Matthew Ernisse

November 05, 2017 @18:50

I think this would be the perfect dystopian future.

See also, and also.

November 04, 2017 @12:50

It's probably a testament to the iPhone that I even have these gripes. I was never much of a mobile web user before and compared to others I am sure I'm not much of one now, but I do look at things on my phone now more than I used to.

I'm going to pick on a couple sites in specific but a whole metric boatload of the mobile web seems to do this crap and I'm sure there are thousands of words hidden away in private wikis about this particular user experience pattern and how great it is at driving app engagement or some other complete steaming pile of naval gazing wrongness.

Sin The First: Modal

I recognize that most people like apps, I don't. I also get that website owners want to associate their website with their app (and I remember watching a WWDC talk wherein some of the iOS security features may require this association), so they toss the <meta> tag into their markup and viola, this crap happens.

App Whoring

Now I will admit that Apple has improved this behavior, it feels like these banners don't appear as often as they did in previous versions of Safari / iOS but it is still something that you should be able to turn off.

Dear Apple, Let us compromise for the sake of sanity. We can just add a toggle in -> Safari -> Advanced called 'Disable App Discovery' or some crap. Surely that isn't unreasonable or difficult?

Love, Matt

Sin the Second: Inline

I will give reddit a bit of credit here, they at least only seem to do this once. After you get the magic cookie that says you've made the obvious error of not getting their app they shut up. Unless you happen to be like me and periodically clean out your cookies and rotate your advertising identifier in the vain and silly hope that it makes it harder on the digital panopticon.

Won't you please consider our wonderful app

The part that bugs the crap out of me is how hard it is to hit that stupid link. Someone clearly doesn't actually want you to use their mobile website.


Oops! You clicked on something, time for some more disruptive and somewhat misleading 'user experience'. In this case 'Take Me Back' actually means 'Do what I told you and show me the thing I tapped on like I would expect you to do.' I guess that is probably too wordy to put in a button.

Sin The Third, Begging

This one has that whiff of desperate basement dwelling neckbeard all over it. Like seriously, my mom uses my app, so you really should too. I won't fix your computer if you don't download my app and rate it 5 stars in the app store.

imgur has their legs spread SO WIDE for you

Lets see... button in the header bar, overlay button in the bottom with bonus points of 'tiny dismiss tap target' and huge screen-sized ad inserted in the content.

Yep, they really would like you to install their app.

An Open Letter To Web Designers

Dear People Writing Websites, Knock this crap the redacted off.

Hugs and kisses, Matt

The really odd thing is that in a number of cases the mobile web sites are better than the desktop ones, and I'd have no complaints if it wasn't for this nonsense. Reddit is a good example of this. Their desktop website pales from a usability perspective compared to the mobile version and yet they feel the need to promote their app. I assume it is so they can better data mine your phone and sell you out for more profit, because I can't fathom what other benefit a native application would bring.

Further Reading

The beatings will continue until the situation improves.

Official soundtrack of this post: Pigface - The horse you rode in on

November 02, 2017 @20:48

Wherein I feel like I am the product again...

So lets do a little thought experiment.

So, you have this distribution channel that is the only way to (for normal people at least) install software on a device they claim to have sold to you.

Ignoring how completely despicable that premise is... you would think that at least for the appearance that they actually mean that whole "Unlike our $competitor, you aren't the product" stuff, perhaps they might not try to squeeze every single plug nickel out of you.

It is not shocking in the least, but at the same time I find it both disappointing and a bit offensive when this happens:

Ads in the App Store, iOS 11.1, iPhone 7

Now, I don't know for sure if this is new in iOS 11.1, though I suspect it is. It seems to happen in a way that has slipped past my network-wide ad-blocking filters, and when you add it to the rather horrific application discovery experience that is the App Store in general the whole thing just smells of a really ill advised money grab.

"Hey, finding an app you might like on the App Store sucks, how do
we fix that?"

"Oh, simple, we don't and we charge people to promote their apps in
search results and stuff in the App Store!"

"Brilliant!  Get this man a raise!"

print("\(thing) sucks, but everything else sucks more.")

let thing = "Apple"

Double Face-palm

I'm sure Steve Jobs would be so proud.

October 26, 2017 @20:33

I have been trying to get AWStats running on my Debian 9.2 (Stretch) web server. It has been fighting me. This is as much a note for future me as it is for you.

To Start With

Now I don't think this is something I added to the stock Debian Apache config, but just in case this is my Apache LogFormat. It ends up writing out to /var/log/apache2/other_vhosts_access.log. This keeps all the logs for all the activity on the server in one place and makes things nice and neat. Of course the stock Apache LogFormat in AWStats assumes one domain per log file.

LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined

So, to start I will assume you (future me) have done the usual apt-get update and apt-get install awstats dance by now, and have read /usr/share/doc/awstats/README.Debian.gz (if only to get the Apache config directives you need out of the sample config fragment).

I threw together a quick config with a SiteDomain set to but nothing happened. As forshadowing I will remind the reader that I recently setup HTTPS on that domain.


The big gotcha is that %virtualname in AWStats matches the entire %v string from the Apache log, so basically ssl hosts need the :443.

In the base awstats.conf.local I have:

LogFormat = "%virtualname %host %other %logname %time1 %methodurl %code %bytesd %refererquot %uaquot"

Then the magical incantation you want in your per-domain config files is:

Include "/etc/awstats/awstats.conf"


Edited: October 18, 2017 @14:03

I have been meaning to play around with containers for a while but for the life of me have not found a real reason to. I feel like without a real use case, any attempt I'd make to learn anything useful would be a huge waste of time. There are a bunch of neat toys out there, from running random ASCII art commands to a crazy script that 'emulates' some of the insane Hollywood style computer screens, as well as base images for all manner of application stacks and frameworks, but all of those are easily installable using your favorite package manager.

None of this really made me care enough to install and learn anything about any of the container ecosystems. I do like the idea of containers as sandboxes but as a macOS user I have that built in for free, so I have no impetus there either.

Still, there is a lot of talk about containers in the development community so I have been keeping an eye out for a use-case where I could justify investing time in them. Lately my primary development work has been creating various bespoke Flask applications. Flask comes with Werkzeug and a simple server built in, so I typically just run the internal server, iterate on the code, and then commit to my git repository. Eventually Puppet comes along and does the heavy lifting to deploy the changes to production. This works really well and I can't really figure out a reason to shoehorn a container into the process..

Docker on Aramaki

Turns out the excuse came from this web site. As I have written about before this entire site is generated from a home brew Python script. It takes all the design from templates and blog articles from markdown files and is triggered from a git post-receive hook on the web server. This lets me make a very fast web site that doesn't rely on any dynamic pages or API calls. The one drawback of this method lies in the differences between viewing pages over HTTP/HTTPS versus off the local filesystem. To test the site locally I was hand-editing some of the output to change some of the URLs from paths that would work on the website to paths that work on the local filesystem. This was getting annoying and frankly is just the thing to replace with a very small shell script.

I initially thought about modifying the build script to use filesystem paths when building locally, but that would just add complexity and potential for breakage. I then thought about fooling around with the web server built into macOS but I am generally loathe to mess around with things in the bowels of the OS lest I do something that Apple breaks in an update. In the end I figured this might finally be a good excuse to pull together a Docker container running Apache, that included the Python bits that the site builder needed and then in true ex-sysadmin fashion wrap it up in a nice shell script.

This resulted in a pretty reasonable work flow.

  1. Update working copy of site.
  2. Run
    • build Docker image
    • copy working copy into Docker image
    • launch an instance of this image.
    • Open a browser to the URL of the local Docker instance.
  3. Verify things are the way we want.
  4. Fix and GOTO 1 or continue.
  5. git add, commit, push to remote.
    • git hook deploys to production.

Now to be fair there are probably easier ways to do this including using a staging branch that is served on another domain name, directory, or on an internal VM. This would save me from building, launching, and cleaning up images. I could use my normal publishing work flow and scripts to simply do the right thing and then merge back to master when I'm ready to deploy the site to production.

But that doesn't give me an excuse to play with 🐳 Docker. 😁


As of the time of writing these are the main pieces that make this work flow possible.


FROM debian:latest
LABEL version="0.3.0" \
    vendor="Matthew Ernisse <>" \
    description="Build and serve"

RUN apt-get update \
    && apt-get install -y \
    apache2 \
    python \
    python-pip \
    && rm -rf /var/lib/apt/lists/* \
    && mkdir -p /var/www/ \
    && a2dissite 000-default

COPY docker/going-flying.conf /etc/apache2/sites-available
COPY . /var/www/

RUN a2ensite going-flying \
    && pip install \
    --requirement /var/www/ \
    && /var/www/

CMD ["/usr/sbin/apachectl", "-DFOREGROUND"]

This is pretty straightforward. I take the Debian base Docker image and install the bits I need to build and serve the site. I also have a very basic apache configuration fragment that points the server to the location I will be copying the site files to (the same location as in production so the script doesn't have to care). I then simply copy the working copy of the site into the image and run on it.

# (c) 2017 Matthew J. Ernisse <>
# All Rights Reserved.
# Build and run a copy of the website inside a Docker container.

set -e

echo " test builder."

if ! which docker 2>&1 >/dev/null; then
    echo "docker not found."
    exit 1

if [ "$(uname -s)" != "Darwin" ]; then
    echo "Not running on macOS.  Exiting."
    exit 2

cat << EOF

                    ##         .
              ## ## ##        ==
           ## ## ## ## ##    ===
       /"""""""""""""""""\___/ ===
      {                       /  ===-
       \______ O           __/
         \    \         __/


echo "Building image..."
_image=$(docker build --force-rm --squash . -t going-flying:latest | \
    awk '/^Successfully built [0-9a-f]+/ { print $3 }')

docker run --rm -d -p 8080:80 --name going-flying $_image > /dev/null

open "http://localhost:8080"

echo "Container running, Press [RETURN] to end."
echo "Stopping..."

docker stop going-flying > /dev/null
echo "OK."

This just does the docker build and docker run dance that causes a container to be running. It can probably be simplified even further but it gets the job done. The biggest thing was to make sure that I wasn't leaving a pile of images and whatnot laying around. And not having to remember the different command line switches needed to make it all Just Work.

The only other change was a hook in that changes the base URL of the site from the normal to http://localhost:8080/. It does this by simply detecting if it is running in a Docker container and changing an instance variable.

def is_docker():
        ''' Return True if we're running in docker.'''
        if not os.path.exists('/proc/self/cgroup'):
                return None

        with open('/proc/self/cgroup') as fd:
                line = fd.readline()
                while line:
                        if 'docker' in line:
                                return True

                        line = fd.readline()

        return None

[ ... later in main() ... ]

        if is_docker():
                BuildConfig.urlbase = "http://localhost:8080/"
                print ":whale:  container detected."

I was skeptical at first if this was going to be worth it, but after using this for a few site updates, I honestly feel that this was easier than many of the alternatives and in the end let me go back to fixing a bunch of style and template bugs that I had on the TODO list for some time. I'd call that a result that was worth the effort. I look forward to finding more places where a container fits into my work flow. It might even turn into an excuse to run a private registry and start playing with some of the CI tools to run builds.


It turns out that Safari doesn't like to auto play videos not in view when the page loads. I tried to slam together some JavaScript to 'fix' this, but your milage may vary. If the videos aren't playing you should be able to right click on one of them and say 'show controls' then hit play.

October 13, 2017 @19:10

I monitor the DSM version on my Synology NAS with my icinga2 instance and sometimes alerts pop while I'm not in a position to run the upgrade using the normal GUI process.

This is rare enough that I almost always find myself trying to remember how to do it via ssh(1) and after flailing around aimlessly for a while I ultimately figure it out. This time I figured I'd write it down so I can at least find it in the future.

Basically synoupgrade is what you want.

Synology DS214se

admin@nas01:/$ sudo synoupgrade --check
Available update: DSM 6.1.3-15152 Update 7, patch type: smallupdate, restart type: none, reboot type: now
admin@nas01:/$ sudo synoupgrade --download
New update has been downloaded
admin@nas01:/$ sudo synoupgrade --start
Start DSM update...
Finish DSM update, reboot now!!

Broadcast message from root@nas01
    (unknown) at 19:00 ...

The system is going down for reboot NOW!
October 12, 2017 @22:00

iPad Impressions

I mentioned a few things in my first post that I thought might be better on the iPad than the iPhone.

iPad iOS 11 Screenshot

I like the new task switcher a lot, and I can see potential in the dock if you don't turn off all the iCloud features. I was wrong about the video stuff though, that's still too small and garbage.

iPad iOS 11 Screenshot

I Still Think This Stuff is Ugly

iPhone iOS 11 Screenshot

The more I look at it, the less I like the huge text block at the top of the tab screen. It feels like such a huge waste of screen real estate which feels antithetical to the entire point of designing a mobile UI.

Control Center Is Doing Radios WRONG

I ran into this last week as I was flying to Las Vegas for a work conference. I turn off WiFi and Bluetooth when I'm traveling for a number of reasons, but mostly battery life. It looks like tapping the radio icons in Control Center does not actually turn off the radio but disconnect you from the currently connected items, leaving the radios on, draining your battery, and broadcasting information out into the aether. You have to actually go into Settings to turn off the radios. Thankfully Airplane Mode seems to actually disable the radios so my battery didn't get murdered on the flights but the last thing you want to do is walk around a technical conference in Las Vegas with un-needed radios in your phone looking for something useful.

The long and the short of it is that those buttons should disable the radios not disconnect them.

(╯°□°)╯︵ ┻━┻

October 09, 2017 @15:40

There are a lot of reviews of iOS 11 out there already and as is almost always the case, people are complaining that things changed. This is not that. Part of the reality we live in with our consumer-oriented technology demands is that things change. As a whole iOS 11 seems to be an improvement over previous versions and in general I'm happy with it.

The Good


Apple continues to take security seriously, now requiring passcode authentication after repeated failures as well as after reboot. Also requiring the phone to be unlocked to exfiltrate data is an improvement. This focus is especially important with the continued focus on privacy and security in the face of difficult times all across the world. This kind of behavior should be the default on all mobile devices.

Third Party Location Use Alert

iOS 11 Screenshot

In previous versions it seemed that Apple Maps was the only navigation program that would present you with the blue bar across the top of the screen, letting you know it was actively using your location (and providing a low-friction way to task switch back to navigation). Obviously you shouldn't be using your phone while driving 😔 and the DND While Driving mode is a nice feature (though I doubt anyone is really using it) but since the Podcast app is now broken (see below for more), if you find yourself changing music or some other totally reasonable action while driving it is nice to just be able to tap on the header to go back to your navigation app.

Phone Controls While Locked

This is seriously great. Not having to unlock the phone to toggle mute, or to switch audio outputs, or to end the call is a great thing. Even if you don't fanatically toggle mute while on conference calls, at the very least this has totally gotten rid of the 3 seconds of awkward silence after you say "goodbye" while both parties root around trying to get to the 'end call' button.

The Bad

Stupid Home Control Bug (still)

iOS 11 Screenshot

I think this has been around as long as the Home Control feature has been in iOS. I remember it on my iPad Mini 2. It seems that when you turn this off, it always ends up turning itself back on. Thankfully I don't have any HomeKit devices because frankly this is a security bug. I don't want someone to be able to see or interact with my home automation without being authenticated. That's just... shocking. It's like having a lock on your door that doesn't need a key. What is the point?

Podcast App Now Basically Useless

iOS 11 ScreenCast

I listen to podcasts while driving, mowing the lawn, working around the house, and sometimes while working at work. I am DEEP in the back catalog of most of the podcasts I listen to so I don't want to have to stop what I'm doing and pull the phone out to navigate to and select the next episode. In previous versions I have not had to. For some reason now the built-in Podcast app stops after every episode, even if there are more unplayed episodes already downloaded to the device. This seems strange for Apple as it increases friction using the device.

App Search Completely Useless

iOS 11 ScreenCast

I don't like having a pile of apps on my home screen. This is similar to how I use my MacBook Pro. I toss everything in a folder and search for what I want when I need it. On the Mac clover+space works great. On the previous version of iOS this same workflow worked well. Swipe down, type two or three letters and the app you want is probably listed. Tap and launch.

As full disclosure I have always had Siri and all the related Siri features off since I have had it on all my iOS devices, but in the past this worked great.

Now however you have to type the entire and exact name of the application for it to show up. This makes the workflow much more difficult and cumbersome. More friction for no reason.

iPhone Force Touch App Switching Gone

With all the focus on the iPad, multitasking on the iPhone lost a really handy feature. In iOS 10 you used to be able to force touch on the edge of the screen and get the task switcher. This was less movement and already had your thumb on the screen to switch or close apps versus the double-click home gesture. Again, more friction for no reason.

The Ugly

New Apple Visual Style

iOS 5 Screenshot

I feel like this is the most subjective of the changes. While the UI has changed a LOT over the years and is largely an improvement I can't help but by a little bothered by the waste of space that comes along with the new design language. The fairly ubiquitous search bar just off the top of the screen is nice but the giant title of the app you just clicked on seems... a bit superfluous. Maybe this is less of an issue on the larger screen devices like the iPhone X and the iPads, on a regular iPhone 7 you have a solid 1/4" of the display taken up by quite literally the name of the thing you just tapped on.


Native Video Controls Now TINY

iOS 11 Screenshot

I don't have a lot to say about this, but the native video player controls are now much smaller and harder to hit. The volume overlay is better but the rest have gotten markedly worse. Most of these aren't a huge issue but trying to hit the full screen or AirPlay buttons has become much more painful. Like I said about the visual style this may be less of an issue on the larger devices, but on the smaller screen standard devices it is pretty irritating.

Overriding Settings To Default On Upgrade

One of the more ugly things that iOS 11 did upon upgrade was to turn on a whole bunch of features that I explicitly turned off in iOS 10. Things like iCloud, iMessage, and Siri turned themselves on without warning. I declined the iCloud Drive feature during setup but a bunch of the other features popped on and iCloud added itself as an 'Account' automatically. I can imagine this was part of some preferences migration in the phone since things clearly have changed but it seems like the case where the user had previously disabled all this had not been tested or possibly (worse) someone had decided to ignore the user's wishes and turn this stuff on again. It seems like I caught it before it started syncing anything back to the Apple mothership, but it feels like a potential privacy leak. At the very least it required an audit of all of the options in Preferences to verify things weren't being uploaded to Apple which was a waste of time and added friction to using the device.


I Miss Steve Jobs

Steve Jobs Headshot

You can say a lot about Steve Jobs. He certainly had a very storied career. For all the drawbacks of his fanatical and perhaps ego-driven attention to detail one thing that was true under his stewardship of Apple was his focus on polish and reducing user friction with technology. This version of iOS, while being largely good is somehow lacking the polish that I would otherwise have come to expect. I don't know if it is the reality that he's gone and his curated plans for the products he shepherded into life have finally ended or if it is the inexorable pressure of the market on Apple to continue to 'innovate' on a very aggressive 12 month cycle. Either way it is a stumble, and while all technology is created by humans who are by their very nature fallible and under enormous pressure to remain the most valuable company in the world, I do hope that these things get polished away instead of becoming a canary in the coal mine for the future of the product.

You Should Still Upgrade

All of the nits I picked above aside you should still upgrade. The security and stability updates alone are important enough to warrant keeping current.

Steve Jobs headshot used under license, see here for details, iOS 5 screenshot from Softpedia

September 30, 2017 @00:02

So I Heard You Like Videos

As a follow up to my Favorite Podcasts post, I figured I would talk a bit about my favorite Youtube channels. A while back I wrote a Flask app to take a bunch of different web services that I didn't feel like having accounts on and turning them into RSS feeds. In the case of Youtube I combine the RSS feeds of each channel into a single RSS feed that I subscribe to. This makes it a lot easier to keep up with the periodic deluge of videos without having to fool around with a bunch of bookmarks or having a Google account.

Top 10 12 uh, bunch?

I currently am following 26 channels, according to my app, and writing about all of them frankly sounds exhausting. I imagine reading all that would be pretty exhausting too, so here are a sampling of them in no particular order.


The OG Youtube electronics channel. The lord and savior of the tear down. That Aussie Bloke. There isn't a whole lot to say about Dave's channel that has not been said elsewhere, if you have any interest in electronics at all and you have somehow missed him I'd highly suggest you go review his channel and website. From circuit design, PC board layout, gear reviews, and random rants there is a bit of everything. I can't heap enough praise on this guy.


I hope you have a vice handy... you will need it. AvE is hard to pin down, home of the BoLTR and follower of our Lord and Savior of the tear down Chris is... a rare breed. Uncle Bumblefack seems to spend most of his time in his home shop showing the rest of us how much fun it can be to just chuck up some random scrap in your Boxford lathe and make chips. Not nearly as politically correct as This Old Tony or professional as Abom79 or beautiful as Clickspring his channel is a slice of life with a slightly oiled up bend to the left. Well worth the watch if you are in the market for some tools for your own shop, you will likely stay for the dose of fooling around and laughs.


I love Big Clive. He's kind of like Dave Jones from the EEVBlog if Dave happened to fall in with the carnival instead of designing circuit boards professionally before discovering Youtube. Clive tears things apart with gusto and builds random things out of LEDs and USB leads he got from the 1£ shop. Sometimes he plays with high voltage but not nearly to the level of mikeselectricstuff or tesla500, but lately he's been keeping it safer for those of us who like to follow along at home. Clive is a consummate professional scot, living on the Isle of Man and doing slightly dodgy things for our viewing pleasure. Did I mention that I loved this guy? For extra credit and a bit more digital electronic bend see also Julian Illet.

Scott Manley

Another scot, this one now living in the Bay Area. Probably most known for his Kerbal Space Program videos of which he has HOURS of. Scott takes his formal science background and uses it to do wonderful things in that game. I found him originally looking around at the aforementioned KSP videos and then later ran across him again looking for Elite: Dangerous videos. I was hooked and went through a large portion of his back catalog. If you ever wondered how rockets worked or why people keep talking about delta V when shooting things into space then you'll do worse than dropping by Scott's channel.

Penny Arcade TV

I'll admit, I really only watch for the Acquisitions Incorporated stuff these days since PA: The Series ended (worth a watch if you have not seen it). If you enjoy D&D and somehow have not come across this show guys then go. Go now. Seriously. I'll see you in something like 90 hours. Ok done? Great, go over to WoTC's channel and watch Dice Camera Action.

A Dose of Buckley

The second Canadian on my list, and the only comedy/rant channel. Buckley is sort of my sprit animal. He's mostly known for his 'Worst songs of...' videos but he has several different music and society themed rant series. I am particularly fond of Scumbags of the Internet.

Leo Moracchioli/Frog Leap Studios

Leo makes the most metal covers on YouTube. I can't put what he does in words and truly make you understand how great he is. The production value of both the audio and the video is fantastic. This guy is just absolutely killing it. Do your ears a favor and go spend 10 or 20 hours watching his stuff.

Ok, I'm done. You have your mission should you choose to accept it.

September 06, 2017 @17:20


I don't listen to a lot of podcasts these days, in fact most of the time I listen to either Sirius XM or my music collection that I've curated into iTunes over the years. There are some times when I'm in the mood for something different and these are the podcasts that I have been actually listening to this year.

In the order that they show up on my iPhone:

Darkest Night

One of a number of spooky/horror/thriller podcasts that I reach for, this is a bunch of seemingly un-related stories told through the memories of the dead. Really well written and produced with an interesting cast and plenty of strange and spooky tales. The episodes are short and consumable. Easy to jump into and catch up on.

King Falls AM

This was the first of the ``radio drama'' style podcasts that I found. A small town late-night radio show on a run-down AM radio station with a cast of characters, supernatural beings, and implied aliens borders on paranormal and slice of life comedy. This is one of the few that I'll listen to as they come out. 📻

The Christmas episode is hilarious and worth listening to on its own.

Suck Squeeze Bang Blow

A self-described 'Three guys, a garage' show, this is hosted by a bunch of folks that I happen to know. They usually mention cars but beers and general stream-of-consciousness arguments tend to veer all over the place. Not quite news, not quite politics, not quite cars, it is a weekly tirade by a bunch of guys in a garage.

Troy Hunt's Weekly Update Podcast

Troy Hunt is an Aussie bloke and the guy behind Have I Been Pwned. He generally writes about security and privacy in our ever more connected world. This is a podcast outlining the things he's been up to during the week. Sometimes he does this from a jetski. 🏄

Welcome To Night Vale

Similar to King Falls AM but a bit more fraught with psychological trauma and black bag government conspiracies. I am slowly working my way though the back catalog which is DEEP. If you end up liking King Falls AM, give this one a shot.

Downloadable Content

I like Penny Arcade, and backed the kickstarter for their podcast. Listen in on the two creators of the comic sit in their office and talk about insane things until out the other end comes one of their world-famous .jpegs. Each episode stands on their own so it is really easy to pick up and put down, ideal for driving in the car except for when it sucks you in and you find yourself sitting in the parking lot giggling. 👾

Lave Radio: an Elite Dangerous podcast

Live from an orange sidewinder somewhere outside of Lave Station this is a podcast about the open-galaxy space sim Elite: Dangerous. I play the game now and then and this podcast fits well in the background. o7 cmdrs. 🍸

Above & Beyond: Group Therapy

I used to listen to A State of Trance by Armin Van Buuren, but the podcast feed is just not a good replacement for the radio show. This is the next best thing. A lovely feed filled with two hour episodes of the music that the boys that are Above & Beyond are in to that week. This is my go to podcast for long drives, long walks, and mowing the lawn. It makes cutting nearly 2 acres really enjoyable. 🎧

I'd love to hear any suggestions of other podcasts to add to the stable, you can drop me a note at matt at going dash flying dot com


Edited: September 14, 2017 @22:03

It is funny. In this day and age of disposable everything, where people are more than happy to shell out money for things that don't actually exist you might think that we've finally left nostalgia behind. There is no point in wishing for the past if it is all still there on some drive somewhere in the cloud.

I am finding that I have a form of nostalgia for old software. More elegant ways to transmit information, closer to the metal as it were. It's probably the same as a well worn tool that has been replaced by a bulky power tool that does the job way faster but makes a big mess, a lot of noise, needs tremendous care-and-feeding and breaks down periodically in spectacular ways, periodically killing people. (I think I just accidentally took a shot at the web browser there...) 👾

But I digress. I started writing this because somewhere in my wandering I happened upon some more of's amazing work and at the risk of falling off into another rambling tangent I have admit that a part of me envies those folks. Working to preserve the whirlwind of ephemera that is the Internet so that hopefully those that come after us will be able to see all the hideous mistakes we made on our free GeoCities pages back in the early 1990s, play all our old text adventure games, and witness the unbridled hubris as we created what we thought would be an anarchic, academic, utopia.

If you are still reading this and want to learn a little bit about some of the events that shaped the form and function of the network we take for granted today, or you just want to marvel at the ability to still use a dead file format brought back to life by an emulator written in a language that deserves to die...

The Hacker Crackdown by Bruce Stirling

Edit on an ipad After fighting with the JavaScript emulation on, I decided to put together a package that essentially mimics what is running in the browser but as a 'native' app. So if you would rather read the stack on your computer or want a starting point for a working Mac SE emulator go grab sterling.tar.gz.

August 25, 2017 @17:30

Why new WiFi?

Back in May I closed on a house, leaving my old apartment of 10 years behind. The house was built in 1856 and as you might expect is built like a tank. This is lovely for many reasons but poses a bit of an impediment for having good WiFi.

As a bit of background, one of the things that I did during the nearly decade that I worked for the local phone company's ISP arm was to help build and deploy various WiFi installations. These ranged from single room, single access point coffee shops to small cities. We evaluated a number of vendors to standardize around when developing these solutions looking at RF performance, number of concurrent clients, authentication and management infrastructure, robustness, and client roaming. Now this was when 802.11g was brand new so things have changed but the lessons were well learned.

The Search

For the last 6 years or so I used a very nice access point from Ruckus Wireless. They have one of the nicest radio and antenna combinations on the market which let me cover my entire 1100 sqft apartment with one access point (and a fair bit of the parking lot... 😊) but they are a bit spendy and I couldn't justify buying 3 or 4 of them.

I also use MikroTik RouterBoard access points and routers for some smaller deployments but honestly I'm not a huge fan of their CAPsMAN WiFi management software and I don't know why but they don't seem to believe that standard PoE (802.3af) is a thing worth supporting.

Also on the list of brands that my supplier ISPSupplies stocks happened to be Ubiquiti. I had initially ruled them out because they also suffered from the lack of 802.3af, but I happened to see that they had just released some new access points so I dug up a data sheet to see if they finally saw the light and ditched passive PoE. Turns out they did, so as well as the new 802.3at PoE+ standard. I was interested.


Unifi Marketing Image

Why no how?

This isn't a tutorial on how to implement WiFi. There are many of those available online and Troy Hunt made a rather nice one for Ubiquiti that is pretty close to what I ended up doing. He does a good job of going through the process so feel free to go check that out if you want to know how to deploy this stuff. This is meant to be more of an explanation of my experience with the product. Once I decided to go with the UniFi system I ordered the bits from my friendly supplier

Bits I bought


I have a pretty complex network already so I didn't get the security gateway or any of their switches. The Cisco 3750 PoE switch that I have works just fine, and I very much like my OpenBSD router. I also don't trust the cloud very much so I chose to deploy the Linux version of the UniFi controller software. All in all it took me about 20 minutes to create a puppet manifest and deploy the software on a new VM. Taking ownership of the access points was a breeze and within 30 minutes I had the latest firmware on them and was ready to provision the network.

UniFi device list

Configuration of my SSIDs, VLANs, and RADIUS profiles (I use WPA2-Enterprise for my internal SSID and have a WPA2-PSK guest network on a separate VLAN) was simple and intuitive. I'd say that I had a working WiFi network within an hour and a half, including opening the boxes and putting the access points roughly where I wanted them.

UniFi Map


This was a couple months ago and after living with the system for a while I can honestly say I'm extremely happy 😄. Installation, configuration, and firmware updates have been easy. All of the clients I have had on the network (Windows 10 laptop, macOS laptops, iPhone 7, Samsung Galaxy S6, BlackBerry Passport, BlackBerry Classic, iPad Mini 2, Kindle Fire, and Kindle PaperWhite) work great and most importantly, roam between access points seamlessly. The previous Ruckus Wireless WiFi network performed really well in the last location so unlike Troy I don't have glowing things to say about the huge performance boost...

Garage access point

but I can successfully cover about 1.75 acres with just 3 access points with no slowdowns or dropouts.

Garage AP statistics

UniFi Mobile App

View from the client location

View from test above


So tl;dr, consumer grade router / access point combos are heaping piles of 💩 garbage, don't use them, use something that was designed to be an access point, these Ubiquiti jobbies are pretty good. I'd buy them again.

👍 💯 🍺

August 17, 2017 @13:40

There has been a lot of buzz around about how quickly the web is moving towards HTTPS everywhere. For quite a while the EFF has had extensions for the popular browsers to enforce HTTPS Everywhere, and security bloggers like Troy Hunt have written a bunch of things about impending browser changes that are going to make life a lot harder for people with websites that do not support HTTPS.

I've been running HTTPS on for a while now, since that site serves several applications (OwnCloud, tt-rss and wallabag for example) and I have good reason to want that to be secure, but I figured this was a good time to pull the trigger and put SSL on

SSL Labs Test Result

The reality is that while I'm unlikely to get the 'insecure' warnings from the browser updates but thankfully SNI is pretty well supported these days so pulling that trigger was pretty damn easy. 👍

In my case I buy DV certificates from my registrar (a rad French company called Gandi). Before people start screaming about LetsEncrypt I may switch to those at some point but frankly I don't really feel like they are "there yet". I use certificates for a lot of things that you don't see, including signing Apple MobileConfig bundles for use in deployment to my iOS devices. These certificates are still not trusted everywhere by default and integrating the LetsEncrypt ecosystem into all those automated backend tools is... well it's work I'm not getting paid for. 😂


April 14, 2017 @16:08

I have been going through my ~/TODO list recently and I have meant to figure out why my Sonos indexing has been failing lately. I sync my iTunes Library from my Time Machine backups into a shared space on my NAS so other things can get to it without having to have my Mac on.

I tried to re-add the UNC path and it would consistently return error 900.

Google wasn't helpful at all on what error 900 actually meant.

So I cranked up debugging on samba and this came across:

No protocol supported !

I had recently disabled SMB1 on my NAS but didn't realize that change coincided with my indexing failures.

So tl;dr, it looks like Sonos uses SMB1 to connect to your NAS, so make sure that you leave it enabled.

Dear Sonos... please use a newer version of SMB... SMB1 is terrible.

🍺 🔉

April 11, 2017 @20:08

I just wanted to quickly mention a change I ran into today while upgrading my OpenBSD routers to 6.1.

As a quick background I use OpenIKED to terminate VPN connections from OpenBSD routers, iOS devices, mac OS devices and MikroTik RouterOS devices. The OpenBSD and RouterOS systems are site-to-site links with ipip(4) interfaces running on top of the ikev2 tunnels. Routing is handled by the ospfd(8) and ospf6d(8) daemons provided by OpenBSD.

The tunnel to my RouterOS device stopped working today with a rather strange message:

Apr 11 11:49:12 bdr01 iked[60779]: ikev2_ike_auth_recv: unexpected auth method RSA_SIG, was expecting SIG

Searching around in the debug output of iked(8) there was some indication that the daemon could only use RFC 7427 signatures:

Apr 11 10:01:23 bdr01 iked[64964]: set_policy: could not find pubkey for /etc/iked/pubkeys/fqdn/hostname

I checked RouterOS and it only has a rsa signature option for ikev2 certificate based authentication.

The fix?

Get the public key for the connection and put it where iked(8) expects it.

openssl rsa -in private key -pubout > public key

This allowed the tunnel to come right up without any changes on the MikroTik end.

Subscribe via RSS. Send me a comment.