Ten years ago

Since about 5:30pm last night, we have had the keys to our home for ten years. After the mad scramble to clean out the rented unit in Sydney, we took our time driving up the coast before pulling in to the driveway and collecting the keys from the letterbox. The house was dark and very, very empty. We wondered what we'd gotten ourselves in to ("eeeek, it's real!").

The next day, our belongings arrived - the 20ft shipping container that everything fit into had gone via train and then truck. Charlie (codercat) arrived the day after that, and was rather grumpy. I don't think she liked flying or being cooped up.

Since that day in 2007, we've done a few things: turned the second garage space into my home office, renovated the pool, kitchen and laundry, gone through IVF to bring our two amazing children into this world, gotten through J's brain tumour and treatment, and tiled the loungeroom.

We've met so many people who have changed our lives since we moved into the area, people who we might never have met if we had moved to a house even a few streets away.

We had a small celebration of the event for dinner last night: I cooked J the dish that I first cooked for her, and we had a rather nice bottle of bubbly.

Here's to the next ten years!

On encryption and backdoors

For those people who think that it's appropriate, measured and useful for the Attorney General Senator George Brandis and Prime Minister Malcolm Turnbull to be talking about forcing tech companies and ISPs to insert backdoors into their products to enable near real-time decryption of messages, my colleagues in the IT Professionals Association (formerly SAGE-Au) have something for you to consider right now:

https://www.itpa.org.au/news/federal-government-again-gets-it-wrong-when-suggesting-it-policy-direction/

We've already had the Crypto Wars, and the insanity which was the Clipper Chip. We don't need to revisit that time. We don't need to go back to the time when encryption was decreed to be a munition, and therefore subject to export controls.

Don't think this is just about messaging (whether instant or email), either. Think about your internet banking options - not feasible to trust without strong encryption. Think about the intellectual property or your client records which your company has developed, keeps behind a firewall and requires authentication to access.

Think about your personal health records. Your tax records. The security of all these things from people who could and would do you harm is compromised when governments mandate backdoors into the security software which protects them.

What we really, desperately, need, is for government (of all stripes, and in all countries) to recognise that they cannot solve their terrrrrrrism problems by making everybody less safe.

Maths isn't the problem here.

An easy way to generate a contact sheet in MacOS

We're getting ready for J's 40th birthday, and asked a good friend who's handy with presentation software to put together a photo-based invitation for us to print. Which worked nicely until we got to the point of wanting to put four of them on the same A4 page.

My first few attempts were to convert the pptx to pdf, then import into GIMP, scale and then put four copies into one new image. This failed miserably when it came to the text - full of jaggies.

What I needed was a contact sheet.

Most of the hits you'll see in a simple search are for creating contact sheets with Adobe products such as Illustrator, Photoshop or Bridge. Since I don't have those, I tried using psnup and psbind, but couldn't figure out the right invocation. Then I went back to GIMP, and found Indexprint, but that wasn't quite right either.

Finally, in desperation I went back in to PowerPoint, copied the slide another 3 times, and then chose Print to PDF. I had a quick look in Preview.app, and went wandering through the print dialog and noticed the Layout menu. That menu had just what I needed - 'n' pages per page!

4up preview

A few minutes later and lp2onfire has delivered a nice A4-sized photo contact sheet.

An SMF service and manifest for Smokeping

A few weeks after we got our NBN HFC1 service up and running, I set up Smokeping, which has been quite useful. What I forgot to do was create an SMF manifest and service script for it, so I missed a few days of monitoring when I updated to a newer build of Solaris.Next (or whatever that release ends up being called).

I've now fixed that oversight and thought I should share what I'd written. My installation is at /opt/smokeping/2.6.11, for the record.

Firstly, the manifest:

<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
 Copyright (c) 2017 James C. McPherson. All rights reserved.
-->

<service_bundle type='manifest' name='smokeping'>

<service
    name='network/smokeping'
    type='service'
    version='1'>

    <create_default_instance enabled='true' />

    <single_instance/>

        <dependency
                name='smokeping'
                type='service'
                grouping='require_all'
                restart_on='refresh'>
                <service_fmri value='svc:/network/http:apache24' />
        </dependency>

    <exec_method
        type='method'
        name='start'
        exec='/lib/svc/method/svc-smokeping %m'
        timeout_seconds='600' />

    <exec_method
        type='method'
        name='stop'
        exec=':kill'
        timeout_seconds='60' />

    <exec_method
        type='method'
        name='restart'
        exec=':kill'
        timeout_seconds='60' />

    <exec_method
        type='method'
        name='refresh'
        exec=':kill'
        timeout_seconds='60' />

    <template>
        <common_name>
            <loctext xml:lang='C'>
                Smokeping latency graph
            </loctext>
        </common_name>
        <description>
            <loctext xml:lang='C'>
Provides information about upstream connection latency.
            </loctext>
        </description>
    </template>

</service>

</service_bundle>

Now for the script itself:

#!/bin/sh

#
# Copyright (c) 2017, James C. McPherson. All rights reserved.
#

. /lib/svc/share/smf_include.sh

SMOKEPING=/opt/smokeping/2.6.11/bin/smokeping
PIDFILE=/var/smokeping/var/smokeping.pid


case "$1" in
'start')
        # check to see if we're still running
        if [ -f $PIDFILE ]; then
                ps -fp `cat $PIDFILE`;
                if [ $? -eq 0 ]; then
                        # still running, exit
                        exit 0
                fi
        fi
        rm -f $PIDFILE
        $SMOKEPING
        ;;

'restart')
    $SMOKEPING --restart
        ;;
'refresh')
    $SMOKEPING --reload
    ;;
'stop')
        pkill smokeping
        rm -f $PIDFILE
        ;;
'*')
        echo "what do you want to do?"
        exit 99
        ;;
esac

You can download the manifest and method script directly if desired. For use, place the manifest in /lib/svc/manifest/site and svcadm restart manifest-import. Place the script in /lib/svc/method. Enjoy!

I need a clock

In early December last year we replaced the unspeakably disgusting carpet in the loungeroom (it had been there since the house was built in the mid-80s) with some rather nice tiles. Fallout from that process involved getting rid of our Ikea Billy cd shelves, moving a bookcase from one wall to another, and EOLing (end-of-life) our Beyonwiz DPP2 pvr. We haven't recorded live tv in a ~very~ long time, so the DPP2 was a rather expensive way of providing an ntp-anchored clock.

J expressed a desire for a replacement clock, and I've always appreciated having an actually accurate clock. So I acquired an Adafruit PiTFT panel. After being surprised that I had to solder the 40pin socket connector myself (not having soldered anything in more than 10 years), I managed to do it sufficiently well that the device was fine on boot and got a working display:

First boot with the PiTFT attached

Now since the Pi in the loungeroom runs OSMC, that is, it's an appliance, it doesn't have the requisite Adafruit drivers in its repo. So... time to build a fresh kernel.

I build fresh Solaris kernels several times a day, and in 2014 Tim, Mark and I delivered a major rewrite for how we actually build core Solaris. But I haven't built a linux kernel in about 20 years - I had to go looking for instructions on where to start! I've taken my lead from *khAttAm* and now I've got the repo building on the pi. It's going to take a while, though, because (a) the pi is fairly low-powered, and (b) I've set it up so that the OSMC home directory is actually mounted from our Solaris media server so we don't run out of space with the media db.

Anyway, once that kernel and its modules are built, I hope to schlep them into place, suddenly have a /dev/fb1 on which to display this:

#!/usr/bin/python3.4

# from http://stackoverflow.com/questions/7573031/when-i-use-update-with-tkinter-my-label-writes-another-line-instead-of-rewriti
# only slightly modified


import tkinter as tk
import time

class piClocknDate(tk.Tk):
    def __init__(self, *args, **kwargs):
        tk.Tk.__init__(self, *args, **kwargs)
        self.maxsize(width=320, height=240)
        self.resizable(0, 0)
        self.title("rpi Clock")
        self.fontC = "helvetica 36 bold"
        self.fontD = "helvetica 18 bold"
        self.padc = 40
        self.padd = 50
        self.clockL = tk.Label(self, text="", font=self.fontC,
                               padx=self.padc, pady=70,
                               foreground="light blue", background="black")
        self.clockL.pack()
        self.curdate = time.strftime("%d %B %Y", time.localtime())
        self.dateL = tk.Label(self, text=self.curdate, font=self.fontD,
                              padx=self.padd, pady=70,
                              foreground="blue", background="black")
        self.dateL.pack()

        # start the clock "ticking"
        self.update_clock()
        self.update_date()

    def update_clock(self):
        curt = time.localtime()
        disptime = time.strftime("%I:%M  %p" , curt)
        secs = int(time.strftime("%S"))
        padx = self.padc
        if secs % 15 is 0:
            padx = self.padc - 10
        self.clockL.configure(text=disptime, padx=padx)
        # call this function again in one second
        self.after(1000, self.update_clock)

    def update_date(self):
        newdate = time.strftime("%d %B %Y", time.localtime())
        if newdate is not self.curdate:
            self.curdate = newdate
            self.dateL.configure(text=self.curdate, padx=self.padd)
        self.after(1000, self.update_date)


if __name__== "__main__":
    app = piClocknDate()
    app.mainloop()

Turning off comments

Late last week there was some idle chatter in an internal channel about blog software. Quite a few of my colleagues run their own websites, often using a Solaris 11.3 kernel zone. I mentioned the software that I've been using (well-known) and one particular colleague was aghast.

He recommended that I investigate a static site generator, such as Jekyll or Hugo.

I spent quite a few hours mucking around trying to get Jekyll to work - and I assume that if I hadn't wanted to import my old site and have simple image galleries then it would have been find. However, it didn't work out for me, so I decided to give Hugo a shot. Within a few hours I had got most things working, and just needed to tweak the image gallery thing a bit. Carefully following the instructions at http://www.thehome.dk/article/photoswipe-gallery-hugo/ (and remembering to put my wp-upload hierarchy under $TOP/static) got me a much nicer post about our new pool. While over time I will go back through old posts and prettify them, I've only done a few for the moment.

It's going to take me a while to get used to Markdown, and I'm sure I'll wind up with a bit of javascript too. The major change, however, is that because Hugo is a static site generator, comments don't fit into the scheme unless you use a service like Disqus. I'm not all that interested in doing that, so if you like what I've written somewhere (or wish to let me know about a broken link), please email me instead.

The end of an era

Today marks the end of an era for us - as of this morning we've churned our landline from Internode across to Skymesh, so our connections to the world are all digital. I've unplugged the RJ-11 connectors for the POTS, removed the line filter, and have a shiny-ish ATA on the desk underneath the phone base station.

When I was going through the signup process for our rather nice HFC connection, Internode was unable to confirm that we could keep our landline number when going VoIP. I was sad about it, but not too sad - we would have gotten a new, unlisted number instead. The brief flirtation with MyRepublic also saw the prospect of a new number and I was fully expecting Skymesh to say the same thing. However, when I received the notification from their systems on Monday, I was delighted to see that we've kept our number. {That's made a few family members happy as well!}.

Weeeee – nbnco HFC and a new ISP!

A few weeks ago we received a nice little letter from nbnco, advising that we would soon be able to get an HFC connection installed.

I was disappointed to discover that Internode was not going to offer either static IPv4 or an IPv6 service, let alone their Professional pack with NBN connections, and cast around for another ISP. Word of mouth got me to Skymesh and guineapig status (since they haven't formally started accepting HFC connections).

Since we're quite happy with the functionality of the Mikrotik CRS109-8G-1S-2HnD-IN, I declined purchasing a new modem; the nbnco installer provided the Blessed Arris cablemodem and all I needed then was for the connection to be activated.

Once it was, I very quickly reconfigured the mtik to do what I needed. Since Skymesh is using IPoE, I disabled the pppoe client activity. I also needed to change my firewall rules a little, to reflect that actions should be occurring on a different physical port (which I had to remember to take out of the bridge). Finally, a bunch of mucking around with IPv6 address assignment got me to the point where traceroute6.net was able to ping my server's designated public address. Yay!

While Skymesh doesn't offer PTR records, I'm still able to get A, AAAA, CNAME and MX records setup, courtesy of the free service at https://www.dynu.com.

Now that we're back up and running with a shiny new connection, I'm really pleased to see that http://beta.speedtest.net/result/5894030060 is pretty much what we get for both uploads and downloads on wired connections. Last week I celebrated that by having an hour-long video chat with a colleague down in Melbourne. With the 720p camera in my mbp, over the wireless connection. No dropouts, no blockiness :-)

I need to set up Smokeping, and see about a few other analytics things I can get going, but in general it's been a seamless transition.