random strings

everything is complex

2026-04-18T07:43:48-04:00

Excessive chaos produces a desire for order. The desire for order is both good and evil: cooperation is good, dictatorship is evil. Everything not trivial is complex.

Excessive order produces a desire for chaos. The desire for chaos is both good and evil: self-determinism is good, denying responsibility is evil. Nothing is purely one or the other.

Improving things is not futile, but it can be difficult and requires maintenance and debugging. It is impossible to predict every consequence, but quite possible to predict the likely consequences of most actions. Nothing exists in a vacuum.

Ignoring one or more of the above precepts is a common failure for philosophers, economists, engineers and politicians.

-30-

failure is an option

2026-04-14T16:20:36-04:00

Whenever a system attempts to predict what a user of the system will want or do next or means, the failure case generates the most noticeable immediate problems. The author(s) will notice them and attempt to fix those problems.

The success case may or may not generate a long-term problem.

Systems in which this applies: autocorrect. Grammar checkers. LLMs. CPU branch predictors. There are others.

-30-

ancient wisdom literature

2026-03-27T10:06:56-04:00

An extract from George O. Smith’s short story QRM INTERPLANETARY (1942), the first of his works about a space station set up to relay radio messages between Earth, Mars and Venus:

On Monday, Francis Burbank sent around a communique removing the option of free messages for the personnel. On Tuesday, he remanded the years-long custom of permitting the supply ships to carry, free, packages from friends at home. On Wednesday, Burbank decided that there should be a curfew on the one and only beer emporium. “Curfew” was a revision made after he found that complete curtailing of all alcoholic beverages might easily lead to a more moral problem; there being little enough to do with one’s spare time. On Thursday, he set up a stiff-necked staff of censors for the moving picture house. On Friday, he put a tax on cigarettes and candy. On Saturday, he installed time clocks in all the laboratories and professional offices, where previous to his coming, men had come for work a half-hour late and worked an hour overtime at night.

and about a month later it escalates to this conversation:

“Tell me first, from what source does Venus Equilateral get its fresh air?”

“From the air plant. And that is—”

“There must be more than one,” said Burbank thoughtfully.

“There’s only one.”

“There must be more than one. We couldn’t live if there weren’t,” said the Director.

“Wishing won’t make it so. There is only one.”

“I tell you, there must be another. Why, I went into the one up at the axis day before yesterday and found mat instead of a bunch of machinery, running smoothly, purifying air, and sending it out to the various parts of the station, all there was was a veritable jungle of weeds. Those weeds, Mr. Charming, looked as though they must have been put hi there years ago. Now, where did the air-purifying machinery go?”

Channing listened to the latter half of Burbank’s speech with his chin at half-mast. He looked as though a feather would knock him clear across the office.

“I had some workmen clear the weeds out. I intend to replace the air machinery as soon as I can get some new material sent from Terra.”

–

In 1942, George Smith was writing about MBAs trying to run technical operations. Pity nobody listened to him.

I understand every LLM has an MBA these days.

the shirley argument

2026-03-14T17:25:22-04:00

People are very fond of the Shirley argument. The Shirley argument goes like this:

“Surely the people who implement this law will do common-sense things to avoid ridiculous results!”

The Shirley argument is always wrong, usually because of non-systematic yet surprisingly pervasive discrimination… and sometimes because of systematic and intentional discrimination. And occasionally because people aren’t perfect. But it’s always wrong.

Laws can be incredibly pedantic: if you’re not sure, go read some. A law which seems to inadvertently leave loopholes is not a well-written law; anything which you can immediately spot is deliberate.

And don’t call me Shirley.

-30-

riddle me this

2026-02-13T13:48:20-05:00

Given that:

No copyright can be claimed on work created by an LLM
Many open source projects require contributors to sign a release of some form - a certificate of origin or license agreement - that states that the contribution is copyrighted to the contributor and can be transferred to the project
Many – all? – commercial software projects claim that their work is copyrighted.

Therefore:

No LLM-produced code or documentation can be used by such an open source project or such a commercial software project without invalidating their copyright.

Notes:

https://www.copyright.gov/ai/ai_policy_guidance.pdf
https://cla.developers.google.com/about/google-individual
https://developercertificate.org/

evolution of convenience

2026-01-17T07:37:09-05:00

I have a morning routine which would have seemed awfully complicated to the teenaged me, and is probably ridiculously streamlined to the me reading this entry in 2036. One step of it involves recording a number in a spreadsheet.

It started as not-exactly-a-spreadsheet: just a list of numbers which I edited in a text file. Almost immediately I revised it to include dates. After a few months, I realized that I wanted to be able to graph the data, so it became that most rudimentary of spreadsheets, a CSV - comma separated variables.

Some time thereafter I wrote a shell alias to bring up the editor with this particular file, and the next day I changed the alias to send my cursor directly to the last line, which saved me two keystrokes each morning.

There the matter stood for a few years, until this morning. I looked at the file I had just added one line to in the same format as always. I can automate away most of that, said my internal voice.

So I wrote a new shell function which takes the one piece of data from the outside world as an argument and inserts it in the proper format, with the correct date format, as the last line of the spreadsheet. And after verifying that it works, I went back and made the function output the last three lines of the spreadsheet including the new entry, so I could see any fat-fingered mistake immediately.

oracle and postgres

2025-10-17T11:41:30-04:00

It has been over 1111 days since we switched from Oracle’s database to Postgresql at work. I have been happy about the switch for every single one of those days. No regrets at all.

Changing your core database is a huge proposition, especially when the one you have is not broken. It’s also a huge amount of work. [Workplace] has been built on Oracle for more than twenty years. Why did we do it?

The original value of Oracle was two-fold. First, Oracle built a database product that worked pretty well. At the time we started, it was a pretty clear choice simply on the basis of functionality. Second, and of nearly equal importance: we had already chosen to bet the company on Linux. These days, Linux is ubiquitous. Android phones run it. Supercomputers run it. Every Internet service you can think of runs on Linux, except Microsoft’s Azure cloud – and that is overwhelmingly used to run Linux in virtual machines. But in 2000, Linux was nine years old, not thirty-one. It was not at all the obvious choice to run a serious financial service. Banks had not heard of it. But banks all knew what Oracle was.

In 2000, Oracle was the database that banks used if they didn’t use mainframes. (Here in 2025, Oracle is still the database that banks use if they don’t use mainframes. Oracle just wants banks to move from mainframes to Oracle databases in Oracle’s cloud.)

So when we explained our service to the technology evaluators at a prospective bank, their eyes passed blankly over “Linux” and seized on “Oracle” as a touchstone of comfort. Technology evaluators want to hear about secure and reliable infrastructure. It would not be a terrible overstatement to say that using Oracle – just the name – prevented us from being rejected outright.

Now Linux is bigger than Oracle. Oracle has its own distribution of Linux. It would be a little strange to run Oracle on anything else. We no longer need the Oracle name to establish our credentials of reliability.

Postgresql – or Postgres, or PG – is actually older than Linux, and almost as old as Oracle. The general class of relational database management systems started in the late 1970s. Oracle’s first released version (2.3, because who wants to buy version 1 of anything?) came out in 1979. The INGRES project at Berkeley released a stable version in 1974. Postgres was started in 1985 as the Post-INGRES project. Around 1996, the project became open source, focused on SQL, and changed its name to Postgresql. By 2016, PG was clearly a serious technical competitor for any database in the world.

That’s when I started arguing for a conversion.

Although: I might have started looking for an alternative the second or third time I had to negotiate for an Oracle license.

As a complete nonsequitur, the last time I looked, Oracle forbade anyone using their database from publishing performance comparisons with it. That’s certainly the attitude of a company you trust, right? So I won’t publish any benchmarks. You can be certain, however, that we had minimal performance issues with the changeover. Everything we were concerned about turned out to be solvable by adjusting the way we did queries from something weirdly Oracle-specific – often that we didn’t even know was Oracle-specific – to something PG-specific.

a comparison of terminal emulators

2025-09-26T16:31:14-04:00

(This entry is now on its third revision. Not much has changed.)

This is going to be a big one. Here follows a [hopefully factual] comparison and [hopefully useful] subjective review of N terminal emulators. The following three constraints will be in effect:

They have to run on one of the systems that I have easy access to. That means Debian Stable (Trixie, currently) or MacOS Sequoia (15.something). It also means that while I will note the availability of Wayland, fbdev, or stranger runtime platforms, I will only be doing evaluations on X11 and MacOS. I don’t see the point of running fbterm since all the situation in which I would do so, I already have the Linux console at hand. Nor am I going to review terminals that operate inside editors, IDEs, or whatever – you aren’t going to change IDEs because it has a great terminal, or if you are, the other features of the IDE need to be acceptable to you.
I have to know about them. Obviously.
I have to reasonably easily find a project page for each item.

Here’s the initial list:

Runs on MacOS:

Mac terminal
iterm
alacritty
wezterm
kitty

Runs on X11:

alacritty
blackbox
cool-retro-term
deepin-terminal
kitty
ghostty
gnome-terminal
guake
konsole
lomiri-terminal-app
lxterminal
mate-terminal
pterm
ptyxis
qmlkonsole
qterminal
rxvt (urxvt/rxvt-unicode)
sakura
stterm
sugar-terminal-activity
terminal.app (OpenStep)
terminator
terminology
termit
tilda
tilix
wezterm
xfce4-terminal
xterm (the original!)
yakuake
zutty

What do I want to note about each of them?

Who is writing this, and if they win a lottery and retire, is there an organization to keep it going? Alternatively, is this going to sprout ads and spyware next year?
What is the project’s point of view? Are they making a tool that makes them happy, a work of technical art, or trying to be all things to everyone?
Licensing?
What’s the configuration method? In particular, how hard is it to make it pop up with a particular color choice and font choice?
Can it play nsnake? This is a functionality test. It’s not exhaustive. And it turns out to be semi-useless in distinguishing terminals: only cool-retro-term had terrible problems, and qterminal had a very strange drawing bug.
If I ask it to show me 256 colors, is it hard? This turns out to be a no-brainer these days… except on cool-retro-term and terminal.app. Those just don’t support modern color. Some of the term-ems let you pick exactly which RGB colors will be assigned to the 16 standard slots, some of them require you to organize them into themes or palettes, and at least one doesn’t care about your opinion.

And then some subjective stuff.

On configuration methods:

All of these are configured with some combination of:

command line options
GUI menus, usually Edit -> Preferences or File -> Settings
config files, written in YAML or TOML or key=value or JSON or Lua or something really wacky.
the X resource database, Xrdb
and one of them has no configuration and requires you to re-compile it each time you want to change an option.

On performance:

My contention is that there are only two relevant performance factors in these term-ems, and one is much more interesting than the other. First, of less concern, is startup time. Unless this is egregiously bad, you don’t care. Second, of more concern, is the latency from touching a key on your keyboard to displaying it on screen. Assuming a 60Hz display, any value consistently under 16ms (one frame) is fine. There’s a nice write up at https://beuke.org/terminal-latency/ comparing many of these term-ems. The projects with low latency are, in order:

xterm
alacritty
kitty
zutty
sl

and, just above the 16ms cutoff:

rxvt (urxvt)
konsole

People have suggested that scrolling ability is somehow a differentiating factor. Here’s a few terminals running time find /usr, all on the same system, without needing to do any disk work because I pre-ran the command and the metadata is all loaded up in memory:

xterm: real 0m2.210s user 0m0.526s sys 0m1.645s

alacritty: real 0m2.240s user 0m0.581s sys 0m1.647s

konsole: real 0m2.767s user 0m0.507s sys 0m1.676s

zutty: real 0m2.283s user 0m0.552s sys 0m1.708s

wezterm: real 0m2.770s user 0m0.517s sys 0m1.746s

I don’t think any of these are meaningfully different to a human. Yes, they were all rendering the same OpenType font at the same size.

On subjectivity:

Everyone is entitled to their own opinion, not to their own facts. If I have misstated anything factual herein, please let me know via email - dsr-blog at this domain - and I will confirm it and get it corrected.

Let’s start the reviews.

alacritty: a modern terminal emulator that comes with sensible defaults, but allows for extensive configuration.

Dev team: one main dev and several people who seem to be familiar with the code base and are making contributions.

Maturity: Alacritty is technically in beta; it has been around since 2017. Github issues are discussed actively.

License: Apache and MIT, I think.

Config method: TOML; earlier versions used YAML and there is a conversion command built-in.

Config colors: 18 named colors (foreground, background, and 16 slots)

Config fonts: separate choices for each of regular, bold, italic, and bold-italic.

Obviously alacritty is the best of all possible terminal emulators, partially because it is written in Rust. It uses a fair amount of memory, though still about 30% less than wezterm. Alacritty works just the same way on MacOS, with a few extra config commands available to integrate with weird Macish things. There is a Windows version, too.

blackbox: An elegant and customizable terminal for GNOME

Dev team: one main dev, several people have contributed patches.

Maturity: Gitlab.gnome.org has at least been touched recently.

License: GPL3

Config method: GUI

Config colors: you will have to write a theme

Config fonts: one place to set one font

I don’t think anyone will argue that blackbox is the best of all possible terminal emulators, even if it does have the distinction of being written in Vala, a language I had not previously encountered. It feels mostly-working, but rough in a few places. If this sounds vaguely attractive, consider GNOME Terminal instead.

cool-retro-term: mimics the look and feel of the old cathode tube screens. It has been designed to be eye-candy, customizable, and reasonably lightweight.

Dev team: one dev

Maturity: no updates since 2022. Some folks are helping each other out with config and compile issues. License: GPL2 or 3

Config method: GUI

Config colors: foreground and background.

Config fonts: some terminal styles have a limited choice of fonts

There is a particular sense in which cool-retro-term is obviously the best of all possible terminal emulators, but you have to be committed. Specifically, C-R-T emulates the look of classic (1980-1995) CRT-based computers. All the visual distortion, low resolution, bizarre flickering… This is a special effect, not a daily driver for sane people.

deepin-terminal: an advanced terminal emulator with workspaces, multiple windows, remote management, quake mode

Dev team: Deepin Technology

Maturity: incomplete, buggy, and probably abandoned.

License: GPL 3

Config method: GUI

Config colors: No.

Config fonts: No, but you can change the size.

Don’t use this.

ghostty: fast, feature-rich and native

Dev team: one main dev who has recently opened the code, but a lot of contributors.

Maturity: Extremely active. However, the idea appears to be that there will be a control for every possible pixel/action combination, and they are busy assigning defaults. Things like “can it be installed in Debian Stable” are left to non-core volunteers

License: MIT

Config method: custom key=value file

Config colors: there are a lot of color-related keys scattered around the docs

Config fonts: I assume so, but…

I could not compile Ghostty, which is the best term-em in the world because it is written in Zig.

gnome-terminal: highly customizable GNOME terminal emulator

Dev team: GNOME.org

Maturity: “You are using a version which is too old and we won’t support it. Feel free to re-open the bug once you are up to date.”

License: GPL 3

Config method: GUI

Config colors: 16 boxes plus available themes

Config fonts: one font, one size

Part of the GNOME juggernaut. But it probably works, and if your bug is universal and repeatable, maybe it will get attention! Or not. The underlying term-em is VTE; you will see a bunch of term-ems which are basically wrappers around VTE. The good thing is that fixing a bug in VTE fixes it in all the others, soon enough. The bad thing is that any feature which requires changes to VTE might not get implemented. You probably have this installed already.

Dev team: 247 contributors, no release in 2 years

Maturity: The official website is borken, and github issues haven’t been responded to by a dev in months.

License: GPL2

Config method: GUI

Config colors: Same as GNOME Terminal

Config fonts: Same as GNOME Terminal

Guake can’t run nsnake because the default size is less than 24 lines high, and I couldn’t figure out how to change that. There is a certain cool factor in the one thing that this term-em is named for, but other term-ems can do it better.

iTerm 2: brings the terminal into the modern age with features you never knew you always wanted.

Dev team: one dev

Maturity: active development, considered production-ready

License: GPL 2

Config method: GUI

Config colors: all of them

Config fonts: two: one for Western European languages, and one for all others

Like WezTerm, iTerm has never seen a feature in another term-em that it didn’t want to incorporate. MacOS-only. Aggressively hegemonizing swarm objects start like this, don’t say I didn’t warn you.

kitty: The fast, feature-rich, GPU-based terminal emulator

Dev team: one main dev with a strong opinion that everyone else is wrong.

Maturity: Extremely active, but that doesn’t mean they will fix the bug that annoys you.

License: GPL 3

Config method: a config file in an idiosyncratic key=variable dialect

Config colors: almost certainly, but not without the man pages

Config fonts: four font descriptors.

kitty demands that you adopt it as a way of life. You will learn kitty’s way of doing things; compatibility is other projects’ problem. They should do it kitty’s way, or maybe the dev will write a replacement for that project, too. It likes to log errors in the form “the application is trying to do something that Xterm does. Our way is better and the application should change.” Read the FAQ at https://sw.kovidgoyal.net/kitty/faq/ to set the mood.

konsole: a powerful and customizable term-em

Dev team: KDE

Maturity: Competent

License: GPL 2

Config method: GUI, a little odd

Config colors: via themes

Config fonts: one font, one size

There might not be anything distinctive here, but there doesn’t seem to be anything wrong, either.

lomiri-terminal-app: a core app for Ubuntu Touch’s Lomiri shell

Dev team: UBports Foundation

Maturity: last release is six years old, but there are recent commits

License: GPL 3

Config method: menu, but weird

Config colors: 16 plus themes

Config fonts: looks weird, but yes. One font, one size.

Apparently designed for a touch screen environment with a tiny physical or on-screen keyboard. Not notably well-designed; Android’s Terminal does better.

lxterminal: a VTE-based tabbed terminal with few dependencies

Dev team: LXDE

Maturity: Another competent VTE term-em

License: GPL 2

Config method: GUI

Config colors: Same as GNOME Terminal

Config fonts: Same as GNOME Terminal

If you are using LXDE because you need to save RAM, may I introduce you to xterm?

mate-terminal: a fork of GNOME Terminal

Dev team: MATE

Maturity: Some commits in the last year; working on Wayland compatibility

License: GPL 3

Config method: Menu

Config colors: Same as GNOME Terminal

Config fonts: Same as GNOME Terminal

It’s a fork of GNOME Terminal, but I don’t know why.

pterm: the X11 fork of putty

Dev team: a small group, same as putty

Maturity: pretty active

License: MIT

Config method: command line or Xrdb

Config colors: much like rxvt

Config fonts: much like xterm

It may be a different back end, but it looks a lot like xterm or rxvt.

ptyxis: a container oriented terminal. I’m not sure they know what that means; I know I don’t know what they mean. “A modern terminal emulator built for the container era. Seamlessly navigate between your host system and local containers like Podman, Toolbox, and Distrobox with intelligent detection and a beautiful, responsive GNOME interface.”

Dev team: A large group? the README has been authored by a lot of people

Maturity: active development

License: GPL 3

Config method: Menu, GNOME-ish, weird.

Config colors: You must choose from unnamed, badly underspecified “palettes”.

Config fonts: One font, one size.

“engineered from the ground up for modern development workflows within the GNOME desktop, where local containers are first-class citizens. It simplifies and enhances your interaction with tools like Podman, Toolbox, and Distrobox, making them a natural extension of your terminal experience. Ptyxis is the default terminal in Fedora Workstation, Red Hat Enterprise Linux, and Ubuntu.” Smells like corporate bullshit to me.

qmlkonsole: offering additional buttons useful on touch devices

Dev team: KDE

Maturity: Released once a month since 2021, but is anyone using it?

License: GPL2

Config method: I can’t figure it out.

Config colors: Could be?

Config fonts: Mayhaps?

Not a good partner for Konsole.

qterminal

Dev team: LXDE

Maturity: Minor changes released recently, but the general attitude seems to be “patches welcome”

License: GPL 2

Config method: GUI

Config colors: Has themes

Config fonts: One font, one size.

First time I’ve seen a bug in nsnake. Not a good sign.

rxvt (urxvt/rxvt-unicode): a fork of a slimmed-down alternative to xterm with features added back in.

Dev team: At least one person at schmorp.de

Maturity: There are probably bugs, but by now other programs have worked around them.

License: GPL 2

Config method: command line or Xrdb

Config colors: sure

Config fonts: yup

xterm had too many features, so rxvt was born. People wanted more features and especially Unicode (and transparent/translucent backgrounds before compositors were a thing) so urxvt. xterm has Unicode these days, guys.

I have used xterm and rxvt more than any other term-ems.

sakura: simple GTK/VTE term-em

Dev team: a dozen contributors, but mostly one dev

Maturity: not really active. Clearly still has some bugs.

License: GPL 2

Config method: menu

Config colors: yes

Config fonts: yes

There are a bunch of simple gtk/vte terminal emulators, and this is one of them.

st: a simple terminal emulator

Dev team: a bunch of revisionist nazis

Maturity: Nope.

License: MIT

Config method: recompile it

Config colors: recompile it

Config fonts: recompile it

Nazi punks fuck off.

sugar-terminal-activity: a full screen text mode program that provides a CLI

Dev team: SugarLabs (defunct?)

Maturity: Something got fixed a few months ago.

License: GPL 2 or 3

Config method: first you have to figure out how to run it

Config colors:

Config fonts:

This is apparently a fork of Guake. If you aren’t using a Sugar Desktop, I don’t think this will work for you. It did not work for me.

terminal.app (GNUStep): A terminal

Dev team: abandoned? but installable in Debian stable

Maturity: retired

License: MIT

Config method: special GNUStep menus

Config colors: no

Config fonts: main and bold.

When people talk about how cool OpenStep was, I assume this is not what they had in mind. Debian has no bugs listed for this… ever. Perhaps it is perfected.

terminal.app (MacOS): A terminal

Dev team: Apple Computer

Maturity: adult

License: proprietary, included with MacOS

Config method: menus

Config colors: no

Config fonts: one font, one size

Technically this is the successor to the NeXTstep Terminal.app that the GNUstep one wants to copy. It’s much more usable, but it seems to get new features based on some problem that an Apple employee was having ten years ago, more than anything else.

terminator: The Robot Future of Terminals. Originally inspired by projects like quadkonsole and gnome-multi-term and more recently by projects like Iterm2, and Tilix, It lets you combine and recombine terminals to suit the style you like.

Dev team: one dev who is not backed up by GNOME.org

Maturity: has bugs; bugs are reported; people respond

License: GPL 2

Config method: GUI

Config colors: via themes and palettes

Config fonts: one font, one size.

They found a cool name so they had to come up with a project, I guess. Does this offer anything that other GTK/VTE term-ems don’t? Plugins. Did you want plugins? The dev wrote in and says the unique feature is terminal broadcasting, in which a sending terminal can have input sent to multiple receiver terminals, which treat it as input themselves. (Why do this? Think about handling several nearly identical machines at once.) This is actually a cool feature for small-shop sysadmins; I used to do it similarly with a wrapper called cssh (cluster ssh).

terminology: it has a whole bunch of bells and whistles

Dev team: Enlightenment Foundation

Maturity: Feels like an advanced beta

License: Maybe BSD. Hard to tell.

Config method: GUI, in ways you’ve never seen before

Config colors: many

Config fonts: at least one

When you have a few spare hours, you should visit the land of Enlightenment. It’s dedicated to the proposition that everything should move, glide, twinkle, effervesce, and generally be much cooler than you deserve. I don’t think you want to live there, though. I don’t. Has moments of extreme cleverness: the first time you run it, it will immediately ask you to adjust a slider until the text is a size that you like!

termit: a simple GTL/VTE term-em, extensible via Lua

Dev team: 12 contributors

Maturity: Had a release recently

License: GPL 3

Config method: GUI

Config colors: … no?

Config fonts: yes.

Yet another GTK/VTE.

tilda: it’s like guake?

Dev team: 59 contribs

Maturity: but no release in the year since 2.0. Nobody is reading the bug reports.

License: GPL 2

Config method: GUI

Config colors: 16 colors and themes

Config fonts: one font, one size

It’s another GTK/VTE, but only as a pull-down from the top of your screen.

tilix: an advanced GTK3 tiling terminal emulator that follows the Gnome Human Interface Guidelines

Dev team: One dev, unsupported by GNOME

Maturity: Not a whole lot of work visibly happening right now.

License: MPL 2

Config method: GUI - GTK3

Config colors: themes

Config fonts: one font, one size

There are people who love tiling, and want to see it in their term-em. There are others who love tabs, or want their window manager to tile, or hate all multitasking. It would be a boring software world if everyone liked the same things.

wezterm: A GPU-accelerated cross-platform terminal emulator and multiplexer written by @wez and implemented in Rust

Dev team: Wez

Maturity: Active development but generally usable

License: MIT

Config method: Lua

Config colors: ships with over 700 themes

Config fonts: can be done with a minimum of one line of config… possibly no maximum

Obviously wezterm is the best of all possible terminal emulators, because it is written in Rust. If you can imagine a feature short of embedding emacs and a web browser, wezterm probably has it or will next version. The price for this is rather a lot of memory use. On MacOS, wezterm uses about twice as much memory as alacritty. On X11, about 30% more.

xfce4-terminal: a lightweight and easy to use terminal emulator application with many advanced features

Dev team: XFCE

Maturity: devs pay attention, users make suggestions

License: GPL 2

Config method: GUI

Config colors: 16 colors

Config fonts: one font, one size

I may be biased because I like XFCE4, but I have never used this terminal and of the VTE wrappers, it seems the least offensive.

xterm: a terminal emulator for the X Window System

Dev team: one dev

Maturity: The Standard

License: MIT

Config method: command line and Xrdb

Config colors: I don’t think so.

Config fonts: Yes, either on command line (fn for bitmap fonts, fa for adjustable TrueType/OpenType fonts). It will figure out italics and bolds by itself, assuming versions are available.

Obviously xterm is the best of all possible terminal emulators. It is the oldest. If it has an error that has not been fixed, it is the standard to which others aspire. It barely uses memory. It handles 256 color-mode just fine, by default. Why do you want 24-bit color anyway? Doesn’t matter: xterm handles 24-bit color now. It handles fixed fonts, it handles TrueType/OpenType fonts, and it supports Unicode, including weird little cartoons of pizza. It doesn’t mess with OpenGL, so maybe it isn’t quite as fast at something… but it has top scores for key-to-screen latency.

yakuake: a drop-down terminal for KDE

Dev team: KDE

Maturity: nah

License: GPL 2

Config method: didn’t bother, but I assume it’s GUI

Config colors: nope

Config fonts: uh-uh

Segfaulted on start.

zutty:

Dev team: one dev

Maturity: one dev is responsive

License: GPL 3

Config method: command line or Xrdb

Config colors: it knows about 256 colors which are the same as xterm’s. The first 16 can be overwritten

Config fonts: regular/bold/italic/bold-italic

Obviously zutty is the best of all possible terminal emulators, partially because it is written in C++. It uses a little less memory than alacritty, is fast like all the GL term-ems, and has just one small flaw, which might not be a flaw: if somebody sends you mail with one of those bizarre Unicode glyphs like [:pizza:] or [:ice cream indistinguishable from dog feces:], it just shows a nice square. Most other Unicode things are expected to work, though.

Let’s make some recommendations.

If you’re on both MacOS and an X11 box regularly and you would like complete consistency, your choice is between alacritty (if you want it to be relatively simple) and wezterm (if you don’t). And, three people who are not the author of kitty have written in to tell me that kitty runs on both, so it’s quite likely that at least three people use kitty besides the author.

What’s best on MacOS? alacritty and iTerm2 and wezterm and Terminal are all fine. I assume you are at least vaguely dissatisfied or else you wouldn’t be reading this. Start with alacritty if you were feeling short on speed. wezterm and iTerm2 are both competing for title of Most Shiny Bells and Shrill Whistles, so those might be attractive to you. If you want kitty, I assume you have a good reason.

What’s best on X11 boxes? Here are the good choices, as I see them:

xterm - don’t laugh. If your work happens through screen or tmux, you don’t need the term-em to provide tabs. It renders Unicode via OpenType fonts, in all the colors you can stand, sips memory through a straw, and is still obnoxiously fast at just about everything. Oh, and everything is compatible with xterm.

zutty - a modern take on xterm. You need a few more features and you have an OpenGLes-capable video card? Here you are.

alacritty - a big step up in features without giving up much speed. I suppose you want ligatures, too? OK.

xfce4-terminal - if you just want a term-em you can configure through a menu. You probably don’t want this one, actually – but it should be the one you recommend to people who are just starting out.

wezterm - because you want the Shiny and you are willing to search the docs until you find the prize. Eats the most memory. You can afford it.

-30-

Relaxation script

2025-09-24T21:20:41-04:00

No, this isn’t an usurper hijacking the blog.

It just occurred to me that this was a good place to put it.

Technique:

Slowly inhale to the count of 4
Pause
Slowly exhale to the count of 8, allowing the breath to drift down into the chest, stomach, and through the body.

And now it’s time to relax. Just make yourself comfortable and allow your eyelids to gently meet. With your mouth softly closed, take in a deep breath and SLOWLY — allow that breath to drift d-o-w-n through your entire body — bringing you comfort and peace. Before we start, perhaps you’d like to take a moment to adjust your position and make yourself totally comfortable. You can do that now.

Let’s continue — Just let your breath flow down through your chest — your stomach — your abdomen — your legs — and your ankles — and all the way down to the soles of your feet. As you begin to feel the soft tingling sensation of relaxation on the soles of your feet, you release in both mind and body, and you give yourself permission to go deeper and deeper.

Each time that you practice this technique, you’ll find that you immediately go more rapidly and more soundly into that wonderful place where you will be aware only of how deeply relaxed and comfortable you are. Each time, you will be able to achieve this wonderful, euphoric state in a shorter amount of time. Each time you will be able to go deeper and deeper into ultimate relaxation. Soon you’ll come to thoroughly enjoy being in this state and you’ll find that you can bring yourself into it at a moment’s notice.

As you continue to drift deeper, return your awareness to your eyes and feel how comfortable it is to just rest and allow your eyelids to remain gently closed. With your awareness on your eyes, you discover that all the little muscles in and around your eyes are becoming more and more relaxed. And your eyelids seem to close more thoroughly. As your eyelids close even more, any little worry lines around your eyes begin to fade and disappear — And this same quality of relaxation drifts down and around your cheeks — and your mouth — while all the rest of your facial muscles release and become loose and limp — And you go deeper — As you feel yourself drifting into total comfort, allow all tension in your jaw to just melt down and away. Softly rest the tip of your tongue behind your front upper teeth — and your lower jaw recedes and becomes comfortably relaxed.

A wonderful sense of well-being settles into every muscle, every nerve, and every cell within your face — Your mind releases and your body releases, and you go twice as deeply into relaxation. The relaxation now drifts in and around your shoulders, as you give yourself permission to allow your shoulders to droop into the frame of your body. As your shoulders go limp and loose, the relaxation flows down through you upper arms — your elbows — your lower arms — your wrist — and your hands all become loose and limp. Your entire upper body becomes perfectly relaxed. And you continue to go deeper.

Now take in a deep breath and release all tension from your chest — and from your heart — and from your stomach. And your breathing becomes soft and rhythmic — you are beginning to reach a perfect resting level. Feel your body respond to this slow, comfortable breathing, as your body learns to release tension from each set of muscles from the very top of your head and throughout the entire upper portion of your body. And your breathing and your heartbeat slows to a perfect resting rate. Your circulation flows smoothly and freely throughout your body, miraculously bringing just the right amount of oxygen to every muscle, every nerve, every cell, and every vital organ within your body.

Thoughts of how your relaxation is benefiting you are reassuring, as you give yourself permission to double your relaxation once more and go even deeper. Your lower body now begins to become totally loose and limp — as though you were a marionette with all the strings released. Totally loose — totally limp. And you go deeper still. Now, your abdomen and your lower pelvic area are totally relaxed.

To assist you as you move even deeper into this perfectly relaxed state, picture, in your mind’s eye, or your imagination, a magnificent rainbow arched across the sky above you, each color vibrating in harmony with the energy of the earth and the energy within your body. Allow your body, as though it were a magnet, to absorb all of the wonderful soothing and relaxing energy of the rainbow. Let the soft energizing colors, one by one, flow through and around your entire body — bringing you a sense of well-being and calm, drawing away all doubts, all fears, and all tension — leaving you calm and at peace. And you go deeper — and deeper, envisioning each color of the rainbow relaxation.

Now you are ready to explore the healing, soothing colors of the rainbow. Place your full awareness on your mind — and imagine yourself on a beautiful mist of deep blue indigo and purple, a deep combination that puts your mind at ease — Because the mind vibrates to the color of purple — a sense of confidence accompanies the thoughts that begin to fill your mind, and the mist of deep indigo teaches you to trust your baby and your body to know exactly how to birth — and you release all doubts concerning your birthing. As you breathe in the soft purple relaxation, your mind is filled with assurance, confidence, and calm. All of nature is in tune with indigo, and you are in tune with nature, now more than ever.

Go deeper now into ultimate relaxation, as you turn your mind and body over to thoughts of gentle birthing — trusting that your mind and body will each play out the perfect design of nature.

Picture yourself now within a mist of soothing blue and feel your throat and neck relax. The throat and neck vibrate to the color of blue, so breathe in the blue mist of relaxation and feel all the tension in the area of the neck and throat melt away. The energy of blue helps you to find your voice and to learn to speak up and ask questions if ever it is important for you to do so. Your voice and your throat muscles align in perfect harmony with blue and with nature, and a wonderful calm and confidence accompanies your thoughts.

Now in your mind’s eye, envision yourself surrounded by a mist of green — the soft green color of spring. As you breathe in the soft green mist, the entire area of your chest, and particularly, your heart, relaxes more deeply than you’ve ever relaxed before. Feeling energized by the green mist, you open your heart and your life to feelings of love. Because your heart and your chest vibrate to the energy of the color green, you feel an even greater sense of well-being, as your life combines with love . Green is the color of the earth. Filled with the energy of a calm and loving heart, you free your body to blend in perfect harmony with the energy of green and find yourself in harmony with your instincts—so calm, so loving, so peaceful. And you resolve to go even deeper.

Your thoughts turn now to the color yellow. Yellow is the color that vibrates in harmony with the region of your solar plexus and your stomach, As you become aware of yellow, you also become aware of the need to put only nutritional foods and substances into your stomach, knowing that your body receives, absorbs, and grows in a healthy manner because of the effects of healthy foods that you put into your stomach. The energy surrounding your stomach and solar plexus teaches you that when you become aware of the importance of choosing only safe, nutritious foods, you help your body avoid many issues that stand in the way of your health. These thoughts are calming as you relax even deeper into the mist of yellow relaxation.

Now turn your thoughts to the mist of orange energy that surrounds your abdomen. The color orange vibrates in harmony with your abdomen, the area that houses your reproductive organs. The energy of orange drifts in and around your belly and, like a sponge, it absorbs calm and peace, gently soothing you, and creating a veil of tranquility that softly protects and nurtures you. Every muscle, every nerve and every cell relaxes as the orange mist flows and drifts through your entire abdomen and pelvis. Draw the orange mist into your body and know that this energy is helping to prepare for a healthy life.

Imagine yourself now on a soft, strawberry-colored mist — that gently envelops your entire lower torso — taking away all tension, bathing you in gentle relaxation. Let the soft strawberry mist of perfect relaxation drift throughout all your lower back and spine — Red is the color of love and of life. Its energy is that of truth. As the soft strawberry mist drifts in and around your body it helps you to gain a stronger sense of the important truths that you are learning. Breathe in the soft strawberry red mist and go deeper and deeper, secure in your self- knowledge. You are in tune with nature. All of nature is in tune with the soft red of love and life. Breathe in the red mist that gently wraps your body in a soft blanket of natural relaxation, and enjoy the deeper relaxation and comfort that you drift into as your breathing continues.

And now, working from a perfect level of relaxation, see yourself surrounded by a marvelous mist of all of the colors of the rainbow — combining all the colors of the energies of life — surrounding you with peace. Become aware of the feeling of confidence that you are developing day by day as you embrace self-knowledge as your mind, your body and your spirit all work in complete natural harmony. Let the reflected glow of the colors of the rainbow permeate every part of your essence, while you continue to grow in confidence and the belief that this will, indeed, be a comfortable, easy sleep.

It’s time now to end this session.

You can now slip into a natural, full night’s sleep.

To become fully alert and continue the activities of the day or evening, simply begin to become aware of your surroundings and feel the energy slowly coming back to your body—hands and fingers beginning to move, legs and feet becoming energized. When you are ready, opening your eyes—feeling healthier than ever before, and you are mentally alert, physically energized and spiritually refreshed.

I make ice cream

2025-09-22T17:47:54-04:00

I am good at making ice cream.

I am also rather experimental, so not everything is a big hit.

These flavors work very well:

multiple vanillas
Irish whisky
dark chocolate
chocolate orange
chocolate whisky
Mexican chocolate
multispicecream (allspice, nutmeg, cinnamon, cayenne)
peanut butter
peanut butter caramel
peanut butter with cayenne
peach
peach with cayenne
plum sorbet
coconut
cherry

Nutmeg is apparently popular in Granada, but it didn’t work for me or anyone I tried it on. Could have been me.

Ripe strawberries have better things to be doing.

-30-

audio in the house reviewed

2025-07-15T11:17:29-04:00

This is how I’m dealing with music playback in the house as of July 2025. My goals are reasonably high-quality music at a long-term reasonable price, while avoiding paid streaming services.

First up, storage. Music (and local video) is stored on the media center box, a Ryzen 3600 (6c/12t) PC with 48GB RAM and 2x3TB disks in RAID1 and 2x8TB disks in ZFS RAID1. All the machines I’m going to mention are running Debian Stable. Music is largely ripped from CDs at 320Kb/s MP3 or FLAC; some is purchased digitally if available in those formats.

The media center exports a music filesystem via read-only NFS, and runs Owntone, a web-interface music player/server which can play to Chromecast Audio, Apple Airplay, and anything which can play an MP3 stream – Firefox and Chrome certainly can. Owntone transcodes to 320Kb/s MP3 as necessary.

Hooked to this via HDMI is an Integra 3.4 home theater receiver, which feeds main speakers, center, surround, and front Atmos speakers. It has measured room equalization. Main speakers are PSB Century 800i (2.5 way towers, 1” dome over 2x 8” woofers, front ported, ports stuffed) sitting on Monoprice 12” powered woofers getting the same signal. After equalization, this can go down to 20Hz at 90dB (1m). There is also a PSB Alpha Subsonic 5 subwoofer for movie LFE. All of these things were bought new but with fairly large sale discounts. The surround speakers are PSB Alpha A/Vs, which are quite nice bookshelf speakers in their own right.

In the living room is a Wiim Mini feeding Kali LP8v2 powered monitors. The Wiim Mini is under $100 new and now has decent built-in room calibration. It serves as an output for the Owntone system.

In the bedroom is a Wiim Mini feeding JBL LSR305x powered monitors. Room calibration is a big win. Also used primarily through Owntone.

In the office, my desktop is connected to a Topping MX3s ($199) via USB. The MX3s is a tiny box – about one quarter of a standard box of tissues – with a USB DAC, a headphone amplifier, and a 50W (4 Ohm) stereo amplifier. Yes, for real speakers. This is basically the same power output as the NAD 712, which is merely six times the weight and half the power efficiency. The headphone jack is 1/8” and does not automatically disconnect speakers, but the front button allows selection of headphones, speakers, or both. The desktop runs equalization software (PulseEffects on top of PipeWire) that corrects each output, though it does have to be selected whenever I change outputs. The Paradigm Monitor 3 Mark III (not the MiniMonitors) were purchased used from a guy driving a white van, for $200 the pair – an excellent value.

The usual headphones are Superlux 688b, Truthear Zeros, TRN V90s, or Sennheiser HD280Pros.

Finally, the dining room has a computer hooked up to a TV and Cambridge SoundWorks PCWorks 2.1 system. PCWorks is (was) an amazing product: Two 2” full-range speakers in little plastic cubes and a 4” mid-woofer in a bizarre plastic bandpass box along with a 9W amplifier. It is absolutely an upgrade over any TV’s built-in sound, nicely adequate for background music, and ridiculously high value-to-price at $50 or so.

Currently unused but known to be functional:

a Yamaha RX-V675 7.1 channel receiver in excellent condition
a SMSL Sanskrit 10th MkII DAC
an Apple USB-C DAC
a Yamaha RXV990 receiver (pre-HDMI era) with useful 2.1 capabilities and mediocre 5.1
a NAD T750 receiver (pre-HDMI) with similar capabilities
a NAD 712 stereo receiver
2 Paradigm Esprit v2 narrow towers
2 Paradigm MiniMonitor Mark 3
2 PSB Century 400i bookshelf speakers

I expect some version of these to be gifted to the kids when they move out permanently.

Debian upgrade policies

2025-05-30T08:22:47-04:00

Since you’re interested in not breaking things, you should be running Debian Stable.

Debian makes several kinds of package changes available:

security fixes
general bug fixes (including security fixes)
upgrades to a new major Stable (e.g. 12.x => 13.0)
backports from testing of selected packages 
"volatile" updates to a few packages that some people want much faster, even if they break things

You control these by the wording of your /etc/apt/sources.list (or files in /etc/apt/sources.list.d/)

If you list repos with the name “stable”, they will be automatically changed over when a major Stable change occurs – 12.x => 13.0. But if you list them with the codename for stable (bookworm, currently) they will not.

If you don’t list a repo you won’t get updates from it.

The vast majority of people I know running Debian stable use the codename so that they can decide when they want to do the major upgrades. Most of them also avoid backports unless they have a specific need.

The package apticron, if installed, will reload the list of available packages from all repos in your sources.list{,.d/} nightly, and let you know via email if anything is ready – but *not install them. That remains manual.

The package unattended-upgrades, by contrast, does the apticron thing and then automatically installs upgrades to packages that you have previously installed, plus any required dependencies, which may include new packages. You probably don’t want that.

There is also a complex system called “pinning” to allow preferences for individual package versions or repos, but most people who think this is a good idea are wrong. If you actually need it, I have a cheatsheet on the blog.

complexity considered harmful

2025-02-14T07:13:43-05:00

Every complex problem is a dependency management problem.

The only robust solutions are the simplest things which can work, created by people who fully understand the problem and have to work with the system regularly.

But the fastest temporary fix for any specific problem is to add a complex layer without fixing the underlying problem.

And every layer reduces your ability to understand the problem.

Every complex solution is a dependency management problem.

-30-

assumptions about certbot

2025-02-10T21:12:41-05:00

I had assumed that when certbot does an http authentication of a domain name as part of getting Let’s Encrypt to issue or renew a cert, it would do so by touching the appropriately named file in http://domain.name.tld/.well-known/acme-challenge, waiting for the challenge to resolve, and then deleting it.

And sure, that’s what it does with --webroot. And I assumed that if you passed it --nginx, certbot would use that to look for the right config to parse to get the right domain to directory mapping, and then reload nginx afterwards.

It does not do that.

Instead, it inserts new config into nginx to just return a 200 success code for the challenge name as though it were a 0-length file on disk. Nothing hits disk in the .well-known directory.

It turns out that this can backfire in a number of very hard to debug ways.

So, if you are having an authentication problem with certbot, try passing --webroot and the appropriate -w directory.

And if you’re writing some bit of utility code, howzabout not being so clever. Do the expected things.

preparedness

2025-02-05T06:44:10-05:00

When 3 of 4 disks in a ZFS pool die at the same time, it is not the disks.

It’s the controller that is feeding them.

(Note for later: move a disk to a different controller. This could have been survived completely if half of each mirror were on different controllers.)

What do you call a household with a backup SAS/SATA controller stashed in the box marked “more disk stuff”?

Mine.

-30-

academic data management disclosures

2025-01-18T11:17:09-05:00

Hey academics!

Your papers, thesis, dissertation, project – whatever – is based on data, right? No data, nothing to talk about.

So every paper should have a data management section. It should be quite straightforward and easy to fill out, assuming that you were doing things well to begin with. (Hint: make it easy to fill out.)

Data was stored prior to processing at this facility with the following access restrictions and encryption.
Data was anonymized / is still live / was cleared by the IRB as not sensitive. Total data is X records.
Data is archived at the university at this URL. Access is open / requires IRB clearance.
Processing was done at these facilities. Intermediate results are archived / were securely deleted. Programs used were X (version), Y (version)… with the following licenses.
No new code or configs were written for this dissertation / source code, executable artifacts and configs are archived at the university at this URL

-30-

recipe for high quality portable audio playback

2025-01-01T15:35:02-05:00

Start with an Android phone with sufficient storage capability and a decent DAC/headphone amplifier. Built-in is great; otherwise, find something that works and doesn’t suck up too much power.

Add IEMs of choice, for less than $50, or cans that are reasonably efficient. It stops being so portable if you have 800g cans and a 500g battery-powered amp to drive them.

Install F-Droid, and use that to install Vanilla Music and RootlessJamesDSP.

Configure Vanilla Music to point to your music data.

Use ADB to enable RootlessJamesDSP (it needs 2-3 android system permissions).

Download convolution equalization for your IEMs or cans. https://autoeq.app is an acceptable and very convenient source. If Oratory1990 covers your equipment ( https://old.reddit.com/r/oratory1990/wiki/index/list_of_presets ) then choose that, first.

Apply in RootlessJamesDSP.

Enjoy.

-30-

yay for helpful error message

2024-12-11T13:12:28-05:00

When the Let’s Encrypt certbot says it failed and it was probably a firewall issue – yes, it’s probably a firewall issue. On your side. On port 80.

-30-

hey IT you need a wiki

2024-11-27T14:43:36-05:00

Specifically, a wiki which uses a non-database backend. I like Dokuwiki for this, but anything which basically saves in text files is fine.

(Why? Because you don’t need to bring up the database and/or fix the web server to grep for the page you need right now.) …

Every document should start with “here’s what you need to know at 0200”, continue with “here are our typical uses” and finish with “this is the history of this tool here”.

Whenever possible, quote exact error messages (so they are greppable!) and write responses to them. If you are recommending a course of action, write it in commands that are easy to cut and paste – one per line.

Then make sure you have an automatically sync’d copy of it at every major location.

Any time someone discovers that it’s out of date, that needs to go in your ticket system and be addressed the day after the incident. It does not need to be the responsibility of the person discovering the discrepancy. Don’t make people do extra work when they find mistakes, they will gloss over them.

This is also where general culture facts go – conventions on IP addresses, names, vendor contacts, how you build racks, checklists for new employees and suspension of ex-employees, etc.

authoritarianism is bad, antiauthoritarianism is good

2024-11-21T07:41:51-05:00

There is a new software technology. It has a bunch of boosters. There are some companies formed around the idea that they will make a lot of money by providing the technology. Then they go out and try to convince other people that they should use the technology – and by extension, pay them for it. If not them, then one of their competitors, but preferably them.

That’s marketing…

Marketing and advertising have a range of options available. The ethically best methods are effectively teasers for education: micro-lessons in what the product or service can do for you. Further lessons in why this is good. And then, product differentiation: why this one is better, faster or cheaper than the others. Technical products often get published reviews and benchmarks, which are a mixture of subjective and objective analysis. Sometimes they even measure things relevant to what you want to know!

The least ethical methods are lies. Things which aren’t true, or are deliberately deceptive, or deceptively irrelevant. Did you know caffeine is an aphrodisiac? It’s true: people are much more likely to want amorous activity when they are awake.

Somewhere in between are the social engineering methods. The big ones are FOMO - fear of missing out, that everyone else is getting benefits that you won’t - and FUD - fear/uncertainty/doubt instilled about the competitive products.

Testimonials can serve as social proof (that’s not the same as rational proof) that a given technology provided benefits to a particular person or organization. Or they can serve as social proof that other people are getting things that you are not.

If you see a new technology marketed mostly via FOMO, the odds are very good that it is fraudulent.

Blockchain (the technology) turned out to be entirely FOMO: nobody has found a legitimate use case for which blockchain is the best answer. Cryptocurrencies turn out to be good for gambling, fraud and similar borderline or outright illegal activities. All other proposed uses suffer from lack of an oracle relating reality to representation or by being more efficiently implemented by a traditional authenticated database.

Object-oriented programming turns out to have significant benefits in coordinating software built by large teams of programmers who don’t or can’t communicate efficiently. Since that describes a lot of large corporate software efforts, OOP has succeeded in the marketplace.

As of late 2024, LLMs and similar machine learning techniques – which have been successfully renamed by marketing as “AI”, despite not being anywhere near our cultural expectations of AI – have found niche success in translation and pattern continuance. Everything else that they are proposed for – and they are proposed for everything – is unsuccessful. The reasons are various: expense, speed, (in)accuracy, and lack of capability all show up regularly. In the normal course of events, we would expect LLMs to remain a niche technique, settling into a place in the programming toolkit not unlike regular expression pattern matching or declarative programming languages.

Unfortunately we are not in normal times, and LLMs are being marketed primarily by FOMO tactics: if you don’t adopt “AI” tech, you cannot be competitive with those who do. Nothing backs this argument up.

It may not be criminal, but it’s certainly not a good move in the majority of circumstances.

llms again, sorry

2024-10-12T07:54:04-04:00

New paper: LLMs don’t do formal reasoning.

Well, of course.

LLMs don’t do informal reasoning, either.

Humans are great at pattern recognition. We even recognize faces in clouds and tree trunks. We recognize wheelbarrows, bears and crabs and archers in the stars. We make things that have meaning, and we communicate through speech and text and art.

LLMs are great pattern-generators. They are extremely well-tuned to make patterns that look like they might have meaning. A human trying to communicate may be bad at it, but they have an underlying model of the world that they are referencing and updating. An LLM is not trying to communicate anything. An LLM has a model of language, not a model of the world.

The map is not the territory. All models are wrong, but some are useful.

The situations in which it is reasonable to use an LLM are exactly the situations in which it is reasonable to roll some dice and use that to read the table of random monster encounters; to pull a card from an Oblique Strategies deck; to twirl the knobs on the synth and see if you can get a cool sound. In years past, you could type in a good list of keywords to Google and hit the I’m Feeling Lucky button.

Attempts to use LLMs for more than this fail. Often they do not fail in such an obvious way that the results are immediately discarded, which is where most of the danger resides.

-30-

fun fact about linux routing

2024-09-25T06:13:17-04:00

The Linux kernel doesn’t consider routing to be a separate process, so it can eat lots of CPU capacity and still be at a load average of 0.

Load averages are calculated as the number of running and uninterruptible processes, sampled every 5 seconds, and then displayed as an exponentially decaying average, optionally per core (or SMT “core”). A process actively computing stuff is counted the same as a process that has an outstanding I/O request, which can be a source of excitement.

The act of routing packets (as opposed to working on a routing protocol exchange) is handled by the kernel, so it does not have a countable process identifier, so it does not count for load averages.

-30-

reminder to self about LE SSL certs

2024-09-24T09:23:25-04:00

Self: you have managed to make some cert renewals dependent on IPv6 connectivity through to the main server. This is not bad, but it is odd.

-30-

your company is probably not Agile and should not be

2024-09-24T09:08:20-04:00

Many organizations claim to be following Agile in some way. The vast majority are wrong, and most of them should not be Agile anyway.

You will recall that the Agile Manifesto, in total, is this set of four guidelines and an interpretation:

Individuals and interactions over processes and tools

Working software over comprehensive documentation

Customer collaboration over contract negotiation

Responding to change over following a plan

That is, while there is value in the items on the right, we value the items on the left more.

That’s a recipe for making certain customers happy with your perpetual engagement. But:

Does your client have regulators, auditors or any other kind of external supervision on their products and services? If so, “Customer collaboration over contract negotiation” is a big problem. You can’t be successful – and therefore they cannot be successful – if the contract doesn’t explicitly spell out the restrictions and requirements.

Agile is a great approach to a marketing website – again, as long as the content passes any necessary compliance reviews – but a terrible way to run an industrial process.

Is your client committed to 24/7 operations, or facing a huge cost for unexpected downtime? “Individuals and interactions over processes and tools” may not be right for you. “Responding to change over following a plan” might not be the right approach, either.

Hrm. I’ve been blogging for ten years now. Maybe I should get some sleep.

security analogy

2024-07-21T07:50:05-04:00

Repeat the following metaphor until you internalize it:

Security is the skin of an organization, IT infrastructure is the bones.

Everything else is the digestive system or the nervous system. Breaking the skin is a bad idea. It needs to be done for certain specific reasons, but all of those holes need good defense systems including real-time sensors and reflexes. Repeatedly stressing parts makes them tired and calloused, not more flexible. Careful and deliberate exercise builds strength and flexibility.

If I had less integrity and more time I could spin this out into a 140 page business advice book.

-30-

specialized toy geometry notes

2024-07-03T19:35:34-04:00

A nominally 8-wide LEGO Speed Champions vehicle is actually 8.5 studs wide, due to the overhang of the wheel arches. Said arches are 4 studs long. The space between them can reasonably range from 6 studs (very short) to 9 studs (very long) and is typically 7 studs long; sometimes 8.

The rear overhang is generally 1 to 2 studs long. The front overhang is 1 to 4 studs long. This gives an overall length for the car ranging from 1+4+6+4+1 = 16 studs to 2+4+9+4+4 = 23 studs long.

The Mercedes AMG G63 is an outlier and should not be counted.

-30-

about Agile

2024-06-14T08:55:07-04:00

Here is the Agile Manifesto:

We are uncovering better ways of developing software by doing it and helping others do it. Through this work we have come to value:

Individuals and interactions over processes and tools

Working software over comprehensive documentation

Customer collaboration over contract negotiation

Responding to change over following a plan

That is, while there is value in the items on the right, we value the items on the left more.

This manifesto is quite reasonable. However, people – well, corporations – keep misapplying it. Let’s talk about that.

Individuals and interactions over processes and tools

You should have a defined process for anything that you intend to repeat. If you can reify those processes in software tools, that means you can automate away the boring bits and ensure consistency. That’s great. Definitely do that.

If, however, you need an exception to be made, the process and any tools implementing it must be bypassable. That’s the nature of exceptions. They happen, they should be documented, and if they happen often, it’s time to look at re-working the process and then the tools.

And if the nature of your work is that a pre-agreed process is really important, for whatever reason – then Agile isn’t what you need.

Working software over comprehensive documentation

Obviously, it’s better to have a product you can hand the client than to have a pretty manual to go along with it. And a lot of products can be used with quite minimal documentation.

And just as obviously, if documentation is a necessary and vital component of your product, Agile is not what you need.

Customer collaboration over contract negotiation

There are actually two parts to this. The first is that your customer needs to have somebody designated who can make decisions and say yes. In the trivial case where the customer is a singular person, hey, no problems here. But if you have a single customer which is a medium or large company – or even a small company with a diversity of needs – it’s actually quite rare to have a single representative of the customer who can say. (And common to have many representatives who can each say no.)

The second part is that contract negotiation needs to be flexible, to protect both sides. The customer doesn’t want to be exposed to the risk of unlimited costs or unlimited delivery time; the developer doesn’t want to be constrained to produce software with poorly defined acceptance criteria or lifetime free scope creep.

Do I need to point out that if your product is strongly regulated by contract – say, something in the medical industry – Agile is not for you?

Responding to change over following a plan

It should now be obvious to you that there are businesses (or organizations) for whom Agile is a great fit, and others where it really isn’t appropriate at all. And it should also be obvious to you that lots of companies are Doing Agile officially, even though not a single one of the manifesto bullets applies to their situations. I am not saying that Agile is superior, or inferior, to any other methodology. I am very much stating that Agile is not appropriate for some projects, and forcing it to fit will make no one happy.

it was magic all along

2024-05-31T15:25:03-04:00

There’s a game which you have probably played in some form, possibly not even knowing that it was a game. It goes like this: an author writes fiction, and the reader comes across an interesting element and asks how it works, in-universe.

And people come up with answers…

Some of which are plausible in this universe but not in the fictional one, some are plausible technologically but the economics can’t be worked out; sometimes it’s a great answer but people are a problem. Often there are multiple good answers which conflict with each other.

They are magic and work the way they do because that’s how the author wants them to work.

This is pretty much the only bad answer in the game.

The point is to figure out the puzzle, sometimes tangentially, for the general pleasure of creativity and discussion. Even multiple conflicting answers can be fun.

If an author is asking for help pre-publication, it’s valid but kind of useless to say “it works the way you want it to work” – yes, of course it does, but how should it be explained? They might or might not show the how, but knowing the how allows them to more room for fun. Usually, the better version of that statement is a question: “What plot or character or style elements do you want it to have?”

When discussing an already completed work – which is usually the case – it’s absolutely useless to say “it works the way the author wants it to work”. That’s not fun. It doesn’t illuminate anything. Nothing new comes from it.

So, the remaining proposal is “It’s magic.” What are the limitations of the magic? What deductions can the reader make based on the existence of magic in this one aspect? Those are the fun questions.

things break when you try to fix them

2024-05-27T15:29:07-04:00

About two weeks ago I decided to use parts from a suddenly unused desktop to upgrade the living room media server. The initial plan was to keep the disks, power supply and case of the media server, and use the motherboard, CPU, RAM and video card from the desktop.

Things did not go to plan, of course…

Rather than a chronological narrative, let’s just enumerate issues:

the media server’s power supply would not handle the new video card.
the desktop’s motherboard would not supply enough SATA ports
the media server’s case power button apparently broke
the desktop’s case did not have sufficient cooling
the desktop’s power supply fried itself a little later

The solution, in the end, involves a new power supply ($45), a PCI-e SATA3 card and cables (in inventory), extra fans (also in inventory), and a little fussing with configuration to get sound working again.

The old media server had 8GB RAM and an Intel Pentium G4560 (3.5GHz, 2c/4t, 3MB cache).

The new media server has 48GB, an AMD 3600 (4.2 GHz, 6c/12t, 3MB L2 + 32MB L3 cache) and an AMD 5700xt video card.

Storage: 1TB SATA SSD, 2x 3TB mdadm RAID1, 2x 8TB ZFS mirror.

Hopefully that will do for some time.

the IT scale

2024-04-16T15:56:38-04:00

In the spirit of the Joel Scale for software dev, I propose an initial version of a scale for IT and operations folks.

3 points: all production infrastructure is redeployable in exactly the current form with a well-documented, automated system. /or/ 2 points: almost all infrastructure is like that, with a few exceptions which are properly backed-up off-site and have clear, tested redeployment documents. /or/ 1 point: most infrastructure is redeployable in exactly the current form, with well-documented exceptions and good reasons for those exceptions.
3 points: standard per-employee hardware is in stock and a new employee can be set up completely with less than an hour of work by one IT person. Everything will work and there is a Day One FAQ or similar document. An all-remote employee can be set up with less than an hour of work plus an overnight hardware delivery and a ten minute phone call. /or/ 2 points: standard per-employee hardware is in stock and a new employee can be set up on one workday’s notice; everything will work. Adding an all-remote employee takes less than an additional hour of work. /or/ 1 point: if a manager notifies IT that a new employee will start 5 or more workdays in the future, everything will be ready on that day. There is a complete checklist that every manager can see. 0 points: a new employee can start work, given two weeks notice. negative points: if the new employee can’t actually do anything on their first day
2 points: the dev bug tracker is separate from the IT ticket tracker. Both are easily searchable. 1 point: the dev bug tracker can link to a dependency in the IT ticket tracker. 0 points: the dev bug tracker also serves as the IT ticket tracker. negative points: IT work is not ticketed
3 points: all changes go through version control. All changes have associated tickets. Security-related changes require approval. There is a tested emergency procedure to get a major change through in 4 hours or less. /or/ 1 point: all changes go through version control. All changes have associated tickets. Security-related changes require approval. 0 points: each version is archived, even if it isn’t shipped negative points: changes are made to the production/development system
1 point: there is a reasonable, tested, well-documented policy for making exceptions. Exceptions are logged and reviewable. Exceptions are approved before being made. Exceptions are reviewed later and acknowledged, removed, or made part of policy. 0 points: there is an understanding that exceptions will need to be made, and they get logged. negative points: there are no exceptions allowed, so of course they aren’t logged
3 points: dependencies are tracked, tested, and brought into local repositories so that all subsequent builds are reproducible. 2 points: dependencies are tracked, tested, and locked to specific versions 0 points: dependencies are tracked and the build is tested negative points: dependencies are pulled from “HEAD” at every build time.
3 points: increasing pay automatically follows from increased competence and demonstrated responsibility 1 point: pay increases can be argued rationally negative points: if you want more money, you should find a different job

new mouse report

2024-03-11T12:45:30-04:00

My RSI prevention strategy involves change: I use three different keyboards, four or five pointing devices, and move around to different places. On my main desktop, I mostly use a thumb trackball, with a mouse in second place and a drawing pad in distant third.

On Friday the trackball died in a peculiar way.

It decided that Y-axis measurements should be much more precise than the normal X-axis reporting, and so I needed to roll the ball about eight times further in one dimension than the other. Not good. I changed the battery, which did nothing, and unplugged and replugged the dongle. Nothing changed. I flipped the mouse off and on again, and that killed it – the system reported that the mouse connected and had a charge, but did not accept clicks or geometry from it.

Well, I have a spare, retired because the main button refused to acknowledge being held down. That’s a problem for dragging over text for copying it. Time to buy a replacement.

The new trackball, an Elecom EX-G Pro, appeared about 20 hours later. Unlike the former occupant, a Logitech M570, the Elecom can be used with a USB connection, a proprietary dongle, or a generic Bluetooth connection. X11 recognizes it as having 12 buttons:

left, wheel-click, right, wheel-roll-down, wheel-roll-up, wheel-tilt-left, wheel-tilt-right, leftside “back”, leftside “forward”, far-left-by-thumb, far- right-finger, and a central button just south of the wheel

which is actually one button too many: the far-left-by-thumb button is nearly impossible to tap without changing my grip on the mouse.

There are also bottom buttons for BT pairing, resolution switching, and a slider for off/slow-report/fast-report – for battery saving, I guess. And an additional slider for switching from BT to proprietary wireless dongle.

The ball is exactly the same size as the Logitech M570 series. It feels smooth. The wheel, however, is high-friction and clicky. Some of the corners of the mouse actually feel sharp.

Some config to help things out:

In .xsessionrc:

xinput set-prop "ELECOM TrackBall Mouse EX-G Pro TrackBall Mouse" 305 12
xinput set-prop "ELECOM TrackBall Mouse EX-G Pro TrackBall Mouse" 290 0, 0, 1
xinput set-prop "ELECOM TrackBall Mouse EX-G Pro TrackBall Mouse" 292 11

The first line sets the top-of-mouse button as the universal drag lock button. Tap it, tap another button (usually 1, the main button), and it is considered to be held down until you tap the other button again. Excellent for precise copying to the primary buffer.

The second and third lines enable scroll-by-ball: hold down the far-right button and roll the ball to scroll. Much smoother than the wheel.

In .xbindkeysrc:

"xvkbd  -text "\[XF86Copy]""
       m:0x0 + b:8
"xvkbd  -text "\[XF86Paste]""
       m:0x0 + b:9

Sets the nominal forward-and-back buttons to copy and paste, very useful if your terminals support bracketed paste mode (they almost all do). Requires xbindkey to be running.

All together, this creates a workflow on the mouse: position the cursor at one end of a selection-to-be. Top button, button 1. Roll the cursor to the other anchor point, taking as long as desired, repositioning until you get it right without having to hold down a button. Button 1 again. ‘Back’ to copy, go find your desired window, ‘Forward’ to paste. Not quite as fast as holding down a button while dragging to select, but much easier on my finger joints.

belts and suspenders at home

2024-03-04T06:54:16-05:00

I have almost 30 years of professional experience as a sysadmin.

Failure is inevitable. Hardware will fail, software will be discovered to have flaws, reconfiguration will be mistaken.

The antidote is to have reliable recovery mechanisms: everything will eventually break or need to be changed, so in turn you need to be able to recover back to a stable position, so you can try again.

Recovery mechanisms are not all-purpose. I usually describe them in three phases:

short-term examples include version control, RAID, failover systems, snapshots. These let your systems continue to function after a specific failure or let you revert back to a known good state in a short period of time.
medium-term examples: backup (with tested recovery), cold spares, automated deployment systems, alternative paths. These keep you going after a major but limited-scope failure.
long-term examples: archives, remote backup, distributed remote deployment, disaster-recovery plans. These let you rebuild somewhere else.

Understanding your systems allows you to plan how you will deal with the inevitable mishaps. Carrying out those plans allows you to have confidence that you won’t dig yourself into a hole that you can’t escape.

The differences between a house network and a small business network are not that great. The business probably has more money to spend, but they have similar needs for reliability. Your family and/or housemates are probably fewer people than your business associates – or perhaps not.

What reliability measures are worthwhile on even a small network?

NTP
DNS
DHCP
NAS
RAID
backup
central syslog
version control for your configuration
diverse routing to the Internet – if it’s cheap enough

What’s not worthwhile unless you have other goals, like “learning this skill”?

Kubernetes and similar orchestration systems
most multiple-system containerization or VM migration systems
internal multi-path networking
multi-path disks
ansible, chef, puppet, cfengine, nix…

the two most common fail-to-post errors

2024-02-07T07:26:46-05:00

My two most common issues in not posting to this blog:

start writing a post, discover that it is ten thousand words and still hasn’t made the point properly
muse about writing a post, wonder whether even I want to remember the subject of consideration

This entry is brought to you by both of those issues.

prediction scoring

2023-12-14T08:15:40-05:00

In May of 2022, I made a few predictions about US politics

Here’s the meat:

 Assuming that the opinion is issued substantially as-is, I will make some predictions about 2023.
 
 ‘Red’ states will pass laws restricting basic civil rights...  
 Corporations that rely on high-skill workers will not be able to hire them in those states.
    Those corporations will move out of the red states.

    The economies of red states are substantially worse off compared to blue states now. When the corporations move out, the tax base will be further reduced.
    When the Federal budget is roughly balanced, blue states subsidize red states. The Federal budget is running at a significant deficit in order to prop up the economy.
Option 1: the attack on civil rights is enough to change Congress definitively to blue in November.
    The Supreme Court will be expanded to 15 or 17 justices.
    The Republican Party splinters.
Option 2: Congress becomes red in November, or wishy-washy.
    The United States tends towards a Christian Fascist state.

How did I do?

Red states did pass laws restricting civil rights, especially abortion. {100%}

Corporations are having trouble getting high-skill workers to move to Red {75%} states.

Some have moved out, some are planning to do so, some are not. {50%}

Red state economies have suffered more in the last 18 months. {100%}

Option 1: did not happen.

Option 2: went wishy-washy {25%}

Better than throwing darts at a dartboard, not really good enough to commit to a single plan.

pareidolia but for meaningfulness

2023-11-18T08:13:38-05:00

I had thought that ‘pareidolia’ referred exclusively to the human tendency to see human faces everywhere – any time you see two dots or circles and a line below them, boom :) it’s a face. It can be triggered by rocks, clouds, shadows, uneven browning on a tortilla or a pancake.

It turns out, though, that pareidolia covers any kind of overactive pattern matching. Humans look for meaningful patterns all the time, without thinking about the search, and when something trips the right thresholds in our brain, we seize upon it. The result can be faces, voices, music or just a cloud that looks like a moose.

Here’s my thesis: the large language models (LLMs) and similar generative software processes that people currently refer to as “AI” – those are exceptionally well-tuned to produce patterns that will trigger threshold recognition in human brains. Not by accident – that’s the goal. They are pareidolia-circuit stimulators.

The problem is that LLM output is exactly as meaningful as any other kind of pareidolia. Every well-formed paragraph is a false-positive error.

And when people repeatedly mistake their overactive pattern recognition for reality, we call that a mental disorder: psychosis.

-30-

tech note: slow SSH login

2023-10-28T07:42:02-04:00

If your Debian system is suddenly very slow to login – like, 25 to 90 seconds of apparent inactivity on every new ssh – it’s not DNS.

Check to see if your elogind or systemd/logind is actually running. Look for a log entry in auth.log along the lines of

dbus-daemon[4501]: [system] Failed to activate service 'org.freedesktop.login1'

right after an SSH attempt.

If so, restart the daemon.

-30-

750 chars: security re-org

2023-09-22T08:15:16-04:00

Some people play Wordle to get their brains moving in the morning. I find one of Linked-In’s incredibly stupid “AI”-driven “articles” where they limit you to 750 characters of commentary (times 5-7 article segments) and write a cohesive answer to the whole thing in one block.

Herewith: “How Do You Work With Other IT Departments To Manage Security Risks”

Either your company understands that security is the prime risk assessment and management tool, or it does not. Figure this out first.

Assuming your company cares, get an executive mandate. Bring the IT, Ops, Network Engineering, Security, Software Development, Hardware Engineering, Legal, and all other relevant groups together. Establish a common vocabulary, write a policy, and appoint a committee that has the authority to approve exceptions and change policy.

Policy is implemented in plans, and if your company is large enough, some groups will need their own plans. Write them to a common skeleton, and publicize them internally.

Include Business Continuity and Disaster Recovery as subsets of Security: that’s where they belong. Done in 750.

-30-

words about my mother

2023-09-05T19:09:39-04:00

This is what I would like you to know about my mother:

She didn’t like what people were doing to the world; she found some ways she could be effective at making things better; she did them.

It is not required of us that we fix the world, but it is required that we try to leave it better than when we came into it. Mom succeeded.

She was the ten thousandth accredited Leader of a La Leche League group; La Leche League is an international organization that was founded to teach women how to breastfeed, because that’s not actually a thing we have an instinct for.

People in my professional field have a saying about computer interfaces: “The only instinctive interface is the nipple; after that it’s all learned.” For baby humans, that’s half-true: if you rub a nipple on their lower lip, they will open their mouth and try to latch on. For new mothers, it’s not true at all. We learn how to nurse from watching other people do it. If nobody around you does that, you won’t know how to do it either.

So Mom spent forty-plus years teaching breastfeeding. Human breastmilk conveys antibodies that fortify a baby’s immune system. It changes over time to match changing nutritional needs. It’s full of fat and cholesterol because those are the things we use to grow brains.

When La Leche League had too many internal political battles, Mom helped found Breastfeeding USA. Same goal. Mostly the same methods. Less political angst. Mom had the basic liberal fallacy, one to which I often fall victim: she thought that if a person had all the facts, they would come to the right conclusion. It’s an optimistic viewpoint.

Mom taught me to read. I – and my sisters – all learned to read before we went to school. One day my parents decided to send me to a kindergarten class. Mom walked me in, made sure I was comfortable, left. At some point I picked up a book off the shelf and took it to the teacher or their assistant: “Could you help me with this?” I asked. They said “No.” I cried.

Eventually Mom was back, and wanted to know why I was in tears. She asked me. I explained. She asked them why they wouldn’t help. They said “Oh, we don’t teach reading until the first grade. We just do letters and numbers.” Mom said, “Dan knows how to read. He wanted help with any particularly big words.” She took me home. I did not go back there.

It is probably significant that I invited my favorite librarians to my bar mitzvah.

Mom loved reading mysteries and romances, and occasionally science fiction. Sometimes our tastes overlapped, and I was always glad to be able to make a recommendation to her.

Mom was on my side against the school system, whenever the school system was wrong. She talked to my first-grade teacher about my proclivity for finishing the assigned work in a few minutes and then reading any book I could get my hands on. They agreed to move me up to the second grade. I was rather frustrated in second grade – not academically. I was still bored. I got so bored that one day I finished my work, wrote “I’m going home” at the top of the worksheet, handed it in, went out to the hallway, got my coat and lunchbox, and walked. Out the front door of the school, down the street, over to the four-lane highway, crossed at the light, and so on about 2 miles home. I opened up the door to the mudroom, hung up my coat – Mom was rather surprised to see me – and I headed off to the bathroom. While I was taking care of that, Mom called the school. “Do you know where my son is?” she asked.

“In class,” said the secretary. “No, he’s not.” said my mother.

There were no negative repercussions from my parents. Obviously if I did something that drastic, something caused me to do it. There’s no more profound feeling of security than knowing that your parents are really and truly on your side.

This continued all the way through high school: in my senior year, I took what was billed as college freshman literature equivalent. The English department head taught the class; his plan was to let the seniors watch films all year long. I objected to a lack of education, Mom backed me up. Instead I had an independent study course supervised by another teacher.

Mom’s lesson: when the system is failing you, you can try to fix the system, or you can work around it. The system never proposes solutions outside its control; you have to do that yourself.

My mother taught me to cook. Though I haven’t used the skill in a handful of years, she taught me to bake bread. Mom made several excellent kinds of bread, but what she made most was a whole wheat sandwich loaf and a white loaf called bulka. Mom considered baking bread for her family and friends to be a political act, but it was also practical. Once she bartered 15 loaves of bread for a wheelbarrow.

I don’t bake much these days, but I do cook a fair bit. I am a better cook than my mother usually was, but I never reached her depth of understanding of baking. Her Pesach brownies, made with matzo meal and baking powder, were the best possible brownies. I am glad that she taught my sisters how to make them. I try from time to time, but I haven’t got them right yet.

Mom loved sewing, and made sure that I know how to mend a tear or attach a button. But I didn’t have any love for it, so she didn’t press me to do more. Love is taking care of other people, and sometimes that means not pushing them to do the things that you like to do.

Mom loved cats. She especially loved Pansy, who came over with her from England, and guarded me as I slept.

Mom’s last request was that Dad hold her hand as they took her off the medicine that was keeping her conscious. They told each other that they were each the most important person in the other one’s life. I am sure that this is true.

In memory of my mother (1945 - 2023)

house network 2023

2023-08-18T07:43:54-04:00

In the spirit of underkill home network and overkill home network

Internet:

Verizon FIOS terminating in their optical network terminal. Assume gigabit ethernet for all wired connections hereafter.

Network:

router/firewall: 4 x 2.5Gb ports. Attached to a UPS. Connected to the main switch.
Main switch: 12 port unmanaged fanless GE switch. Powered by the same UPS as the router/firewall.
Den switch: connected to the main switch. 8 ports.
Living room switch: connected to the den switch. Currently a managed, fan-cooled 48 ports, but soon to be changed out for a 12 port fanless.
Wireless access points 1, 2: connected to the main switch.
Wireless access point 3: connected to the den switch.
Wireless access points 4,5: connected to the living room switch.

Servers:

main server is connected to the main switch, on its own UPS.
media server is connected to the den switch, on its own UPS.

Wired stations:

my desktop is connected to the main switch. Own UPS.
my wife’s desktop, same.
my wife’s other desktop, connected to the living room switch.
there is a currently unused ethernet-over-AC connection from the main switch
music player in the living room
media-watching tiny desktop in the living room
In the den:
- a Roku for the TV
- the home theater receiver
- the HDHomeRun TV tuner

Wireless devices:

4 laptops
3 chromebooks
4 tablets
six phones

learning opportunity: LLM

2023-08-18T07:18:51-04:00

If a service is being provided by an LLM, one of the following cases applies:

it was always bullshit¹
the people in charge can’t tell the difference
the people in charge don’t care about the difference

LLMs are bullshit generators. Modern humans expect bullshit in specific areas (advertising, marketing websites, customer service transactions) and are not otherwise looking for it; this is going to be a mistake.

in the technical sense of material spewed out without any regard for accuracy or truth, at all. ↩

one of the one true ways of ops

2023-07-26T21:19:07-04:00

I’m going to tell you the secret (it’s not a secret) to building reliable, operable, debuggable infrastructure. This is going to be terse, but hopefully understandable to someone with just a little experience.

You’re going to need some infrastructure. Infrastructure is not the stuff that you are building, and it’s not the tools that you are building the stuff with. Infrastructure is the reliable services which you depend on to help you build your stuff.

At a minimum:

an Internet connection
a computer acting as a firewall/router to protect you from the Internet
a network switch, preferably one which is configurable with VLANs
more computers than you would think, some of which will be specialized by speed or amount of storage, RAM, processors, special hardware…

The first rule is that nothing can be built without a firm foundation. A firm foundation does not change unless someone makes an active decision to change it, or something breaks. A broken foundation must be detected and fixed.

To detect things changing, we need a monitoring system. The monitoring system should make read-only inquiries via SNMP, check on the functionality of services on remote computers by running tests on them ranging from pings to port connections through HTTPS queries and SQL queries. When it has checked on everything, it needs to go through and do it again. The monitoring system needs a reliable way of sending an alert. It must reliably continue sending the alert periodically until it is stopped by a person or the detected problem is no longer detected.

The monitoring system needs to know what time it is. Use NTP. Designate at least one machine as an NTP server, and have it talk to a pool of NTP servers out on the Internet, as well as all of your internal machines.

The monitoring system needs to be able to send alerts. If the Internet is up, send email, preferably to a paging service. How will you get alerts if the Internet is down? You can try cellphone gateways, but I recommend a different method: set up a small copy of part of your monitoring system somewhere else. Have this one just monitor the availability of your services from an outside perspective. Are you pingable? Are the ports for your applications open? Can a login page be retrieved? If not, shout via email.

From now on, your main monitoring system gets a new monitor for every machine you put into service, and new alerts for every new service you run, internally or externally.

Now you can detect changes. You need to track changes. On a reliable server machine with lots of disk space, install your version tracking system. On that or a similar machine, install a web server that can host a copy of your preferred operating system’s installation system. And, also, multiple copies of the complete repository of external software. Why so much space? Someday you will upgrade the operating system, and for some period of time you will need a copy of the old and a copy of the new. And new is usually larger than old.

Install a system that can install operating systems on new machines. That’s usually a combination of DNS, DHCP, PXE, and a PXE-boot menu. Figure out how you want to name machines now. Figure out how you will handle expansion in the future. Come up with a flexible network routing and address allocation policy that is also reasonably efficient. Remember that humans like unique names for things that they depend on, but are okay with meaningful+serial names for machines that are interchangeable.

You now need a way to take a freshly installed (via PXE) machine and install and configure specific software on it. Study the available configuration automation systems (ansible, puppet, chef, bconfig, cfengine, whatever) and pick one that you can live with for a long time. Consider carefully whether things should be fundamentally pushed from a server to a client or pulled from a server by a client. Always prefer pull for repeated tasks.

When someone tells you that technology Z doesn’t provide security, just convenience, believe them.

You will probably find yourself in need of a database pretty soon. If you do not have a burning need for a specific database, there are only three you should consider (as of 2023): sqlite, mariadb (formerly mysql), and postgresql. Strongly consider using languages with a built-in database layer that can use all three of these systems. Consider picking Postgresql and just sticking with it, unless your needs are very, very simple – in which case, sqlite might be exactly what you want.

Learn a major web server: either nginx or apache. They both work well. I think nginx has a slightly better configuration language, but in the end you’re going to be deploying configs via that config automation system.

For every language you develop in, you must find out what library management system they have and make a local repo of the libraries that you use. You only build from the local repo. Only. Ever. Local. When you want a new version of something you bring it down into your local repo. Don’t remove the old one, it might be better. After three versions have gone by, you might not care any more. This defends against someone poisoning the upstream source – a supply chain attack. It is not a perfect defense.

Which systems are ‘development’ and which are ‘production’? They should look the same, be deployed the same, but you need a gateway between them. At any moment you should be prepared to repel boarders, including developers snooping where they should not and clients tugging on exposed ports. A formal process with a gatekeeper is good, but remember that codifying and practicing for emergencies makes everyone feel better on the tragic but inevitable day when disaster strikes.

You need to know who you are trusting. OS developers? Package maintainers, library authors, coworkers, contractors, clients? Figure out the data flows and the trust relationships. Document this. You need a wiki. Pick one that stores wiki pages in the filesystem, not in a database: the wiki is going to be a precious documentation source, and on the day you can’t run the wiki software but you can grep and read the files, you will thank me.

Access control. You will need to get into your system remotely, which means Wireguard or SSH or both, one over the other. You need to manage special privileges, which means logins on each machine and sudo or doas privileges. In whatever application you are building, consider your security model first and every time you make a change. Keep it separate from your infrastructure access control.

Now size the backups and make them, automatically and repeatedly. The rule of backups is this: nobody cares about backups, they only care about restores. You have three distinct backup targets:

oops, I deleted/changed a thing. Can I get it back fast?
- use a snapshotted filesystem, with automatic snapshots (I like ZFS)
- use a version control system (yes, for its own sake)
- use a self-service per-user backup/restore system (don’t do this)
this computer died taking a lot of data with it. Can we restore it fast?
- have an onsite backup to disk
- make those backups nightly
- have multiple copies of freshly acquired data
- have an offsite backup of the onsite backup for that day when everything burns (or the power goes out)
- could you have a live backup server? It costs more. That might be worthwhile.
the lawyer/accountant says we need to retain this for years. Can we do that efficiently?
- encrypt that data and store the passphrase in three different secure places.
- offsite is probably good
- keep an onsite catalog of where you put it

I haven’t mentioned your load balancing, streaming database replication, second site, internal firewalls, office systems, or printing. If you can avoid ever buying a printer, do that. If you can minimize printing, do that. Buy a larger monitor rather than more reams of paper and toner. Use wired networking for every machine with a fixed location, and treat your wireless networks as being outside visitors. Survey the MAC addresses of the wired machines and refuse changes without authorization. If you handle payments of any kind, read the PCI documentation and do better than they demand. You can do it: they demand the minimum that they can cope with.

Buy more capacity up front. Compare fully depreciated capital assets versus the cash flow of rented/leased/flexible services, and bet that you will be in it for the long haul. If you aren’t sure, scale back. Don’t depend on the whims of giants: buy commodities that you can get from anywhere.

There’s always more. This is enough to get you a firm enough foundation that your organization can survive to find out what you need to do differently.

quote of note n=11: copyright

2023-07-10T09:15:58-04:00

Let’s take a second to remember that copyright is the reason ~every child doesn’t have access to ~every book ever written.

– holmesworcester at Hacker News

-30-

desktop audio update

2023-07-09T09:19:04-04:00

Previously:

In the office, my desktop feeds an Apple USB-C DAC ($9, no sale needed) to an optoisolator to a NAD 712 stereo receiver. I bought the NAD in 1998, new, no discount. It has a 1/4” headphone jack which automatically disconnects the speaker connections – a pair of Paradigm Monitor 3 Mark 3s. The usual headphones are Superlux 688b, Truthear Zeros, TRN V90s, or occasionally Sennheiser 280HDpro. The desktop runs equalization software (PulseEffects on top of PipeWire) that corrects each output, though it does have to be selected whenever I change outputs. The Paradigms were purchased used from a guy driving a white van, for $200 the pair – an excellent value.

Now:

My desktop is connected to a Topping MX3s ($199) via USB. The MX3s is a tiny box – about one quarter of a standard box of tissues – with a USB DAC, a headphone amplifier, and a 50W (4 Ohm) stereo amplifier. Yes, for real speakers. This is basically the same power output as the NAD 712, which is merely six times the weight and half the power efficiency. The headphone jack is 1/8” and does not automatically disconnect speakers, but the front button allows selection of headphones, speakers, or both. All other bits remain the same.

It’s really quite nice.

previous description

-30-

sacrificial jacks

2023-06-28T13:43:54-04:00

If you have some sort of data or power cable that you tend to plug and unplug frequently, consider putting a sacrificial extender cable in between. The cost of replacing a jack on a motherboard or other fixed device is pretty high; the cost of replacing a plug on a device is often similar to the cost of the device in the first place.

For a headphone connection, for example, you can get a 6” extender for a cost less than the shipping. USB extensions are a little trickier - you need to match a bunch of different characteristics, but pretty reasonably priced when available. Power plug extensions are cheap, but it may take a little while to find one short enough to be reasonable.

-30-

memorializing a prediction

2023-06-11T13:38:08-04:00

I will bet a shiny nickel that in 2028, you will be able to buy newly made spinning disks and that they will be economically justifiable for large media collections, backups and archives. Not sure I’d make that bet for 2033, though.

-30-

how did dial-up ISPs work?

2023-06-09T13:57:37-04:00

My wife worked for the first public ISP for several years. My first job, still in college, was for a local ISP, eventually becoming the head of all technical operations. And my next job was at a major commercial ISP, one which leased POPs to AOL among other businesses.

Here’s how they worked, at a technical and business level:

Every aspect of an ISP, economic and technological, is based on the ability of IP connections to time-share multiple connections by packetizing them. Consider every point-to-point network connection as a train track populated by packets, train cars that always move at the speed limit to the other end of the track, where the sign on the front of the car is read by the stationmaster, who selects a route for the next leg of each car’s journey.

The stationmaster doesn’t care whether all the cars are going to the same destination or not. If the station only has three tracks, then every car arriving on track 1 is headed out on 2 or 3; every car coming in on 2 is going out on 1 or 3. Which one should be selected? That’s up to the sign on the car and the stationmaster’s policy.

A minimally viable ISP in 1994 bought a T1 line to another, larger, ISP, who would agree to route all their packets. This is called “buying transit”. That gets you 1.5 megabits per second in each direction. The T1 terminates in a modem-like piece of equipment called a CSU/DSU, which was usually attached via a high-speed (for the time) V.35 serial connection to a router – often a Cisco 25xx series 1U device. Some of them had interface cards that had all the functions of the CSU/DSU built in, and so the T1 would go directly into the router. Integration is nice – it guarantees compatibility among the integrated components, takes up less space, improves reliability, and usually uses less power and therefore generates less heat.

That router would talk via 10Mb/s ethernet - wow, fast! - to the local equipment, which would include a server running authentication/authorization software (based on the RADIUS protocol, usually), a local mail server, perhaps a local FTP server, and, for most of that period, a local USENET server. Finally, we have the equipment to allow clients to log in: a bank of telephone lines from the local phone company, each attached to a modem, which was connected to an RS232 serial line to a terminal server – that is, a computer with a lot of serial ports. The terminal server would offer a terminal connection to a local computer, or a SLIP connection, or a PPP (point-to-point protocol) connection, and whichever of these was available would be connected over the local Ethernet.

So: clients would dial in on a phone number (a roll-over number was an arrangement by which the telco would connect inbound calls on one number to whichever line was next in sequence, until they were all busy at once), negotiate with the modems, authenticate for a PPP session, and then send and receive packets.

Every packet that stayed local to the ISP was an economic win for the ISP, because local packets weren’t using up the valuable commodity of the general Internet connection. That’s why there would be local mail and Usenet and FTP – and eventually local web servers. Typically, a high-quality ISP could run at a ratio of 5 or 8 to 1 – 5 to 8 times the bandwidth on modems compared to the upstream bandwidth. A few years later, Akamai’s line of business was in convincing ISPs to give them space and power for free in their POPs or datacenters, using the clever argument that every web request answered by an Akamai cache server was a request not using valuable Internet transit. Meanwhile, Akamai’s clients appeared to be ridiculously fast to anyone asking for their content from an Akamai-affiliated ISP. (Oh, yes, after I worked for the big ISP I worked for Akamai.) The hard part of running an ISP in the first few years was letting people know you existed – newspaper ads, physical bulletin board ads, billboard ads, radio spots – you needed to invest in these things.

A few years later, Lucent Technology, who had been spun off from AT&T, came up with an all-in-one box called the AscendMAX. In one medium-large box, an ISP could have every component of a POP: efficiently wired telephone circuits going to built-in modems, a high-speed transit connection, routing services, and authentication (usually reflected back to central authentication servers).

Then Lucent outsmarted themselves.

There was an ISP boom. Everyone was offering a variation on $20/month all-you-can-eat dialup service. To expand to a new location, you just needed to arrange for some space in a rack, a T3/DS3 backhaul to your core networks, a set of T1/DS1 lines for dialup, and one or more AscendMAX boxes to connect everything together. Lucent was selling thousands. Lucent’s salespeople were getting rich on commissions, and pretty soon they started offering financing for ISPs which were clearly going to be making money hand-over-fist forever. The financing was at a nice interest rate, too, and the business was solid, so Lucent’s only collateral was the AscendMAX itself. If an ISP failed, well, some other ISP would happily buy the repossessed, refurbished, discounted equipment from Lucent. And all this went so well that the stock price soared, and some funny accounting tricks were played to make it go even higher.

Then it crashed, and Lucent found themselves the proud owners of thousands of repo’d AscendMAX units, and no buyers. See the Wikipedia article for details.

koreader is not perfect, but it is very good

2023-06-08T21:55:02-04:00

koreader is an open source ebook reader application originally designed to replace the firmware on Kobo E-Ink reading tablets, and then ported to run on Amazon Kindle, Android, PocketBook, and Remarkable devices. Under Android it runs as a normal application. It also runs as an application in Linux and (reportedly) in MacOS. It reads basically all non-DRM book formats. It is highly configurable and featureful, though not infinitely so.

If you have an OPDS-speaking book server, it can search and download from that. If you want to run a tiny sync server for keeping track of which page you are on across multiple koreaders, that’s pretty easy.

If it ran smoothly on MacOS and I could get it to work on my semi-antiquated Chromebook, it would be even closer to perfect. Sadly, it doesn’t – yet.

-30-

considerations for ebook reader interfaces

2023-06-06T12:20:33-04:00

It’s a nice title, but what this really is, is my personal preferences on interfaces for reading fiction. Everyone is allowed to have preferences. Mine are special because I read a lot – on average, a little over 200 books each year…

Statista (no link because they are essentially a news site, just one with a longer news cycle and an odd focus) suggests that 3 in 4 Americans read at least one book per year, with average expenditure just over $100. They also claim that the recreational book market in the USA is about $25 billion, which is consistent - a third of a billion Americans, times 100, times 0.75. $100 gets you four new hardcovers, or six first-rank ebooks, or roughly a year of a Kindle Unlimited subscription when it goes on sale, or between ten and a hundred regularly priced ebooks. I will not abide by DRM and assert that anything I get to read, I get to store in memory (internal or external) as long as I can.

So, the first point: format. The best and most widespread current format is EPUB, which is a slightly formalized version of wrapping HTML and CSS with some naming conventions in a ZIP-compressed archive. This is the dominant format and anything else should be convertible into it, with two exceptions.

Comic books are best wrapped in the CBR or CBZ formats, which are RAR or ZIP archives of JPEG or PNG images, named in page order. Simple and effective.

Books which depend on precise layout – typically technical illustrations or art books – do best in the ridiculously overcomplicated PDF, which is optimized for print but can be displayed on screen.

The reading of comics and art books is, as far as I’m concerned, a different category than reading fiction. It’s fine by me if the software is similarly specialized – I don’t demand a unified reader. Hardware which is adequate for reading fiction is not necessarily adequate for viewing comics; a good comics viewer may be unwieldy for fiction on the go. (An A4-sized display is great for comics or art, but tends to be as heavy as a lightweight laptop (or, indeed, functionally is a lightweight laptop); an A5-sized display is about the same as a mid-sized hardcover page, and an A6 approximates a paperback page – and is achievable on a large smartphone.)

Here’s what I won’t compromise on:

display density of 200 dpi or higher
fast page turning. How fast? Fast enough that I don’t notice it.
lighting for reading in dim and dark circumstances
a readable dark page with light letters, for nighttime reading
controllable brightness
the typeface I like (Palatino or a close relative) in the size that I want
with line spacing under my control (I typically want 0.85 to 1.2)
nearly everything on screen is the book itself - one status line is good; I prefer footers to headers.

Features that I like but don’t need:

an OPDS client to fetch books from my server
a sync client to keep track of the last page read on each book across devices
one-touch access to the table of contents
reprogrammable/customizable menus and gestures

Features that I find nearly useless:

a book-cover based file browser
timers
dictionary lookups
multiple bookmarks per book
note-taking

Features that I need to turn off if they exist:

speed-reading gizmos
animated page flips
text-to-speech output (obviously useful for other people)

Screens:

OLEDs are the best in the dark. All modern displays are pretty good in indoor moderate lighting. E-Ink is only superior in bright sunlight, and you never get color (or at least good color) with E-Ink.

minimal due diligence

2023-05-10T10:40:48-04:00

‘Due diligence’ is the business terminology for taking care of details when you enter into a contract. Those details include very basic things like:

does the seller exist?
do they have a history of fraud?
are they on a list of terrorist supporters? (yes, really)…
are the terms of payment reasonable?
is it likely that the seller can provide what they claim to be selling?

When you’re looking into buying a whole company, due diligence goes deeper into checking the financial health and operational practices of the business you are buying – and on the other hand, the seller will want to know that you have the money or financing at hand, at the least.

It’s usually a good idea to apply the same sort of discovery or estimation to your own clever ideas, especially if your new plan will involve the expenditure of a significant amount of time or money.

As an example, I was reading a blog post about running a set of repository mirrors for open source projects, when I was struck with the inspiration that I could run my own mirror for the house. This is not immediately completely insane – I/we run mirrors at work for projects that we use. But it did occur to me that I should do some basic due diligence before committing.

A simple pro/con list is a good start:

house mirror pros/cons
PRO	CON
fast access to packages	uses lots of disk space
less external bandwidth	reconfigure machines
allows install/upgrades	can’t update mirror
without external net	without external net
	more stuff to maintain

Given a 5-10x reduction in bandwidth for package updates, and that I don’t pay for bandwidth that way, versus a large increase in disk storage and stuff to maintain, I’ve decided not to bother.

models of language vs models of reality

2023-03-20T19:01:22-04:00

It is essential to realize that these technologies [large language models, currently called AI] do not answer questions about a model of reality, but about a model of language.

The utterances that they produce are statistically good at being plausible conversation related to the input prompt. Any relationship to reality is basically coincidental. Our tendency to view it as meaningful is a product of anthropomorphism and the social conventions of our culture.

People who use tools are responsible for their actions.

(I first wrote a slightly altered version of the above on the XBBN mailing list on January 30, 2023, in response to a query from Candy Sidner.)

-30-

quote of note - history of WWW tools

2023-03-07T08:18:32-05:00

The thirty year history of the World Wide Web seems to be one of barely glomming together a relatively robust, relatively well maintained set of information sources and then destroying them at the first sign of a company offering a slicker product… which then spectacularly dies.

– Jason Scott @textfiles [twitter.com] June 28, 2022

-30-

fingerprints

2023-03-06T09:18:37-05:00

I have had phones with fingerprint unlocks on the back, side and in-screen.

Back is best.

-30-

an opinionated tmux config

2023-03-03T11:56:43-05:00

I switched from GNU screen to tmux when I discovered that the minor bug I had been experiencing for years had been reported several times and always dismissed with “can’t reproduce”.

It took about 20 minutes to properly switch over, and another day or two to discover my own biases and desires. What follows is a discussion of my own preferences in tmux config.

# I don't split windows. Splitting windows into panes is not for me.
unbind %
unbind \#
unbind \"
# flip back and forth between two windows with prefix-spacebar
bind Space last-window
# fix default binding for changing to window 10 instead of 0
bind 0 selectw -t:10
#bind -n C-Left previous-window
#bind -n C-Right next-window
bind -n M-Left previous-window
bind -n M-Right next-window

When I work from home, I open up an ssh window to work and run tmux over on my server there. This effectively embeds a tmux inside a tmux. Alt/Meta is inboard of Control on my keyboards, so I use raw ctrl-arrows to move between windows on the outside/home tmux and raw meta-arrows to move around the inside/work tmux.

setw -g automatic-rename off

Turns out that automatic renaming never does what I want – so I name everything manually.

And that’s it. Nothing else I need, so far, is particularly weird.

minimalism is an affectation of the wealthy

2023-02-23T10:43:06-05:00

People use tools to get things done. Tools vary in capabilities. Using a perfect or great tool is more comfortable, takes less time, or does a better job than using a good-enough tool. Using a poor tool incurs penalties in time, comfort and/or quality.

Minimalism is, in the current parlance, a “flex”. Minimalism is a statement that you can afford to prefer a non-optimal set of tools in order to satisfy an aesthetic fad.

-30-

lessons from usenet

2023-01-25T10:17:23-05:00

Modern social media could have learned some useful things from Usenet. Mostly, they haven’t.

Here are some of those lessons:

Reverse chronological feeds (most recent first) are a disaster.
Proper threading maintains context
Every discussion group needs a nominal topic, even if that’s “friendly conversation”
Groups can be formally or informally moderated, but when there is no moderation, the group explodes into chaos
Every user needs an obvious and easy killfile
No mercy for spammers, ever
Good communities form around a nucleus of people who write good things
Persistent pseudonyms become real people. Anonymous and drive-by posters don’t make good neighbors.

audio setups early 2023

2023-01-06T10:01:20-05:00

Of interest to highly technical budget-quality optimizing folks, mostly.

This is how I’m dealing with music playback in the house as of January 2023. My goals are reasonably high-quality music at a long-term reasonable price, while avoiding paid streaming services.

First up, storage. Music (and local video) is stored on the media center box, a Pentium G4560 (2 cores, 4 threads) PC with 8GB RAM and 4x3TB disks in RAID10. All the machines I’m going to mention are running Debian Stable. Disk space is usually at a premium, so at some point I will likely migrate to a 2 disk ZFS mirror, probably around 14-16TB usable. Music is largely ripped from CDs at 320Kb/s MP3 or FLAC; some is purchased digitally if available in those formats.

Hooked to this via HDMI is a Yamaha RX-V675 7.1 channel home theater receiver, which feeds main speakers, center, surround, and front presence/elevation speakers. It has measured room equalization, albeit not the most capable on the market. Main speakers are PSB Century 800i (2.5 way towers, 1” dome over 2x 8” woofers, front ported, ports stuffed) sitting on Monoprice 12” powered woofers getting the same signal. After equalization, this can go down to 20Hz at 90dB (1m). There is also a PSB Alpha Subsonic 5 subwoofer for movie LFE. All of these things were bought new but with fairly large sale discounts.

In the living room is an old laptop with a SMSL Sanskrit 10th MkII DAC feeding Kali LP8v2 powered monitors. The DAC was on sale for half-price ($70) and the speakers were on sale for $200 apiece down from $250. The laptop uses equalization software when playing from the console/NFS, but not from the Shairport-sync remote client.

In my bedroom is a Google Chromecast Audio (sadly discontinued, $25 when new) connected to JBL LSR305x powered monitors, bought on sale from MassDrop at $170 for the pair.

Currently unused but known to be functional:

a Yamaha RXV990 receiver (pre-HDMI era) with useful 2.1 capabilities and mediocre 5.1
a NAD T750 receiver (pre-HDMI) with similar capabilities
2 Paradigm Esprit v2 narrow towers
2 Paradigm MiniMonitor Mark 3
2 PSB Century 400i bookshelf speakers

I expect some version of these to be gifted to the kids when they move out permanently.

uphill battle

2022-12-09T13:25:40-05:00

I am aware that this trick never works (cf ‘Hacker’). Still, I need to try.

Please stop using the terms AI, Artificial Intelligence, and even ML and Machine Learning. In the same spirit as “the cloud is just someone else’s computer”, please regard all these systems as Statistical Correlation Networks, SCNs.

When you read, hear, or say AI you carry the baggage of a hundred years of science fiction stories. You will then make mistakes in reasoning about SCNs.

Yes, it is amazing what SCNs can do, but they aren’t people you can teach and reason with.

-30-

new phone minireview

2022-11-11T10:03:24-05:00

Being a mini-review of the Asus Zenfone 9.

(It’s mini because the phone is the smallest current flagship.)

Previous phone: OnePlus 7Pro, a 6.7” screen with rounded edges and an enormous battery life. This one has a 5.9” flat screen. Flat is much better. The manufacturers decided that rounded edges were “premium”, so they put it on the highest end phones… making them less usable and more prone to weird glare and distortion.

How much smaller is it? Let’s ignore the crude physical dimensions and go with this: at a comfortable reading width, the OnePlus shows 35 lines of book text, and the Asus shows 30 lines of the same text. I guess I’ll be flipping pages 14% more often.

In exchange, the Asus is much lighter and much more comfortable to hold one-handed… and I have big hands. Not NBA big, but proportionate to my height, which is still somewhere in the 99th percentile.

It’s fast, but all flagship phones are fast, even the ones that are three years old. It has cameras, but all the phones have cameras. Unless you are a camera person, it will be enough.

It is reported to have excellent battery life. It claims to be waterproof (IP68), but I note that the warranty specifically disclaims water damage. Hmph. And it has a headphone jack, which is awesome. When did it become awesome? About five years ago, when flagship phones stopped having them because you were expected to buy expensive low-quality wireless earbugs which would then need to be recharged and someday become more toxic waste.

Feature that I miss from the OnePlus that nobody is selling this year: instead of having a stupid cut-out hole in the screen for the front camera, the OnePlus had a motorized drawer for the front camera. I tested it about fifty times and used it about three times. Much nicer. Bring that back, along with the physical three-way switch for mute/stun/kill.

Overall, I think I’m content. But I also think that if I were more budget constrained, I would be pretty happy with one of Motorola’s near-flagships instead.

why apple mail products stop sending mail

2022-09-02T09:49:00-04:00

If you have an Apple Mail client (MacOS, iPhone, whatever) that recently stopped sending email to some servers, the reason is because Apple doesn’t play nicely with other products. There is a solution…

SMTP conversations begin with the client saying HELO (or EHLO) and identifying their hostname or IP address. Clients that send garbage or the server’s IP address are spamming tools. Therefore, watching for bad behavior here is a good anti-spam measure.

Apple changed their client behavior sometime in the last few months, and it shows up irregularly as people update their software.

If you are running a Postfix server, the setting you need is

smtpd_helo_restrictions =
        check_helo_access

Find the postmap database that check_helo_access is using and add a line like this:

smtpclient.apple OK

then re-map it and things should start to work.

if your tech company is growing, you need in-house recruiters

2022-09-02T07:29:04-04:00

If your company is planning on hiring 4-6 technical people a year, your next hire should be a recruiter. It is probably best if they do not have experience being a recruiter or a salescritter. Hire someone with a liberal arts degree or technical communications experience.

If your company is hiring more than that, why don’t you already have an in-house recruiter?

External recruiters are lying spammers. It’s the nature of the economics: they don’t get paid until they land a candidate, but they can’t afford to learn enough about your company or the role to get good candidates, so they need to work in bulk. An external recruiting company wants 20-30% of first-year salary as a fee. If you’re hiring 5 people a year, you can afford to pay an internal recruiter the average of their salaries, which should be quite nice indeed - external recruiters are paid on commission, which induces feast-or-famine responses and consequent unethical practices.

An internal recruiter can talk to your hiring managers, ask questions, and build trust. An internal recruiter is inherently more trustworthy to a prospective candidate, too: they can reference the company’s name from day one, and can offer actual details immediately.

-30-

can we rebuild Usenet on top of blogs?

2022-06-23T08:28:13-04:00

Blogs publish articles, or entries, which are basically the same as Usenet posts – but there’s no widespread mechanism for grouping and replying. We can fix that.

All reputable blog systems produce a URL that yields a full-text RSS feed. That takes care of publishing. Traditionally, Usenet articles have headers signalling From, Subject, Newsgroups, and References. From and Subject aren’t needed – the From is either in the URL or in the blog’s content, the Subject is in the title or body. Newsgroups is a super-threading semantic, and might not be needed. Tags could be a better arrangement, particularly if people agree on some distinct keywords when they feel it appropriate.

Then we add a threading semantic to the RSS feed signalling that a particular entry is a reply to a particular thread. One obvious mechanic for that is for all participating blogs to guarantee that the URL for each entry on their site is unique, and use that URL in a Reference header signalling that this entry is a reply to that particular URL. Let’s mandate the Tags header as well.

Now we need an indexing/discovery service. Let’s make sure that’s federated. Compatible servers can hook in as new leaves, getting a copy of all the known living feed URLs plus the last hundred tags seen from each URL. Note that we are indexing and searching on metadata, not data: some megacorp might want to suck down all the data, but a server should be runnable on a small budget by an individual.

Finally, ask RSS readers to fire off the blog-writing client/editor to construct an entry with a particular Reference header on demand, copying the Tags but leaving them editable.

Et voila, Super-Decentralized Usenet.

perfectly willing to believe

2022-06-18T09:02:19-04:00

The categories of certainty of knowledge are statistical and fuzzy.

In the course of everyday life, I don’t bother conducting experiments to see if gravity is still working (I haven’t received a bill in ages) or the atmosphere is still breathable. I just assume that they are in more or less the same state as they used to be. Occasionally this is wrong, and I am surprised by a terrible humidity or excess pollen or dust, but it saves a great deal of deliberation time which can be used to think about other things, such as whether I have remembered to take the laundry out of the washer.

As I converse with people or bots convincingly pretending to be people (and perhaps, eventually, bots which are people), most statements come with an implicit certainty tag: I am not knowingly lying to you, I am convinced that this is true. This is called basic honesty, and is both valuable and common. But from time to time I want to talk about more speculative things, and so I tag my conversational topics explicitly.

I have come to note that I use the phrase “I am perfectly willing to believe –” when I think that a proposed theory is consistent with what I know about the universe, but I have very little evidence for it and none against it. I often use it to propose a more moderate version of some explanatory story. For example, consider the proposition that Martin Luther King Junior was assassinated in a plot by the United States government. Do I believe that LBJ signed an order to kill him? I haven’t seen such a document. Is it consistent with my understanding of the workings of the government? I am perfectly willing to believe that some section of the Federal government, probably in an intelligence agency, decided to set it up. I don’t have evidence for it, I don’t have evidence against it, and right now I don’t believe it – but that just means that if more evidence comes to light, I am prepared to accept it.

In general, I don’t believe in big conspiracies, because people do like to talk about what they have been doing. But I am perfectly willing to believe in any number of small conspiracies – limited by number of participants and timespan – because that’s a thing that humans really like to do. Many businesses start out as a small conspiracy to exploit a situation; they stop being conspiracies when they go about their business openly.

script assistant

2022-05-14T17:53:17-04:00

I’ve had this idea for seven years and haven’t done anything with it, so I hereby release it into the public domain and hope someone will make it – preferably an open source version.

Live theater rehearsals rely on actors memorizing their lines. Historically, not everyone learns their lines at the same time. So, for rehearsals, people are walking around on stage clutching bundles of paper, usually with highlighter over their lines.

Everybody has a smartphone now, so let’s use that. This application can be handled in HTML, CSS and JavaScript with a fairly minimal backend for synchronization and distribution. Or you can make yourself unhappy and do it as native apps in every platform you want to support.

In the setup phase, someone loads a play script or musical book into the server and tags every line with one of:

nobody
stage directions
character X

Just a little pattern recognition can do an excellent job of autotagging, but proof-reading is essential.

Once all the lines are tagged, setup is over.

The subsequent phase is to start a rehearsal session, which needs a distinctive name. Each participant logs in to the server from their smartphone and selects a character, overview, or director. Multiple simultaneous logins of each of these can happen, but director ought to be password protected.

During a rehearsal, all devices receive a copy of the script/book. If a character is selected, that character’s lines are rendered in a very obvious form – special background/foreground color combos, and/or larger, bolder, different fonts – or even whispered via text to voice. It should be difficult to accidentally change characters, but fairly easy to change on purpose. Per-device customization of character’s special line rendering is a good idea. If the selected character has a line on the next scrollable page, there should be an indication of that before we get there.

The director gets a special set of controls to synch all the other views. Although the director controls feel like a mix of absolute and relative position changes, they are actually all implemented as a goto to an absolute line position. The director controls should include directly starting at a particular point and moving relatively forward or backward.

So: a rehearsal session starts. Actors log in and select characters. The stage managers and techs and anyone who is observing select overview. The director, and very likely an assistant director or two, select the director view, which is the overview plus motion controls. Those controls send instructions to all the logged in views to move to the next line or page or other mark.

-30-

a poem

2022-05-06T07:19:28-04:00

beep, boop
bleep, bloop
creep, croup
deep, dupe
heap, hoop
keep, coop
leap, loop
neap, no-op

-30-

predictions for 2023

2022-05-03T08:19:10-04:00

Last night Politico published an unprecedented leak of a Supreme Court decision overturning Roe v Wade, the decision that established a right of privacy and the consequent right to an abortion. The opinion of the court’s reactionary majority specifically includes reasoning to overturn the decisions about marriage equality, legal contraception, and general privacy of sexual behavior.

Assuming that the opinion is issued substantially as-is, I will make some predictions about 2023.

‘Red’ states will pass laws restricting basic civil rights.
Corporations that rely on high-skill workers will not be able to hire them in those states.
Those corporations will move out of the red states.
The economies of red states are substantially worse off compared to blue states now. When the corporations move out, the tax base will be further reduced.
When the Federal budget is roughly balanced, blue states subsidize red states. The Federal budget is running at a significant deficit in order to prop up the economy.
Option 1: the attack on civil rights is enough to change Congress definitively to blue in November.
- The Supreme Court will be expanded to 15 or 17 justices.
- The Republican Party splinters.
Option 2: Congress becomes red in November, or wishy-washy.
- The United States tends towards a Christian Fascist state.

-30-

log more on failure than success

2022-02-25T10:40:31-05:00

When something goes wrong, especially (but not limited to) at startup, you should log an error message that is as informative as possible. In particular, if your service has parameters that might conflict with any other running process –say, it wants to listen to a particular port– you should have the error message mention all of those details.

It’s even better if the failure does a little diagnostic and tells you what other process is using that port.

This message brought to you by the Campaign for More Informative Error Messages. -30-

smart homes are still for tinkers

2022-02-17T12:01:34-05:00

There are two kinds of smart home enthusiasts: the kind who buy into a particular cloudy ecosystem and need to buy all new stuff every few years, and the kind who spend all their time tinkering on their in-house systems. Fairly often the tinkers also end up buying all new stuff, but they get to do it in incremental steps where everything works (more or less) during the transitions.

I’m not an enthusiast: I want a return on investment in money, convenience or fun.

There’s a thermostat in each fridge that keeps it at the right temperature. It’s never failed except when the whole house had a power outage, and I’ve never needed to obsess over the current temperature. The house thermostats get changed twice a year: when we start keeping windows open regularly, and when we stop.

The lights in the house are controlled by wall switches. There are precisely two places in the house where it would occasionally be nice to change the state of a light switch which is not close at hand. It’s not much of an inconvenience.

The electrical outlets have things plugged into them, most of which are either off or charging at any given moment. There is exactly one place in the house where I would like to occasionally flip power state from across the room. I could solve that with a remote RF power switch, and it would be reasonably cheap, but I haven’t.

I have extensive music systems, which don’t respond to voice commands because there are no permanently active microphones in my house. It’s stored in a central system, shared to all the computers that want to read from it, and can be accessed in several ways, including a web player that will direct sound to any set of speakers in the house. It’s not “smart”. It’s unobtrusive, and doesn’t do things on its own.

And that’s what I like.

in 2022 there are no slow computers

2022-02-10T07:15:04-05:00

It is 2022. There are no slow computers¹. There is a lot of slow software.

In 2000 a desktop computer might take 3-5 minutes to boot from power-off to being ready to read your email, enter data into a spreadsheet, or play a game. An Intel Pentium III cpu was a 32-bit, single core, single threaded unit running at something less than 1GHz in the middle-grade systems normal for business, and 128 to 512MB of RAM was normal. A big hard disk for a desktop would be a 2GB device on a 66MB/s interface. A nice monitor would be 17” on the diagonal and show 1280x1024. LAN speeds were 100Mb/s ethernet and a small office might have a 1Mb/s DSL link.

In 2022, a desktop computer takes 30 seconds to 2 minutes to boot. A normal office CPU is a 4 core, 8 thread 64-bit system running at 3-4GHz, with 8-16GB of RAM and a 1TB SSD running at about 500MB/s. A cheap monitor is 1920x1080 at 24” or so. A small office will have 400Mb/s WiFi, 1Gb/s ethernet, and an Internet link might be 100 to 900Mb/s.

So: 50x faster, 16x as much memory, 10x faster disk transfer (and 1000x more operations per second), and an Internet that runs 100x faster.

The nature of office work has not changed significantly since then. To a certain extent, people are asking their computers to do more – push more pixels, calculate smoother fonts – but the actual work has not changed much. Yet complaints about slow computing are rampant. Why is this?

I already told you: it’s the software. The normal load-out of Microsoft Windows, Office 365, two anti-malware scanners and a diet of heavy JavaScript applications split between remote servers and your local browser eats all of those hardware and infrastructure improvements.

I blame object-oriented software development, the practice of writing software at the highest level of abstraction possible, and the commercial pressures of feature checklists over performance – plus general sloppiness. It’s possible to avoid much of this when an informed user picks and chooses the software that they are going to run, but if your software choices are made for you by an enterprise IT department, you’re sunk.

for the purposes of normal desktop activities ↩

reliable indicators of trouble

2021-12-20T08:00:17-05:00

When a backup fails to complete, that’s a reliable sign of trouble. Most of the time it’s in the backup mechanism, but the second most likely underlying cause is a problem in the thing which is being backed up.

-30-

superstition

2021-12-18T07:54:43-05:00

When you believe in things that you don’t understand, Then you suffer, Superstition ain’t the way

– Stevie Wonder

Every time I write about the mechanical processes behind this blog, I stop adding entries to it. Recognizing a pattern is the first part of building a superstition. It’s also the first part of building a hypothesis, because the two processes are one and the same. Humans love to recognize patterns. We have special names for some of them – pareidolia, recognizing faces where they don’t exist. Paranoia, seeing enemies where they don’t exist. If you think of these as distortions of helpful evolved processes, then superstition is just a general phenomenon of seizing on the wrong explanation for an interesting pattern.

smoothest pelican upgrade yet

2021-10-27T09:53:03-04:00

This blog is created by Pelican, a static site generator that combines some text files that I write with a layout and some CSS styles to produce the HTML that is rsync’d over to the nginx webserver which answers your requests.

I just upgraded from 4.6 to 4.71, and also from an older python3 release to Debian’s current 3.9 release. Nothing appears to need to be changed, which is nice and relaxing compared to the last few upgrades.

-30-

setting vim options makes me itch

2021-09-29T09:50:09-04:00

It’s hard to break the habits of a lifetime – or at least, those rooted decades deep.

Ever since I can remember, I always wanted to be a goodfeather. Sorry, wrong reference. As far back as I can recall, I have been wary of making changes to vi (later vim) settings out of a fear that I would become reliant on them, and thence unproductive when I had to work on a freshly installed machine.

There are several good arguments against this position.

First, even a sysadmin who is professionally installing machines just doesn’t do that much by hand any more. A one-off machine is a rarity; a corporate cattle machine will have basically everything ready to go by the time anyone would want to log in and edit something.

Second, I spend far less time installing and investigating broken machines these days. It isn’t impossibly rare, but it is decidedly unusual now.

Third, humans are adaptable. Even if I were to become entirely dependent on soft text wrapping and line numbers, not having them is not the end of the world. I would notice fairly quickly and either make the appropriate settings, or more likely just carry on without them.

I suppose I am ready to allow a few more entries into my general .vimrc.

an element of style

2021-09-11T07:58:19-04:00

I just realized that I internalized the O’Reilly house style decades ago, and so I think it’s the proper way to write documentation.

Primary elements: the document, even at book length, takes the form of a precise, pedantic, but informal letter to the audience. The author might reference themself as “I” and tell brief anecdotes to contextualize the material, and frequently encourages the reader in the second person:

You can also reticulate the frobnitz with the ‘–frob-harder’ switch if that feels more natural to you.

As a side effect, this style of technical writing minimizes the number of gendered pronouns, which I always prefer because I don’t know who is reading the work.

-30-

recovery from audiophilia

2021-08-16T11:50:57-04:00

When you stop looking for ways to improve your sound reproduction experience and instead look for new music to listen to, you have begun to recover from audiophilia.

Or at least, I have.

Places in the house with acceptable sound systems:

my bedroom
the living room
the den/theater
the office
the other end of the office
the third system in the office
two portable systems

Places in the house with marginal sound systems:

the kitchen
the dining room

-30-

years of experience are a bad proxy

2021-07-06T08:40:45-04:00

Let’s say that you are constructing a technical employment advertisement and you would like to specify that this position requires someone who knows what they are doing in a few technologies.

A typical want ad will say something about required years of experience in each of those technologies. This is bad because it is not merely imprecise, but it is a proxy for what you actually want. Clear communication requires that you ask for what you want, not something that approximates it.

(Also, asking for specific years of experience might open you to age discrimination lawsuits in parts of the world where that’s a thing. I am not a lawyer.)

Let me offer you this scale, instead:

Beginning: has started to use this technology
Familiar: has successfully completed at least one major project using this technology
Proficient: routinely uses this technology in many projects
Advanced: has taught others; is comfortable discussing design and development of the technology itself
Expert: generally recognized and associated with the technology

Each of these stages represents a clear jump in competence. Which would you rather have: a person who has read this scale and declares that they are familiar with your primary programming language, or someone who read “3-5 years of Ruby” and decided that because they have encountered Ruby once or twice a year for each of the last four years, that fits? In the other direction, people can acquire significant skills in short periods of time if the conditions are right. There are technologies where it is possible, given the right conditions, to gain proficiency in a year or two.

One might also be interested in recency: I have beginner-level competency in a bunch of languages that I haven’t used in ten years. I’d like to think that it would only be a matter of a week or two to regain those skills, but they have certainly rusted. I might drop them from my resume, or leave them on since the jobs I like tend to be interested in generalists who learn things quickly.

It is rare for a position to demand an Expert in anything; it’s more likely that an Expert is part of your organization’s founders or is approached personally, rather than through an open advertisement.

This post was generally inspired by Hiring Dark Pattern

that should not go there

2021-06-19T09:28:37-04:00

Twenty-five years ago, approximately, my housemates and I bought office chairs – rolling five-star bases, adjustable arms, comes in a box with an L-shaped hex driver like IKEA stuff – and put them in our dining room around the table. They were cheap and comfortable.

I can’t tell you how many people looked at that arrangement and needed to talk about their sudden feelings.

I can tell you that a bunch of friends immediately declared their intention to do the same when they next bought furniture – including my parents. I think most of them did.

Back in the 1980s, a “home computer” would come with a video output that would drive a television as though it were producing a TV channel. VCRs used the same system when they first came out. Dedicated monitors were too expensive unless you were rich or could justify the expense for business purposes.

Over time it became normal that you bought a specialized, high-resolution monitor. It could be a big expense – I remember tracking prices obsessively.

Then LCD monitors went from being terrible and expensive to mediocre and almost affordable, just before everyone bought a new TV (as ATSC digital television was introduced). That led to a production revolution that made big high-res (1920x1080) TVs cheap, and that brought down the prices of monitors using the same technology.

Still, there is a disconnect in many people’s head between “computer monitor” and “TV”. No company makes a 42” 4K computer monitor for a reasonable price, but dozens will sell you a 42” 4K TV for cheap. Pretty much every computer has an HDMI output, though, and all those TVs use that input.

It turns out that at normal office desk depths, putting such a TV at the back of the desk is just like having four normal 21” monitors - the kind that go for $100 each these days - mounted next to each other, but without the annoying bezels in between them. So that’s what we do in our house for the desks that need them. It’s typically 25-40% cheaper than the separate monitors would be, too.

Just like the office chairs at the dining table, people seem split between immediate revulsion and delight.

bears repeating

2021-06-14T19:19:28-04:00

Biometrics are usernames, not passwords.

And you can’t change them when you change your name, and you might accidentally change them via trauma.

-30-

where the cloud came from

2021-04-25T08:48:13-04:00

The Cloud – where did we get that metaphor?

The answer is pretty simple. Imagine you are a techie working on an Internet project in the late 1990s. You are explaining to a less-technical audience how your application is going to be built. You have a whiteboard, and you draw some simple things as you talk:

“Here is our datacenter in Los Angeles” – big rectangle – “and in the meet-me room we have border routers” – little circles – “that are connected to seven other networks and our long-haul links to San Jose and Seattle.” You start drawing lines and a vague map of the United States.

One of your colleagues interrupts. “As of next Wednesday, it’s going to be nine peer networks.”

Inspiration strikes. Instead of concentrating on the specifics of where the networks are connected to each other, you draw a big floofy cloud in the middle of the map, and just draw a line connecting your data center to the cloud, and another line connecting on the East Coast – maybe around Virginia, maybe around Boston or NYC, it’s hard to tell – and then another rectangle for another data center. “Let’s not get into specifics, we’re growing and everybody else is growing and the important thing is that it’s all interconnected pretty well.”

The metaphor works, and pretty soon everyone in your company is drawing a cloud to represent all the parts of the Internet that don’t need to be described in depth right now. They go to conferences and draw the clouds; everybody likes this and clouds start appearing in white papers, then official documentation, and eventually it’s ubiquitous.

Somewhere around 2000, a person asks where a particular server is, and the engineer at the white board says “it’s in the cloud”, meaning that the actual position is not relevant, as long as it is well-connected. And after that, everything is “in the cloud”.

make systemd journald dump to rsyslogd

2021-04-21T09:47:13-04:00

This is a reminder to myself on how to make the systemd journald relay everything through rsyslogd, so we get useful info in /var/log.

In /etc/systemd/system/syslog.service, set

Requires=syslog.socket

In /etc/rsyslog.conf, set

module(load="imuxsock" SysSock.Name="/run/systemd/journal/syslog" ) # provides support for local system logging

then restart rsyslogd.

advanced technology

2021-04-14T09:46:17-04:00

Fun fact of the day: the AT in SATA is a direct reference to the IBM PC/AT launched in 1984.

Let’s work backwards.

SATA, the Serial AT Attachment, is different from PATA, the Parallel AT Attachment because, among other things, it uses a 7 conductor cable rather than a 40 or 80 conductor cable. The accompanying power connector is wider than the standard data cable.

PATA was formerly ATA, back when it didn’t have a serial competitor. It was also called EIDE, Enhanced Integrated Drive Electronics, and before that just Integrated Drive Electronics. All of these names stem from the fact that the connector just extends the PC/AT 16 bit ISA bus out to the drive, where the controller is mounted on the drive itself.

Prior to ATA, drives had dedicated controllers that plugged into the system bus, that then ran cables out to the disk drive itself. Some controllers could handle two disks!

If you had a fancy computer, you might have had a Small Computer Systems Interface controller, SCSI. That could talk to 7 other devices in its original incarnation. SCSI controllers were expensive and SCSI disks were expensive, but SCSI could also talk to printers and scanners and similar strange beasts. The SCSI protocol lives on in SAS, Serial Attached SCSI – which uses the same connectors as SATA. Almost all SAS controllers can talk to SATA disks, so having the SAS capability is useful.

The original ATA spec could transfer 8.3MB/s. SATA3 specifies 6GB/s. The latest successor, U.2, is a way of carrying 4 PCIe bus lanes out to a pluggable drive - 32GB/s for PCIe version 3.

quote: outsourcing risk

2021-03-10T10:59:28-05:00

This sounds like general problem of enterprise security. There are no consequences. I can entirely get why a company would outsource IP cameras to a third party cloud, even with storing data on-site. Business runs on contracts. It’s entirely normal to contract out everything except your core competencies, if it’s cheaper this way. It’s how you turn CAPEX, complex OPEX and high risk into simple OPEX and low risk. A contract is in big part a risk shifting tool. This works well in practice… outside IT. The problem is, with IT and data, there’s a mismatch between expectations and reality. An enterprise should feel safe buying their video surveillance from Verkada, because between the contract and the legal framework, Verkada should be bankrupt now, and their management possibly facing jail time. That’s the part where contracts work as Cover-Your-Ass tool: if you shift risk and liability to outside party, the liability is not on you.

However, this only works as long as the other party actually internalizes the risk and liability. Since there are no consequences for mishandling data, operating IT services you’re not structurally competent to operate, and eventually having your crown jewels stolen - the contractor doesn’t really internalize risk, has no incentive to mitigate it.

All this to say: Verkada should go down after this, and their customers should be named and shamed widely - the latter is so that future customers of IT services put more care into vetting companies they contract IT out to. You shouldn’t get to CYA with a contract where assumptions around contracting are broken.

– from TeMPOral on Hacker News, 20210310

how to add DNS/TLS to your existing DNS server

2021-02-18T08:46:53-05:00

I will assume you have a working DNS server listening on the default port, 53, and that you have certbot or some other means of acquiring SSL certs.

Install stunnel4
Create a config file in /etc/stunnel4/dns.conf

pid = /var/run/stunnel4/stunnel.pid

[dns]
accept = 853
accept = :::853
connect = 127.0.0.1:53
cert = /etc/letsencrypt/live/randomstring.org/fullchain.pem
key = /etc/letsencrypt/live/randomstring.org/privkey.pem

Substitute the locations of an appropriate SSL cert and key.

Start stunnel4.

-30-

Apple M1 MBP micro-review

2021-02-17T14:34:27-05:00

My work-issued MacBook Pro (Retina, late 2013) began to break down: the speakers fried, it was running out of memory (8GB), and then it started rebooting spontaneously. I mentioned this and work bought a replacement. Since I’m capable of working around exciting new bugs, they sent me the newest M1 MacBookPro, with an Apple-designed and -produced M1 8 core CPU.

Herewith, a micro-review.

Physically: it is slightly smaller than the 2013 MBP. The screen bezels are a tiny bit shorter on all sides. The hinge has been moved further back, and the trackpad is annoyingly larger. It now has more physical movement, which I consider a bit of a minus. The ESC key is where it should be, but the rest of the function key row has been replaced by the touchbar, which is, as far as I can tell, 100% gimcrackery. Mostly it shows spelling suggestions and helpfully informs you when it thinks you are typing into a password box.

Total ports: 2 USB-C / thunderbolt! ports on the left, one of which has to be used for power. One headphone/mic combo jack on the right. That’s it. No more SD card, USB-A ports, HDMI, or nice row of LEDs to let you know the battery charging status.

Operationally (after about an hour and a half?): this does not feel significantly different from the 4-core i5 in the old machine. The extra RAM is good. The camera is doing a little better job with brightness levels. The speakers work.

It really doesn’t feel faster, and I have the seven-year-old one right next to it.

The new processor is supposed to be roughly on par with my house server’s Ryzen 3600. It doesn’t feel like it.

But let’s face it: I don’t stretch these machines. They run web browsers, terminals, WireGuard, and LibreOffice.

If the old one could get a RAM upgrade and the speakers fixed, that would have been just fine.

Annoyances: the wasteful touchbar thing. The excessively large touchpad, which I keep brushing by accident while typing. The lack of useful ports.

users will learn things if they have motivation

2021-01-17T12:45:26-05:00

I don’t know about your mother, but my mother is not even a power user – Windows, hunt-and-peck typing – and she taught herself to use IRC because that’s what the other people in her social group were using.

I assume she didn’t use any /command except /join – maybe not even that, because if you’re only using one channel then you can have your client autojoin – but that was enough to get her in. Presumably she learned group etiquette on the fly, the way most people do.

People are all “I can’t use that, I’m too dumb, I can’t learn nerd stuff” but before the browser era millions of non-nerds sat down with friends, were guided through minimal instructions, and dealt with inconsistent semi-hidden interfaces.

You’re all so focused on point-and-click that you think people won’t learn stuff when it gets them what they want. Pro-tip: primates are good at learning stuff that gets them what they want, and the things most primates want most of the time are food, sex, status and socialization. The Internet only became useful as a way of getting food in the last decade, but it’s been doing well in the other three since the birth of Usenet. Is easy nice? Yes. Is it necessary? No. Not for the right motivation.

assumptions

2021-01-12T11:33:00-05:00

Coworker: the username was autofilling so I assumed it was correct. But you know what they say about assuming.

Me: That it is indistinguishable from making a mistake, only you didn’t realize you had even made a decision?

a thing which should be obvious

2020-12-05T18:57:40-05:00

A smart contract can prove that someone who knew a secret agreed to the terms of the contract, but it can’t prove that someone who says they aren’t party to that contract is lying.

pseudovalidation techniques

2020-12-01T16:30:20-05:00

Pseudovalidation is a major goal of marketing and advertising. Actually validating a claim is expensive and often boring. Why not just make people feel like they’re important in some way?

But once you recognize it, pseudovalidation feels disrespectful: these people are lying to me and don’t even care if I know it:

Subject: Lunch?  
  
Hi Dan,  
  
My Head of Delivery asked me to reach out to you (see below) and offer to  
buy you lunch through Uber Eats for a quick virtual meet and greet.  
  
Here is a 1-minute video <URL/explainer> about what we  
do and why PERSON would like to get on your radar.  
  
Let me know if you think it’s a bad idea?  
  
MARKETROID  
  
  
---------- Forwarded message ----------  
From: PERSON (no email address)  
Date: Nov 18, 2020, 9:41 AM  
Subject: Meeting with Dan  
To: MARKETROID (no email address)  
  
MARKETROID - I came across Dan’s LinkedIn profile. Here is the link  
<yup, a linked-in profile>  
Try to see if you can get an email and invite Dan to a virtual lunch.  
    
I think Dan would be a great person to get in front of.  
  
Thanks.  
  
PERSON-diminutive-nickname  
    
PERSON  
Head of Delivery at COMPANY  
Watch Our Software Development Humor Commercials

Let’s see what we’ve got.

MARKETROID plays on our sympathy for them as a hard-working MARKETROID who just wants to get their job done. They offer a small bribe for our attention. As pseudovalidation that you have come to the attention of PERSON, (who commands MARKETROID and is thus mighty and powerful), they send a copy of an email which is curiously unconvincing as the sort of email actual humans send to each other.

Note that at no time does MARKETROID say

what COMPANY does
why it would be interesting to us
why they think we are clearly the people they need to sell to

Nor is it normal for a salescritter or MARKETROID to forward internal email to someone outside the company. Usually there’s about seventeen lines of extralegal disclaimers at the bottom explicitly rejecting that as an action compatible with continued employment.

Update, from a day later: as part of my job, I occasionally inspect the company-wide spam filters to see whether they are effective. Guess what a coworker determined was spam, with every word the same except that it had my coworker’s name inserted instead of mine?

Note to salescritters: if your phrasing is creepy when it’s repeated to different people, it really is a bad idea.

this one trick always backfires

2020-11-17T09:10:16-05:00

In the last few years, email marketers have started sending streams of messages that reference each other, apparently attempting to induce a feeling of an existing relationship, and then shame that I am somehow not carrying my end of it.

This does not work anymore.

My internal evaluator has been so overloaded by these pathetic (literally; look it up) entreaties that I am starting to view non-marketing emails with a skeptical eye. “Oh really?” asks my stream of consciousness. “My boss wants to meet at a different time tomorrow? You expect me to fall for that? NEVER.”

Plaintive whines about “Did this email slip through the cracks?” or “Can we reschedule? [an appointment that was never made]” are now instantly rejected.

Tough noogies, marketers.

Amazon Fire HD 10 (2019)

2020-10-17T18:25:53-04:00

I began an entry in July of 2018 with this:

The Amazon Kindle Fire HD10 (2017) is the high-end tablet of their line. The hardware is mediocre and the software is quite bad. I do not recommend you purchase this or any other Fire tablet… unless you have some very specific requirements.

I can now say this:

The Amazon Kindle Fire HD10 (2019) is the high-end tablet of their line. The hardware is mediocre and the software is quite bad. I can recommend that you purchase this tablet if you are comfortable with the use of adb and command line tools. It is cheap ($95 on Prime Day) and capable of doing a number of useful things, such as…

reading comics
reading ebooks
watching YouTube (I recommend NewPipe)
watching other video streaming services
controlling other electronics when a web-based or Android control application is available
casual web browsing (get Firefox, install uBlock Origin)

There are guides on xda-developers to installing the Google store (you’ll need 4 apks), installing a new launcher, disabling the horrendous Amazon launcher, and even installing a new keyboard, which was sorely lacking on the 2017 edition. All of those things require developer mode and connecting adb (the Android debugger) via a USB cable. If that’s not a mystery to you, and you aren’t looking to run high-end games, this is not an awful machine. And it is cheap.

when did I start to expect good fonts?

2020-10-04T15:36:29-04:00

In the beginning of my experience, it wasn’t that computers had fonts so much as each computer had A Font, and that was how the computer talked to you. All of them were quite low resolution; blocky and bad.

Now I expect every character to be drawn in an appropriate, smooth, curved, and informatively differentiated typeface.

When did that change start, and when was it complete?

To a certain extent, it begins with Macintosh, the first widely-available system to offer a GUI on an all-drawn screen (rather than character cells) and the LaserWriter, a printer whose pixels were not visible without a magnifying glass. I didn’t own one of those, though. What I did own was a 80386SX, a 32-bit CPU with a 16-bit bus, which had an astonishing 2MB of RAM and a 130MB hard disk, supporting an extended VGA card which could manage 256 colors at 1024x768 resolution. We used to think that was hot stuff.

Word for Windows was the first software I had regular access to that could manage some semblance of fidelity to a typeface on screen (not high fidelity) and on paper (not bad, really).

Convincing screen typography didn’t really materialize until 2000 or so, when higher-resolution displays could show TrueType scalable fonts. Before that, anything I saw on screen was a poor imitation of a book; sometime after that, I started expecting a close match.

dice rolls

2020-09-20T14:35:03-04:00

How the RPG rules describe dice rolls:
this result on the dice is a critical success,
this range is a success,
that range is a failure,
this result is a critical failure.

How every RPG player feels about it:
this is a critical success,
this is nearly a critical success,
this is an excellent success,
these are very good successes,
this is a success,
that’s just a little failure,
that’s a failure,
these are failures too,
that result is a critical failure.

what software does a firewall run, anyway?

2020-09-11T11:57:49-04:00

What’s running on the firewall? A big list follows, with discussion.

ACPId - reports on thermal performance
atd - executes delayed jobs via at
cron - executes repeating jobs, like the local backup, the remote backup, and the automated package updater.
dbus-daemon - nearly useless, but Linux more or less requires it
ddclient - dynamic DNS client updater, fires off an update when we get a new external address
dhclient - DHCP client, gets external address from the fiber ISP
dhcp6c - DHCPv6 client, not currently in use but plausible
dhcpd - DHCP server, for handing out addresses on the inside network. Has a failover arrangement with another server
getty - console management
irqbalance - a daemon on SMP Linux systems that evens out load across cores
postfix - handling local mail.
radvd - IPv6 routing advertisements
rsyslogd - the reliable syslog daemon
snmpd - statistics reporting
sshd - SSH daemon, allows access only from internal IPs
systemd-udevd - last remnant of systemd, managing device names
unbound - DNS caching resolver
vnstatd - network bandwidth monitor

Not appearing because they are kernel tasks:

interface configuration
wireguard tunnels
routing
firewalling
IPv6 tunnel

I will get around to discussing them at a later date.

What’s not running on the firewall?

apache, nginx, or any other webserver
postgresql, mariadb, or any other database
mail service for other machines. This one is a toss-up: mail service is relatively low-impact for modern hardware and low (single family) volumes. But it has a lot of moving parts and implies lots of storage, which impacts backup/restore time. As much as possible, I’d like the restoration process for this firewall to be fast. So mail is on a different, more resilient server.
an authoritative DNS server. unbound looks to many other sources, but it isn’t the source of my DNS authority for internal or external networks. This is more of a toss-up than mail, because DNS service is quite small.
systemd. We’re using sysvinit because it is much smaller, has fewer moving parts, and does not annoy me anywhere near as much.
daemontools, or a similar service manager. daemontools is great for semi-reliable services, because it will fire them back up again when they terminate. On a firewall, though, I want everything to be so reliable that any premature death is a major pain point that indicates I need to fix it ASAP.

quoting myself, part n+3

2020-09-10T15:51:10-04:00

For every computer system, someone needs to know what they are doing, and check up on it when something goes wrong. That person is the sysadmin.

If you don’t know who the sysadmin is, it’s you.

It’s just like everything else in life: if you care about a thing, you are responsible for taking care of it. If nobody takes care of it, it decays and dies.

last spinning boot disk replaced

2020-09-07T11:35:28-04:00

Today I replaced the last spinning root disk in the house. The media server still has 4x3TB spinning disks, but the old 120GB spinning boot disk has been replaced by a cheap 1 TB SSD. Boot times improved dramatically, and the database access for various things now feels instantaneous.

Process follows, but it’s nothing extraordinary.

I shut down the machine
Disconnected the four storage drives, just to be careful
Connected the new SSD
Booted to single user mode
Partitioned the new SSD (sdb1 and sdb2, for root and swap)
dd if=/dev/sda1 of=/dev/sdb1 bs=1M
that took about 30 minutes
grub-install /dev/sdb
e2fsck -f /dev/sdb1
resize2fs /dev/sdb1
update-grub
Double-checked UUIDs from /dev/disks/by-uuid and /boot/grub/grub.cfg
shut down the machine
unplugged the old root drive, moved the SSD over to that SATA port, reconnected the storage drives
power up
marvel at the speed of boot, investigate other issues like the ethernet claiming to be flaky (the plug was loose; replugging solved it).

please focus your attention

2020-08-04T16:49:11-04:00

One thing that UNIX users have that Mac and Windows users don’t: it’s generally quite easy to change their window manager theme – and to write/draw their own.

Window decorations – a frame, a titlebar, some buttons – are handled by the X11 window manager, which is itself a replaceable part. Window managers range from minimalist exercises in reductionism through gaudy feature-festivals like Enlightenment, the original perpetrator of shaped, translucent and transparent effects. But…

But most window manager themes get something quite wrong. They focus lots of your attention on the active window, which is good, and then they make the decorations for all the other windows dim, drab – and frequently unreadable. Here’s my insight:

The purpose of decoration on non-active windows is to have a maximally readable title, so that you can differentiate them and select the right one.

The purpose of decoration on the active window is to stand out from the rest, so that at a glance toward the screen you know which one is active.

Now, I said that it’s easy to create your own window manager theme – and so I’ve followed through and created a series of themes for XFWM, the window manager that is part of the XFCE desktop. The latest is designed for large displays, 4K and more. The active window gets a bright, rounded border (in a configurable color) and the inactive windows get thin (black/white/black, 3 pixels total) frames and high contrast black on light grey titles.

And, as with all software one writes oneself, it doesn’t have to please anyone except me.

quote of the day entry n+1

2020-07-15T14:53:20-04:00

“Magic”, applied to technology, is an indictment, not a compliment.

– me, July 15 2020.

validation

2020-06-23T12:56:24-04:00

A departing co-op (student intern, paid) said that she had been told by another co-op that the company’s keywords were “clever, competent, and kind” and that she was amazed to discover that we all lived up to that.

Since I was the first person at the company to start using that phrase – in employment advertisements, where I was describing necessary traits of the people I wanted to hire – I am entirely chuffed.

self-reflection: when do I post?

2020-06-18T12:37:46-04:00


ls -alt --time-style +%A|awk -F \  -e '{print $6}' |sort| uniq -c | sort -nr

76 Friday
47 Thursday
19 Tuesday
18 Wednesday
15 Saturday
12 Monday
 4 Sunday

the internet is railways, not highways

2020-06-16T08:04:39-04:00

Internet Fast Lanes: Every time somebody says “Fast Lane” in this argument, I get a little more upset. The Internet doesn’t have fast lanes and slow lanes.

The Internet is not a highway.

The Internet is a railway system.

The Internet is made up of train tracks and switches. Every train travels at the same speed along a given track. If you want to increase the traffic, you can raise the speed on the whole section of track, or you can lay down another track next to it.

When you pay for Internet service, you pay for a section of track (two, actually, one in each direction) between your house and the nearest train station owned by your ISP. You will never receive more trains than can fit down the track you paid for, and you will never be able to send more trains than can fit on the outbound track.

As long as a given track is being used less than 100% (nose-to-tail trains), all traffic will flow perfectly. Tracks cannot be used at more than 100%, because you can’t fit another train on. If the local station master wants to put another train on, some train waiting to go out must be delayed. Only a few trains can fit on the siding, and if more come in than can be handled, some trains will be disintegrated.

The decisions that an ISP can make are:

increase the speed of a track
increase the number of tracks between two points.
decide which trains waiting on the siding get to go through, and which ones are disintegrated.

” Fast Lane” means they want an extra fee to not disintegrate your trains so often.

“Net Neutrality” means that they aren’t allowed to look at your train’s origin, destination and manifest before deciding to disintegrate it or not.

Therefore: if your tracks are not utilized 100%, no trains need to be disintegrated. The disintegration is a system of last resort, which you turn to only in extreme circumstances, because you could not build capacity to keep up with demand. “Fast Lane” is a sign of a broken system, which can be fixed by managing your systems properly and predicting demand.

when you want to work with text

2020-06-13T12:47:26-04:00

You probably already know this, but as a reminder:

sed is for inserting, replacing and deleting. -i causes sed to edit in place.
pandoc is for converting between text formats like HTML, Markdown, RST, TeX, various wikis…
calibre has command-line subtools like ebook-convert which can produce good EPUB from lots of other formats.
libreoffice handles typical office document tasks. Graphical.
sigil is specialized as an EPUB authoring tool. Graphical.
scribus can do page-layout tasks up to full daily newspapers. Graphical.

With those and a good text editor, you can produce good-looking documents ranging from a business letter through a book.

random strings

everything is complex

failure is an option

ancient wisdom literature

the shirley argument

riddle me this

evolution of convenience

oracle and postgres

a comparison of terminal emulators

Runs on MacOS:

Runs on X11:

What do I want to note about each of them?

On configuration methods:

On performance:

On subjectivity:

alacritty: a modern terminal emulator that comes with sensible defaults, but allows for extensive configuration.

blackbox: An elegant and customizable terminal for GNOME

cool-retro-term: mimics the look and feel of the old cathode tube screens. It has been designed to be eye-candy, customizable, and reasonably lightweight.

deepin-terminal: an advanced terminal emulator with workspaces, multiple windows, remote management, quake mode

ghostty: fast, feature-rich and native

gnome-terminal: highly customizable GNOME terminal emulator

guake: a python based dropdown terminal made for the GNOME desktop environment. Guake’s style of window is based on an FPS game, and one of its goals is to be easy to reach.

iTerm 2: brings the terminal into the modern age with features you never knew you always wanted.

kitty: The fast, feature-rich, GPU-based terminal emulator

konsole: a powerful and customizable term-em

lomiri-terminal-app: a core app for Ubuntu Touch’s Lomiri shell

lxterminal: a VTE-based tabbed terminal with few dependencies

mate-terminal: a fork of GNOME Terminal

pterm: the X11 fork of putty

qmlkonsole: offering additional buttons useful on touch devices

qterminal

rxvt (urxvt/rxvt-unicode): a fork of a slimmed-down alternative to xterm with features added back in.

sakura: simple GTK/VTE term-em

st: a simple terminal emulator

sugar-terminal-activity: a full screen text mode program that provides a CLI

terminal.app (GNUStep): A terminal

terminal.app (MacOS): A terminal

terminator: The Robot Future of Terminals. Originally inspired by projects like quadkonsole and gnome-multi-term and more recently by projects like Iterm2, and Tilix, It lets you combine and recombine terminals to suit the style you like.

terminology: it has a whole bunch of bells and whistles

termit: a simple GTL/VTE term-em, extensible via Lua

tilda: it’s like guake?

tilix: an advanced GTK3 tiling terminal emulator that follows the Gnome Human Interface Guidelines

wezterm: A GPU-accelerated cross-platform terminal emulator and multiplexer written by @wez and implemented in Rust

xfce4-terminal: a lightweight and easy to use terminal emulator application with many advanced features

xterm: a terminal emulator for the X Window System

yakuake: a drop-down terminal for KDE

zutty:

Let’s make some recommendations.

Relaxation script

I make ice cream

audio in the house reviewed

Debian upgrade policies

complexity considered harmful

assumptions about certbot

preparedness

academic data management disclosures

recipe for high quality portable audio playback

yay for helpful error message

hey IT you need a wiki

authoritarianism is bad, antiauthoritarianism is good

llms again, sorry

fun fact about linux routing

reminder to self about LE SSL certs

your company is probably not Agile and should not be

security analogy

specialized toy geometry notes

about Agile

Individuals and interactions over processes and tools

Working software over comprehensive documentation

Customer collaboration over contract negotiation

Responding to change over following a plan

it was magic all along

things break when you try to fix them

the IT scale

new mouse report

belts and suspenders at home

the two most common fail-to-post errors

prediction scoring

pareidolia but for meaningfulness

tech note: slow SSH login