If it's broke, don't fix it
tweedledum is my first ?machine? with ZFS. It installed a default set of file systems: [root@tweedledum /home/grog/ryoms/Logs]# <b>df -c</b> Filesystem 1K-blocks Used Avail Capacity Mounted on zroot/ROOT/default 61665232 1852404 59812828 3% / zroot/tmp 59812932 104 59812828 0% /tmp zroot/home 59812964 136 59812828 0% /home zroot/var/audit 59812924 96 59812828 0% /var/audit zroot 59812924 96 59812828 0% /zroot zroot/var/log 59813004 176 59812828 0% /var/log zroot/var/crash 59812924 96 59812828 0% /var/crash zroot/usr/ports 60633592 820764 59812828 1% /usr/ports ...
Virtual machines for ryoms
More playing around with virtual machines for ?Roll Your Own Mail Server? today. Strange things happened when I ran VirtualBox on eureka but displayed on hydra. What about displaying on eureka? Yes, almost. Still this issue with the kernel modules. There are three of them, but vboxnetadp was missing. In the past I've had issues with the sequence of loading, but today I found the solution: load only vboxnetadp, and it will load the other two, and, it seems, also ng_ether. And, to my surprise, things mainly worked, modulo a couple of surprises. The network wasn't set up correctly, presumably because of the issues getting it to work when I installed it, so I had to set up /etc/resolv.conf and the host IP address and default router in /etc/rc.conf.
More VirtualBox setup
Yesterday I established that I couldn't run my old VirtualBox VMs on hydra, at least not without changes that I didn't want to make. What about tweedledum? No, it didn't want to know about that either. OK, run on eureka. Install a standard FreeBSD 14.0-RELEASE system, even with ZFS, and as close to default as made sense. The only changes were to enable NTP. Everything went well, but of course the network interface didn't work: the default network is NAT, and what I want is a bridged network. I've seen this before, but I now wonder why these defaults just don't work.
Reprocessing old photos
Ten years ago today I drove along the Great Ocean Road with Jörg Micheel and his son Richard. Lots of photos, of course, which I processed with the means at my disposal in those days. Can I improve on things? The biggest difference is the ?optimizer?. In those days I used the Ashampoo optimizer, which frequently improved things, but left something to be desired. In November 2021 I switched to ?Perfectly Clear?, which, though discontinued, seems to be better. OK, I already have a script for reprocessing old photos, and it works most of the time (very old directories have different structures).
Microsoft does it again
It's middle of the month, past the time where Microsoft crashes and restarts distress and somehow manages to stop my rwhod from running. They're getting more cunning all the time. In the past I have had to reinstall the program, but recently I haven't even been able to do that: the file was marked immutable or whatever Microsoft calls it, and I couldn't delete the old one. I had to start as ?Administrator? and manually remove it before I could reinstall it. But even that doesn't work any more. First, I can no longer start a shell COMMAND.EXE as Administrator. Have they changed something, or have I forgotten something?
Putting ryoms to the test
I'm about half way through my review of ?Roll your own mail server?, and I'm running into trouble. So far I've been reviewing with my own knowledge of the material, but how he's moving into areas that I don't know. That's good, of course: that's why I'm interested in the book. But how can I review this content? I had thought of moving through more quickly, but I really need to try this stuff out for myself. OK, what do I need? As the author recommends, two systems that initially talk only to each other. Fine, revive tweedledum.lemis.com and tweedledee.lemis.com. Set up virtual machines.
Bye, Allyson
She?s gone. She lived well. We?ll miss her. We?ve known Ms McGrane since 2005, when she was a co-conspirator on the wonderful little local Northern Voice blogging conference. We worked on other stuff together and hung out now and then and carpooled to the Prairies once and I can?t remember ever getting the slightest bit upset with her. Ally (rhymes with ?valley?) was a fine dog-parent and a strong grant-writer and a first-rate teacher and a connoisseur of fine cooking equipment and Canadian football. If you?ve been to much in the way of Vancouver theatre and dance events over the years, there?s a good chance that she produced the event or secured its funding or educated the people who did those things.
Surgery: the other shoe
I'm still not done with my webwork (virtual paperwork) for my cataract operation next week. When I thought it was done, I got a mail asking me to perform the next step. OK, dammit, get it over and done with. ?Please enter a credit card number for the gap payment?. That's unusual, but OK. And it went relatively quickly. And they deducted the money immediately! Your payment was successful, a payment confirmation will be sent via email. Please complete your credit card details. If you selected 'Allow Automatic Charging of Incidentals? your Credit Card details will be stored securely and only accessed if you have further incidentals payments after your hospital stay.
Configuring daily cron jobs
FreeBSD runs a number of cron jobs every night to check for things that could be problematic. The jobs themselves are in the /etc/periodic/ hierarchy. One of them (/etc/periodic/security/110.neggrpperm) produces this output: Checking negative group permissions: find: /VB3/oldbackups/eureka-FreeBSD/Downloads: No such file or directory 141107070 -rw----rwx 1 grog lemis 313303 Oct 11 09:03:38 2017 /home/grog-eureka/DxO/Modules/C14933a_000.caf 141107071 -rw----rwx 1 grog lemis 4713293 Aug 23 14:48:40 2017 /home/grog-eureka/DxO/Modules/C15101a_000.caf 141107087 -rw----rwx 1 grog lemis 4745060 Aug 23 14:48:48 2017 /home/grog-eureka/DxO/Modules/C19627a_000.caf ... What's that? The issue, if there is one, is that the ?other?
Fire recovery by Facebook
Yvonne told me today that the CFA was holding a ?fire recovery day? today, 4 hours at the Dereel Hall. I can do without that, but why wasn't I informed? Ah, only on Facebook, assuming you're subscribed to the right group.
CAPTCHAs: Not the site's fault?
I've had a remarkable number of particularly irritating CAPTCHAs lately, and I've expressed my displeasure in no uncertain terms. But am I maybe pointing the blame in the wrong direction? In every case, it happened with a modern browser running on hydra, usually firefox. I'm not sure if it happened with chromium as well. But with firefox on Microsoft, things worked with minimal annoyance. Can it be that there's something about the behaviour under FreeBSD that rings alarm bells somewhere in the innards of something?
Registering for operation: the pain
Yesterday I vented my spleen (which on the face of it was not involved) about the appalling requirements to register for next week's cataract operation. But there was nothing for it: it had to be done. Are they less obnoxious towards Microsoft users? Tried it on distress. Yes, they still have a CAPTCHA, but it's just a matter of ticking the ?I am not a robot? box?twice on different occasions. On the first occasion it sent me a 6 digit PIN, not to prove that I had entered the mobile phone number correctly, but to ?authenticate? me! And to give me time to think, it waited up to 20 seconds before responding to every input.
autocutsel
Callum Gibson came up with a new (to me, anyway) program today: autocutsel. I haven't investigated in detail, but it claims to keep the cut buffer and clipboard in sync. It's not quite clear whether this is a good idea, but until I understand the alternatives, it could be a good approach.
More bloody CAPTCHAs!
I've been bombarded with a lot of things to do for next week's cataract operation, and even more SMSs reminding me to fill things out. Some of them make no sense at all: Please take a RAT test on the previous day, take a photo of the negative result along with your driver license, and then a screen shot to confirm the time. What's wrong with this? It implies that you would rather lie about the results, potentially endangering yourself, than postpone the surgery.
More ryoms
Once again spent a lot of time reviewing ?Run Your Own Mail Server? (which I keep feeling should be called ?Roll Your Own Mail Server?). I'm making good progress, less so with my accompanying cookbook.
District heating: Using data centers to heat communities
An inside look at the Tallaght District Heating Scheme, where Heat Works is using recycled heat from an AWS data center to warm a community in Dublin, Ireland.
More email review
Spent a lot more time today reviewing ?Roll your own mail server?. It's getting a lot more nitty-gritty now, but I still don't have a good feel about exactly what I should do. It's too early to criticize; for that I need to find my way through the book. Maybe I should write a cookbook.
C++ safety, in context
Scope. To talk about C++?s current safety problems and solutions well, I need to include the context of the broad landscape of security and safety threats facing all software. I chair the ISO C++ standards committee and I work for Microsoft, but these are my personal opinions and I hope they will invite more dialog … Continue reading C++ safety, in context →
Learning about email
More reading of ?Roll your own mail server?, the book I have to review. Normally a review takes me a couple of hours, but in this case I'm particularly interested, so I'm going through it with a fine-tooth comb, and it looks like taking days. I've been running my own mail server for well over 30 years, but I'm amazed how much I have learnt.
Relax!
Somehow I didn't do very much today. The continuing hot weather didn't help, but it seems that I was just catching up with my mail; the Unix Heritage Society seems to be particularly active lately. And I've been given for review the draft of a book on running email servers, something very close to my heart. And then Hugin came up with some problems that took me a while to fix. But is that enough to keep me going all day? It seems so. Somehow I'm slowing down.
Play My Music
When I?m away from home, I still want to listen to the music we have at home (well, I can live without the LPs). We had well over a thousand CDs so that?s a lot of music, 12,286 tracks ripped into Apple Lossless. Except for a few MP3s from, well, never mind. This instalment of the De-Google Project is about ways to do that with less Big-Tech involvement. The former Google Play Music, now YouTube Music, allowed you to load your tunes into the cloud and play them back wherever your phone or computer happened to be.
Weather forecasts
Very hot day today, with a top of 40°, only 0.2° less than the maximum all summer: How did the various weather apps predict the temperatures?
The De-Google Project
My family, like most, depends on a lot of online services. And again like most, a lot of those services come from Big Tech giants in general and (in our case) Google in particular. And like many people, we are becoming less comfortable with that. So I?m going to try to be systematic about addressing the problem. This post summarizes our dependencies and then I?ll post blog pieces about updates as I work my way through the list. (The first is already posted, see below.) I?m calling this the ?De-Google? project because they?re our chief supplier of this stuff and it?s more euphonious than ?De-BigTechInGeneral?.
CJ exploited?
Mail from Eddie Purcell, who suggested that Facebook would never ask for the kind of information that CJ Ellis had to provide on Tuesday. Is he right? Certainly it looked strange, but as I have been commenting lately, lots of things look strange. But then today Yvonne got a message from CJ via Facebook, asking her to confirm who he was; she should have received a code on her phone. He needed her confirmation to be able to set up his mobile phone. What, CJ and mobile phone? Called him, no reply. Sent him email, which Gmail refused until I bounced it, and he called back in the evening.
What is ?feels like? temperature?
The other half of the fire danger is the weather, of course. I've already established that the Australian Bureau of Meteorology has two competing weather forecasts, which can differ by a degree or two. So when Ainslie mentioned her favourite mobile phone app, AccuWeather, I tried it out. It didn't start well. I needed the ?AccuWeather Australia? app, which made sense. And it came up telling me that the outside temperature was 70°. No way! This silly thing doesn't understand modern units! Well, it does if you insist, but why should you need to? It should display in the units of the country for which it was prepared.
Is it a total fire ban today?
Seventeen years ago, even before we moved to Dereel, I checked the Victorian emergency services and discovered, as I put it at the time, that they ?... think of the web sites more as a geek sport than a way to disseminate information?. You had to search to find that kind of information. It's looking like being a really hot weekend, again potential fire danger. Times have changed, and now I get informed when there's a total fire ban?by the Ballarat Courier, who make the content available without a subscription. Today I received such a notification at 15:00. The emergency services web sites have learnt something in the last 17 years, right?
IP address location: still broken
A few years ago I noted how inaccurate IP location services are. Now I have officially moved my address block to Australia. Have they improved? Tried again today and got: Site Groggy iplocation.io Schellnhausen db-ip Frankfurt, Braubachstrasse criminalip NSW, Garnpung lake ...
Google: so nice, so nice, we do it twics
Yvonne and Ainslie over to Chris Bahlo's place today, despite relatively tight timing. I kept an eye on their location, and indeed they made it back in time, apparently one by one: Now how did that happen?
Google: so nice, so nice, we do it twics
Yvonne and Ainslie over to Chris Bahlo's place today, despite relatively tight timing. I kept an eye on their location, and indeed they made it back in time, apparently one by one: Now how did that happen?
Working round Gmail breakage
Once again I sent a Schrödinger's cat email today. The recipient was rejected, the Cc: address worked. From MAILER-DAEMON Fri Mar 8 09:44:52 2024 <jeffrab@gmail.com>: host gmail-smtp-in.l.google.com[142.251.2.26] said: 550-5.7.26 This mail has been blocked because the sender is unauthenticated. 550-5.7.26 Gmail requires all senders to authenticate with either SPF or DKIM. 550-5.7.26 550-5.7.26 Authentication results: 550-5.7.26 DKIM = did not pass 550-5.7.26 SPF [hydra.lemis.com] with ip: [45.32.70.18] = did not pass 550-5.7.26 550-5.7.26 For instructions on setting up authentication, go to 550 5.7.26 https://support.google.com/mail/answer/81126#authentication s31-20020a63451f000000b005dc493c9496si14163290pga.507 - gsmtp (in reply to end of DATA command) OK, we know that.
Aussie: support me!
In the afternoon, my IRC proxy failed again. It's on lax, so off to check. Can't reach system! Has it gone down again? It didn't come back. Can I access it via ffm.lemis.com (in Frankfurt/Main, obviously)? Yes! So it's a routing problem. A quick traceroute showed: === grog@hydra (/dev/pts/45) ~/FreeBSD 57 -> traceroute lax ... 5 be400.lsr1.nextdc-s2.syd.aussiebb.net (180.150.0.172) 174.822 ms 174.776 ms * 6 be30.bdr1.coresite-la1.lax.aussiebb.net (202.142.143.199) 182.125 ms 179.557 ms 180.318 ms 7 * * * Close, but no cigar? It's reasonable to assume that lax.aussibb.net, like lax.lemis.com, is located in Los Angeles.
Crash!
One of the first things I do in the morning is check the load on www.lemis.com, canonically named lax.lemis.com. But the top program had stopped. And so had all the other windows to lax. Oh: === grog@lax (/dev/pts/4) ~ 1 -> uptime 11:16PM up 3:38, 8 users, load averages: 2.78, 3.14, 2.91 The system rebooted! And yes, /var/log/messages confirmed: Mar 6 19:35:23 lax qpopper[19872]: Stats: ... Mar 6 19:38:41 lax syslogd: kernel boot file is /boot/kernel/kernel Mar 6 19:38:41 lax kernel: ---<<BOOT>>--- What caused that?
Security above all
CJ's and my pain yesterday had a justification, at least from Facebook's point of view. Somebody had compromised CJ's account, and they wanted to confirm that it was really he. So they sent a 6 digit code to his email system, which ultimately I read and typed into the Facebook screen. Then they wanted a photo of his driver licence, which I scanned in for him. CJ wasn't involved at all in verifying his identity! And of course, they would by far have preferred to send him a code to his mobile phone, if he had one. When will people realize that this is a completely useless way to confirm identity?
Keeping up to date
Various sites are telling me that my Chrome is out of date. And that only 5 months after installing the then latest and greatest! OK, pkg upgrade. ?I will remove all the unrelated packages that are dear to your heart, this time with the exception of Emacs?. No thanks. Build from scratch, trying not to get too annoyed at the continual resizing of the screen. Fail: ===> node-20.10.0_1 has known vulnerabilities: node-20.10.0_1 is vulnerable: WWW: https://vuxml.FreeBSD.org/freebsd/77a6f1c9-d7d2-11ee-bb12-001b217b3468.html 1 problem(s) in 1 installed package(s) found. => Please update your ports tree and try again.
10 more years of Internet
Ten years ago I was doing a Coursera course on the history of the Internet, and one of the assignments was: ?Write an essay that imagines how the Internet will be different 20 years from now?. And that in 1000 words. I did make the 1000 word maximum, but I also wrote a slightly longer version that said what I wanted to say. So: now we have the halfway point. I've been keeping my eye on proof or disproof of my claims, and I'll continue to do so. Here the biggest takeaways so far: Most purchases will occur on-line, and the few remaining shops will mainly exist to order and supply goods available on the Internet.
Updating NBN
It seems that the NBN truck that I saw last week was ahead of its time. Today I received mail with more verbiage. But it seems that it only applies to fibre: upgrade data rates from 100 Mb/s to 500 Mb/s, or up to 1 Gb/s for faster connections. And somehow this will end up costing more money, not because the links are any more expensive, but because people will use more data: ?The average household now consumes 443 gigabytes per month across 22 internet-connected devices," she said. "
Gmail annoyances
Part of the ordeal with CJ's computer was complicated by another issue with Gmail: <cjellis@gmail.com>: host gmail-smtp-in.l.google.com[142.251.2.26] said: 550-5.7.26 This mail has been blocked because the sender is unauthenticated. 550-5.7.26 Gmail requires all senders to authenticate with either SPF or DKIM. 550-5.7.26 550-5.7.26 Authentication results: 550-5.7.26 DKIM = did not pass 550-5.7.26 SPF [hydra.lemis.com] with ip: [45.32.70.18] = did not pass 550-5.7.26 550-5.7.26 For instructions on setting up authentication, go to 550 5.7.26 https://support.google.com/mail/answer/81126#authentication x2-20020a1709027c0200b001dca8522501si8881415pll.276 - gsmtp (in reply to end of DATA command) I've seen this before.
CJ's pain again
CJ Ellis round this morning with his computer and most of the stuff I asked to bring with him. He has been locked out of Facebook! Oh horror! Hard to say what caused that, and I don't really want to know, but they sent him instructions on how to reset it, requiring email with a code being sent to his mail server (Gmail). But the code was only valid for 30 seconds, and he didn't know how to open two tabs on his web browser. By the time he had written down the code and re-entered firefox, the code had expired.
Catch me at San Francisco Public Library on Mar 13, discussing my new novel ?The Bezzle? with Robin Sloan!
At long last, the San Francisco stop of the book tour for my new novel The Bezzle has been finalized: I’ll be at the San Francisco Public Library Main Branch on Wednesday, March 13th, in conversation with Robin Sloan! The event starts at 6PM with Cooper Quintin from the Electronic Frontier Foundation, talking about the... more
Evil passwords again
The FreeBSD is using Matrix for internal communications. And that requires a Kerberos password. How do you do that? Ah, yes, from this diary. OK, generate a password. This silly ?evil random passwords? again! =================================================================== Generating strong, evil random passwords... =================================================================== Your new, ready to forget, password: ung... Your new, ready to forget, mail password: ahXoog... But it worked. Only mail doesn't work any more. It always creates a new password. More pain. Maybe that's why they're evil.
UnWise
Yvonne wants to transfer money to Austria again. OK, that's a case for this stupidly renamed Wise funds transfer service. They used to be called Transferwise, but clearly that name was too descriptive. OK, the transfer is for round ? 1000. I don't have that much in my account, so I needed to transfer it from a real bank account. But first I had to solve these really horrible CAPTCHAs. And though normal bank transfers in Australia are performed in real time, Wise told me that it would take a day. Wise told me that it would take two days. Clearly they couldn't decide.
CAPTCHAs on the rise!
I had hoped that CAPTCHAs were finally going away, but today I was confronted with two particularly virulent ones, from Vultr and Wise, the vaguely named money transfer service. Not only multiple CAPTCHAs, but ones that change when you click things, and some which are so vague that I can't recognize them, apart from the use of US American terminology like ?crosswalk?. Will they never go away? Can't somebody use Artificial Intelligence to make a CAPTCHA-solving browser plugin? Please?
Web server calmer
Watched the web server load all day today. And yes, the load average stayed relatively constant in the 8 to 20 range. Fixed? Hardly. I do like to appear on Google search results, especially for things for which there are few hits, for example (surprisingly) Swine Bismarck, which we ate last night.
Chasing down the Hugin stitch problem
House photo day again today, and once again I had fun with Hugin, particularly with this panorama, stitched with hydra (Hugin version 2023.0.0.d88dc56ded0e) and with eureka (Hugin version 2018.0.0.5abfb4de7961): What's causing that? There's nothing obvious, and they're both stitched from exactly the same project file using exactly the same command: hugin_executor --stitching e-from-house.pto What does hugin_executor do behind the scenes?
Out, foul bot!
My web server continues to suffer from extreme overload: 2:09AM up 338 days, 17:57, 8 users, load averages: 177.41, 158.34, 121.08 And since it's the beginning of the month, I got my web server bill, round double what it has been in the past. And the server continues to hang. Clearly I need to do something. Most of the traffic seems to come from web crawlers. OK, how about excluding them for a while? Put this in robots.txt: User-agent: * Disallow: / That effectively tells new crawlers to stay away.
Real uptime
Seen recently: Current time: 2024-02-29 16:11:21 UTC System booted: 2013-10-22 02:22:24 UTC (540w2d 13:48 ago) Protocols started: 2020-10-26 16:08:37 UTC (174w3d 00:02 ago) Last configured: 2024-01-07 01:40:54 UTC (7w4d 14:30 ago) by root 4:11PM up 3782 days, 13:49, 2 users, load averages: 0.00, 0.01, 0.00 That's a router somewhere in the FreeBSD complex. Yes, not a real computer, but still worthwhile. I'm told, though, that while the software is running fine, the hardware is worn out, so it's not likely to stay there much longer.
Phone smart, again
One of the things that really annoys me about my Android mobile phone is that it's so difficult to keep apps running. In particular, basic functionality like an FTP server keeps stopping, though I have set it in some obscure place (not the app configuration) to stay running at all times. It was all the more surprising that I recently found that it had been running for 4 or 5 days. But then it stopped, and now it keeps stopping every few hours. That can't be intended. How I hate these things!
More VicEmergency insights
Following up on the bushfire today didn't bring much in the way of new insights. Yvonne drove down Kleins Road further than I had been able to do yesterday, but around the corner the road was closed, and there still wasn't very much to see on the 47 Kleins Road property. We'll have to wait a few days more. But Petra Gietz has found another trick with the VicEmergency app. I had discoved the map settings (or was that ?Filter??) page and noted that I could only select one setting. But she had another: one that showed the wind direction. Currently: That's useful, but there seem to be a number of issues with the function.
NBN upgrades?
The first thing that struck me when I arrived at the Dereel Hall was this truck: Is that the National Broadband Network that we know and love? Yes. What was it doing there? Providing network connectivity. But we have NBN coverage already. Yes? What kind? Fixed Wireless. Ah, but mumble. Maybe there isn't any fixed wireless here. I expressed my doubt, and just by chance there's a FW antenna at the extreme left of the photo above: The person I spoke to didn't seem very well informed.