these days I'll deploy it on something without disappointment or drama. Aside from installing Ubuntu on random laptops with low expectations (run a browser and Wireshark), it just doesn't work out that way. The latest saga of misfortune …

  • Thu 22 May 2014
  • misc

Helium is expensive

There's a helium shortage on and though it might get better in the distant future, I'm not holding my breath. Places like Harris Teeter no longer give kids helium filled balloons because it's too expensive, and a generation of nerds risks growing up without witnessing firsthand the enhanced humor value …

  • Tue 20 May 2014
  • misc

because I didn't want green terminal text in my AIM session...

No idea if this was a problem in 10.8 (don't recall if it was a problem in 10.7), but getting way too many attributed copied over when I cut and paste stuff out of Terminal.app is insane. defaults write com.apple.Terminal CopyAttributesProfile com.apple.Terminal.no-attributes …

  • Thu 08 May 2014
  • misc

Example Networks and Domain Names for Documentation

If you're writing documentation for stuff that's used on the Internet, why not use the domain names and number resources that have been set aside for that purpose? Here they all are in one easy set, with references. Soapbox: Although it's a fairly common practice I'm opposed to the use …

  • Thu 08 May 2014
  • misc

The Propane Game

You definitely pay for convenience, but sometimes you pay too much. That's the feeling I've had about grill propane for a long time. I recently got three propane tanks "filled" at three different locations. The cost per gallon varied from $2.75 to $6.13. What a difference. For illustration …

  • Tue 06 May 2014
  • misc

Left-hand threads

Like my first car's driver's side lug nuts (1970 Dodge Coronet) or the left pedal on a bicycle, it seems that the toilet flush handle, at least the plastic one on our 25 year old paleo-low-water-consumption-toilets has a left hand thread. I noticed this when I replaced the first toilet …

  • Tue 06 May 2014
  • misc

Password Escrow

Periodically the usual suspects post information germane to passwords-after-you-die. Nobody likes to contemplate his own mortality, but it creates a bit of a problem for your next-of-kin if they can't access various aspects of your digital identity after you pass on. Just today I got email from a friend who …

  • Tue 29 April 2014
  • misc

Overstuffed Packet Capture, or NICs That Are Too Smart By Half

When networks don't work as expected I often end up being the guy who gets called. Doesn't matter whether it's a friend's house or stuff from my group at the office, I enjoy a good technical puzzle and am generally happy to help out. Without going into a lot of …

  • Mon 28 April 2014
  • misc

Carping about CARP

It's long been my intention to write up a little bit here about CARP and how it can interfere with VRRP - a trap for the unwary. Without getting into a lot of rehashing of who did what when, the net result is that the OpenBSD folks decided to use IANA …

  • Tue 01 April 2014
  • misc

1000baseTrivia

Quick, is auto-mdix a mandatory part of the 1000baseT spec? If you're like me you're thinking "of course it is; I've never seen a 1000baseT port that didn't auto-flip - that's why nobody carries crossover cables around in their laptop bag anymore". Well, until a couple of weeks ago neither had …


  • Wed 19 March 2014
  • misc

Adding a ZFS filesystem on loopback mount to a SmartMachine

It turns out that vmadm (the ultra-spiffy JSON-eating wrapper around zoneadm, zlogin, and friends) is not quite capable of doing everything you might want to do to a SmartMachine/zone, particularly when it comes to modification. This is not entirely surprising; the culture of administering SmartMachines centers around a death …

  • Tue 18 March 2014
  • misc

Cisco 1231 Access Point Notes

While I wait for widespread availability of 802.11ac enterprise grade access points, a friend gave me a Cisco 1231 (dual radio) model as an interim solution. These puppies are a bit long in the tooth (A/B/G, no N, no WPA2 afaict) but it was still an acceptable …

  • Thu 13 March 2014
  • misc

fail2ban lives up to its name

A lot of folks use fail2ban, not just as a way of quashing brute force attacks on their infrastructure but also to keep the enormous logs that such attacks create in check. I was securing some boxes at $DAYJOB for a proof of concept rollout and ran into an interesting …

  • Wed 26 February 2014
  • misc

When was the last time you looked at your SSL stance?

If you're like me, the last time you gave your SSL configuration much thought was a few years ago when you regenerated some certs to use SHA1 instead of MD5. I'll even cop to having been a little behind the curve and waiting until January 2009 to get around to …

  • Tue 25 February 2014
  • misc

A conversation about datacenter power

Last fall, MT texted me asking what I know about European datacenter power. I know better than to get into that kind of discussion on an iPhone so I chatted back via AIM. I was a little bit surprised by how much power MT's company had provisioned to their racks …

  • Tue 25 February 2014
  • misc

FIOS Band Sweep (Washington DC/NoVA)

We recently got a digital-cable-ready TV (Samsung Smart TV), and nobody seems to list the channels available in Clear QAM on FIOS, so I told the TV to auto-program and away we went. Why's this interesting? Maybe you have a guest room or space in the basement or something - not …

  • Sat 22 February 2014
  • misc

iPhone Repair in Western NoVA (props to WiGoClinic in South Riding)

On Thursday the power button on my wife's iPhone 4S got stuck in the downward position, apparently permanently, so that she couldn't turn the phone on. This seems to be a common problem (if memory serves there was even an unsuccessful lawsuit attempt a year ago) and is one that …

  • Tue 18 February 2014
  • misc

Using your own router with FIOS

I've been a pretty happy FIOS (Verizon PON) user since moving to Leesburg two and a half years ago. We have both TV and Internet. I'm also a geek - I run our own router rather than using Verizon's Actiontec, have a commercial grade PoE switches in the basement, and generally …

  • Wed 12 February 2014
  • misc

Software installation notes for the Mac

As part of setting up a new-to-me Mac with a fresh OS copy on it, I took notes on what I installed and changed, both to share and to make it less painful in a few weeks when I do the work laptop. It's important to remember this is a …

  • Fri 07 February 2014
  • misc

On the occasion of a Sweat Equity Macbook Pro Upgrade

My 2009 MacBook Pro had been acting a bit dodgy recently and I'd promised myself a reinstall and upgrade to Mavericks (I never went to ML, having been happily running Lion for a couple of years now). Providence and a friend's neighbor with a glass of wine intervened in the …

  • Thu 23 January 2014
  • misc

Airing of Grievances X.509 web certificate edition

One month to the day late for Festivus I figured I'd share a little bit about how X.509 is disappointing, particularly in the arena of SSL certs used for web services. Some time ago I wrote a monograph on why providing https:// service on a content distribution network (CDN …

  • Fri 17 January 2014
  • misc

SmartOS vs. SmartMachine

A distinction that is often lost (and confused me at first) is that SmartOS is the whole banana (the global zone) while the userland/guest OS is often referred to as a SmartMachine. The documentation at smartos.org tends to focus on the former, while if one is looking for …

  • Fri 17 January 2014
  • misc

The T-Mobile / iPad 2 Saga

Back in December I got a stellar deal on a lightly used iPad 2 (64g/3G) for Kim. Lately, T-Mobile has been pushing their own special brand of crack - namely their "200 MByte/month free for life" plan, wherein one gets a SIM for the iPad (or Android or whatever …

  • Fri 17 January 2014
  • misc

Time Machine on SmartOS

I promised some articles involving doing things with SmartOS. One of the first things I did after getting the machine at home up and running was build a VM that contained an AFP fileserver that was capable of acting as a target for Time Machine. I built some external ZFS …

  • Wed 08 January 2014
  • misc

SmartOS Overview

About a year and a half ago I became aware of a pretty cool OpenSolaris offshoot called SmartOS. A year and a quarter ago I started using it at home to power the home VM platform (TFTP servers, DHCP server, DNS server, AFP-speaking backup target for Time Machine). We put …

  • Sat 04 January 2014
  • misc

First!

Bacon ipsum dolor sit amet drumstick andouille ground round fugiat tempor, turkey salami. Ball tip ham hock ad reprehenderit laboris, duis sirloin pariatur pig. Hamburger sirloin frankfurter eiusmod cupidatat, pig pork chop dolore mollit nisi. Magna in cupidatat et consectetur ham hock. Quis irure eu est tail minim jowl duis …

  • Sat 04 January 2014
  • misc

Musings on North American / International power

This is the email that started things rolling. I suspect that Avi looped me in because I used to work at Afilias which has medium sized nodes sprinkled across multiple continents. The person I sent it to is a fellow from the UK who was asking about what kind of …

  • Sat 04 January 2014
  • misc

Useful places to buy stuff...

Some months back I was at lunch with our lab guy and we started talking about places to buy "stuff", where "stuff" is broadly defined as off-the-beaten-path things that are useful in our professional or personal lives. Stuff that you can't get at Home Depot, Lowes, Tractor Supply, etc. Here's …

  • Sat 04 January 2014
  • misc

Why I'm here (Avi made me do it)

In the fall of 2012, Avi Freedman got some email from a fellow in the UK asking about the characteristics of power feeds he was likely to encounter in North American datacenters. Avi said he wasn't sure but that he bet RS knew, and CCed me on the reply. He …