Two posts in one night… madness

So yeah… I still have this… space… I guess until I truly let it go… which since it’s been 21 years since I first started posting isn’t going to be anytime soon. Things really haven’t moved that far from the old geocities and frontpage site to this. Well there was the whole migration to GoDaddy and then to the current provider but that’s not something we talk about.

Anyway… since May of last year things have changed but haven’t?

  • I finally got a proper Mac Desktop (Mac Studio) that I’m very happy with… and have finally come to terms with the fact that I only use my Mac for office work and web browsing. So hopefully the M1-Max is supported for a good while.
  • The Mac in the closet from 2012 finally was retired has a home server in favor of a Synology NAS. It was a good move on all fronts.
  • Solar Power and batteries are awesome.
  • I’ve made some changes to the home office setup as I’m now fully “hybrid” but that’s another post.

Since it’s the new year one of the things I’ve decided to start doing is to try and post on here like it did back in the day. Once a week on just whatever…. I’ve given up on most social media. I haven’t been on facebook since the summer of 2020 (and haven’t missed it), I deleted twitter on my phone after Elon bought it, and the others I was never into except for instagram. And with IG I rarely post.

So here we are, back in circa 2002 tech… just way better processors and connections.

Still running WindowsNT though.

Older No Wiser

Weather report for April is 0% wet stuff from the sky…. so so much for it being the second snowiest month…. and so much for the skye cracking

This site has popped onto my radar as the domain associated with it has email and an office suite that are about to be charged for. I have a plan for the email portion of the backend services… I’m still on the fence with the rest of it. Since it’s really just burner email addresses I’m thinking that is all that needs to be done, but part of me says I must maintain.

That’s the funny thing about mid-life, you feel that you must maintain but it is the ideal time to start anew… you are not lacking for resources or knowledge. Just lacking for direction.

Staying by the river watching the bridge burn down.

The turning of the seasons in Colorado is still a new and wondrous thing to me. While I did “seasonal” weather in Kingman and Flagg in the 1900’s and early 2000’s it wasn’t as dramatic as it is in Colorado in terms of weather. In my mind the fall starts in September but in actuallity it starts somewhere in October… this to my desert rat mind does not compute. The days being almost 12 hours of daylight and 12 hours of night in september tells my brain that things are turning, but the green leaves and the mostly green grass tells another story.

I think this is a side effect of a throughly western mind that must categorize and classify everything presented to them, and it’s a bit of a disconnect. On the flip side my birthday is in early April, and it’s always pretty good weather around then in Arizona. In Colorado it’s dealer’s choice.

it’s the little things of getting used to in the second winter in Colorado, knowing that there is time. But it will still come sooner rather then later but there will be days of sunshine and days of cloudy it’s all a crapshoot.

The thing that still boggles my mind is that March is the snowiest month and April is number 2…. W. T. F. ?

Did you just read a entry about the weather… yes. yes you did. And I make no apologies.

**The hum of CHARON in the background**

What’s most interesting about having a AIO water cooler on my gaming PC? Is it gurgles on the regular…. like whatever water is in there has collected and it now “gurgles” to clear it out… it’s weird and unexpected and its done this since day 1. I don’t know if it’s an AIO thing, or just the AIO I have.

Anyway I thought I would put up a couple of updates from things over the last few months.

  1. I did buy an office chair for the standing desk… it’s quite nice and is very comfortable for sitting in for about 1.4 hours… and then I want to stand. So mission accomplished.
  2. The Unifi Dream Machine has been replaced by it’s big brother… and I have download speeds off the router of 1.3Gbps. 10Gbps networking is on the horizon film at 11ish.
  3. No workspace updates, as it turns out having an office for work and an office for “fun” works out really nicely to get you to stop thinking about how to make your office less office like.
  4. Once back to the office office full time, the “pay the bills” office will most likely be slowly migrated into some sort nerd knick knackery of some sort.
  5. I have become the thing I hate… (see bit about knick knacks, and reference any house that my family has a hand in that has been decorated by my mother)

A thing I find amusing…

So I’ve recently moved into a new house… and one truth over the years is your neighbors WiFi network names can tell you something about them….

In the case of me… I have “OpenThePodBayDoorsHal” as my main network and “GlaDoSS” as my IOT/Guest network (which I detailed in another entry on my whole vlan and home security isolation thing).

So one fo the neat things about the Ubiquiti gear is it will also scan in the background to optimize your wireless network(s) performance. I popped open said log and found this…

Well played random neighbor… well played.

cold as ice, hot as hell

I really need to not pull titles from the music I’m listening to it rarely works out well for the entry.

Anyway it’s been a minute or two since the last entry, and well I’ve moved (again) and this time I write the check to a bank and not some faceless person that I only email with. So with the move comes the new shiny, or more like a refitting of the exiting shiny and figuring out where to put those maintenance dollars.

Well the good news is outside of some very minor things there is nothing that needs dealt with right away, there are a few things I will have to deal with in the not distant future. So until I have to deal with those things, let’s talk about the other plan. I’m on the record as being a smart home person… while I should be in the realm of “no internet connected things that run the home” I’m not and I’m ok with this. I did make a couple of decision changes on smart home re-fit 2.0

  1. I’m going with a platform that supports multiple device vendors (i.e. not Nest)
  2. I’m not going to be be-holden to the one platform rule, if something works outside of that platform and works well for me I’m going to use it (i.e. Sonos)
  3. Everything. Must. Have. Manual. Controls.
  4. If I’m home and the internet goes out, shit still works (the internet going down is a bigger issue then it should be… THANKS XFINITY/COMCAST!)

So with those in mind I’ve already got a foundation in place in the form of an IoT vlan via my Ubiquiti Dream Machine. On the human interface layer I’ve moved to mostly HomeKit, I know shocker. It makes sense though, I need automation based on location (phones), I want flexibility if I decide to leave the Apple eco system (if it works with HomeKit it works with Google or Alexa typically). And HomeKit has a hub centric architecture vs a cloud centric architecture. Which takes care of point 4 very nicely. Point 3 seems to be the sticky wicket right now, but I’ll get there.

Oh also the only exception to all of this is appliances, don’t get an internet connection… there is no earthly reason why my toaster needs to be on the internet… there isn’t a better way to make toast…. toast the bread and go away.

Oh also there is a whole new workspace for the offices, but that will be another day. Maybe….

I bit down the bone… I had the taste of something sweet.

For real… for someone who takes their blog entries from the music they listen to… I find some real weird stuff from time to time, but that’s what you get when you listen to Soundgarden.

So Let’s talk about this blog’s favorite topic… HOME WORK SPACES!! In previous chapters you will notice the bit where I was definitely not working during the initial stages of Covid-19 and instead was living in my parents garage playing Borderlands3. Well everyone has to get back to real life at some point and I did in May. And one of the earliest discussions I had with my leadership was that I would be working from home (as would the whole team) come the end of July once I was trained up and some upgrades had happened. In anticipation of this and some other smaller stretches of remote working I made some purchase.

So I purchased some monitors, monitor arm, and a USB-C dock for the work laptop. And what I found very quickly was that I was not that happy with this setup.

  • First to the left (just out of frame) is my main computer for doing not work things and not gaming things.. i.e. my Mac which I do use for work things on occasion, but not on the regular.
  • This was 3 feet from the space where I played video games on my gaming PC
  • It faced a East Window upstairs so it got a ton of light in the morning.
  • The room it self is just warm because of the placement of the ventilation and getting sun 80% of the day.
  • The ergonomics suck

Needless to say I figured out pretty quick that this was not going to work for extended remote working. I started thinking about what I wanted and what my plans were for the next couple of years. I knew the following things.

  • This was a temporary setup as I plan on moving in the next year or so
  • I know that the next place I live will have a dedicated home office that is for *work* and dedicated space for “work”
  • Ergonomics need to be a consideration, and I can’t cheap out anymore

With these things in mind I started thinking about what I wanted in a home work space that was for *work* that I would be spending 8 to 10 hours a day in 5 days a week. When you start thinking about that kind of time in a space you really start to have some conversations with yourself about what you really want. At the end of the day I wanted to have a seperate space from my “fun work” and “pay the bills work” and deciced that since I’m using a couple of IKEA desks from 2005 that I think I might have spent $300 total for back then and they are still going strong. I decided to put the money in upfront and get what I had been looking at and really making it work.

I ended up purchasing a standing desk (the 48×30 Varidesk if you are curious) I basically came down to I had a couple of trusted sources that had purchased this desk and found them to be excellent for their work. I found the price to be in middle of what I was looking for in terms of the feature set, and not so large that it would take over the room. The down side is the unit is in my living room so I have to look at it on the weekends, but it’s surprisingly easy to ignore when everything is turned off. I’ve been using it for a couple of weeks now and the only thing that I’m not totally sold on is a chair. I’m using a kitchen chair right now and it gets the job done, but it’s not great for extended periods of sitting. Surprisingly I still do with a standing desk as I don’t have a mat to help with my hips yet. I’m 50/50 on buying a dedicated chair for the setup and just sucking it up.

My guess is my next entry will be about whatever office chair I ended up putting in the space.

Because again.. I think is is a home work space blog now?

Revenge of the Quarantinewhile

So It’s been a minute…. Like 21 days since the last post and in the last post I mentioned some rather large changes that were temporarily on hold until the whole Covid-19 thing cleared up. Well things with the Covid cloud are finally to a point of clearing up that I feel comfortable talking about what has been going on since the end of February. Settle in, this is going to be a longer post than usual from me.

So a while ago I had a general unease about my home network setup, I’m pretty typical in that I run a private network behind a cable modem that has a single public facing internet routable IP. In addition to this I also typically use some sort of Dynamic DNS (DDNS) system to give my home connection a name I have a actual shot at remembering.


If anyone is curious I really like DYN-DNS, they seem to have the best features to reliability to price that I’m looking for. I’ve also had really good luck with the DDNS re-director included in my Synology RT-2600AC router. Particularly around the use of Lets Encrypt for a SSL cert


OK with all that in mind I was forever getting a million hits on my external IP from places all over the world. This is totally normal, that’s what we call a bot not looking for unsecured devices that open up to the internet. And this is where I started having some pain and consternation, I have a fair number of IoT devices and they live on the LAN network space as my Macs and PC. I’ve run my Macs with drive encryption turned on for a couple of years now, the PC doesn’t have that option (stupid Win10 Home). The PC doesn’t leave the house and I don’t keep any of my cloud document (iCloud and OneDrive) on the PC unless I’m actively working on them. For the PC I’m ok with the risk window of someone stealing it and getting my spreadsheets on what bad movies I watched.

The other side of the coin was my true IoT devices where I couldn’t log into the devices at all to a command line level. Think things like any of your smart thermostats, smoke detectors, door locks, TV’s, speakers, and gaming consoles. All of which I had in my house and still do for the most part. So it became less a matter of if and more a matter of WHEN one of those devices would be compromised.

Ok but who cares if someone hacks your thermostat? Well I do since I pay for the power bill. More importantly though once you have the compromised device on the network that is a foothold and much like cancer once it’s in there it’s a real pain in the ass to do anything other then just cut the whole damn thing out. Especially when you start talking about higher CPU devices like a Xbox One or a Playstation 4 that have X86 chips running branches of commercial operating systems. It doesn’t take much to get TCPDump working on in memory writing to a “/tmp” partition and then exfiltrate that network data out for analysis. Do I sound paranoid… I sure do… why? Because given enough time and automation everything is breach-able.

OK so lets talk risk mitigation (i.e. how much pain and misery am I willing to put up with to secure home network)

  • Remove the IoT devices and get a printer from 2004
    • Nope not happening, some I can get rid of (I’m looking at you thermostat and smoke detectors) but others I’m not wiling to give up (looks longingly at Xbox and smart door lock)
  • Block outbound connections except for internal IP’s from your computers and trusted devices.
    • Nope, I bought these things for remote management of my house… if I do that I still have to poke so many holes in a firewall I may as well just not bother.
  • Buy a second router and put all of the IoT stuff on there and give it a second address space that can’t be accessed by the “secure” side
    • Hey that’s not half bad idea… I don’t think I want to deal with another router but I can do a network firewall.

OK so network firewall one side has the IoT stuff the other side has my secure stuff.

So have you ever tried to look for a consumer grade network router with the capability of doing a firewall between two sets of devices? No? You should… it was frustration in abundance for most of 2019. I did find a number of roll your own solutions using PFSense however those presented the problem of being more admin then I cared to put into the whole endeavor and while rolling your own may be fine for certain folks (and I certainly should be one of them) this is one device where I want to know that my configuration is solid. So I kept an eye out and found a couple of solutions that were close but not quite there.

Flash forward to this month and I finally pulled the trigger on a UnFi Dream Machine from Ubiquity Networks. Is it overkill for what am I doing? Yup sure is… do I regret it? No I do not.

It met my requirements of having a network firewall in place between the IoT side and the “secure” sides of my network. Along with the ability to run multiple SSID’s and VLANs which while tend to be high maintenance to setup don’t require much care and feeding once they are stable. In the course of my research it was brought on multiple occasions by multiple sources that doing this kind of setup would limit functionality between devices on the secure side and devices on the IoT side. I was very ok with this as the only thing that I was really concerned about was that my Sonos speakers and Apple TV work.

  • For the Sonos speakers I found this really excellent walk through from gentleman who walked through the whole firewall rule setup and port opening for the Sonos speakers over here
  • As a side effect of the first rule in the firewall allowing traffic from Secure to IoT, but not back all of my Apple stuff sees my AppleTV no problem.

In concept the biggest difference I have seen is that when bringing up the Sonos app on my phone, it takes about 10 seconds to hook up with the speakers where as before it was sub 2… that is a penalty I’m willing to deal with. The biggest problem I have run into is manually entering the IP address of my Roku TV’s to control them remotely because I block advertisements from the IoT VLAN to the Secure VLAN.

And finally because I like logs and apparently network administration I put two 8 port UniFi network switches on my network as well. To not only have as many things running wired as I can, but to also be able to manage the switches or devices if needed. I’ve been running the setup for a week now and after the initial setup of a hour or so (creating accounts, updating firmware and devices, and getting familiar with the system) I spent probably 10 hours actually configuring VLANS and firewall rules and only that much time because I did it a couple of times from a couple of different sources before I found the walk through that worked for me mentioned above.

So yeah I had a pretty eventful thing there….

Also I quit my job in Phoenix, sold my house, lived with my parents for two weeks, moved to Colorado, and start a new job in a few days. Don’t worry I still do IT stuff at a hospital.