I’ve been posting crap on here at least since I first set up and switched to Octopress in 2009. I’ve had a few posts I meant to finish, a few posts I wrote and never published, and a select few that I removed. There was some motivation I guess to profess my values to others from the comfort of my own sandbox, but even in 2009 the idea of having your own site had started transforming into a rented parking lot at one of the walled garden estates. Having your own irc channel or Teamspeak/Mumble server turned into having “your” Discord server. Like real life, Internet life has become one of renting and not of owning, and you can be evicted on a whim at any moment, no squatter’s rights exist online.

I really don’t see much getting better about the Internet until the problems of monopoly and monopsony are addressed at a fundamental level. The stochastic parrot economy is going to make this even worse, since your landlord probably already sold your intellectual works (known depressingly today as “content”) or else had it taken out from under them while they were busy monetizing with ad tech.

The idea of “life imitates art far more than art imitates life” has sort of come to describe how I see the world, except “offline behavior imitates online behavior” with Twitter tantrums and the celebration of narcissism. I do find the whole Twitter/X thing ironic, as I can recall reluctantly having to cut a check to x.com 22 years ago because they had fucked up the Paypal/eBay payment processing. Maybe because some giant idiot had a shiny toy they wanted to show off, who knows?

I’ll be leaving this blog as is up as long as I still maintain my site, but I doubt I’ll be writing any more here.

So long, and thanks for all the fish

I purchased the Edgerouter to replace my old D-Link DIR-655 WiFi/Ethernet router that I had used for years. The router firmware was no longer receiving updates and I was a little perturbed trying to do some uncommon configurations with it. I looked around, and although I don’t have the research material I used back then, I was trying to find something that allowed the configuration options I wanted without having to buy something big and expensive from Cisco. The ERLite-3 worked really well, and provided the network separation I wanted between my WAN connection, my lab/server network, and the network with Wi-Fi access.

Eventually, there were a few things I started to dislike about the ERLite-3. First, firmware updates were less frequent, and eventually they bifurcated into a 1.x and a 2.x version. I had read about stability and performance issues in 2.x and had remained on 1.x even though the updates I felt were getting behind issues I was noticing on security sites. The NAT slipstreaming attack and DNS Redirect were just some of the issues I wanted to solve. Additionally, Ubiquiti or UniFi or whatever they call themselves now were pushing more and more towards management via “apps” on iOS or Android. To me this is a terrible idea, introducing the requirement of these ecosystems into managing my home network. I don’t trust these devices and I don’t know how you’re supposed to trust your network infrastructure management to something running on one. A web-based configuration was a dependency I was reluctantly dealing with, but fuck having to depend on a proprietary device to remotely control my router. It’s the same reason I hated Apple’s Airport devices. Finally I thought it might be a good idea to get off of the Edgerouter and replace it, but what to replace it with? A long time ago I remember using Freesco but figured there were probably better options today.

Luckily I’m not the only one looking to replace this device. That blog had a well reasoned explanation for what they chose, which in the end was a Netgate SG-1100 running pfSense. I have seen pfSense discussed quite a bit on different subreddits and blogs, so it seems like a reasonable choice. However, those choices didn’t feel right for me, as it would still be coupled to one vendor’s choices like with Ubiquiti. I was glad they mentioned PC Engines as it seems like a great choice for this type of hardware project. I also came across this site that someone assembled describing a router using OpenBSD and its pf capabilities. After my experience with Ubiquiti, this was a more appealing as I should be able to use generic hardware and pick my software stack. If I found OpenBSD lacking I could always switch to a different OS.

I ordered an apu2e4 system from PC Engines as it provides the same 3 NIC configuration that the ERLite-3 had. I decided to go ahead and use OpenBSD and found this page which gave a nice overview for booting a similar system with OpenBSD. Setting up the OS was pretty easy (although it had been a long time since I used a serial TTY) and I was ready to dig into setting up a replacement for my existing network. This meant I’d need to configure the 3 networks, DHCP, and a pf.conf that was at least as good as my current router setup.

Setting up pf.conf the way you want is a little tricky. For one thing, you see in alot of configurations they rightly block access out on the WAN network to any RFC1918 addresses. However, while testing locally, my external network will be a restricted network, as I’m testing it within my existing NAT’d network. Not only that, but to access my cable modem, I have to allow access to at least one specific class C network address. Things like this made getting a final configuration hairy. I was able to test my firewall rules by plugging in 2 machines to the 2 internal networks and doing basic port and nat testing within my existing network. Finally, it was doing everything I figured it should, and I made the switch. I had to shut down the ERLite-3 and then boot up the new box. Of course, a few last minute fixes were required before everything “worked” but those were mostly things I realized I had to fix about the WAN DHCP client configuration.

I’m very happy with how things are working. I ocassionally need to fix a few things, but I keep my pf.conf and dhcpd.conf files in version control so it’s easy to get back to a last known working configuration if something breaks. I don’t have any WebUI or dependency on some proprietary vending machine to manage my router, everything can be done via restricted SSH connections to the router. It’s a return to simpler times in alot of ways. I also find updates more frequent than I did with either D-Link or Ubiquiti, and there is a wealth of information online for mitigations and advisories. I don’t think OpenBSD is necessarily better at everything, but I appreciate the focus being on security and simplicity which is exactly the sort of thing you want on a box that’s just routing packets.

Coda

It felt a bit sad to remove the last MIPS system I still have running. I know it’s possible to flash it and install a different OS, but I read about some pretty ugly problems people doing this have run into with the storage the ERLite-3 uses. I decided to just factory reset and put it back in the box, hopeful that one day I can sell it to someone who wants it.

I used Ansible at a previous job and found it much less complicated and annoying than previous options I had tried. Basically how we used it was to set up a base machine image from an AMI that had some initial configuration done. We then ssh into the host and perform tasks depending on the playbooks and roles specified in the inventory. The process made setting up a specific type of machine consistent even though it was still running on groups of machines via ssh at a time. I had begun investigating ”baking images” the way Netflix described, and that sounded good, but never got much further with it.

Time went by and I left that job, but for my personal site I stuck with essentially the same idea, of course not using AWS because why would I contribute to that human catastrophe. I had initially used linode to host the server side of my ill-fated iPhone application as described here. A co-worker had recommended linode as an alternative and so far I have had no reason to complain. But you can’t exactly utilize AMI-centric techniques for their platform. Enter Packer.

Packer allows you to add a layer of abstraction on top of different hosting providers. They support the mollusk eating psycho, vagrant, VMWare, docker, linode, and many more. Normally, adding an extra layer like this is a dumb idea, because it’s just extra complexity to do things you could otherwise. What I like about most of the tools by HashiCorp is that they allow you to focus on common functionalities without getting wrapped up in all the particular idiosyncrasies of the individual providers. Since there isn’t a well-defined standard that all these providers support, and since if that did exist in the current ecosystem, it would just be dominated to be done the way the largest players wanted it, the tools HashiCorp gives a close approximation of one. I think of it very similarly to scraping webpages for sites that don’t provide APIs or provide broken APIs that don’t expose features that the platforms feel is a competitive advantage to their walled gardens.

With packer, I can create a docker image, a linode image, and any other image that I might need. Good, so now I’ve got an answer to the problem I had 7 years ago. Here is the first example of where the abstraction layer provides an advantage. If I wanted to run my server in docker, I could use any number of options for docker, but that doesn’t really get me what I want, unless what I want is to run a docker container on my web host. I do not. This is where the concept of provisioners comes into play for packer. I can still use Ansible as before, but now I can target a docker image, a linode image or any of the previous options I mentioned. For example, here is what building an nginx server using docker and Ansible as a provisioner might look like:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

{
    "builders": [
        {
            "changes": [
                "ENTRYPOINT [\"docker-entrypoint.sh\"]",
                "EXPOSE 80",
                "CMD [\"nginx\", \"-g\", \"daemon off;\"]"
            ],
            "commit": true,
            "image": "debian:10",
            "type": "docker"
        }
    ],
    "post-processors": [
        {
            "repository": "greymeister/debian10-test",
            "tags": [
                "latest"
            ],
            "type": "docker-tag"
        },
        {
            "type": "docker-save",
            "path": "test.tar"
        }
    ],
    "provisioners": [
        {
            "script": "../scripts/test.sh",
            "type": "shell"
        },
        {
            "playbook_file": "../../ansible/test.yml",
            "type": "ansible",
            "user": "root"
        }
    ]
}

There’s a couple of things going on here, first, I’m using docker for my builder with my docker-specific options. Some will look familiar because they’re the same things you would put in the Dockerfile. In post-processors I have specified docker-tag and docker-save to both tag my image in my local docker as well as generate a tarball for the halibut. The last section is for provisioners, which I’ve selected 2, both an arbitrary shell script and an Ansible playbook. You can see the referential paths because I have all of this in one git repository, which makes changing things much easier for me. The layout is something like this:

1
2
3
4
5
6
7
8
9
10
11
12

|-- Infrastructure
  |-- ansible
    |-- roles
      |-- debian10
      |-- nginx
  |-- packer
    |-- docker
    |-- linode
    |-- scripts
      |-- test.sh
  |-- terraform
    |-- linode

It’s pretty handy to be able to make all of these changes at once. My playbooks are pretty simple too:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

---
- name: Provision Python
  hosts: all
  gather_facts: no
  tasks:
    - name: Boostrap python
      raw: test -e /usr/bin/python || (apt-get -y update && apt-get install -y python-minimal)

- name: Provision Debian Utils
  hosts: all
  tasks:
    - name: Add debian role
      import_role:
        name: debian10

- name: Provision nginx
  hosts: all

  tasks:
    - name: Ensure nginx configured with role
      import_role:
        name: nginx

- name: Container cleanup
  hosts: all
  gather_facts: no
  tasks:
    - name: Remove python
      raw: apt-get purge -y python-minimal && apt-get autoremove -y

    - name: Remove apt lists
      raw: rm -rf /var/lib/apt/lists/*

I was very much inspired by this post on how to use Ansible with packer. It’s been pretty straightforward. This site is now hosted by a machine using this setup and I plan on trying to move some older VMs I have into this scheme. My next challenge will be setting this up to talk to something other than docker because I don’t want to have to deploy that way for all of my local services, but that’s still TODO for now.

Software people, especially those that work on webshits, love complexity. I don’t mean that they necessarily seek it out but it seems like many find using the latest big pile of code irresistible. Unfortunately, build systems have not escaped this. Now, not all of them have been accused of ”russian hacks” by ignorant people, but they have real annoyances all their own. I’ve used several myself and they’ve all been painful. The least painful solution I have opted for recently was Jenkins but even it’s gone all ”enterprisey” it seems. Between trying to sift through dozens of Jenkinsfile groovy hacks and the unintelligible Job DSL that I deal with at work, the last thing I wanted to do was deal with that at home.

So when it was time to set up some basic structure for deploying my site, I was determined not to bring a CI system into the mix. Sure, it wouldn’t be “fully-automated” but it would be hardly worth doing that for an infrequently updated blog. People getting fixated on “automating everything” even for things that really don’t deserve it is another strange affliction I’ve noticed. Remember when Boxen was a thing people wanted to opt into? Gee whiz mister, sure, let me have your ”solution” to IT on my personal machine, that’ll be a blast. Oh wait, you stopped supporting it? Whoops!

All I needed was a consistent storage mechanism for the tarball that I build from my blog source. Having older versions available for any oopsies would be great too. I ended up using the following:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

reposrv := foo
repodir := /bar
version := $(shell date +"%Y%m%d%H%M%S")

all: public.tar.gz

public.tar.gz:
  rake clean generate
  tar -C public/ -czf public.tar.gz .

upload: public.tar.gz  
  scp public.tar.gz ${reposrv}:${repodir}/public.${version}.tar.gz
  ssh ${reposrv} "cd ${repodir} && rm -f public.latest.tar.gz && ln -s public.${version}.tar.gz public.latest.tar.gz"

clean:
  rake clean
  rm -f public.tar.gz

As you can see, it’s pretty simple. After I build I push a copy to a location that is available via HTTP (in this case, it was an empty WebDav share on my FreeNasTrueNas machine). I then make a symlink to the latest version (the one I just uploaded) so that I have a consistent location to pull the tarball from. It’s very simple and I doubt I will have to redesign it everytime someone decides to go all CADT on something I have the misfortune of using. Cleaning up old builds would be something I could do as part of the Makefile or just as a 🌽tab later.

I’ll have more on what I’m using to set up my new servers soon and oh boy is it more complicated than I wanted.

Blog Upkeep

It’s obvious the blog needs some TLC. I need to go back through and find dead links and replace them with archived versions where possible. I also want to find places I’ve embedded YouTube videos and have alternate versions available, as I’m seeing more and more videos disappear from there. I also need to look into replacing Octopress, as of this writing I’m having to develop it in a docker container as it seems impossible to get Ruby 1.9.3 running on any system I have available. Truly it is a sign of the times that the tool I’m using needs ancient versions of openssl to generate static websites. The replacement preferably won’t depend on openssl, Ruby or npm.

Social Media

Due to recent events, I think I’m going to opt-out of all forms of social media other than direct messaging. I’ll have more to say about this in a subsequent post but suffice to say I think engaging in any of them at this time is unhealthy and I’ll take missing information over the alternative.

Personal

I’ve been in Kentucky after a death in my family. The speed at which video conferencing completely replaced in person meetings for work while also erasing any memory of how to communicate by voice surprised me. It has made working remotely pretty convenient, even with the time zone difference, but I’m certain most of that flexibility will be rolled back post-COVID. I’ve been investigating Jitsi and other software to setup video conferencing. It’ll be interesting to see how hard it would be for me, a simple developer babysitting a webshit data toilet, to do so without feeding into further tech centralization as a side project. The fact Skype is irrelevant and Zoom completely monopolized communication in this pandemic is something worth studying in a research project of its own.

I had to stop using my ”smart” phone as my MVNO is dropping support for 3G devices in 2021. I’m currently using a hand-me-down android dingus and I hate it. When it “stops working” (is no longer updated/supported) the next phone I’ll buy will probably end up without a keyboard as that seems to be the only option for people not wanting to buy into a tech monopoly on top of a carrier monopoly. Wonder how long until those are the same?

I’m still in the process of replacing ZeroTier with my own personal WireGuard setup for VPN to my network and server-to-server tunnels. I managed to have it set up in time for my trip home and it’s proven very resilient to my haphazard attempts to set it up. ZeroTier was very interesting but I appreciate the aspect of hosting it all end-to-end for myself without relying on a third party network.

I’ve spent most of my free time since October reading dead tree books I had queued up. I’m most interested in the hand-in-hand pace authoritarianism and monopolization seems to be moving at in the US. Reading good non-fiction is a great way to realize how bad I am at writing it.

Well that’s it, stay safe out there. The only thing that might be executed worse than public health during the pandemic is the vaccine rollout.

We use an S3 bucket and a DynamoDB table to manage Terraform state changes. This is used to compare with the tf source files in a repository to determine changes in AWS that are necessary. I needed to split some Terraform source files into separate repositories, but just moving the source will not work the way you might want. When you run terraform plan on the old repo, the files that you moved will still be in the state file, thus, Terraform thinks it needs to delete these and will attempt to do so. This means those resources will be removed if you apply the plan. You then need to run plan and apply in the new repository to create them in AWS again. This works if you don’t mind the AWS resources getting removed temporarily.

If you need to move Terraform source files but do not want the AWS resources removed, you have to manipulate the state files directly with Terraform. In this scenario, I’m moving Terraform to a new S3 bucket and want to move some of the resources therein. Note that the version of Terraform used must be consistent between the two repositories, at least while migrating.

1. Backup old state file

Go into S3 and download the file that contains your Terraform state. This is a fail safe if anything goes horribly wrong.

2. Pull the old state file into a local file for modification

1
2

terraform init '-input=false' -reconfigure
terraform state pull > ../../old.tfstate 

3. Get the list of modules from the old state

1
2

terraform init '-input=false' -reconfigure
terraform state list > ../../old.module_list

4. Create the new state file

You might need to create and delete an AWS resource to generate an empty state file. The empty state file should look something like this in S3:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

{
    "version": 3,
    "terraform_version": "0.11.11",
    "serial": 3,
    "lineage": "b63aef7c-1042-48eb-a162-ed8f1137a9c3",
    "modules": [
        {
            "path": [
                "root"
            ],
            "outputs": {},
            "resources": {},
            "depends_on": []
        }
    ]
}

5. Pull the new state file into a local file

1
2

terraform init '-input=false' -reconfigure
terraform state pull > ../../new.tfstate 

6. Edit the old.module_list file

This file contains all of the resources that are referenced in the old module state. You will have to edit this file and find the resources you want moved to the new state. Remove all of the lines that you want to remain in the old state file.

7. Migrate the modules from the old state file to the new one

Terraform will not move state from one remote file to another, which is why you have to retrieve the state files locally. Once you have them locally, you are able to move state from one to another using Terraform commands. This can be time consuming if you have to move several resources, so you can use a script like the following:

1
2
3
4
5
6
7
8

#!/bin/bash

filename="../../old.module_list"
cat $filename | while read line
do
    echo $line
    terraform state mv -state=../../old.tfstate -state-out=../../new.tfstate $line $line
done

Run this script and it will move all of the modules you left in the old.module_list file from the old state to the new state.

8. Push the local Terraform state to the S3 backend location

Run this from the new location

1
2

terraform init '-input=false' -reconfigure
terraform state push ../../new.tfstate 

Run this from the old location

1
2

terraform init '-input=false' -reconfigure
terraform state push ../../old.tfstate 

9. Check your Terraform plan

Run terraform plan from each location and verify there are no state changes present. This should happen if you’ve correctly moved over the modules to the new source location, and removed the terraform source from the old location.

As initially described in my blog post emoji.xyz was a fun side thing I did while I was working on a project that was based in nodejs. I do not care much for javascript and I have avoided updating the project because I did not want to delve back into it. The libraries I used were woefully out of date and I expected that continuing to run the service would eventually end up with some sort of exploit taking down my web host. However, trying to be as good of a netizen as I can be, I have implemented a way for the site to continue serving links that were already shortened. I’m updating the [repository](https://github.com/greymeister/emoji.xyz** to include the script. I didn’t want the links to die even if I stopped running the app.

I have mixed feelings about the legacy of URL shorteners, but they were probably a mistake.

Update June 2024 I let the site expire because another person wanted to use it and it’s one less cert/domain to maintain.

I have had FIOS for the last 5 years but after my recent move, the only option I had available was cable Internet. I was greeted this morning with the following popup injected onto my personal site:

Now, I had read about how Comcast was injecting content into HTTP sites but had been lucky enough not to endure it personally. The fact that they are MITM my browsing is bad enough, but they just let me know that my connection is metered as well. One could ask “Why would you be using over 1 TB of Internet Traffic?” One could respond with “Fuck you, it’s none of your business”, but this month I was downloading the last of my S3/Glacier backups so that I could move them to something reliable without handing more money over to a company working against my right to privacy. I apparently have 2 “courtesy” months that, once exceeded, I will get charged a pretty ludicrous fee for going over in 50 GB increments. I of course could hand over an additional $50 a month for uncapped traffic, which would put my monthly Internet bill over $90.

I have used digitcert to purchase an SSL certificate, but I had heard about letsencrypt and decided to try using certbot. It was relatively painless and as of the publication of this post, they are providing the certificate my websites use. I agree with n-gate that putting HTTPS on everything is unecessary and a sign of things being broken, and had avoided doing it until this incident. I wish I had better solutions but for now I’m stuck.

These sorts of intrusions are why I support the EFF even if they get some things wrong like advocating DOH. I will be supporting letsencrypt considering the amount of money that their service has saved me from purchasing commercial certificates.

I am using the omnios-r151030j release as of this writing. According to the documentation, OmniOS CE recommends using bhyve branded zones over KVM for performance. I wanted to migrate my Tiny Tiny RSS Ubuntu machine over to a zone on the OmniOS server, so I started with the bhyve flavor. I defined the zone as per the example on the omniosce.org page but used my ubuntu-18.04-live-server-amd64.iso for the installation file system. I started the zone with zoneadm with another terminal using zlogin -C ubuntu and I got a blinking cursor that hung around until I halted the zone. After some research, it seems maybe this kernel was too new for bhyve, so I downloaded ubuntu-16.04.6-server-amd64.iso and tried that. This time, instead of just a blinking cursor, the zone immediately halted. After some additional research, I zeroed in on switching the bootrom attr of the zone to BHYVE_RELEASE instead of BHYVE_CSM_RELEASE which got me the ubuntu installation menu. I then had edit the boot menu option to utilize a serial console for installation. The installation went smoothly, and after the zone rebooted, I got the CD installation menu again. I tried changing the bootorder attr to dc instead of the default cd, but that also did not seem to make it boot off the virtual hard drive. Finally, I went into the bhyve EFI menu, and noticed that the virtual hard disk did not appear. I tried adding it manually but that also did not succeed.

After some frustrating hours of trial and error with zonecfg and zoneadm, I found two more pieces that worked. Firstly, I switched the diskif to ahci instead of the default virtio. This made the disk appear in the EFI menu (although I could never figure out how to use it by default, other than removing the cdrom attr and fs from the zone). The second thing I learned from a closed zcage GitHub issue that linked to a FreeNAS bug that included copying the grubx64.efi file into a different location on the boot partition. The last step was to configure grub to use the serial console on boot which was best documented here. For reference, here is the working zone configuration file I have that boots the bhyve branded zone from disk:

1
2
3
4
5
6
7
8
9
10
11
12
13
14

<?xml version="1.0"?>
<!--
    DO NOT EDIT THIS FILE.  Use zonecfg(1M) instead.
-->
<!DOCTYPE zone PUBLIC "-//Sun Microsystems Inc//DTD Zones//EN" "file:///usr/share/lib/xml/dtd/zonecfg.dtd.1">
<zone name="ttrss" zonepath="/zones/ttrss" autoboot="true" brand="bhyve" ip-type="exclusive" debugid="9">
  <network physical="vnic0"/>
  <device match="/dev/zvol/rdsk/tank/bhyve/ttrss"/>
  <attr name="bootdisk" type="string" value="tank/bhyve/ttrss"/>
  <attr name="diskif" type="string" value="ahci"/>
  <attr name="ram" type="string" value="2G"/>
  <attr name="vcpus" type="string" value="1"/>
  <attr name="bootrom" type="string" value="BHYVE_RELEASE"/>
</zone>

Here is the relevant section of /etc/default/grub file on the ubuntu zone to boot with the serial console:

1
2
3

# Uncomment to disable graphical terminal (grub-pc only)
GRUB_TERMINAL='serial console'
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"

Overall this has been a decent learning experience, but I’ve also played around with some lx branded zones. They also took some interesting tricks to get running, but are much nicer to deal with. They natively support zlogin without needing to specify -C option, as well as not needing a separate zvol for their disk. The one thing I can do so far with a bhyve branded zone is limit vcpus and memory, which I have not managed to figure out yet with lx branded zones.

Since my first laptop, a Sony Vaio, laptops haven’t really changed much. They have faster hardware, bigger screens, and more battery life. Basically just iterative improvements taking place over 10 years. My MacBook Air was the lightest and most powerful laptop I’d ever had all at once. I had been using that until 2016 when I started a new job and was issued a Mid 2015 15” MacBook Pro. After using it for a few months, I got over the heft of the MacBook Pro vs the Air for daily carrying and got used to the performance improvement. Using the MBA started to be annoying when watching HD video would beachball or outright crash the system over and over. I looked around for some non- alternatives but didn’t really see anything compelling. I saw people at work start to be issued the first MacBook with the touch bar and right away I could tell it wasn’t for me.

The reason I bought a new (new but over a year old) 2015 MacBook Pro was that despite how cynical I had gotten about the direction  had been going in with its hardware, it didn’t fully sink in how bad it could git until I saw people using the new ones. What a piece of shit. The touch bar does nothing useful, the USB port immediately requires a giant dongle that is very inconvenient to plug in external displays and peripherals. The keyboard is shit. All of these tradeoffs are for things I don’t want or need, so I have no interest in ever owning or using one. I realized that if I wanted a more powerful laptop than the MacBook Air, I’d better get one of these last tolerable MacBook Pros.

The software changes have been just about as welcome as the hardware changes. I’m currently running El Capitan on my personal laptop, while my work laptop was force upgraded to Sierra. All that managed to do was break the Hush app I have been running since  introduced spam for the desktop. I looked to see if there was a newer version but it seems like the app was erased from existence on the Internet. I guess it’s bad form to allow users to silence a potential revenue generator on their personal computers in 2018. I especially like the notification that appears anytime I used a browser other than Safari. Way to take a page out of the MICROS~1 playbook you dicks. You can try to hide them by having them only show up for one minute of the day but even that doesn’t work all the time.

Now  plans on removing OpenGL and OpenCL support from their latest release and making “macOS” applications work more like iOS applications. That’s no surprise, they’ve been moving towards that since the Forstall days and good riddance as far as I’m concerned. I do about 80% of my work in a hosted GNU/Linux environment at this point and eventually I’d like to just wipe the disk. Right now I still need it running somewhere so I can access the stuff I’ve bought on iTunes but that’s fine to run in the background while I fullscreen a remote VNC session.

The final chapter of De-Applification is well underway and all that remains is to eventually find some computer that isn’t hot garbage once this one dies.

We all live in a house on fire, no fire department to call; no way out, just the upstairs window to look out of while the fire burns the house down with us trapped, locked in it.

LG Xpression 2

While clearly not a smartphone, I believe using a phone like this is smarter than opting into the bullshit ecosystem of Apple, Amazon or Google in 2018. Every piece of technology is a tradeoff for convenience, but somehow people forgot that and just assume it’s necessary to carry around one of these things. After being free of any smartphone for about a year now, the illusion of their necessity has vanished. I do feel like carrying a cell phone daily is still worth the tradeoff for me, I don’t have a land line and have to be reachable while at work. Ideally I wouldn’t use one or at the very least, not carry it around with me.

As to which model you get, it really doesn’t matter. This phone worked for me but YMMV. Find something cheap and expendable that you can get a signal with. As of this writing, AT&T didn’t even offer plans without some data surcharge. You could opt for pay as you go which I may do in the future.

Garmin Drive 50

I still find it useful to have GPS for when I’m driving somewhere new or in a congested area. There are several Garmin models to choose from, but most of the new ones offer some sort of app integration which is superfluous. This particular model seems fine. The map update feature requires you to plug it into a PC with USB and run an application which has been a little flakey. It gets the job done and is as accurate as the directions on my last iPhone.

MP3 Player

There are still models that you can get new, or you may have one lying around. If you were in Apple hell you can opt to do what I did since I already had most of my music library in iTunes and use an old iPod Nano. What was remarkable to me is that I can manually manage music on an iPod from multiple computers! What a novel concept that was removed from the iPhone? The OS hasn’t had any updates in a very long time and so I’m sure it’s vulnerable if I had Bluetooth enabled. The nice thing about that is the worst case scenario is losing some mp3s that I have elsewhere. I’d like to try out a non-Apple MP3 player when this iPod inevitably dies, but no sense in buying another one yet.

Field Notes

You don’t need to buy this particular brand, but I’ve found having a small notebook I can carry around in my pocket has served adequately for note taking. They come with the added benefit of being cheap and requiring no updates. I’ve bought a few packs and have enough to last me for years to come.

Summary

I’ve found after selling my last iPhone in 2017 and using these devices, I have made the minimum tradeoffs for all of the convenience I had previously. This comes with the added benefit that I don’t have to worry about security updates walled behind some designer’s shit ideas of how I need to do things I’ve managed to do just fine for years. Try it out, you might be surprised. And you know the thing they have in common? They’re cheap.

When I see a job requirement list like the following, I really have to wonder about what the day-to-day would be.

My guess is that it is a nightmare of bad management and poorly made technology decisions, but thankfully I’ll never know.

When the new Mac Pro was announced, my enthusiasm for Macs was already in decline. I was a little disappointed that the classic cheese-grater look was going away, but it made sense given the tendency that Macs were getting smaller, more streamlined designs. The hardware was a significant upgrade compared to my 2008 Dual Quad Core Mac Pro. That machine, in retrospect, was one of the most reliable computers I ever owned. Its hardware expandability allowed it to stay useful and performant 6 years after its manufacture date. This new, ashtray Mac was more akin to the retina Macbook Pro, there were little or no options when it came to upgrading the machine. OWC and some other shops eventually offered upgraded components, but it was certainly not going to be with any components that were readily available. The only way to add SATA drives would be through expensive Thunderbolt drive enclosures. The optical drive would have to be a USB Superdrive. For HDMI video capture, I’d either need an expensive Thunderbolt capture device or an expensive Thunderbolt PCIe enclosure for my current capture card. There’s a theme to all of this, but I’ll revisit that shortly.

I eventually took the $6000 [≈ 2007 CEO hourly pay] plunge and got a model that made tradeoffs I could live with. The benefits to the new design were instantly recognizable. The machine is almost silent. I thought the 2008 Mac Pro was quiet for such a powerful machine, but sitting next to the 2013 Mac Pro, there was a noticeable difference. The 2013 Mac Pro is also very small in comparison, I have shoeboxes that are larger. That might not be a selling point for everyone, but moving across the country has taught me to appreciate the cubic centimeters of boxes. Everything that Apple had promised to deliver was proven out with this impressive, fancy new machine.

Recall that previously I mentioned all upgrades would largely need to be based on the 6 Thunderbolt ports the Mac Pro has. I started with adding an Elite Pro Dual to have some fast temporary space off the main SSD for video files. The two SATA drives in it were previously inside the 2008 Mac Pro, so those were already on hand. I also added a very nice Aja ioXT HDMI capture device to replace the Blackmagic PCIe card I had been using. I also connected an older USB 3 enclosure that had been hooked up to the 2008 Mac pro to one of the Mac Pro’s USB 3 ports. After some time and a lot of money, I essentially had reinvented my old setup. But at what cost?

Certainly there was a financial cost, as pricing for Thunderbolt devices seem to be “take the cost of a USB or Firewire device and then multiply it by 1.5.” There was also a very noticeable desk space cost. While the 2013 Mac Pro took up much less space than the 2008 model by itself, I had the 2008 tower underneath my desk. Now I had to make new space on my desk and around it for all of these peripherals that replaced the internal drives and PCIe capture card. On top of that, I had to dig out an old power strip because of my new set of required AC adapters. There was also the Thunderbolt Kudzu growing from beneath my desk, spreading to every corner. One day while cleaning up, along with the occasional unmounting of a drive and a device getting knocked out of its surge protector, it dawned on me:

The 2013 Mac Pro is a fancy laptop.

Sure, a laptop with more powerful hardware, but also a laptop without a screen, battery, or mobility. For years, the solution to using a Macbook Pro for professional work was a collection of cables and chords to connect all matter of periphery to expand it. It’s not that I don’t use laptops or begrudge their usefulness, but this machine seemed to come with all of the drawbacks of a laptop with none of the benefits.

My idea of a home office workstation is a machine that fulfills many different roles, some of which the 2013 Mac Pro did. I also prefer it to be able to run games, even if it has to dual boot or run a Windows VM. I also want it to be able to support running multiple virtual environments to test things for work or for hobby projects. That requires a lot of resources and a lot of flexibility. The cheese-grater Mac Pro was the last example of that combination offered by Apple. The 2013 and presumably later Mac Pros have limited flexibility to external expansion which, generally, was the only flexibility laptops had. My Macbook Air can connect via Thunderbolt to a CalDigit docking station which gives it Ethernet, display, and USB 3 ports. This is great, especially since I move my laptop around a lot and don’t want to have a lot of cables to unplug when I grab it. For a workstation, this provides no benefits at all (unless you happen to need to run workstations office to office which, given how expensive these are, I totally understand).

Interior flexibility and customization is actually much more useful for a workstation because it not only extends its usefulness beyond its initial technological limits, but because it provides simplicity with the literal and figurative “black box” of components it contains. When I need to move things around my workstation, I can turn it off, unplug it, and then move it. I don’t have to worry about which power strips its peripherals are plugged into and which combination of chords I need to orchestrate for everything to work again.

I used the 2013 Mac Pro for awhile and, although I eventually sold it, it was a very impressive machine. It turns out though that, much like their software, Apple Hardware is going in a direction that doesn’t really fit my needs.

I have been using Apple hardware and Software semi-exclusively since around 2007. I was very impressed when I first saw a consultant my company had brought in who used a Macbook Pro. That company I worked at in 2006 was a Windows-only shop, and I had naively assumed that was just what to expect. In my time at Universities, I had fallen in love with the GNU/Linux ecosystem. In 2006, I thought “Well, this is industry I guess” and started the long tedious battle for productivity against my nemesis: Windows XP.

The consultant had shown me some amazing things in a very short time. The first was, yes, this fancy laptop looked impressive. After working with it first hand, I learned it had very respectable hardware, and was running BASH natively. I felt right at home, the sludge and frustration of working in Windows COMMAND.COM world was suddenly lifted. He also set up VMWare Fusion or Parallels running a Windows VM. We hooked a monitor, keyboard, and mouse to the Macbook. One of us could be sitting at the Macbook using the built-in display and keyboard/trackpad using Leopard and the other less fortunate person (me) could sit at the external display and keyboard using Windows. The application had to work in IE and so the Windows side would usually just have a browser window while the IDE and application server ran on the host OS.

Within a year of that experience, I had other co-workers who were enthusiastic about Macs and Mac OS X. I had also gone to a couple of conferences where, unsurprisingly, most of the presenters used Macbook Pros. I saved up and bought a used 15” 2006 Macbook Pro. Not only was it lighter and faster than the ugly craptop my company had issued me, it looked fancier. Slowly but surely I moved to doing all my development on the Macbook Pro and let the craptop perform the one function it was fit for; a hot paperweight.

Those were happier times using Mac OS X 10.5 Leopard, and there was very little to complain about. Expose` seemed like magic to me. I could hit F3 and all of my windows would scale down to properly proportioned versions where all of them were visible. Macports was similar to FreeBSD and enabled most open source packages I wanted. VMWare Fusion wasn’t cheap, but it let me bring up IE as well as Office to open proprietary documents that every company I worked at loved. After buying a replacement battery, the Macbook Pro seemed to run noticeably longer than the craptop did. This, despite having replaced the CDROM with a second battery on the craptop.

All things, especially good things, eventually come to an end. The first signs were subtle little annoyances when I upgraded to 10.6 Snow Leopard. Expose` didn’t work the way it used to. It no longer spaced the windows proportionally across the screen. I may be inaccurately recalling this from memory, but I believe it made all windows the same size (why?). There was a hack that I applied to make it function in the old way, but it just seemed odd to me at the time that Apple did this. Why was I suddenly fighting my old war for productivity against this fancy operating system?

And then there was 10.7 Lion. This was the first time I honestly wondered if I had made the wrong choice in buying into the Apple ecosystem. I stumbled through that steaming pile of skeuomorphism, and 10.8 Mountain Lion was hardly an improvement. None of the changes served any benefit for my uses of the computer, but worse than that, seemed like an increasing set of fancy obstacles. Take your pick; “natural” scrolling, iCloud, Gatekeeper, Mission Control replacing Expose`, Springboard, or Spaces being eradicated. One by one features that I relied on were mutating into less useful variants, or going away completely.

10.9 Mavericks, the first non cat release with a fancy California name, is the last release I have used for any extended period of time. I find the Yosemite look and feel revolting. I realize I can’t run Mavericks forever, as security updates eventually become “upgrade features” for OS vendors. This leads me to the painful conclusion that Apple’s concepts of what an operating system should be is about as far removed as possible from mine. Realistically, I have to choose to either ignore my instincts and just get used to OS X caring about as much for user preference as Gawker cares about privacy or hit the eject button. Instead of fancy OS’s named after fancy California places with new, fancier California fonts, I’m done.

I plan on documenting how I do this in sequential posts because this will not be an overnight thing. Wish me luck!

After Twitter has been infested by these little and icons, I got interested in knowing more about them. As usual, all the best stuff is from Japan, but their use has become abundant, especially on social networks. If you are on a modern version of OS X on  hardware, you already see them in every browser without an extension or plugin, excluding one really dumb exception. Why not see if I can push the envelope a bit by now using them in URLs? One awesome site has already made use of this as a domain name, using punycode. That got me started down the trail of what I’d need to make this a thing.

After doing some research on URL shorteners, punycode, and emoji, I decided to throw together a simple site together to test the idea. I decided, against my better judgement, to do the site with node.js. I don’t think I need to rehash why JavaScript sucks as a language, so I’ll just feign ignorance for the remainder of this article. Express is a nice framework, much like martini that lets me set up some simple endpoints and serve static content easily. There’s a nice repo that let me get started.

The bulk of the work was getting the URL->emoji and emoji/punycode-> URL logic working. I decided to do the naive implementation of just using a monotonically increasing id as the key, and then some nice CoffeeScript for the encode/decode functions. I had to of course modify the alphabet that this was using, and instead of the a-zA-Z0-9 alphabet, I used the emoji unicode characters. It was a matter of taking the hex codes from the unicode characters from here, putting them into the alphabet array, and then wrapping punycode encodes and decodes around getting the values from the alphabet array. Otherwise, the code is identical to the original source.

I needed a source for the previously mentioned integers for URL IDs, so it seemed that throwing sqlite3 and Sequelize into the app for persistence was a quick solution. Obviously this means I’d have to move to a full RDBMS should I have to have multiple web servers, but honestly who would want to use an emoji URL shortener?

I put the (really bad) code on GitHub for the halibut. The site is live at emoji.xyz. You’ll notice the link generated has the href pointed at the punycode version of the URL, while the text shows the actual emoticon. That’s mostly because many applications expectedly do not handle the emoji character, and set the location to the portion of the URL preceding the emoji character(s). Feel free to use the Textexpander as well, I created a gist for it here.

I came to know about Octopress right around the time other people were talking about why static blogs were a better option than a) running a full blown CMS for yourself and b) hosting your blog on a service. I won’t go into the arguments about whether that’s true or not, but I bought into it. I used to run a Drupal site for myself, and when I started spending more time on Drupal security patches than I added content, I switched to use Blogspot. That worked for awhile, and you can read why I left that service. I toyed with Jekyll, gollum and some others, but ended up using Octopress.

I loved just about everything Octopress offered. It was really easy to generate my post, write some Markdown, and then deploy, all from the command line. The content was stored in git, which meant I could edit my blog from pretty much anywhere I wanted to without worrying about losing content. The default/only theme looked fine for my purposes, and with Typekit and Google Fonts I could customize what I wanted to. Everything was great right? And then, one time, I tried merging from the upstream branch to get changes they’d made to the Octopress core.

So that didn’t go very well. I decided I’d put it off for awhile since everything seemed like it was working, though I started to wonder if I was missing out on a cool new feature or some security issue. I also started to really feel the burden of hosting my own server. I was using a Linode server that was running a web service for my ill-fated iPhone app at the time, so having another virtual host was no big deal. After all the TLS issues in the last couple of years, again like with Drupal, I felt like I was spending more time with security updates than I was actually making content.

So when I read this post about how Octopress was going to change, I knew the day of reckoning had arrived. I either needed to wait to see what Octopress 3.0 was going to be about, or switch to an alternative. Then, I remembered Squarespace.

I created a a Squarespace page back in 2012 based on hearing about it on… well… every podcast ever. I didn’t do much with it, but I re-opened my account this weekend and started the (somewhat painful) process of importing my blog Markdown files into Squarespace posts. It seems like I am stuck using some ancient version without all the bells and whistles they advertise today, so I guess I have upgrading to that to look forward to. In the meantime, I am fairly happy with the results and can safely shutdown my server and not worry (much) about security problems and software upgrades.

I do not regret using Octopress, I really liked using it and I think it’s been a great project for anyone that wanted a slick static blogging system.

Now my only problem is figuring out what to write about…

10. Just Cause 2 Multiplayer Mod (Steam)

This is some of the craziest shit I have ever seen in a game, and all of it is awesome. It was worth including on this list for craziness alone.

9. DOTA 2

I had to try this out after all the hype, and it really is an interesting strategy game. The depth of this game is beyond anything I’ve ever seen in a strategy game, which is made all the more brilliant by its apparent simplicity. I don’t think I’ll ever play again unless I end up on a deserted island with broadband and nothing else to do, because that is the only situation I can think of where I would actually have the time to put in and get better at this game.

8. Eve Online (Steam)

I bought into the madness of this game after seeing the Giantbomb coverage of their event in Iceland. I was very happy that the Mac client was well supported and had a blast as I mined and traded my time away. Sadly I realized that I just don’t have the time investment necessary to enjoy this game, so I ended up having to unplug from this one.

7. Saints Row the Third (PS3/Steam)

See my comments on SR2, this game went in a really different direction than its predecessors. They really nailed the choices for music in the cinematic moments, and I wish I had the Adult Swim radio station in every other game now. I still haven’t finished it, largely after switching over to PC when my PS3 started to feel very sluggish, but that just leaves room for fun with this in 2014, along with SR4.

6. State of Decay (Steam)

Open world? Check.

Zombies? Check.

Jankyness? Double Check.

I didn’t have any expectations when I bought this game on sale, but man has it been fun. I haven’t finished the original game or tried the expansion, but I’m guessing I will be putting some hours into this game for 2014.

5. Shadowrun Returns (Steam)

The first Kickstarter game that I backed and then bought. Great memories of the older Shadowrun games and the Shadowrun RPG flooded back. They actually got decking right with this one! I beat the initial campaign and look forward to the upcoming German expansion next year.

4. Saints Row 2 (PS3)

I got this when I purchased SR3 in a bundle on the PSN store, and I didn’t really expect it to hold up. Strangely, despite having already played SR3, I really enjoyed this game. It feels much more like a GTA game than the later SR titles, and has a pretty expanded character customization library that neither GTA or later SR games have come close to matching. Really enjoyed playing through the campaign and I’m sad to see some of the great features they added with this title get left behind.

3. GTA V (360)

I started this on a friend’s XBox and it was enough to convince me to buy it myself. I wish I could have played this on PC, but after all signs pointed to a 2014 release date. So I bought a new 360 after mine had been retired after a Red Ring of Death sustained nearly a day after its warranty had expired.. A fantastic soundtrack and very interesting character-switch mechanic made it stand out from the Saints Row franchise, which had gotten better than GTA in about every other way.

2. Kerbal Space Program (Steam)

This game brought back fond memories of messing around with the Orbiter simulator. Except that KSP is way more fun at the cost of some realism. I haven’t played this as often ever since I migrated to a PC from my Mac, but I plan on having many more (mis)adventures with this game/tool/simulator.

1. Dark Souls (Steam)

I bought this after seeing the videos on Giantbomb and immediately got caught up in the successor to Demon’s Souls. I only played a few hours of Demon’s Souls, but Dark Souls has consumed a lot of the last quarter of this year for me. I think that most of the changes from Demon’s Souls were improvements, and love that it came out on Steam. Looking forward to many more hours of Dark Souls and whatever comes next with Dark Souls 2. I’m also grateful From Software didn’t put a stupid apostrophe in a pluralized title for this game.