Matt Simerson – Page 10 – Adventures on the Journey

FreeBSD aliases, done well

While consulting on a FreeBSD server, the owner mentioned that some of his IP aliases had to be manually applied after the server rebooted. He is using the ipv4_addrs_[name] syntax, which is deprecated, according to the rc.conf man page.

While reading the man page, it also states that the syntax that I’ve been using for years ifconfig_[name]_alias[N] is also deprecated, and instead suggests the use of ifconfig_[name]_aliases, which appears to be a better solution.

The man page also mentions the /etc/start_if.[name] method, but provides no examples or explanation. So I searched and found UNIXgod’s guide to sane IP aliases. His example shows an example start_if file:

#!/bin/sh
#/sbin/ifconfig $1 alias <public_ip> netmask 0xffffffff
/sbin/ifconfig $1 alias 10.50.50.100 netmask 0xffffffff

…..

It looked like a reasonable approach so I removed my IP alias definitions from /etc/rc.conf and put them into /etc/start_if.[name] files. After booting, I noticed that the first alias on each interface was not defined.

I believe I understand why. Since the start_if.[name] script runs before the interfaces are configured, the first alias entry is treated as the primary IP and not an alias. Later, when the network device is configured by the ifconfig_[name] entry in rc.conf, it overwrites the address defined by that first alias. The easy workaround is to put the primary IP (or a placeholder) as the first entry in each /etc/start_if.[name] file.

I further improved upon UNIXgod’s example by declaring a couple variables. Doing so reduces the duplicate tokens and increases the clarity of each entry. Here’s an example of one of my files:

#!/bin/sh
IFC=”/sbin/ifconfig lo0 inet”
AMASK=”netmask 0xffffffff”

$IFC 127.0.0.1 netmask 0xff000000
$IFC alias 127.0.0.2 $AMASK
$IFC alias 127.0.0.3 $AMASK

….

I have seen or experienced the problems described by the deprecated methods. Perhaps this new technique will see fewer issues in the coming years.

Friends don’t let friends use GoDaddy

Today I received a phone call from GoDaddy. The representative inquired if I was still using the three SSL certificates that I purchased in 2007. I confirmed that I was. He then told me that since they were 1024-bit certificates, the U.S. government requires that they be discontinued by Dec. 31, 2013. That was factual error #1. It’s not the government but The Certificate Authority / Browser Forum that is requiring its members to deprecate 1024-bit SSL before Jan. 1, 2014.

Since GoDaddy no longer issues 10-year certs, the solution he offered was to issue new 5-year certificates, and they’d ‘refund the difference’ afterwards. I asked if they supported longer keys lengths such as 4096 bit. He didn’t know, apologized several times as he looked it up, and then told me that they did not. Factual error #2. GoDaddy currently supports key lengths from 2048 to 4096 bits.

Realizing that I had a barely trained sales droid that knew very little about SSL, I asked him how much it would cost to issue the new certs. The total for the 3 certs would be $892.37. I informed him that was not going to happen, thanked him for his time, and hung up.

Instead, I logged onto GoDaddy’s cert site, opened each SSL certificate in turn, clicked the “Re-Key” button, and uploaded a new 2048-bit CSR. Moments later I had new GoDaddy CA signed 2048-bit SSL certs issued for free.

Thanks for the “help” GoDaddy. That’s the kind of “service” that insures I’ll continue to steer business away from your predation.

Long Range Leaf: driving to Meany Lodge

Can our 2013 Nissan Leaf make it from Seattle to Meany Lodge on a single charge? The distance from our house is 77 miles and the nominal Leaf range is 84 miles. The key factor on this trip is Snoqualmie Pass, and the 3,022 feet we’d have to climb. I figured if I had any range left at the top of the pass, the gain from regenerative braking down the back side would just barely suffice.

At 7AM I pulled up the LEAF app and told the car to warm up the cabin. While still laying in bed. That’s a really nice feature! At 8AM we left Seattle with a toasty warm car and a full charge. I drove in ECO mode with the climate control off and the cruise set at 60 mph. As we passed North Bend, I had about 37 miles to go with a predicted range of 37 miles. That’s also where the climb begins in earnest.

As we climbed the pass, the charge meter dropped rapidly, yielding low battery alerts two miles before the summit. As I crested the pass, I guesstimated 5 miles left (the Leaf stops reporting below 6) plus the 5 miles I’d gain from regen. braking would total 10 miles worth of charge. Since the lodge is 13 miles from the pass, I opted to stop at the Chevron and juice up.

Lucas and I took a 20 minute ice cream break while our Leaf guzzled electrons until it had 10 miles of predicted range. I figured with 10 in the tank plus 5 from braking, I’d have plenty for the climb up to the lodge. We arrived with 8 miles remaining. Without the pit stop, we’d have likely run out a mile or two shy.

At the weekend work party, I took the head off TomCat’s Chevy 292 straight six engine, cut and ground steel plates and pipes, used a MIG welder for the first time (last weld, 25 years ago!), laid culvert, dug water trenches, and pressed apple cider. Lucas had a great time playing with a pack of 8 youngsters whose parents were getting the lodge ready for the ski season.

On Sunday afternoon we left the lodge with a full charge and a predicted range of 81 miles. After climbing 500 feet over the pass, the range crept higher and higher with each mile driven, peaking at 104 miles. As before, the key factor was elevation, and it’s mostly downhill on the return trip. We arrived home with 25 miles of range.

In summary, the Leaf has more than enough range to get home from Meany Lodge, but not quite enough to get there, due primarily to elevation. If we didn’t have another car, we could surely cover the distance by driving slower. With fair weather in daylight, 55 mph should do. If the weather was cold and headlights and/or climate control were needed, it might be possible at 45mph. I wouldn’t consider it fun.

Leftovers make you feel good twice

Leftovers make you feel good twice. First, when you put them away, you feel thrifty and intelligent: “I’m saving food.” Then a month later when blue hair is growing out of the ham, and you throw it away, you feel really intelligent: “I’m saving my life.”— George Carlin

iMac + new SSD = iTunes borked

Replacing the DVD player in my 27″ iMac with an SSD broke iTunes, yielding a -45054 error. I determined it was crying about the iTunes Store authentication, so I signed out, and when attempting to sign back in, received this error:

“there was an error storing your authorization information on this computer”

There’s an article that describes this error in the Apple Support knowledge base. The information in the article helped me figure out that iTunes was broken because the /Users/Shared directory didn’t exist. I manually created it and the problem is solved. Read on for the nitty gritty details.

Continue reading “iMac + new SSD = iTunes borked”

Synology for FreeBSD backups

How I configured a Synology NAS as a backup server, using NFS and AMD on FreeBSD.

In February 2013, a client purchased a Synology NAS. They hired me to set up their mail server to back up to it each night. In addition, I wrote them a restore script. After an email address is specified, it presents a list of available snapshots and provides the ability to restore mailbox contents. It is now September, the solution has been working flawlessly, so I’m sharing a few details.

To fully preserve the permissions, ownership, and metadata, mounting the Synology via NFS was the best option. A potential issue with NFS is that the mail server would be hung if the Synology was unavailable. Because the NAS is only used for backups, I chose to automount the NFS share. That reduces the window for NFS hang exposure to about 20 minutes a day.

To configure automounter, I added this entry to /etc/fstab:

10.10.10.10:/volume1/mail /mnt/synology nfs rw,noauto 0 0

and these entries to /etc/rc.conf:

amd_enable=”YES”
amd_flags=”-a /.amd_mnt -l syslog /mnt/synology /etc/amd.synology”

and this to /etc/amd.synology:

/defaults type:=nfs;opts:=rw,grpid,resvport,vers=3,proto=tcp
* rhost:=synology;rfs:=/volume1/mail/snapshots

Once the automounter (amd) was properly configured, it was a simple matter to install and configure rsnapshot. Each night, the periodic scripts triggers the backup which automounts the NAS. Shortly after the backups conclude, amd disconnects it.

the best oven mitts

After 17 years of service, my oven mitts are retiring to file 13. Since they last so long, it’s worth getting the best replacements. My research concluded that the competition is a dead heat between these Grill Gloves ($50) or a pair of these Silicone Oven Mitts ($25). I chose silicon because I can clean them with a quick rinse in the sink and go right back to using them.

AT&T cramming: Part 2

In 2011, a miscreant abused AT&T’s Wireless Access Protocol payment system and add unauthorized charges to my account. When I noticed the charges, I called AT&T. After getting the initial “we can only refund 3 months” runaround, I escalated the matter until I got a full refund. I also had AT&T add Purchase Blocker to all 4 of my lines.

Today I logged in to my AT&T account and noticed that, quite helpfully, AT&T now highlights these “billed mobile purchases.” Unfortunately, two new recurring charges were added to my account in January. Jesta, one of the companies behind the crammed charges are self-professed scammers that were fined $1.2M by the FTC in August. As part of the judgement, they are required to refund all charges when customers request it.

AT&T knowingly allows these scammers to bill AT&T customers, which greatly peeves me. I tallied up the charges, called AT&T, and requested a full refund. After getting the same “we can only refund 60 days” runaround, I again escalated the matter and have a full refund being processed. AT&T has no idea why Purchase Blocker got dropped from two of my lines but it has been re-added.

The most interesting part is the email excerpts from Jesta cited in the FTC complaint. Beyond admitting their business is a scam, they discuss ways to keep their return rate below 17%, the rate at which T-Mobile takes away Jesta’s ability to charge customers. AT&T cares even less for their customers and is willing to let scammers reach a 18.5% return rate. Is there any legitimate business with return rates above 10%?

A use for jet skis

As an early birthday present, Jen bought me an hour ride on a Flyboard. It’s an awfully fun way to fly.

Money and Trust

My first employer had his landscaping business looted by his CPA, who then skipped the country. That incident planted a seed of mistrust in my mind for all financial service professionals (CPA, CFP, CFA, IFP, etc.).

Every time I hear people tell about “this guy” they know that does an outstanding job of managing their money, I can’t help but think of the very long and never ending parade of financial service professionals like this weeks example.

If I recall correctly, it was William Bernstein in The Four Pillars of Investing that, when outlining the perverse incentives that exist within the financial service industry, pointed out that the term service could aptly describe how a bull services a cow.