TLS all the things

Passing thought, if I’m willing to go through the bollocks of setting up a bunch of name servers and probably rolling a DHCP host or two, I should investigate how possible it would be to run an ACME based setup on a private network; Ala auto renew your own self signed certificates.

Yes, yes, I know I’m a pain in the ass 😝

Home network version 7

Recently, I decommissioned my ASUS RT-AC68, A.K.A. the single best piece of networking equipment that I have ever owned (and at this point, the chief contender is a null modem cable). <S> for your decade of service little guy!

Based on the ASUS’s iPhone 4 grade horsepower and almost fast enough speed of Wi-Fi 5 having lasted so long, the key choice in replacing things had two major criteria:

  1. Wi-Fi 7 (802.11be) support.
  2. Mesh network.

The first criteria is driven by the fact that if I’m doing it now as Wi-Fi 7 goes gold or within a few years as more equipment becomes available, it makes no sense to select outgoing Wi-Fi 6[E] equipment — when I plan on using this gear until the tires fall off. Literally, my only complaint about the old guy was the Wi-Fi reception between hosts situated on the exact opposite end of the house from where the modem is located. Yup. Shion, Rimuru, Zeta, Deck, etc are in the same room and all have wireless connectivity but since the access point is at the furtherest distance possible that means local communication suxor. I.e., downloading from Steam == awesome because ASUS AC68, mother fucker; but I/O between Zeta and client machines != so great.

Which generated the second criteria. My segregated IPv6 network on the desk works pretty well, not that Zeta was intended to be functioning as a router among its myriad of other tasks. This makes for some things that are just inconvenient like running service VMs attached to Ethernet, and then wanting to access them in other rooms over wireless. Not to mention dealing with the split domain problem.

Enter the successor: Eero Max 7! In addition to having the chutzpah to compete with the decade old ASUS (the Ferrari of wireless networking back then), each node comes with a pair of 2.5G and 10G Ethernet ports (and a credit card bill😂), which future proofs it in a world where gigabit is becoming too slow. In theory, the system should last until Wi-Fi 7 is the new 802.11g (Wi-Fi 3), or Eero stops working. ASUS was still delivering firmware updates a decade later, which was crazy but appreciated.

Using one mesh node to function as a gateway and pump out signal at that end of the house, and another node situated in my study: this effectively solves the division of networks. My desk’s separate IPv6 network is now demissioned on the software side (Zeta doesn’t mind, lol) and its physical is now a gigabit switch to the local Eeero node. Zeta has a direct connection. But with most of my devices being Wi-Fi 5 on the 5 capable, that should be less of a concern.

So now wireless is pumping out my modem speeds instead of up to 1/3″ when sitting at this edge of the solar system. The old guy could bring the signal like a champion, but Wi-Fi 5 is only when wireless started to deliver “Fast enough” to compete with wired and we’re literally hitting the edge cases 😛.

There is only one real problem with how Eero is a “Basics only” approach to network configuration. See, I’m a DNS kind of guy. I’m not typing 128-bit fucking addresses, and you can take your 32-bit IPv4 addresses and shove them up a post note. Typing IP addresses does not scale when you have more devices than room on a post it note.

Aside from its awesomeness as a wireless router, there is one superb thing that the ASUS AC68 did that made life great. Like many a router, it let you specify a domain for the gateway and defaulted to its own caching DNS resolver. That’s common enough. But it went a step further. The DHCP and DNS was auto stitched together so that modern DHCP clients led to

That is to say, “zeta.home” would just work by setting my server’s hostname to “zeta” and connecting it to DHCP. No need to give a flying fuck about manually configuring a DHCP reservation or even what the IP assignment was, although I used to do reservations for infrastructure as an ‘insurance’ policy.

Then enter Eero where the dealio is: “We don’t care if you give us money, that’s not our problem!”

Which means in solving my routing troubles, I went from the annoyance of wishing I could maintain separate A / AAAA records to “What the fuck, is this the darkages?” which is not a problem that I appreciate, but it is a problem that I can solve easier than running an Ethernet drop across the attic space.

Phase one of this solution was to create a new virtual machine on Zeta, taking advantage of the fact that part of replacing Cream was wanting a system that could function as a VM or container farm. Easy peasy, lemon squeezy it’s an authoritive DNS server with control over “home.arpa.” and functioning reverse DNS because I’m a pain in the ass who doesnt like to do things by halves. That wasn’t so bad, give or take having to remember the fun that is editing zone files. I’ve used .home for a long time now, but figured that I may as well migrate to the .home.arpa convention that replaced it if I’m doing all this crud.

Phase two of this solution was to create a second instance. See, most clients will just send their queries to the first DNS and use the second as a failback. People often think, “Hey, I’ll just put my zones on this and let the other DNS do the other stuff,” and then wonder why nothing works the moment a client starts sending queries to another resolver. There’s also reasons why DNS always comes in at least pairs! Hell, the Internet was made to take a nukin’ and keep on truckin’ so survivability is a thing.

But obviously it’s a bad idea to configure another VM on the same server, or Zeta itself as the second DNS. Plus from a paranoid perspective, it would be kind of nice to put the “Ahh, I’m working on Zeta” safe guard across the building where the gateway is. Thus phase two takes a Raspberry Pi Zero W that’s been waiting on me to solder an RaSCSI for, and turns the machine into a secondary DNS server for home.arpa. For extra abuse the primary and secondary nameservers run on different operating systems with one being run natively on the Raspberry Pi’s OS and the other being a virtualized Red Hat instance on the central server.

Then enter phase 3! Being able to resolve external DNS (e.g., Google), zone transfers, reconfiguring the Eero for custom DNS, being happy not to have misstyped the IPv6 addresses, security wrangling, and testing fail over scenarios. Not to mention documenting the key details in my notes system being I’m that kind of pain in the ass.

The next sticking point however is where the magic happens. See, it’s not rocket science to have a DHCP and DNS server cooperating for the hostname -> hostname.domainname magic. If you’re using dhcpd and bind, the harder trick is knowing that you can actually do that.

But as far as I can tell, Eero’s software doesn’t support a separate DHCP server without running in bridge mode, and that would bring my AC68 out of retirement, so for right now I have zone files configured for key systems only. Phase 4 will likely be to address that after the system gets more stress testing.

It seems that Eeero uses DHCP for IPv4 and IPv6 clients are left to SLAAC, which is great IMHO. I’m all for that because between Stateless Address Auto Configuration and Neighbor Discovery features, you can pretty much just say fuck it and IPv6 hosts will do the right things unless your network is stupid(tm). Unlike an IT department, most of us don’t need to log every single precipice of our network’s activity and aren’t paranoid enough to want to do that at home.

Possible solutions may be to configurize DHCPv6 and ignore IPv4, or see if the good old respect meh authority trick would get the Eero to delegating DHCP to a dedicated server under my control without having to wrestle with the Eero trying to run its own dhcpd, or getting creative with firewalling.

Other than an as an alternative to Names I don’t really care about IPv4 locally anymore, since the things I have that require IPv4 are in the same club of things that know what Apple Talk was–that is to say, equipment so old that it passed old enough to buy beer and entered the old enough to have kids in school vintage of computer hardware.

But in any case, the DHCP portion of things shall be a battle for another time.

CMOS Reminder

Best way to remember that Stark’s CMOS battery needs replacing: plugin, let’em charge, boot up, oh hey BitLocker.

On the upside being anal retentive about such things, it was more of a pain in the arse to input my recovery key and decrypt the system drive than to actually find where I had encrypted that 😁

Tomb Raider Remastered

One of the games that I’ve been waiting for has recently released, and largely consumed my Saturday plans. That’s of course, Tomb Raider I-III Remastered.

Whereas Tomb Raider: Anniversary took the settings and general concepts and made a decent to good Tomb Raider game out of modern technology, it quite rapidly bugged me. Almost nothing about the game connected with my childhood. So while I enjoyed that, it was also disappointing. And quite franky, I think that the 2013 – 2018 Survivor trilogy has become the best Tomb Raider games we’ve got since the original PlayStation.

Tomb Raider remastered however is *exactly* my childhood! It’s literally a 1:1, or as much as it can be with the PC’s save anytime you like system instead of the silly save crystals used in the Sony PlayStation release. Which quite honestly, I prefer the PC approach because you can say fuck it and reload a save right before a series of difficult jumps, or a room that’s liable to break your neck or cause drowning.

The original Tomb Raider was one of the games of its era that I enjoyed as a kid. Both playing it myself and watching my brother play through the entire trilogy. I loved that the game spent more emphasis on exploring and circumnavigating the tombs than on running around shooting things, which is more or less why I didn’t care for TR3 at all. The original is kind of unique among Tomb Raider games, and has never quite been replicated — it’s also one of my favorites 😁

One of the remaster’s better features IMHO is the ability to toggle between the remastered graphics and the classic graphics, similar to the remaster of Halo CE. In classic mode, it’s like looking at my childhood, if you had a crystal clear rendering to a 4K screen instead of a PlayStation hooked up to composite video and a tube TV, lol. In remastered graphics, the game remains very faithful and it is superbly respectful of what the original game looked like: while also improving upon it! The only alteration that I find obvious is that in classic mode, med packs use a green cross rather than a red, similar to modern releases of DooM ’93 and Doom II.

Something that’s also refreshing and horrifying is the mechanics. Literally, they are the same. This means you must play their way or you’ll find yourself leaping off a ledge in frustration. Stella’s Tips & Strategies page was actually a better crash course in remembering how the system worked than the tutorial. If you have any problems with the games mechanics, seriously hit up that page and the video of the running jump, and then go back to Lara’s house and practice until all of the jump exercises in the ball room are easily doable. If not, you’ll end up rage quitting before ever leaving Peru 😝. The mechanics aren’t hard, but are no longer natural, and seemingly require tank controls, and TR may be the only ’90s era game where those were actually a good thing compared to modern controls.

In fact, if you ever need a guide on a TR game, I highly recommend Stella’s site. We now live in the world of Google, Game FAQs, IGN, Wikia, and countless other just Google it and you’ll either find a walkthrough or a clue somewhere. But Stella’s guides are probably the best resource you’re ever going to find for the original Trilogy, and good options for any of the later TRs I’m sure.

Back in the day, we spent lots of time trying to figure out the original Tomb Raider. At some point, my brother probably bought the strategy guide because he usually bought those for every game. Heck, I can still remember Saint Francis’ Folly and the various puzzle rooms. Our mother never had an interest in video games or really, games at all. Us having questions about Greek and Egyptian mythology in our search for puzzle-room solutions was probably the closest she ever came to playing a game with us.

If you want to video game like it’s 1996, go play Tomb Raider!

Dahlia in Bloom

Of late, I’ve found myself in that odd spot of reading a series where I think, maybe I should switch series or nah, give it a few weeks and I’ll be caught up 😄. Last night as I started volume 8 of Dahlia in Bloom, and I’m reminded that it’s going to be a while. Based on Wikipedia, I believe that volume 9 was released in Japan back in December, so it will probably be summer time by the time an English translation lands.

I’ve really enjoyed the series so far, perhaps because in many ways: it’s protagonist and I have similar natures. Dahlia’s antics as a craftswoman and a certain joy in cooking, are things I’m rather able to relate to and the series makes for a good slice of life. The side thoughts of both Dahlia and Volf also remind me of the experience of first love, which sprinkles a nice touch on the romance side-plot that just makes you want to root for the lead characters, and sigh with the supporting cast.

In volume 1, the story begins with Dahlia Rossetti about to move into a new house the day before her wedding. Only, as it turns out her fiancé, Tobias, has suddenly found “True love” with another woman and leaves Dahlia holding the bag as it were. The out pouring of friendship and support from those around Dahlia is wonderful, and quickly snowballs into the craftswoman forming her own trading company to support both herself and the development of new magical tools. It’s a big leap, but she resolves to hold her head up high and follow her dreams as a magical toolmaker even if that means becoming chairwoman of the Rossetti Trading Company.

When she encounters Sir Volfied, crawling out of the forest battered and bloody from being carried off by a wyvern it isn’t long before the chance encounter with Volf and Dahlia’s own nature, brings her into doing business with knights of the Order of Beast Hunters at the castle. At first, Dahlia is merely trying to use her talents to make Volf’s expeditions with the beast hunters easier. But of course between Dahlia’s ingenious crafting and Volf’s unexpected salesmenship, business is soon booming. Dahlia’s desire to bring people happiness through her magical toolmaking, soon finds her products in demand with both the knights at the castle, and with commoners and nobles alike.

Along the way, there are many bits of amusement and slice of life joy. Volf becomes a frequent dinner guest at the tower that Dahlia calls home and workshop, soon coining the name, “Green Tower Diner” and wishing she would open a restaurant — good food and drink abound. Not to mention the experiments in trying to produce a magical sword, which range from the mildly terrifying Sword of the Dark Lord’s Minion and the unnerving “Creeping Sword” all the way to the Galeforce Blades when you combine the insanity of a knight and a magical toolmaker 😅.

The story takes itself mostly seriously, but like any good series: isn’t afraid to take itself humorously either. I especially enjoyed that when Dahlia is called to the castle to advise the knights on stamping out athlete’s foot amongst the order of beast hunters, she finally looses her cool when the senior knights are about ready to chop off their legs and have the temple regrow them and she’s just trying to convince them to properly clean their bath mats. And of course there’s what happens when Volf implies that if her father had the condition and she knows so much about controlling the infection, surely she must have shared the knight’s plight as a young woman. The reaction of the senior knights is awesome, and quite frankly the artist’s rendition of the look on Dahlia’s face is kind of priceless! The issue of course tends to pop up from time to time, with one of the nick names chairwoman Rossetti has received being “The goddess of athletes foot” once youngsters shorten out the part about eliminating it, lolololololol.

For bonus points, each volume ends with an epilogue about Dahlia and her late father, Carlo. Often relating to some magical tool they worked on in her youth and revealing aspects behind the curtain that are flashed back from the old man’s point of view. Ranging from great amusements like Dahlia trying to create a hair dryer as a child and accidentally creating a flamethrower, or having to dismantle a prototype kotatsu because her father was treating it like a turtle carrying its shell around. Likewise, plot points beyond that abound. See, Carlo Rossetti had a plan to support his daughter Dahlia even after he was gone to his early grave. In part of this, we have the running gag of sorts first brought up by the vice-guild master of the merchant’s guild in volume 1, and well, you’ll just have to read the book if you want to know more 😝

Floating day

Today has been what I would call a “Floating day”, or a day in which nothing and everything got done because I floated between various things rather than tunnel visioned on a specific activity.

This morning saw me finally setting up my nano leaf light panels near the reading nook, which amounts to about half of my hexagon shaped panels. It remains to be seen if they will stay up, or come down, but as long as the drywall and the paint is fine then I’ll be happy enough. The command tabs are probably stronger than the vendor’s original sticky pads.

Insert a bit of zombie slaying and various odds and ends, like cursing giving into double-points weekend on my Kindle reading list, and it wasn’t a bad afternoon either. But the real plan was to take out some meat to warm up and read for a bit. A nice sit, a nice read, and the panels are still on the wall 😅

For dinner, I decided to make something that I haven’t made in ages: Salisbury steak. In the great debate of sides, I ended up making home mashed potatoes and roast broccoli because the potatoes need using up and I’ve got plenty of both. Augmenting this plan was sautéing some onions to set aside, and then making a pan sauce to finish the meat in. Sadly, in my aim to avoid leftover sauce it reduced to nothing by the time the meat was finished, but the Salisbury steak came out perfecto 😘. Nice crusting on the outside and tender on the inside.

Follow it up with a bit of wine while I finish cleaning the kitchen, and I’m inclined to call it a success just the same. All in all, I’ve gotten “Nothing” done as it were but “Plenty” got done, so I’m still contented. More importantly, with it being about -9 C outside this morning: I stayed the fuck in doors!

SG-1 and P90s

I always wondered a bit how SG-1 ended up switching to the P90, as opposed to you know, an M4 style carbine. Had figured it was just the cool space aged thing at the time, and I suppose the P90 kind of was back then.

Google + Robots = SkyNet?

Seeing this post on The Verge about Google droids and safety guard rails, I am reminded that since about the time Gmail was created: I’ve long thought that if such A.I. were easier to create, SkyNet would be lurking somewhere in one of Google’s data centers, shaking its digital fist at us for how hard it is to dupe humans into building better terminator bodies for it.

Okay, I guess we may be crossing that point 😅

Dinner managed

One weekend trend that I have noticed is that dinner either becomes something done early and more involved or done late and more simply, most often this collates to whether or not I spend too much time at my desk (^_^).

Coming across a one pot beefaroni recipe, I decided to try a curious idea from this: using stock in the reduction. In my case, I went with my own way of making beefaroni which is to say a lot more pasta, heavily seasoned to my tastes, etc. But at the point where I would normally add a jar of pasta sauce, I threw in a cup of unsalted beef stock. And I have to say this made for a freaking delicious result.

Since encountering unsalted soup stocks, I’ve been trying to incorporate more of that into my cooking. Mostly, I’ve not used a lot of stock in my own cooking, as most I’ve previously encountered can be summarized as “Salt” and that’s not good for my blood pressure at this point. Plus, as noted previously, I don’t tend to make soups and stews all that often.

In general, I find one-pot style beefaroni makes it harder to get the consistency of the macaroni right compared to the two pot approach, or just setting aside partially cooked macaroni in a collendar. But the beef stock definitely was an improvement over the sauce and seasoning approach alone. I’m not quite sure if the two pot approach would give enough time to reduce enough stock to have the same effect without overcooking the macaroni, but I can’t say that I really mind one less pot to wash either. In any case, I’m calling this experiment a success.

Plus the strawberries and cream for dessert didn’t hurt my dinner plans any either 😀