How lightbulbs and TVs can do HTTPS without certificate warnings

When your web browser visits a secure website, the experience is seamless. Many in-home appliances also have web servers built in. If you were to point your browser to a WiFi-enabled lightbulb running its own web server at https://192.168.1.123, the browser would most likely give you a big scary warning.

What to do? This writeup explains most of the technical details of how plex did it. I think it’s a fascinating read. There are at least a couple of CAs that offer services to make this possible.

https://blog.filippo.io/how-plex-is-doing-https-for-all-its-users

“… they partnered with Digicert to issue a wildcard certificate for *.HASH.plex.direct to each user…”

“the client, instead of connecting to http://1.2.3.4:32400, connects to https://1-2-3-4.625d406a00ac415b978ddb368c0d1289.plex.direct:32400 which resolves to the same IP, but with a domain name that matches the certificate that the server (and only that server, because of the hash) holds.”

Ubuntu 20.04 + btrfs + mirrored drives

I run a Linux machine at home. It’s mostly a server, although sometimes I use it as a desktop. I use it for SSH, samba, and I have apache hosting family photos. The photos sit on a secondary drive, and lately it manifest sector errors. Some of photos were no longer accessible.

Fortunately, I have a backup on an external hard drive. Thank goodness for backups!

I decided that it was time to upgrade to Ubuntu 20.04. This time, I wanted mirrored drives with a file system that detects silent data corruption 2.

I started with btrfs, partitioned my first drive and installed Ubuntu. But wait? Should I have chosen ZFS?

ZFS is a first class citizen in Ubuntu, and is reportedly rock solid. The documentation is good.

In contrast, it takes some searching to find good btrfs documentation, and some of the documentation refers to scary features that might eat your data — not comforting. Yet Facebook uses btrfs, so that’s good, right? On the other hand, they have people whose job it is to use it for the right use cases, and configure it appropriately. I don’t.

Oh, and there’s bcachefs! It sounds great, and is reportedly faster, more modern than btrfs or ZFS, and more reliable that btrfs. Unfortunately, it’s not part of most Linux distributions yet, nor is it feature complete. I’ll look forward to using it in three to five years.

Ultimately, I chose btrfs because it doesn’t require that I dedicate the entire hard drive, and because I already had some momentum having started my install with it.

I found the following guide to be helpful to set up btrfs in mirrored mode: https://work-work.work/blog/2018/12/01/ubuntu-1804-btrfs.html

Arch has good documentation for btrfs: https://wiki.archlinux.org/index.php/Btrfs


Once Ubuntu was installed, it took hours to add missing packages, reconfigure software and restore from backup. Here’s some of what I installed:

sudo apt-get install meld screen jhead socat apache2 zsh tree tcpdump zip xz-utils zsh vlc ffmpeg samba fail2ban mutt curl strace git ruby rsync python3-virtualenv fetchmail procmail postfix openssh-server netcat-openbsd lsof gwenview dnsutils dosfstools build-essential htop silversearcher-ag mailutils vim-gtk3 at fetchmail

COVID-19 experience working from home

Like tens or hundreds of thousands of others, I am working from home while the coronavirus pandemic sweeps the United States and the rest of the world.

Here are a few observations about my experience working from home. I’m a software engineer, and I realize that my experience is different from that of hardware engineers, QA folks, customer solutions agents, teachers, and even from other software engineers.

Sleep. The first several days, I worked from my bedroom, which has a great view of the outside world, but I found it difficult to sleep restfully at night. Once my wife shut down her in-home preschool, I moved to working from one of the two preschool rooms, and now I sleep quite well at night. It’s good to have a separate work place.

Exercise. Working from home, I feel more fidgety… maybe I move around less, because there are fewer meetings, and fewer impromptu discussions. So I feel a strong need to get out of the house and work in the yard (pruning, since it’s spring), take a walk or ride a bike.

Convenience. The kitchen and bathroom are closer. If I want to take a nap, no problem — I’ve got a comfortable bed nearby. Taking a walk around the block is a piece of cake — the front door isn’t that far away compared to when I’m working in the office.

Interruptions. Most of my children are teenagers, and believe it or not, I have fewer interruptions at home than I do at work. When my children are doing their remote school, two of them are in the same room as me, with headphones in their ears, and it’s so quiet that I can hear a pin drop.

Social. I enjoy the more frequent face to face interactions with my wife and children. I miss the face to face interactions with my coworkers. Video conferencing is a great invention, and yet it’s not the same as being there.

Communication. There are a lot fewer impromptu hallway discussions with coworkers, and more with family members. I’m not sure if we’re better at communicating with slack now that we’re all remote or not.

Internet. We have excellent wireless internet service. Since our entire family is working/schooling from home, we notice much more quickly when there’s network latency or poor quality.

Up to now, we’ve used a Disney Circle for parental control, and we knew it caused problems on a nearly weekly basis (it does ARP poisoning of a local network), especially for managed devices. With remote school, Circle started breaking things on a daily basis, so I turned Circle off.

I found that 5 Ghz WiFi on the main floor of our house doesn’t penetrate the floor and walls to the basement, and so I pulled my old ASUS WiFi router out of storage, put it in access point mode in our basement, installed a firmware update, and wired it to the router upstairs. Now I get better speeds and connectivity.

Commute. I had a great commute before, but it’s even better now. With so many people staying home, the air is cleaner.

Productivity. My productivity ebbs and flows at work, and the same is true while working from home. Overall, I feel a bit less productive working from home. I’m more inclined to put my Slack app in “do not disturb” mode when I finish working.

Update: It took three weeks before I settled into a good flow of working from home.

Captive portal detection

I did a wireshark dump on my Ubuntu 18.04 laptop and noticed that both Firefox and Ubuntu do captive portal detection. Of the two, I think the Firefox method is simpler to implement and use.

Firefox does an HTTP GET on http://detectportal.firefox.com/success.txt
Responds with HTTP 200 OK with a Content Type of text/plain and a body of “success\n”

Ubuntu does an HTTP GET on http://connectivity-check.ubuntu.com
Responds with HTTP 204 and a header of X-NetworkManager-Status: online\r\n

Notice that captive portal detection uses an unencrypted transport — http, and not https.

Simulate dropped or latent packets in Linux

I’m documenting this more for my own reference than anything, partly because I’ve used ‘tc’ off and on over the years.

  • https://stackoverflow.com/questions/614795/simulate-delayed-and-dropped-packets-on-linux
  • https://wiki.linuxfoundation.org/networking/netem

    
    tc qdisc add dev tun0 root netem loss 30%
    tc qdisc show dev tun0
    tc qdisc change dev tun0 root netem loss 0.1%
    

    When finished:

    tc qdisc del dev tun0 root
    
  • Programmer Productivity

    Twenty years ago, an extended family relation, a patent lawyer, expressed his opinion that there’s not that much variance between engineers — at least, not as much as people suppose. Companies draw from the same pool of talent, and the idea that one company has the bulk of talent is a misconception.

    This article confirms that idea in the realm of programmers.

    Programmer Moneyball: Challenging the Myth of Individual Programmer Productivity

    My view is that hard work (and good health), persistence, consistency, the ability to work with others make a big difference. On the other hand, poor health, inconsistency and confusion of priorities lead to mediocre results.

    Ubuntu on Windows: Refreshing & Fast

    Microsoft has been doing interesting things with Windows, such as adding Windows Subsystem for Linux, which allowed me to install and run Ubuntu from the Windows app store.

    I love having a full and familiar Linux bash command shell at my fingertips, with the utilities I know and love, including ssh. It’s fast.

    https://www.microsoft.com/en-us/p/ubuntu/9nblggh4msv6

    Prior to this, I used cygwin on Windows, which was also good. However, I prefer Ubuntu, mostly.

    There are some caveats:

    • The home directory is in a different place from the Windows home. So for easy access, I symlink Documents, Downloads, Pictures and Videos to my Ubuntu homedir.
    • Still need to keep the Ubuntu software up-to-date. Microsoft’s app store doesn’t do it for you. Run sudo apt-get update ; sudo apt-get upgrade
    • Removable drives aren’t mapped into the filesystem automatically — cygwin was better in this regard.
    • It’s a subsystem — a container, so it doesn’t manage Windows. E.g.
      — Can’t reboot from the command line
      — Can’t manage Windows processes or users

    Worth the read: Metrics That Matter

    There’s a book titled “Measure What Matters”, and it’s fascinating and worth the read. This article from acmqueue with nearly the same title is quite interesting, because it turns some of my previous thinking on it’s head.

    Metrics That Matter

    Summary: “Speed matters”; Instrument client code to measure user experience; Measure “long-tail” latency at the 95th and 99th percentiles; even minor changes to code or user behavior can effect things; build bench-marking into release testing procedures.

    OpenWRT + SafeSearch

    I’ve got an OpenWRT router, and here’s how I configured it to enable safesearch on my home network.

    uci add dhcp cname
    uci set dhcp.@cname[-1].cname="www.google.com"
    uci set dhcp.@cname[-1].target="forcesafesearch.google.com"
    uci commit dhcp
    
    uci add dhcp cname
    uci set dhcp.@cname[-1].cname="www.bing.com"
    uci set dhcp.@cname[-1].target="strict.bing.com"
    uci commit dhcp
    
    uci add dhcp cname
    uci set dhcp.@cname[-1].cname="duckduckgo.com"
    uci set dhcp.@cname[-1].target="safe.duckduckgo.com"
    uci commit dhcp
    
    for name in www.youtube.com m.youtube.com youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com ; do
        uci add dhcp cname
        uci set dhcp.@cname[-1].cname="$name"
        uci set dhcp.@cname[-1].target="restrict.youtube.com"
        uci commit dhcp
    done
    
    service dnsmasq restart
    

    See the configuration:

    grep -A2 cname /etc/config/dhcp