.plan file updated again.

Apr 16, 2017

I've updated my .plan file yet again.  As per usual, NSFW content, out of context quotes, and things that put your keyboard and display in danger at work abound.

OpenVPN, easy configuration, and that damned ta.key file.

Apr 15, 2017

Now that ISPs not selling information about what you do and what you browse on the Net is pretty much gone, a lot of people are looking into using VPNs - virtual private networks - to add a layer of protection to their everyday activities.  Most of the time there are two big use cases for VPNs: Needing to use them for work, and using them to gain access to Netflix content that isn't licensed where you live.  Now they may as well be a part of everyday carry.

So: Brass tacks.  Here's a quick way to set up your own VPN server, as well as a solution to a problem that frustrated me until very recently.  For starters, unless you're an experienced sysadmin don't try to freestyle the setup.  There is an excellent script on Github called openvpn-install that will do all of the work for you (including adding and deleting users) in less than a minute.  Use it to do the work for you.  Please.  Also, if you build an OpenVPN server, consider going in with a couple of friends on the cost.

Chances are you're running either Windows or Mac OSX (Linux and BSD users, you know what to do) so you'll need an OpenVPN client on the users' end.  This means that you want to run either the Windows version of the OpenVPN client or an OSX client like Tunnelblick.  However, these clients assume that you're just loading an all-in-one configuration file, called an .ovpn file.  If you've never done it before they're remarkably tricky to build but they're basically a copy of the OpenVPN client.conf with all of the crypto keys embedded in special stanzas.  It took me a lot of fumbling and searching but I eventually figured out how to reliably make them.  To save you some time here's a copy of the one I use with all the unique stuff removed from it.  If you open it in a text editor you'll notice a couple of things: First, the very first non-commented line says that it's for the client and not the server.  Second, I have it configured to use TCP and not UDP.  This is so that you don't have to reconfigure the firewall you're behind to get your traffic through.  Keep it simple, trust me on this.  Third, the ca, cert, and key directives are commented out because those keys are embedded at the end of the file.  Fourth, I have tls-auth enabled so that all traffic your server will handle is authenticated for better security.

If you freestyle (that is, build by hand) your OpenVPN server, you'll need to keep in mind the following things:

Click for the rest of the article...

Neologism: Kinetic pattern baldness

Apr 15, 2017

kinetic pattern baldness - noun - The characteristic hourglass-shaped pattern of hair loss in both men and women that results from tearing one's hair out in frustration on a regular basis.

Setting up converse.js as a web-based chat client.

Apr 09, 2017

As not bleeding edge, nifty-keen-like-wow the XMPP protocol is, Jabber (the colloquial name for XMPP I'll be using them interchangably in this article) has been my go-to means of person-to-person chat (as well as communication protocol with other parts of me) for a couple of years now.  There are a bunch of different servers out there on multiple platforms, they all support pretty much the same set of features (some have the experimental features, some don't), and the protocol is federated, which is to say that every server can talk to every other server out there (unless you turn that function off), kind of like e-mail.  You can also build some pretty crazy stuff on top of it and not have to worry about the low-level stuff, which isn't necessarily the case with newer protocols like Matrix.  There are also interface libraries for just about every programming language out there.  For example, in my Halo project I use SleekXMPP because it lets me configure only what I want to out of the box and handles all of the fiddly stuff for me (like responding to the different kinds of keepalive pings that Jabber clients send).  Hack to live, not live to hack, right?  There are also XMPP clients for just about every platform out there, from humble Android devices to Windows 10 monstrosities.  However, sometimes you find yourself in a situation in which your XMPP client can't reach the server for whatever reason (and there are some good reasons, let's be fair).

Click for the rest of the article...

Neologism: Debuggery

Mar 21, 2017

debuggery - noun - The unshakable feeling that your code is completely fucked when you spend multiple all nighters in a row tracking down a single annoying bug that winds up not being in your core code, nor any modules you've written, nor any of the libraries you're using, but in a different part of the system entirely.  In other words, your code is so poorly architected that you can't tell when problems aren't actually in your code.

Ghost In the Shell: A disappointing hack.

Apr 09, 2017

Last Thursday I made the probably unwise decision to see the live-action interpretation of Ghost In the Shell starring Scarlet Johannson at the local movie theater.  The terrible weather in the Bay Area aside (continual rain, Washington DC-like cold, gusts of wind up to 50 miles per hour), it's just not a good movie.  I was expecting a half-assed retelling of the original movie's story with additional Hollywood elements, and I wasn't disappointed in that respect.

tl;dr - Don't bother.  ScarJo's new movie is a bad cosplay that'll leave you feeling like you just took some pills a random person in a bar gave you and washed them down with a double something, straight up.

Click for the rest of the article...

Symmetric bionic augmentation.

Apr 06, 2017

Something that's always bugged me about science fiction is the lack of common sense of characters' bionic enhancements.

No, I'm not going to call them cybernetics.  RPGs and movies have it wrong.  Those aren't cybernetics, they're bionics.  The former is a feature of the latter.

Characters pretty much always seem to have their augmentations installed bass-ackwards.  Most of the time their positioning doesn't make sense at all.  Let's look at some handedness statistics: Depending on where you are, between 2% and 12% of people are left-handed.  Depending on your upbringing (if you were born left handed in some places, whether or not you were socialized to favor your right hand anyway) your grip strength with your off hand may be off by almost 11%,with a requisite difference of manual dexterity.  This makes sense because your off-side is always a little behind but training and practice can make up for that.

So, postulating advancements in technology, why would you have your dominant side augmented and your non-dominant side not unless you absolutely had to?  Let's look at a character from a fairly recent movie who is a prime example of this.  Watching Logan, this particular character appears right handed throughout the story, uses his left hand only under duress, but for whatever reason had his right hand replaced with a presumably stronger and more durable prosthesis.  It would make sense, from is observable in the movie, for him to have had the limbs on his non-dominant side replaced with prostheses to make up for the lack of strength and dexterity.  I mean, it's a movie with superheroic mutants, powerful telepaths, and offhand "Hey, let's hack your genome" levels of technology, I'm pretty sure that the surgeons could have gotten his left hand up to scratch pretty easily.  If you're a candidate for augmentation, you could either have something you're already good with replaced, and spend maybe twice as much time getting both sides of your body roughly equal, or you could have your less-good side worked on, which you're going to need to rehab and train anyway.

Neologism: High Gibson

Mar 18, 2017

High Gibson - noun, genre - Science fiction in the cyberpunk genre that makes no bones about being inspired by William Gibson's classic works.  Stylistic influences, tropes, and character archetypes are easily recognized as being inspired by the Sprawl Trilogy and the Burning Chrome short stories.  Compare with high fantasy.

What the loss of the Internet Privacy Bill means to you and I.

Mar 30, 2017

It's probably popped up on your television screen that the Senate and then the House of Representatives voted earlier this week, 215 to 205, to repeal an Internet privacy bill passed last year.  In case you're curious, here's a full list of every Senator and Representative that voted to repeal the bill and how much they received specifically from the telecom lobby right before voting. (local mirror)  By the way, if you would like to contact those Senators (local mirror) or Representatives (local mirror) here's how you can do so... When the bill hits Trump's desk it's a foregone conclusion that he's going to sign it.  Some of the talking heads are expressing concern about this, while others are cheering that the removal of this regulation is an all-around win for the market, blah blah blah... but what does this actually mean for you?

First of all, if you're reading this, welcome to the Internet.  You're soaking in it.

Second of all, please read this blog post (local mirror) by the EFF.  Just a few years ago, a couple of very large ISPs (that you're probably a customer of) got caught doing things like monitoring your web searches and hijacking them with different results they were paid to insert and analyzing your net.traffic to figure out what advertisements to inject in realtime.  The bill that just got repealed put a stop to all of that.

I've spoken to a couple of people who expressed disbelief that such a thing was possible.  In point of fact, intercepting and meddling with communications traffic goes back a very long way.  In 1994 a bill called the Communications Assistance for Law Enforcement Act (CALEA) was passed and codified as 47 USC 1001-1010.  In a nutshell, what this law means is that manufacturers of just about every kind of network-side communications device, from the telephony switches that route your phone calls to the carrier class routers that make up the network core have surveillance capability built in.  In theory, only law enforcement agents with warrants are supposed to be able to use them.  In practice, they're used all the time by employees of the companies that own that equipment to silently troubleshoot problems before they get too out of hand, and yes, they get abused all the time for petty shit.  As you may have guessed already, the moment that CALEA-compliant equipment was deployed back in the day hackers immediately figured out how to use them more effectively than even the telecom companies and silently eavesdropping on people using that functionality was a common "This is how 1337 I am" stunt.  So, please keep in mind that this "monitor all the customers" infrastructure is going to be badly abused and constitutes one hell of a security risk.

CALEA is regularly updated as communications technology evolves, and now encompasses things like the backbone of the Net, Voice-over-IP telephony, cellular telephony and companies whose business it is happens to be running wireless hotspots.  As it so happens, much of this functionality is perfect for monitoring customers' traffic, analyzing it, and packaging it for sale as large bundles of anonymized information or as discrete dossiers, ala Cambridge Analytica.  Let me paint you a picture, based in part of how things worked before that bill was passed originally...

Click for the rest of the article...

Neologism: Jenkins Driven Development

Mar 18, 2017

JDD (Jenkins driven development) - noun - A development process in which the coder in question has one or two commits to the source code repository adding a feature or fixing a bug, followed by two or three dozen commits to fix things in the comments, unit tests, variable names, or some other such fiddly thing to coax the Jenkins server into actually running the unit tests to exercise the new code and hopefully integrate the new feature.  The primary usage of time by developers in DevOps environments.  The later commit messages usually consist of variations of "Does it work yet?", "WTF", "Dammit Jenkins", "Editing comments because Jenkins won't test the code", or other combinations of profanity and the equivalent of mumbling to oneself in frustration.

Special thanks to the anonymous cow-orker who came up with the term.