Matthew Ernisse

January 13, 2020 @17:30

Back in 2014 I built a FlightAware ADS-B feeder using a Raspberry Pi and a USB SDR dongle. While all commercial traffic is required to use the 1090MHz 'Extended Squitter' extension to the Mode S transponder as of January 1, 2020 there is an option for the general aviation community known as UAT, which operates on 978MHz and is meant to provide more affordable in-aircraft equipment for aircraft that will not operate above 18,000 ft MSL. Now that adoption is mandatory in US controlled airspace, I wanted to add UAT capability to my surveillance site. Since the 1090MHz feeder uses most of the capability of the Raspberry Pi in it, I decided to use a Raspberry Pi Zero W that I had laying around to build a separate feeder for UAT.

More (27%) …

Original: November 07, 2019 @08:46
Edited: November 11, 2021 @14:11

Last night I had a need to put together a new OpenBSD machine. Since I already use DigitalOcean for one of my public DNS servers I wanted to use them for this need but sadly like all too many of the cloud providers they don't support OpenBSD. Now they do support FreeBSD and I found a couple writeups that show how to use FreeBSD as a shim to install OpenBSD.

More (22%) …

November 02, 2019 @22:20

I've been using iOS 13 since the public beta and have has some... unkind things to say already. I will pile a few other complaints on as an introduction here to set the tone. The most general one I have is that the random new animations in the UI that seem to periodically result in slowdowns or lost taps. iOS 13.1 had a horrible bug where it would not let you scroll while the selection animation was running in a list view (like in Mail), but at least that seems to be fixed in 13.2. Finally the continuing user anti-experience that I complained about in my impressions of iOS 11 post continues. It takes at least 3 taps to get anywhere useful in half of the stock apps now because of the stupid defaults views. Music and Podcasts are my most frequently used examples of this but the App Store is now totally useless. I don't even think there is a way to just list all the apps in a single category anymore. So good luck if you aren't searching for an app by name or looking for one of the 100 most popular apps out of the however many million apps in there. Good thing Apple doesn't lock you into their App Store for getting software on your device... oh... wait.

More (32%) …

November 02, 2019 @15:20

I think it's pretty clear that I have a pretty large pile of technology laying around. Most of it exists to bend some of the more vile trends in technology to my will (for example, I force everything to use my own DNS resolvers which have extensive block lists and force all requests that go out to the Internet to use DNS-over-TLS so my ISP can't intercept my DNS requests to profile me), but I also believe that if you are involved in technology you should try to host as much of your own online presence as you can.

More (18%) …

Original: September 26, 2019 @13:58
Edited: March 11, 2020 @14:55

Edit: March 11, 2020

There appears to be some behavior in the USG's configuration system that made it seem like the below Just Worked with intermediate certificates, however it doesn't. A software update exposed that weakness. Everything else seems to hold true even in version v4.4.50 (current as of now). See this post for the updated information on intermediate CA certificates.

More (12%) …

September 17, 2019 @09:24 circa 2002 I registered my first domain name in 2001 ( and though I had several of those dyndns style names for a few years prior that is where I put up my first blog. In 2015 I got tired of spelling out my e-mail address and got

More (20%) …

September 09, 2019 @11:17

I have been in a mood lately. I've had a couple projects converge to come crashing down all at once. So while fighting the infrastructure changes needed to switch to LetsEncrypt, updating my own internal CA to support modern standards, remodeling a spare bedroom in the house, and trying to organize my password manager I found myself re-reading ancient blogs.

More (11%) …

September 07, 2019 @19:30

So over the last few days I've done a bunch of work on the software that generates the website. It has remained mostly the same since I originally wrote it with the exception of a small refactoring when I moved the publishing workflow over to Docker. After looking at the timing metrics I decided that the various index pages get too damn big even with only 15 articles per page. They often take several seconds to get to DOM Interactive, which... is stupid.

More (35%) …

August 19, 2019 @11:23

Late last May Ubiquiti released the v 4.4.41 update for their UniFi Security Gateways and it promptly broke my VPN tunnel. I didn't have time to dig into it at the time so I just rolled back to the previous 4.4.36 release which worked swimmingly. At the end of last month they released the 4.4.44 version with several security fixes so I decided to devote some time to it today.

More (14%) …

August 16, 2019 @11:23

iPad2 Version I was cleaning out my workshop a while back and came across my stash of old hardware. In the pile was a perfectly serviceable iPad 2. Now I say serviceable, but the reality is that while it powers on and works it is stuck at iOS 9.3.5 (so good luck finding App Store apps that will work), and is pretty slow (well, it's a dual core Cortex-A9 @ 1GHz but that is slow these days). Thankfully XCode still supports targeting iOS 9.3 so I set about writing an app to put this thing to use. About the only thing I could think of that I would actually use this thing for is... a digital picture frame.

More (15%) …

August 12, 2019 @14:45

IPv6 vs HTTP/2.0 About 8 months ago I augmented the AWStats based monitoring of my web sites with an InfluxDB, Grafana and JavaScript solution to collect user agent metrics. In looking at the data the thing that jumped out at me the most was the rate of adoption of HTTP/2.0 versus IPv6.

More (23%) …

July 10, 2019 @16:00

git push output Hooks are a great way to execute various tasks as part of your git(1) workflow. Since I run my own repository server I have plugged a number of different things into my repositories, both private and public. There are several previous posts where I discuss some of them.

More (22%) …

June 25, 2019 @11:31

I am sure I am in the minority of mobile users (though probably not a small minority these days, especially among the technically apt) in that I try to only use mobile applications where they provide a large amount of concrete value over the mobile website. The inability to sanely audit applications in conjunction with their ability to exfiltrate way more data than a mobile website raises the bar I set to a much higher level.

More (37%) …

Original: April 04, 2019 @09:35
Edited: October 19, 2021 @11:30

I have mentioned a few times that I rely on OpenBSD VPNs to ensure that clients outside of my home network get the same level of protection as they do inside. This means that I can use already existing DNS and proxy infrastructure to prevent various malvertizing, tracking, beacons, and poorly behaved applications and websites from leaking personal information, and I can prevent wifi hotspots from analyizing my traffic or injecting JavaScript. Creating the actual infrastructure is out of scope for this post, but I did previously post some information about what the DNS configuration looks like.

More (8%) …

April 02, 2019 @18:10

I really don't want to sound like the old man yelling at a cloud here; however, sometimes you need to. When DRM first appeared as a way to sell digital goods on the Internet and prevent the dreaded piracy and sharing that was certain to be the downfall of all capitalism and hurl us into the darkest night, the Internet was, as you might expect quite put out.

More (15%) …

Subscribe via RSS. Send me a comment.