Welcome to the 'verse
Star Citizen has been called a lot of things over the years since its explosion into the scene as an unprecedentedly successful crowd funding campaign that has as of writing raised over $470,000,000 from over 3,800,000 'Star Citizens'. In the ensuing 10 years the game has progressed in the open from little more than a hangar where you could walk around your ships to what today is, arguably a very playable space simulator with several gameplay loops including trading, mining, PvE and PvP combat, search and rescue, salvage, exploration, and of course, piracy.
The whims of the Internet never cease to annoyamaze me. I used
to have a little piece of software that would record
Howard Stern and
A State of Trance using my Sirius radio
receiver and turn it into a podcast that I then synched to my BlackBerry.
At some point after the Sirius/XM merger they stopped carrying ASOT and
so I was left with
Above & Beyond Group Therapy to keep
me entertained during my weekly chores and yard work. Imagine my annoyance
when they decided to nuke their podcast into a 20 minute advertisement for
their 2 hour show which has been relegated behind the streaming service
hegemony. There are few things I do better than hate-write software so
away I went. Turns out both Armin and Above & Beyond publish YouTube
playlists of their shows so how hard can that be?
So it seems that despite nftables being The Way Forward for the Linux kernel firewall since kernel 3.13 or so the CADT over at Docker don't seem to have bothered supporting nftables, mostly seeming to assume that people will keep using the iptables compatibility shims. This manifested as build failures for a container on one of the new systems I'm building due to a build step's inability to reach my DNS servers.
I've been going over the various things that have crept into my day-to-day computing and evaluating them. In some cases I've found things that needed maintenance (perhaps a future post about refactoring my mutt configuration is called for), and in others I've taken the opportunity to evaluate alternatives.
I believe in a zero trust defense in depth approach to security.
Every network segment has a firewall (mostly OpenBSD) that controls
ingress and egress traffic and every machine that can also runs a
local firewall that further limits ingress (and in some cases
egress) traffic. This makes everything for an attacker harder.
It limits lateral movement, complicates data exfiltration, and
in some cases foils entire classes of attacks.
I can't imagine it will surprise any regular reader that my preferred MUA
is mutt(1), and has been for close to 20 years now. I only switched
to using Outlook at my current job a few years ago when they decommissioned
the IMAP bridge and forced everyone into it. One of the things I've found
myself having to deal with more lately is unsubscribing from marketing e-mails.
Typically this was a trivial matter of finding the unsubscribe link and visiting
it; however, it seems that lately all links in those e-mails come wrapped in
click trackers that are blocked by one or more of my proxy server, DNS
configuration, or content filter extensions, making unsubscribing difficult.
Luckily RFC 2369 seems very
well adhered to by even illegitimate e-mail marketing campaigns so I set out
to try to solve the problem in the usual way. Angrily writing software.
Edited: April 01, 2022 @23:20
Many years ago I starting building out an extended layer 3 network using IPSec tunnels with GRE tunnels on top of them. As technology moved on I transitioned these from Linux to OpenBSD using isakmpd(8) and then eventually iked(8). I automated the various configuration steps using Puppet and all in all I have been very well served by this over the years. I use IPSec to terminate all of my road warrior client connections as well so it means that the complexity serves several needs. I happened to be upgrading some Mikrotik routers from RouterOS 6 to 7 and noticed they added Wireguard support. I had been hoping Ubiquiti would add Wireguard to the UniFi USG so I could try it out since the version of strongSwan they ship is embarrassingly out of date, but it seems like they have mostly abandoned that product. Armed with an excuse I set out to see what it would take to start up a tunnel.
I browse the web a little differently than most. I vastly prefer the experience of reading feeds instead of relying on some algorithm and a pile of notifications to direct my attention. To facilitate this I funnel quite a lot of 'modern' content into an ever-growing pile of rage-written software to turn it into various RSS feeds that I can then plug into my reader ecosystem and enjoy at my leisure. Recently I found a RSS to news gateway from the creator of gmane called Gwene. I spent an evening looking at the list of groups, adding a few of the RSS feeds into my reader but there is no way I can take the time to look at all of them so that brings me to the ask! Below is a list of feeds I'm subscribed to, minus my bespoke Instagram, Twitter, Patreon, Tumblr, and YouTube feeds. If you think you know of some that I might like or that I'm just not subscribed to that you think I should be please let me know.
I think a lot about digital privacy and security. It is a subject that I care quite a lot about it and I am continually trying to optimize my posture in the ever changing landscape. A recent batch of phishing probes sent by IT security at $DAY_JOB got me thinking about the role of e-mail accounts in a person's over-all digital security posture. Even though e-mail is being used less and less for personal correspondence it is still the backbone of most online identity, either as the authentication identity itself or as the primary method (perhaps along side SMS or TOTP) for account recovery and and password reset. This makes it a particularly important vector and lots of account compromise and takeover attacks start with e-mail. It is also the primary method people get tricked into giving away their credentials in phishing attacks, opening it as a popular attack vector.
For some reason every single time I go to do any work on my colocated server that requires remote console access I end up having to remember how the silly console redirection works. Presented here in the vain hope that I will find this next time I need it and perhaps that it may help someone else.
Background
Starting just before the holidays I found myself back on the kick of working with LEDs. About 7 years ago I started making a little microcontroller based controller to drive LED strips and generate some interesting effects. I've used this in a bunch of situations with WS2812, WS2811 and APA102C based LED strips (Adafruit tends to call these NeoPixel or DotStars) over the years and recently decided to reorganize the code into more generic building blocks. In doing so I moved a bunch of the heavy lifting to a little library which allowed me to step back and do some thinking about how I might want to build up larger effects in the future. Since I do all my microcontroller development in C the natural fit seemed to be to create a sequence of actions as an array of structs. The structs could contain some conditions and a function pointer to be executed. It is also possible to have the condition be a function pointer, enabling the triggerable events so the controller can respond to stimulus or use the random number generator to change up patterns. With this in mind I designed the sequencer. It takes two arrays of structs, one for the sequence and one for the optional events. It turns out that not only was this easy to implement, but there wasn't a tremendous amount of special work needed to support the split memory architecture of the AVR platform. At the time of writing the whole file is right around 100 lines of code.
In keeping with last year, here are the 10 most visited posts as tracked by the metric collection system that I wrote in 2018.
Merry Christmas, Happy Holidays, Festive Saturnalia, Joyous Yule, and congratulations on surviving beyond the winter solstice of 2021. I hope you are all safe and healthy this holiday season as the Earth hurtles onward towards perihelion and the 665th day of March, 2020.
When I get seriously involved in writing things on the computer I tend to
go to a full-screen terminal window and bring out tmux. I was a very heavy
user of GNU screen for many years but I found the pane splitting in
tmux to be more flexible so at some point I switched to it. I ported
much of my screen configuration over to maintain the muscle memory of
the keybindings. While I was at it I added several widgets to the status
bar at the bottom of the screen. These served various purposes over the
years, but are mostly just scripts accreting atop one another.
About 11 months ago I upgraded the main server in my home network and I figured it would be a good time to take a look at look back and gauge if it has been a success. The new system is comprised of the following components.