Wednesday, November 13, 2019

dead pixels

I have never had a dead pixel so when I read:
Small numbers (1-3) of stuck or dead pixels are a characteristic of LCD screens. These are normal and should not be considered a defect.
I get really pissed off!

Tuesday, November 12, 2019

static site generators

Static site generators are pretty cool. Granted they are an oversimplification of the java/json/xml/xslt site manifestation from the olden days (yes there are generators that predate that just see any changelog list circa the first day of the web).

The modern day ssg is in a weird place. Hugo seems to be the generator of choice but there also seems to be some up and coming ssg(s) like ZAS. Where hugo uses a "folder structure" and formatted files zas takes a more freeform approach to content and puts the burden on the config. (my naive interp.)

Hugo, unfortunately works to an extent but then has a couple of failures. The best part about it is that hugo is written in GO and so it will compile and run on a number of different systems. I happen to be using OpenBSD 6.6 for this particular exercise and the prepackaged version is 0.53 and yet I need a more modern version 0.60 in order to test all of the different themes. But that's there the problems occur.

The themes are not interchangeable. I tried about 25 of the 300 themes to get my system in play and so many failed or just did not work right. Also, even thought I had a small site (40 posts and 2 pages) it seemed that the entire public folder needed to be cleared before some pages would render.

OK, back to golang. While that part of it makes sense it also means something else. The themes are constrained by whatever the hugo document processing system does. Extensions are a challenge. And so on. I happen to like tcl, as I have said before, but a ssg based on tcl as the dsl makes perfect sense. The theme could be nothing more than plugins. As that point you can store the fragments in something like SQLite and take some lessons from fossil.

Anyway, moving on.

Saturday, November 9, 2019

how fast is too fast

I like my google pixel and my slate. These machines have a ton of RAM and plenty of CPU. But as I started looking into nightmare system scenarios hacking became one of the elements to review. I think my laptops are over powered even for the work I do.

How do you use your laptop?  I edit files, ssh into remote systems, search, read, write documents and emails. Since I write a lot of reports that are quite large I spend a lot of time in spreadsheets. (I see that as an opportunity to make the experience better). But all in all that i7 processor is overkill. If a hacker takes over I'll never know it because the system has headroom to spare.

If I had a smaller machine I might otherwise detect the abuse.

Friday, November 8, 2019

rust is the anti tcl

I was feeling pretty good about wanting to try rust-lang. Then I checked the size...

That compiler is 232MB in size. Sure you get a lot for the size but really? Umpteen years ago we talked about "it's going to be a hardware problem"... and it is. Sure there always some edge cases that benefit from fancy languages but at the end of the day this is all just crap. We just need to get work done.

Thursday, November 7, 2019

Part 2 - the ideal system

As I'm racing through the discovery on this subject I'm close to the end. The ideal platform is one that is air-gapped and has everything you need to start all over. For example if you trusted Ubuntu and their curated repo then making your own copy onto read-only media and then placing that media in an air-gapped network or storage would be useful. The problem with any of the Linux distros is that they are so dependent on modern hardware, many millions of LOC, thousands of programmers, and so on. Also, linux became so big that the network only distribution model was adopted very early. Earlier than modern hacking. And with so much code a different model for detecting back actors is needed and by the time that's in place it may just be too late.

OpenBSD checks a number of boxes;

  • I have CDROMs that date way back
  • It has tools that cover all the basics so that starting from the beginning might not be necessary
  • supports a number of CPUs
  • generally speaking it's reliable, sensible, and inline with *nix thinking

The thing is... if I had to everything is right there in the box, so to speak.
  • packet filter for building your own firewall
  • haproxy as a reverse proxy
  • nginx, lighttpd, apache web server
  • maria, mysql, postgres, sqlight database servers
  • asterisk phone server
  • certbot, letsencrypt, openssl crypto
  • firefox, mozilla, 
  • freeradius authentication
  • chroot, jail
  • scripting languages like bash, perl, python, tcl, lua
  • OpenSMTPd, postfix, mutt, post - email servers and client
  • code editors like vim, joe, jed
  • git and fossil version control
  • and with all of the source packaged here you can make world.
What I'm saying here is that everything you need is here. If you put the whole thing on a USB and moved to the north pole you could still get great work done without the distractions from the modern world that just adds complexity and risk.

are you a smart programmer?

No. Really! Are you a really smart programmer in maybe the top 1% of your field? Considering the number of programmers world wide that's still a pretty big and small number. I do not want to seem rude but if you're reading this post then you're probably not one of the smartest out there.

There was a time when I thought I was in that number. I interviewed at Microsoft in the 1980s and years later found my interview questions in the source code. When I interviewed at Intel I had written about 30K LOC a month for a year and when I gave that as an answer they did not believe me. And when I interviewed with Amazon they had already moved to Silicon Valley type questions.  By this time in my career I had some pretty strong accomplishments:

  • hardware for testing and certifying single board computers
  • converted OS/2 from Intel to PowerPC including 2M LOC of C and ASM.
  • copy protection removal
  • DOS extensions and TSRs
  • early adopter of java, ruby, python, erlang, golang, REST
  • secure firewalls and other system programming
The list goes on.
I learn languages like other people breath. -- I said this in an interview once
 Since then I've written code in a number of different languages and platforms. But every time I swing around and start talking about disasters, reliability, 3rd party dependencies, hackers and intellectual property I always get back to the same place. In the beginning I always designed a DSL that I would labor over until it could do some work and then once it was working I would throw all my problems at it. In the end the net result was always something that was faster and more reliable than anything out there. I could extent the solution and still be more productive.

All of the languages I worked on have been fun. I've learned a lot. I've made some huge mistakes. But I've come to the realization that I'm not that smart.... Actually I'm just essential, pragmatic and lazy.... and productive.

Part 1 - the new system

One thing I like about OpenBSD is that it supports a range of CPUs. That includes some legacy hardware which is sort of the point. While I have not yet determined the DR hardware availability for the moment I'm looking at AMD64 and ARM64.

For the moment I have downloaded OpenBSD 6.4, 6.5, ad 6.6. And I have versions for USB hardware and ISO. This means I can boot on baremetal and vmWare.

Keep in mind that it's not certain whether USB, vmWare, CDROM will survive or not. I think there is a side of me that wants to protect a PI4, odroid etc just so that I have something.

As a backup I have a number of legacy CROMs from when OpenBSD was published as in something tangible. One thing that remains is capturing the ports/packages for the tools.

Q: what is the difference between "packages" and "packages-stable"?
Q: which is the better OpenBSD desktop?

business continuity

Plan B ... in recent weeks "we" have seen a number of scary news reports and blog posts. Granted this stuff can be fake or just plain grandstanding by the tech influencers ... But what is your/my "plan B" for the great meltdown?  I have been formulating a few ideas as a nextgen DR, however, this is a problem of plan B scale whether it's just one company or planet wide.
Is this a conversation you wanna have?

On thing we keep hearing about is the various compromises that companies like Target and others experience nearly every day. And whether it's one person, a group or multiple groups it's irrelevant. They are playing the long game, they have the skills, and closing those holes is expensive, and once hacking those holes is more expensive than the gain what and why the next target. Right now the targets are companies; what happens when it's countries; or planets?

One problem with the Russian hackers is that at some point those hackers will enter into the public sector and they will start talking and sharing... and at some point one of them will go too far. Now what? We've seen this system all too often.

Now what? How do we rewind and rebuild?

Wednesday, November 6, 2019

Open Source Security

You don't need to say anything just think on it for a while. Then after the panic sets in think about it some more. It's time to be VERY afraid!

insect repellent

I have a great number of opinions on a bunch of different things. Just see my point on the essential kit. But bugs are in a different category. I do not get eaten as much as I did when I was a kid. That's not clear because of where I lived and where I live now. Also cities take this sort of thing more seriously and we have so many more chemicals. It's even possible that the bugs smell me and think I'm generally toxic masking some other human illness. Who knows?

But I think that I prefer non toxic stuff. Generally I use natural Repel. It seems to work the best. But I also use permethrin on my clothes when I know I'm going to be challenged. And I'll also use picardin. I have a couple of all-natural (think remedy) versions that use tar as a base but they are not used like traditional insecticides but meant to be dabbed on a bandanna. Which means that you've gotta protect the skin in other ways. So it's a number of overlapping concerns. I prefer something I can carry lightly and generally not worry about.

The essential kit

jupiterhikes goes ultralight but I think he hates the term. He seems to be as prepared as anyone needs to be. And then there is the one that carries everything including the kitchen sink. Of course it all comes down to having exactly what you need, no more and no less. But that can be a challenge.

Sadly I found these three gallon ziplock bags with what what I considered essential gear. It's not like these bags served any particular purpose and they were not universal it was a bag of stuff that I needed at one time or another. I think it's important that the items are easy to acquire because you probably cannot get on a plane or Greyhound with them and so any Walmart should be ok and you should be able to discard them safely.


What do I really need.

  • shoe repair or a second pair of shoes. I was 5 miles into Big Cypress and lost the sole of my boots. We could not repair them with string, aluminum wire or duct tape.
  • foot repair. I recall the littlest blister almost taking me out in NYC.
  • light. During a full moon and clear sky you can see a lot more than you expect but on those dark nights you better have a light and a backup with spare batteries.
  • fire. I do not know how I feel about fire. Even on the rainiest night you can wrap yourself in something waterproof in your kit. If hard pressed and with a little skill and time you can make a friction fire but the reality is a lighter and/or fero rod makes more sense. I'd say lighter because it's less heavy than a fero rod, cheaper, and more available. Of course you can always accidentally drain the fuel and there are temp limitations where the fero rod has it's limits too. A combo kit with tinder works... but if this is an essential kit it's not the kind of thing you'd bring to a league game. 
  • toilet paper, wipes, glide, and sanitizer. This falls into the category of just feeling better. One time I put on a new shirt and even though it was just a few hours my nipples were chaffed. Another time when I was heavier my thighs rubbed and chaffed. And then there was my pooper. I prefer the fresh clean feeling.
  • med combo like tylenol and advil are great. tums and immodium are important.
  • Just one tube of lipbalm or neosporin is enough.
  • if you are some place where water is not available or you are willing to carry enough then leave the filter at home. Else go mechanical and or a metal cup.
  • checklist. It's a great idea to have a checklist so that replenishing is easy.
What I did not need...

  • matches - I have enough fire sources
  • waterproof TP box - ziplock is good enough
  • tinder for more than 2 fires. You can always make more or use the TP and where the hell are you going anyway?
  • batteries - well I just said that I needed two flashlights and if you had fresh batteries when you started then extra is just not necessary. I do like those CR2036 LED rope lights for camp. The batteries typically last 72 hours. More importantly it sets the mood and acts as a beacon. But it's not essential.
  • I have plenty of duplicate items so keep it simple
  • I'm not sure how I feel about those mini-tubes from gossamer gear. Small tubes are about the same price as the fullsize but if you're ounce counting or wanting to keep things fresh it might not matter.
  • water purification - a mechanical filter is best with a prefilter but in a pinch just drink it and get to safety.

In the middle of the road is a different class of problem...
  • I do not know if I need a "knife". For many years I went without but then recently I added one with a fero rod in the holder for fun. It was razor sharp and when confronted with a snake that would not be relocated I had to err on the side of safety of the children. I also used that knife to start the bonfire. It was fun but a lighter would have done the trick. I do have a knife in my medkit.
Keep it simple.

project management 101

The Agile Manifesto and that other kind of agile never took perfection into account.

for a job you only have a certain amount of time so you can only do 'X' amount of perfect  -- Adam Savage
 I think this is why I design my systems the way I do. It's also because I have a background in tech consulting services and in the best case the customers have no idea what they want and so that failure to be perfect starts at the beginning not the end.

Friday, November 1, 2019

Software versions I track

There are a number of projects I track for version control....

  • docker-machine (here)
  • RancherOS (here) - I also monitor the engine, console and os but rely on RancherOS
  • Fossil-scm (here) - I'm still tracking but I have yet to move this forward
  • gitlab-ce - I have to check the internal links from time to time and update about once a week
  • golang (here) - I used to care but now that I have a CI/CD pipeline I don't care as much. Also the authors keep the releases clean enough but that could change any day. (see generics)
  • PhotonOS (here) - It's in it's 3rd rev but there is more to come. vmWare is said to be changing the host OS to be PhotonOS. One thing I like is the boot time and the security. I partly means I need to know a little more but I'm watching to make sure it stays clean.
  • vSphere ESXi - currently 6.7 but the patching system can get wonky. It's worse when the update does not fit in /tmp.
  • alpinelinux (here and here
  • traefik (here) - they are moving to version 2.x but it seems vastly different from my 1.x so I'm still watching.
  • haproxy (here) - not ready for 2.x.
  • wordpress - installed in a container so I just let it rip.
  • tcl and cousins - I really like picol and it seems to be a reasonable platform.
  • Various API - A number of cloud services but these move slowly.
And those that I do not care about:
  • ChromeOS - I just leave that to Google.
  • OSX, iOS - just do not care any more
  • Android - I used to want Android-9 but now I just do not care.
  • Skype - don't care
  • gmail - 
  • CoreOS - now acquired by Red Hat and IBM it has a good number of features but the mission is no longer congruent. Also the auto upgrades are great except they are always at a bad time even though scheduling is up to me.
  • k8s, k3s, rancher, rio, rke - kubernetes is not a thing yet. I think there are other choices that make more sense. Think right sizing.
  • SQL Server - as a service so I just do not care.
  • SQLite and Postgres - I used to care and in some modes I probably should. SQLite does a good job managing the file format and postgres would need some investigation.
  • Lua - maybe but the syntax and the golang version is overly complex. But there is a chance in the future as there are some script monkeys that like it.

facebook has gotta go

I was watching some right/left wingnuts talking about facebook, political ads and AOC. My takeaway is that facebook has got to go. The problem is that people seem to think that the "stumble upon" economy is still out there to be had. I suppose I might feel the same way because I still play the lottery but there is no misunderstanding that the odds are low that I'll win.

The thing about facebook is that it's no different than AOL or Google. It's a profit machine. They do not want to take responsibility. Clearly once they start taking responsibility there is no end but they gotta start. The problem is that there is a difference between stumble-upon user generated content and advertising. But while the message is the ownership of the advertiser they have a co-responsibility to "truth in advertising".

This is a very slippery slope. If facebook ever became decentralized such that it was decentralized it's no telling what we would be in for.

dead pixels

I have never had a dead pixel so when I read: Small numbers (1-3) of stuck or dead pixels are a characteristic of LCD screens. These are n...