Matthew Ernisse

November 07, 2019 @08:46

Last night I had a need to put together a new OpenBSD machine. Since I already use DigitalOcean for one of my public DNS servers I wanted to use them for this need but sadly like all too many of the cloud providers they don't support OpenBSD. Now they do support FreeBSD and I found a couple writeups that show how to use FreeBSD as a shim to install OpenBSD.

More (26%) …

November 02, 2019 @22:20

I've been using iOS 13 since the public beta and have has some... unkind things to say already. I will pile a few other complaints on as an introduction here to set the tone. The most general one I have is that the random new animations in the UI that seem to periodically result in slowdowns or lost taps. iOS 13.1 had a horrible bug where it would not let you scroll while the selection animation was running in a list view (like in Mail), but at least that seems to be fixed in 13.2. Finally the continuing user anti-experience that I complained about in my impressions of iOS 11 post continues. It takes at least 3 taps to get anywhere useful in half of the stock apps now because of the stupid defaults views. Music and Podcasts are my most frequently used examples of this but the App Store is now totally useless. I don't even think there is a way to just list all the apps in a single category anymore. So good luck if you aren't searching for an app by name or looking for one of the 100 most popular apps out of the however many million apps in there. Good thing Apple doesn't lock you into their App Store for getting software on your device... oh... wait.

More (32%) …

November 02, 2019 @15:20

I think it's pretty clear that I have a pretty large pile of technology laying around. Most of it exists to bend some of the more vile trends in technology to my will (for example, I force everything to use my own DNS resolvers which have extensive block lists and force all requests that go out to the Internet to use DNS-over-TLS so my ISP can't intercept my DNS requests to profile me), but I also believe that if you are involved in technology you should try to host as much of your own online presence as you can.

More (18%) …

September 26, 2019 @13:58

I had to roll my internal certificate authority the other day since my previous one was using SHA-1 signatures and with the new version of Debian SHA-1 signed certificates are no longer trusted. I chose to switch to ECDSA certificates with SHA2-256 signatures to bring my CA in line with modern cryptography.

More (10%) …

September 17, 2019 @09:24

I registered my first domain name in 2001 (ub3rgeek.net) and though I had several of those dyndns style names for a few years prior that is where I put up my first blog. In 2015 I got tired of spelling out my e-mail address and got going-flying.com.

More (16%) …

September 09, 2019 @11:17

I have been in a mood lately. I've had a couple projects converge to come crashing down all at once. So while fighting the infrastructure changes needed to switch going-flying.com to LetsEncrypt, updating my own internal CA to support modern standards, remodeling a spare bedroom in the house, and trying to organize my password manager I found myself re-reading ancient blogs.

More (11%) …

September 07, 2019 @19:30

So over the last few days I've done a bunch of work on the software that generates the website. It has remained mostly the same since I originally wrote it with the exception of a small refactoring when I moved the publishing workflow over to Docker. After looking at the timing metrics I decided that the various index pages get too damn big even with only 15 articles per page. They often take several seconds to get to DOM Interactive, which... is stupid.

More (35%) …

August 19, 2019 @11:23

Late last May Ubiquiti released the v 4.4.41 update for their UniFi Security Gateways and it promptly broke my VPN tunnel. I didn't have time to dig into it at the time so I just rolled back to the previous 4.4.36 release which worked swimmingly. At the end of last month they released the 4.4.44 version with several security fixes so I decided to devote some time to it today.

More (14%) …

August 16, 2019 @11:23

I was cleaning out my workshop a while back and came across my stash of old hardware. In the pile was a perfectly serviceable iPad 2. Now I say serviceable, but the reality is that while it powers on and works it is stuck at iOS 9.3.5 (so good luck finding App Store apps that will work), and is pretty slow (well, it's a dual core Cortex-A9 @ 1GHz but that is slow these days). Thankfully XCode still supports targeting iOS 9.3 so I set about writing an app to put this thing to use. About the only thing I could think of that I would actually use this thing for is... a digital picture frame.

More (14%) …

August 12, 2019 @14:45

About 8 months ago I augmented the AWStats based monitoring of my web sites with an InfluxDB, Grafana and JavaScript solution to collect user agent metrics. In looking at the data the thing that jumped out at me the most was the rate of adoption of HTTP/2.0 versus IPv6.

More (20%) …

July 10, 2019 @16:00

Hooks are a great way to execute various tasks as part of your git(1) workflow. Since I run my own repository server I have plugged a number of different things into my repositories, both private and public. There are several previous posts where I discuss some of them.

More (19%) …

June 25, 2019 @11:31

I am sure I am in the minority of mobile users (though probably not a small minority these days, especially among the technically apt) in that I try to only use mobile applications where they provide a large amount of concrete value over the mobile website. The inability to sanely audit applications in conjunction with their ability to exfiltrate way more data than a mobile website raises the bar I set to a much higher level.

More (37%) …

April 04, 2019 @09:35

I have mentioned a few times that I rely on OpenBSD VPNs to ensure that clients outside of my home network get the same level of protection as they do inside. This means that I can use already existing DNS and proxy infrastructure to prevent various malvertizing, tracking, beacons, and poorly behaved applications and websites from leaking personal information, and I can prevent wifi hotspots from analyizing my traffic or injecting JavaScript. Creating the actual infrastructure is out of scope for this post, but I did previously post some information about what the DNS configuration looks like.

More (8%) …

April 02, 2019 @18:10

I really don't want to sound like the old man yelling at a cloud here; however, sometimes you need to. When DRM first appeared as a way to sell digital goods on the Internet and prevent the dreaded piracy and sharing that was certain to be the downfall of all capitalism and hurl us into the darkest night, the Internet was, as you might expect quite put out.

More (15%) …

December 04, 2018 @11:00

I'm trying to figure out a way to balance the lack of surprise and schadenfreude I have at Tumblr/Verizon's decision to paint all sexual content with the regressive and transparent 'but think of the children' brush. Tumblr grew largely thanks to the alternative and adult communities that found its permissive and accepting nature welcoming. It became what it is today because of the LGBTQ+ and sex worker communities, and now it has decided to break up. Their post paints a pretty picture full of platitudes, inclusiveness, acceptance, and love of community but it is obvious to the most casual of observer that it is just a sham. Tumblr is breaking up with the people that helped it grow because it is easier than trying to actually make the service a better place.

More (25%) …

Subscribe via RSS. Send me a comment.