Category: Not doing things the easy way

Revenge of the Quarantinewhile

So It’s been a minute…. Like 21 days since the last post and in the last post I mentioned some rather large changes that were temporarily on hold until the whole Covid-19 thing cleared up. Well things with the Covid cloud are finally to a point of clearing up that I feel comfortable talking about what has been going on since the end of February. Settle in, this is going to be a longer post than usual from me.

So a while ago I had a general unease about my home network setup, I’m pretty typical in that I run a private network behind a cable modem that has a single public facing internet routable IP. In addition to this I also typically use some sort of Dynamic DNS (DDNS) system to give my home connection a name I have a actual shot at remembering.

If anyone is curious I really like DYN-DNS, they seem to have the best features to reliability to price that I’m looking for. I’ve also had really good luck with the DDNS re-director included in my Synology RT-2600AC router. Particularly around the use of Lets Encrypt for a SSL cert

OK with all that in mind I was forever getting a million hits on my external IP from places all over the world. This is totally normal, that’s what we call a bot not looking for unsecured devices that open up to the internet. And this is where I started having some pain and consternation, I have a fair number of IoT devices and they live on the LAN network space as my Macs and PC. I’ve run my Macs with drive encryption turned on for a couple of years now, the PC doesn’t have that option (stupid Win10 Home). The PC doesn’t leave the house and I don’t keep any of my cloud document (iCloud and OneDrive) on the PC unless I’m actively working on them. For the PC I’m ok with the risk window of someone stealing it and getting my spreadsheets on what bad movies I watched.

The other side of the coin was my true IoT devices where I couldn’t log into the devices at all to a command line level. Think things like any of your smart thermostats, smoke detectors, door locks, TV’s, speakers, and gaming consoles. All of which I had in my house and still do for the most part. So it became less a matter of if and more a matter of WHEN one of those devices would be compromised.

Ok but who cares if someone hacks your thermostat? Well I do since I pay for the power bill. More importantly though once you have the compromised device on the network that is a foothold and much like cancer once it’s in there it’s a real pain in the ass to do anything other then just cut the whole damn thing out. Especially when you start talking about higher CPU devices like a Xbox One or a Playstation 4 that have X86 chips running branches of commercial operating systems. It doesn’t take much to get TCPDump working on in memory writing to a “/tmp” partition and then exfiltrate that network data out for analysis. Do I sound paranoid… I sure do… why? Because given enough time and automation everything is breach-able.

OK so lets talk risk mitigation (i.e. how much pain and misery am I willing to put up with to secure home network)

  • Remove the IoT devices and get a printer from 2004
    • Nope not happening, some I can get rid of (I’m looking at you thermostat and smoke detectors) but others I’m not wiling to give up (looks longingly at Xbox and smart door lock)
  • Block outbound connections except for internal IP’s from your computers and trusted devices.
    • Nope, I bought these things for remote management of my house… if I do that I still have to poke so many holes in a firewall I may as well just not bother.
  • Buy a second router and put all of the IoT stuff on there and give it a second address space that can’t be accessed by the “secure” side
    • Hey that’s not half bad idea… I don’t think I want to deal with another router but I can do a network firewall.

OK so network firewall one side has the IoT stuff the other side has my secure stuff.

So have you ever tried to look for a consumer grade network router with the capability of doing a firewall between two sets of devices? No? You should… it was frustration in abundance for most of 2019. I did find a number of roll your own solutions using PFSense however those presented the problem of being more admin then I cared to put into the whole endeavor and while rolling your own may be fine for certain folks (and I certainly should be one of them) this is one device where I want to know that my configuration is solid. So I kept an eye out and found a couple of solutions that were close but not quite there.

Flash forward to this month and I finally pulled the trigger on a UnFi Dream Machine from Ubiquity Networks. Is it overkill for what am I doing? Yup sure is… do I regret it? No I do not.

It met my requirements of having a network firewall in place between the IoT side and the “secure” sides of my network. Along with the ability to run multiple SSID’s and VLANs which while tend to be high maintenance to setup don’t require much care and feeding once they are stable. In the course of my research it was brought on multiple occasions by multiple sources that doing this kind of setup would limit functionality between devices on the secure side and devices on the IoT side. I was very ok with this as the only thing that I was really concerned about was that my Sonos speakers and Apple TV work.

  • For the Sonos speakers I found this really excellent walk through from gentleman who walked through the whole firewall rule setup and port opening for the Sonos speakers over here
  • As a side effect of the first rule in the firewall allowing traffic from Secure to IoT, but not back all of my Apple stuff sees my AppleTV no problem.

In concept the biggest difference I have seen is that when bringing up the Sonos app on my phone, it takes about 10 seconds to hook up with the speakers where as before it was sub 2… that is a penalty I’m willing to deal with. The biggest problem I have run into is manually entering the IP address of my Roku TV’s to control them remotely because I block advertisements from the IoT VLAN to the Secure VLAN.

And finally because I like logs and apparently network administration I put two 8 port UniFi network switches on my network as well. To not only have as many things running wired as I can, but to also be able to manage the switches or devices if needed. I’ve been running the setup for a week now and after the initial setup of a hour or so (creating accounts, updating firmware and devices, and getting familiar with the system) I spent probably 10 hours actually configuring VLANS and firewall rules and only that much time because I did it a couple of times from a couple of different sources before I found the walk through that worked for me mentioned above.

So yeah I had a pretty eventful thing there….

Also I quit my job in Phoenix, sold my house, lived with my parents for two weeks, moved to Colorado, and start a new job in a few days. Don’t worry I still do IT stuff at a hospital.

SWOL…. swol battery.

I’ve been with out my 2016 MBP for about 48 hours now, I had to take it in for repair on Saturday for a swollen main battery in the chassis.  The repair is a mail out repair, and since I have perfectly good computer sitting next to my Mac, I thought no big deal I’ll just use the Win10 machine for a while.   I’m fluent in Windows and use Windows primarily for my day job but going back to Windows at home after 12 years of Mac at home has me noticing lots of little things. 

First you don’t realize how attached to iMessage you are until you don’t have it on your main computer, having to look at your phone for a conversation rather then it being just another chat app is remarkable when you no longer have it after having it for so many years.  Yes WhatsApp, GChat (until it’s sun setted next year), and Skype all provide a desktop client…. But none work quite as seamlessly between devices or the OS as iMessage does. 

On my Mac I have a little automation script set up to monitor my “~\Downloads” folder and it moves files based upon file type… PDF to a folder on my OneDrive, JPG to a dedicated folder away from the desktop for memes from social media, and larger media files (over 2MB) to a network share attached to a 12TB DAS.  The file automation has been built into MacOS for as long as I’ve used it (since 2007) and it’s been one of those things that has always just made life a little bit easier.  Windows does not have a built-in equivalent; you can download the equivalent service but there is no native equivalent baked into the OS. Which really gets to the larger issue of there is no Windows equivalent of Automator for taking care of bunches of little tasks that we all do during our day and never thing twice about. Also, for the record yes, I still download media… I’m internet ancient, and sometimes I like to miserly with my bandwidth. I still act like I have a 56k connection when I’m paying for gigabit on one line and unlimited data on my cell phone. 

Finally, I don’t think I would have noticed this if I hadn’t been working on a presentation for a conference.  There is no recent documents in the “Start Menu” like there was in Windows 7/8/8.1 I literally just noticed this yesterday.   In MacOS it’s still up in the apple menu where it’s been for almost 20 years.  It’s not a big deal, 99% of the time I open recent files via the app I’m using them in anyway.  Sometimes it’s things like the recent documents that are force of habit that you don’t notice until it’s in your face. 

It’s not all weird on Windows, the Office365 experience is markedly better then on MacOS IMO (and vastly superior to iOS). Which should surprise no one as Office has always been a flagship for Windows capabilities.  I didn’t appreciate how good it was until working on my conference slide deck and writing this post (which I’m writing a draft of in Word, because I like my software to work against me actively).  Little things like word definitions and thesaurus suggestions when I click on words is nice, and the kind of thing I would expect from a modern fully featured office suite on a modern platform.

Most of the mechanical differences I’ve observed between Windows and MacOS are more directly related to the hardware I’m running each OS on…. The Mac is using new NVME SSD and USB 3.1 across the board, while the Windows machine is using a mix of older NAND SSD and spinning disk.  The Windows machine still runs fine from a CPU perspective for web browsing and office work so no real difference in the experience.  The biggest differentiator has to be the monitors! The LG 5k is a great monitor that I don’t appreciate enough… I’m really missing it using 2 Samsung 1080p monitors right now… they are getting the job done, but damn I need to do something about this monitor situation on my Windows machine. 

So those are my differences I found it a bit odd and thought I would document them here since you know I’m writing on here so much…. Why doesn’t a sarcasm font exist yet?     

On Ecosystems and Workflow

I could be best described as a “systems guy” I design and build systems to interact and work with other systems. Most of the times the systems are pre-built and I have to just do the interconnecting, other times it’s much more complicated. At home I’ve carried over this philosophy for the most part, I’m so deep into the Apple ecosystem it’s not even funny. You know what stuff truly just works though, so if it works for me then I’m good with it. I have philosophical reasons for not being all in on Google and Microsoft is firmly in the services side outside of Surface and Xbox.

I still maintain presences in Google and Microsoft domains, if you had to ask me which one was primary I would say Microsoft as I actually pay for their services. I have Google because it’s basically a utility for the internet at this point in North America.

With all that being written, I have made some decidedly interesting choices over the years in terms of where to put my ecosystem dollars. On the digital media front I’m iTunes almost 100% except for books, I’m all in on Amazon Kindle for books. In home audio I’ve gone a decidedly “Switzerland” route mainly because there was no Apple entry till late last year, and when it comes to audio I don’t want an assistant I want good sounding music. So SONOS is my platform of choice for the home audio side of things. And honestly their stuff works quite nicely across all mediums and and it sounds really good. Once you buy one, you won’t be able to stop.

So the one place where I’ve looked and haven’t really made a commitment is home automation. Part of it is out of lack of wanting yet more devices on my WiFi, but at the same time the overall ecosystems are becoming robust enough to warrant consideration. When you look at the major ecosystems out in the wild there are three that stand out… Apple HomeKit, Google Weave, and Nest. Nest already has a beach head in my home with a thermostat and a couple of smoke detectors, which other then helping the thermostat figure out when I’m home aren’t much worth the price of admission. Looking at the history I tend to go with ecosystems where there is a solid marriage between hardware and software.

Ecosystems are great until you don’t have any body supporting you or the company discontinues it. At least with hardware there is a chance that your stuff gets sucked up by someone else, but eventually everything dies.

Continued on backup strategies at home

This is what my weekends have come to now that football is almost over and the Cardinals are on the off season….

OK so here is the scenario, on December 22nd 2017 I was curious about some network traffic that had been reported on my router as coming from my laptop. I couldn’t find anything or remember installing anything that would have caused the traffic so I was a touch concerned. I installed a application called “little snitch” or something to that effect and my Mac summarily refused to boot.

Well shit…

Some googling later I found that I could disable the KEXT file (Mac equivalent to a driver) and I would be good to go. I was less then thrilled with this revelation as I was getting ready to take a road trip to visit family. OK I’ll just restore to the last good backup this morning from Time Machine, it will take a hour tops.

I kicked off the Time Machine recovery from the rescue console, finished packing and did some other stuff. When I came back to collect my laptop it said “16 hours remaining”. Needless to say I didn’t hang around, I took off and let the Mac do it’s thing. I long ago figured out that I could survive a couple of days on a iPad and hijack my mom’s Mac if I really needed a laptop.

I come home a few days later, my Mac is restored and waiting for me to log in. I log in, everything is where it’s supposed to be the most dramatic thing I have to do is sign into Office365 for home and school again. Up until this point I had been running Time Machine strictly off a network share on my home server I keep in a closet. So yeah… that’s great for seamless backups but it’s not what I would describe as “quick”. I ended up partitioning the external disk I use on my Mac and have a partition dedicated to Time Machine, that took care of the speed and backup problem.

This also pretty much asserted once again that between Office365 and iCloud my personal files were safe and I could get to them. This also once again proved that I really didn’t need to be paying for offsite backup as the most I would have to do is download Office and VMWare again and I would be back in business.

Then I had a thought….

Crypto viruses are a thing…. would a crypto virus also lock down my cloud information. I’m sure someone out there has already researched this and has a answer, and a quick googling says yes a crypto virus will also crypto your connected cloud services. So this brought me back to well I guess I need a segregated offsite backup… I don’t need to do the whole system as I can restore that easy enough, but I do need to have a portioned setup for personal files. Crashplan fills that niche quite nicely….

So there you have it…. backup strategies circa 2018 for one random dude who is already missing football.

On the iPad Pro.

So last week I mentioned I had started taking classes for a masters degree… One of the things that became very quickly apparent to me was that while I have a really nice computer setup at home. It sucked like portable hole going to a vacuum dimension. I’ve had a iPad of some sort since the iPad2 days. I’ve always found them to be handy but never really good for much more then keeping track of my fantasy football teams and surfing the internet on the couch. The best use I’ve ever found for it is watching movies on a plane or something similarly single focused.

So with this class I made a concerted effort to use my iPad Air 2 with a Bluetooth keyboard for class for taking notes on reading and doing outlines for papers. I knew that writing full blown papers wasn’t going to happen but I was going to go for 70% of my homework. The first week of class it blew up in my face so hard… the keyboard was just to small, my gorilla sized sausagesque fingers were missing and double tapping keys constantly, along with just being generally uncomfortable. The process did show great promise though the ergonomics sucked. Which I kind of already knew from using the iPad at conferences for taking notes, good for a quick thing or two but hands on keyboard for more then a minute or two and things started to be “no bueno”.

So this led to a deep discussion of replacing the iPad with a portable device that could act as a writing and research device and fill the remarkable small iPad sized niche in my life. One of the things I have noticed over the last 2 years since I got a iPhone + is that I used my iPad much less and just defaulted to my iPhone. I seriously questioned if another iPad was warranted or would I better served by a low end surface or MacBook.

Chrome books have merit, I’m not just there yet…

I kicked around the concept for a week and what I finally landed on was. While a second laptop to carry around would be nice, I would already be behind the tech curve on a piece of gear that I knew had a limited shelf life and low resale/hand down value. That’s what killed the laptop and 2in1 situations and ultimately landed on a iPad Pro 10.5 with… a keyboard….

So basically I have a single app focus laptop with a small keyboard that isn’t to cramped for my gorilla like hands that is reasonably powerful, integrates with my workflows, and can fill a iPad sized niche in my world. I’ve been pleasantly surprised at how nicely the iPad has worked fill some roles and I’ve already found uses for it outside of the original scope. It’s not a daily carry device in the work bag… I may not use it every day, but it’s there and I only need to charge it once a week. The down side is with the keyboard and the smart connector it’s tough to use it on my lap… and I kinda despise the on screen keyboard. It’s not perfect, but it gets the job done.

On backup strategies for the home…

On backup strategies for the home…

So I had a thought this evening as I was looking at my router and seeing my upload tick across the megabytes while my Crash Plan was syncing to it’s cloud backup.

Do I really need to be doing whole user directory backups to the cloud?

It was a moment of reflection, I had installed crash plan on the new Mac last year because, well that is what I always have done since 2010 when I started with Carbonite. Yes, I had Time Machine… but after the great flower fire of 2010, I had been running a dual onsite / offsite backup strategy. A little belt and suspenders for home, but practice what you preach to the people at work. Fast forward seven years and my two major reasons for doing a multi backup strategy have pretty much gone by the way side.

  1. DEAR LORD I’M THE ONLY PERSON WITH COPIES OF XYZ PICTURE… because I’m a bit of a data hoarder, and apparently no one else in my family can be bothered to learn how to use FLICKR.
  2. Cloud syncing technology is pretty seamless now for user folders.

The first problem is pretty much taken care of by the fact that every photo I take is synced to three different services pretty much automatically off of my phone or main machine within 24 hours. So no issues with losing those pictures that appear to be only backed up by me. The second one wasn’t as in your face and really didn’t hit me till the last two weeks or so.

I signed up to start taking some classes and working towards a masters (that’ s a separate blog post when I feel like talking about it). Anyway the school uses Office 365 which I subscribe to on a personal level already. My entire workspace is through the Office 365 portal on the schools website, which I thought was pretty cool. Until I signed into my personal copy at home with my school credentials and had a second instance of OneDrive sync start up. Thats when it dawned on me, I’ve been on OneDrive for a couple of years now and could lose my computer tomorrow. I wouldn’t care everything I need is up in my OneDrive… it just took a few years for that particular wall to fall.

So now as I sit here looking at my Crash Plan app I’m wondering to myself, do I actually need to continue to pay for a service that while it does provide a complete copy of all my files and 30 days of deleted files…. it’s slow as hell doing a restore and kinda cumbersome for anything more then a folder or two. Also my /User/tom folder on my Mac is 86GB after documents, pictures, music, and some video, but before any of my Virtual Machines.

So that’s something to talk about there, what about Virtual Machines or larger databases you may have on your local machine. Well for me, I use rsync for the VM files themselves to be synced to my home server. After that I really don’t care, I don’t run anything production on the VM’s they are there specifically to play with and blow away as needed. The Windows VM machines are a little bit more temperamental then Linux for me, but that’s because I get annoyed that I have to license my Windows machines versus just popping a new Linux flavor.

So at the end of the day, the question is for me is there a good reason to keep paying for Crash Plan or something of it’s ilk? I honestly don’t know, in just the writing of this post I’ve gone through a fair amount of type space that says maybe not.

Things to chew on.

Yeah… about those new posts…

It would appear that my eyes were bigger than my personal project threshold on re-lighting the fires on this thing.   Not the first time something like that has happened and it won’t be the last.

It gives me more time to do research and really figure out what kind of home brewery I want to build.

Which is to say that I’ve figured out, now I’m just trying to find the parts for cheaper… also electric or propane.

Plusses and minuses to both… discuss amongst yourselves…. I’ll check in Q3-ish and see how it’s going.

Oh yeah… this thing….

So ummm it’s been a while…. like just a tick over 2 years a while…

 

So what’s new?

 

Same old same old huh?

 

Yeah same here…. I got a new MBP… hostname “I Am Groot” it’s interesting looking in logs… there are much more verbose then the namesake….

 

So where have I been?  Same place as always, just on a different page…. or pages as the case would be.

 

I’m still paying for this domain and I like the Word Press platform much more then some of the other platforms out there… and there seems to be something much more authentic about the personal site then using a “FriendFace” or “Tweetgram”.

 

I don’t know I do like “Tweetgram”

So ummm yeah… I think this is officially going to get re-lit for something other then chronicling the journeys of nothing… I’ve missed the writing and I stepped away for various reasons that I won’t get into here.   Feel free to ask me next time you see me and we have a beer…. until then you’re just gonna have to watch me make beer and go through the whole beer brewery process.

 

One day I will get there… today is not that day… Tomorrow isn’t looking like it either.

That awkward moment…

It’s a bit awkward when your a I.T. professional and you realize that you no longer need a PC at home.

It started out innocently enough… I bought a Mac in 2007 and a new one in 2011 and my bank account quietly wept both times.

I upgraded to Windows 8 in the fall of last year.  Why?   Well why not I’m a I.T. professional I need to be versed on all forms of the dominant operating systems in the land in their native forms (GUI for Windows, CLI or LINUX, and a unholy combination of the two for Mac OS).   I then did the requiste app upgrades that come with any upgrade to windows… I lost the ability to get into work… The Citrix client for Windows 8 is to advanced for the Citrix presentation server that my work uses, and I can’t downgrade versions because Citrix is dumb.

That’s not a issue I can Citrix into work on my Mac.

I find that I have less time to play games and few games that come out really intrest me, I stop buying $60 games.  I start buying games that are on sale which means they are a few months old and increasingly have a Mac version by that point… This matters little since the only game I’m really interested in playing is Batman Arkham City on my Xbox

I install a hybrid drive on my Mac… and things (well some things) launch so so so fast (sub 1 second for Chrome I shit you not) (from cold boot to password screen for disk encryption is 7 seconds)

I get pissed off when I go to look for the calculator on my Windows 8 box… years of muscle memory and a certain f*’d up logic out the proverbial window.

The temperature hits 90 about 3 weeks ago, it hits 95 in my office (I haven’t turned on my AC yet (personal thing global warming be damned I don’t turn on the AC before April 15)) I turn off my main PC to keep from so much heat being kicked out.  That was 3 weeks ago I haven’t turned my pc on since then.  It took me a week to even notice that I hadn’t turned it on.

The change was so subtle I didn’t even notice it till I had been fully consumed.   Not to say there isn’t a place for the PC in my world (“Skyrim” is still PC only) the environment for the level of work that I do has reached parity to a point that the platform matters not.

The bigger point here is I have finally shed the ingrained need for a “Full Desktop” PC and have finally come to a point where I laptop is everything I need a main computer.  This notion is already on a dead man walking path though… The tablet in the living room will see to that in short order.

This leaves the following thought the future of a the high powered all powerful time and space bending machine as a thing of the past.  In the next couple of years the home computer will be nothing more then a server for the mobile devices that need local content caching, the rest of it lives on the internet through a always on society.

Even the top end of the market where I used to live will no longer need high powered machines for gaming the processing power for the high definition polygons will live on a server in a datacenter that scales massively for the latest AAA title where the gamers of tomorrow pay for a license fee and then time of use for processing power (think amazon cloud only games instead of big data) the only limitation being the available bandwidth on the local internet connection.

“Anubis” is the last of the big gaming rigs… I quietly weep at this thought.

No pity in the rose city…..

I’ve taken to watching MLS soccer over the last couple of years, and who ever says that there is not soccer culture in this country needs to wake and see the Red cards flying all over the place.  There seems to be a very strong soccer culture in the American west (Seattle, Portland, Salt Lake City) where there really shouldn’t be (i.e. the historical heritage of the cities is Anglo and not Spanish)  but every time I turn on a MLS game there is a packed stadium with flags waving and people generally going nuts… if you weren’t paying attention you would think it’s a European match of some sort but no it’s American soccer.  These scenes give me great hope for soccer in this country as growing sport.  You know it’s only taken 30 years of youth soccer to get this far.

Now to figure out a way to start chants at Cardinals games that some how make the other team feel decidedly less at home… Especially those pesky 49ers…