Skip to main content

Posts

Showing posts from April, 2019

The best and worst programming languages of 2019

Every few days there is a post on my Google stream that says "best programming languages for 2019"..."worst...", "top 10"... and so on. WHAT A COLOSSAL MESS!


I've been a programmer for over 35 years and so I've seen the birth and death of many languages, operating systems, system designs, and system principles. Just for some scope I have implemented commercial level hardware, firmware, operating systems, UI, scripting, databases, network security, about 30 different languages including internals and so much more. I've seen the birth and death of smalltalk and macro assembler and the COBOLinazation of Java. Maybe I know a thing or two.

A few years ago I started work for a client that wanted report after report after report. None of the languages available have any sort of framework or even best practices that could be used to pull data from a database, analyse it, and then export it to any sort of file. Then there are other needs like schedulin…

Blankets

Do you really need a sleeping bag when you are hiking or camping in Florida? That's a tougher question than you would think. First of all sleeping bags provide a certain amount of protection that is only matched by a blanket and bivy combination. But in both cases we are challenged to regulate our temperature, comfort, staying dry and keeping the bugs out.

Klymit Vera Blanket - $79.95; 58x80; 23oz. Special features includes a footbox which doubles as a sack although not compressible (included separately) and small hand pockets in each corner. And snaps.

Alps Dayventure Waterproof Blanket - $49.99; 58x80; 35oz.

Alps Wavelength Blanket - $69.99; 54x80; 36oz.

Sea To Summit Reactor Fleece Liner - $84.99; 15oz. A liner is just that. While it can be used alone it was intended to be used in a sleeping bag. Both to keep it clean and to raise the temp. STS has several models with different temp ranges. One place it fails is that they are not windproof and so temp can be effected if you are…

Advice for new car purchase...

If you're having trouble with a new car sale and you happen to get to the GM and he or she makes a statement like....
I want you to be happy so if you're not happy we'll take the car back. DO IT DO IT DO IT... there is probably something wrong and your better off Uber'ing around for a few days until you can get the right situation. It happened to me and I'm still trying to unpack myself from the contract and what the real cost to my soul was.

ATT good news bad news

It seems that it is well documented that ATT has managed to screw up their Pace Pic model 5268AC with the firmware version 11.1.0.531418-att. While the default mode is DMZ all of the firewall/port forwarding rules are OFF by default. This is normal and fine but if you want to do some advanced work like remote desktop, secure shell, or even hosting your own website or service then you need some advanced knowledge.

Where things get annoying is that if you want to L2TP/ipSec into your home network then you need to be in bridge mode because ipSec requires access to protocols other than just TCP and UDP.

And as I'm tired of this problem ATT customer support was useless. They were clearly working from a script and no grasp of the problem.

Edgerouter IPSec Split Tunneling

Background

You have a sever/network behind a Ubiquiti Edgerouter configured to be an IPSec server.

You have an Android or ChromeOS device that you have configured to connect to the IPSec server and the allowed networks/devices behind it.

Definitions

There are essentially 3 types of configurations an admin or corporate security might specify... and without knowing the exact terms myself...

1. forced no way out. - all network traffic is sent thru the VPN but there is no way back to the public internet.

2. forced tunnel all. - all network traffic is sent thru the VPN and all public access too. This is what many VPN vendors are selling and how some ISPs improve performance to the last mile by compressing data.

3. just the allowed networks. - only packets destined to the allowed IPs and CIDRs will be routed through the tunnel.

This is a bit frustrating because unlike OpenVPN there is no "push" and so the client makes certain decisions about what goes where. While there are so many…

Ubiquiti Edgerouter or Netgate pfSense

The average home user should just use the ISPs defacto services. The price is typically reasonable including warranty and support. Simple economics should provide the realization that once you start to add hardware you add to the amount of training, support, attack vectors, and so on.
How many times have you called your ISP for support and they want you to connect directly to the modem, bypassing your router, and test whatever it is you are reporting? For me it's every time. But once you start to live a mobile or semi-mobile lifestyle you either have to move certain elements into the cloud, everything to the client site, or at home. The first 2 are obvious and the client site is the easiest because you're not likely managing that service making daily life easy. I prefer to function in the cloud but it does leave some systems vulnerable. And phoning home has it's own set of vulnerabilities.

One client is in a constant state of change. It's impossible for me to deploy a