atomicules

Push propelled program tinkerer and picture maker.

Now Serving Https As Well

Since it's 2017 and that; Didn't want to rush into this. Thought I should finally enable TLS/SSL since it's free. I'm not sure I entirely agree with the arguments for a site like mine (wouldn't metadata be the biggest problem?), but it's pointless trying to argue against the tide; One thing though: Zscaler, anyone who has had to browse through that realises that TLS/SSL isn't bulletproof. I understand why that exists as a product, but, gah, as an end user it's just horrible.

The EFF site will guide you down the certbot-auto route for NetBSD, which is silly as there is a py27-certbot package - just use that.

Bozohttpd works fine with Let's Encrypt, the only issue is that it either serves https OR http, unfortunately not both at the same time. I haven't yet figured out a way to redirect traffic between ports so that's meant I'm effectively running two webservers at the moment as per this rc.conf approach. I.e:

  1. Duplicate /etc/rc.d/httpd to /etc/rc.d/httpsd.
  2. Edit and make sure to change name to httpsd and command so command is explicitly calling /usr/libexec/httpd
  3. Add a $procname=$name line (otherwise it'll get confused between httpd and httpsd and think they are the same).
  4. Change required_dirs to $httpsd_wwwdir
  5. In rc.conf have both a httpsd=YES and a httpd=YES

Then I have the following entries in rc.conf for http:

httpd_flags="-S bozohttpd -v /var/www/vroot -M .html 'text/html; charset=utf-8' '' '' -M .xml 'text/xml; charset=utf-8' '' ''"

Whilst httpsd has these extras:

-Z /usr/pkg/etc/letsencrypt/live/atomicules.co.uk/fullchain.pem /usr/pkg/etc/letsencrypt/live/atomicules.co.uk/privkey.pem -z 'EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;'

The ciphers as advised here.

Since running two webservers isn't ideal I think I'll ultimately have to redirect all traffic with the firewall (or run a proxy I suppose?), but that is going to have to wait until I perform some server maintenance and finally switch from IPFilter to NPF (which I should be able to do now I'm running on KVM).

Note: Upping the temperature: Ran 5k around Siena streets in 32 degC today; Can't go any further in this heat

Note: Ran up Italian hillside & overtook 2 cyclists. Of course they weren't Italian cyclists, but I'm not an Italian runner so that's still a win.

Album of the year: Highly Flammable

I was a bit worried about getting to June and having had no contenders for album of the year (I've decided that's a thing until I get bored of it), well not just that, but no new music that has really grabbed me. I get to worry about this now as I'm legitimately of that age where it's ok just to listen to music you already like, although I don't want to yet. I suppose that's not completely true, there have been individual tracks: Sigrid's Don't kill my vibe is rightfully awesome, I really like Amber Arcades' It Changes and Noga Erez's Off the Radar and Pity have probably been the biggest ear openers of the year (and Pity is desperately sad).

DBFC also released their long anticipated album, Jenks, and Eddy TM had a fantastic album playback show where he espoused how great it was not to be disappointed that the album didn't live up to the expectations, but, if I'm honest, I probably did feel like that on first listen. That feels like it's changing after a few more listens, but Autonomic is still by far the standout track; I mean, it's that good this was close to being album of the year anyway, but then there was...

Nadia Rose's Highly Flammable. Is. Just. Amazing. It actually came out in January, but unsurprisingly wasn't on my radar since I'm 100% not her target audience, but it is just great. She's a fantastic lyricst and uses her name to full effect: "Guess who's back, but you never left. Yes I did, I rose from the dead" and "They try to put me down but Nadia Rose, yeah, Nadia Rose" (full marks awarded for that one). Skwod is my favourite, but I really like them all. And Crank It has to be one of the best closers on an album ever (and I'd heard this before - who knew?!). It's a pretty short album, but you can just do what I've been doing: stick it on repeat.

I'd originally chickened out of calling it so soon, what with half the year left, and had just worded this post with Highly Flammable as my front runner so far, but I've since decided to just be brave and make the decision now.

Finally Switched Netbsd From Xen To Kvm On Linode

Finally got around to it. Thanks to some tips from a fellow Linode/NetBSDer I could avoid almost all of the pitfalls:

  1. Ahead of migration edit /etc/fstab and change all xbd1.* to wd0.*. They were "1"s because XEN required a boot disk, but since that was going to be deleted with KVM I knew the disk would change to "0".
  2. Also before migration edit rc.conf and change xennet0 to wm0.
  3. And ideally before migration, but I forgot and only did after migration: Edit /etc/cgd/cgd.conf and change xbd1.* to wd0.* and rename /etc/cgd/xbd1e to /etc/cgd/wd0e.

And that's it. Was much less painful than I was anticipating. At the moment I don't have serial bootblocks so I don't have lish access, only glish, but come the next NetBSD update I'll correct that.

Note: Well... that seemed to go pretty smoothly.

Note: Doing some server maintenance/migration today so website, gopher, email, etc going down for an unknown amount of time

Note: Ugh, my server was down as got rebooted when asleep. Really, really, really should get rid of disk encryption

Netbsd Under Kvm On Linode

In a way this really doesn't need a blog post. It's not as fiddly as XEN was and if you are willing to just do everything through Glish it pretty much just proceeds as expected. But my concern was having to be reliant on Glish as until recently it didn't work on NetBSD Firefox (does now) and connecting via lish would give you a blank screen (not fun). But you can get both to work:

  1. Create three disks, 1x 1024 MB (ext) called "Rescue", 1x 1024 MB (raw) called "Install" and 1x the remainder (raw) called "NetBSD". An extra Rescue disk is required owing to the size of the image and unzipping it.
  2. Create a two configuration profiles, use Direct Disk, Full Virtualisation and turn off the FileSystem/Boot helpers. One has the NetBSD and Install disks mounted and is to boot from the Install disk in order to install to the NetBSD drive, the second is the final one which just boots NetBSD.
  3. Boot into Rescue mode with the Rescue disk first, Install disk second, etc.
  4. mount /dev/sda /media/sda and then cd /media/sda.
  5. Get the USB image, wget http://cdn.netbsd.org/pub/NetBSD/NetBSD-7.1/images/NetBSD-7.1-amd64-install.img.gz.
  6. gunzip it and copy to the install drive dd if=NetBSD-7.1-amd64-install.img of=/dev/sdb.
  7. Boot the install configuration and within 30 seconds get the lish console open and press space to drop out of menu. Select 4 for the boot prompt, enter consdev auto, then menu, then press enter to boot; If you want to read about consdev it's in man 8 boot_console.
  8. For whatever reason it fails to automatically launch the install so login as root and then type sysinst to run the installer.
  9. Go through the install, on the bootblocks screen accept default of "Use serial port com0" and then under "Set serial baud rate" select 115200 for the baud rate.
  10. Shutdown the install configuration and then boot the NetBSD one. Hey presto! Glish and Lish work.

I still haven't converted my XEN install to KVM yet though, but might soon


[EDIT: 2017-06-26] Wow, if you want to play with NetBSD 8.0 Beta then you might as well double the Rescue and Install images.

LINK: Saint Etienne 10 Of The Best

Oh... So Tough.

I mean, it's hard to choose, but my top ten would just be ten tracks from So Tough. Any will do. I still remember (I think) when I first heard this album, probably close to the year it was released, and (I think) the school friend who is was who gave it to me to listen to and "A cigarette, a cup of tea, a bun" has been in my head ever since.

Something about shoes

Writing about running shoes is a bit different than writing about bicycle tyres because for some crazy reason shoe manufacturers insist on replacing models every year rather than just sticking with a good thing. This means that by the time I get hold of them and have had a chance to use them for a bit they are no longer available for normal retail - which makes a review a bit pointless, hence the "something" title; On the other hand though, the very fact they replace models every year means I'm able to get shoes in the first place - buying last year's model for cheaper (and which is often reviewed better than the model it's been replaced by).

That's about a year of running now although starting off super gently doing Couch to 5k, with an entire month off fairly recently due to knackering my knee (now my other one is giving me grief!) and although mostly running all through winter (because it was really mild) it was with much less distance. So that's meant one pair of shoes has lasted me all this time easily. In theory you are meant to replace every 300 to 500 miles. I haven't kept track of the distance I've done (curses! I've only recently started recording runs), but probably am (was) only hovering around that mark because of what I've said above (500 miles is about 15k a week); I reckon the shoes have still got life left in them.

Nevertheless, I thought the one year mark was a good excuse as any to buy some new shoes.

For my first (old) pair of shoes I went with Nike LunarGlide 6. I can't remember exactly how I arrived at this decision, but it was something along the lines of wanting something super soft and comfy (to encourage me to run), some stability/support because I have wonky limbs and trying to reduce the sheer amount of options by picking one brand to select from: You need to have something to start with. Oh, and of course buying last seasons shoes.

I really have no complaints about those LunarGlides. Beautiful shoes. I think the 7s are a good replacement (although annoyingly impossible to find), but the 8s don't look as good.

After injuring my knee though (can't blame my shoes, probably the dog's fault), I found I really preferred a flatter shoe, i.e. less offset/drop. Since the LunarGlides actually only have a 9.5mm offset (good shoes) I didn't see the point in going for a 8mm offset shoe and so, still in an effort to make choosing easier, I ended up going for some Nike Free RN Distance. Which is a bit strange as it's a completely different type of shoe to the LunarGlides (collapsible heel compared to a plastic clip for one), but so far I really like them. It's a bit difficult to compare to the LunarGlides a year in (which are now (at least I think so) firm in the forefoot), but the Free RN Distances are like running in fluffy slippers: There is plenty of padding there, but not as much support. My achilles, arches and heels can tell the difference (I don't think this is a bad thing though); As far as I can ascertain I'm not a heel striker and only hit my heels when really tired (this doesn't make me a good runner, I'm terrible, it's just the crappy baby-step way I run). Still though, goes to show that stability shoes aren't really so important.

Next shoe though, I'm really tempted for a pair of these (once the next version is out so I can get these cheaper); The Free RN Distance 2 aren't as good as the ones I have and so to stick with the 4mm offset I may have to look beyond Nike; Which is fair enough, as I said, you have to start somewhere.

Two Frozen Duck Ponds

Just to demonstrate how hard I found it to read Orlando, I've already finished reading The Catcher in the Rye and The Wind-Up Bird Chronicle after finishing Orlando - which I started just after Christmas.

The Catcher in the Rye was one on My List. I'd actually remained in complete ignorance of the plot so had no idea what it would be like. It was pretty gripping, easy to read and with good toilet sized chapters (key quality of all good books). I spent the book excited to find what was going to happen... and then it ended.

The Wind-Up Bird Chronicle was a more recent addition to My List. It was utterly enthralling and I spent the book excited to find what was going to happen (and even more excited to see if I'd start understanding what was going on). I think it is mostly wrapped up at the last possible minute.

What I didn't anticipate was that the books would be linked, and not as trivially as it seems, by ducks. Fitting (for me. And here).

LINK: Eliud Kipchoge Almost 2hr Marathon

Putting this into context, the longest distance I've run so far (yet to repeat, damn knee) was 11.87 miles, so less than half a marathon, and it took me about the same amount of time; Plus, when I finished I could not immediately launch into another little jog as Eliud did (he doesn't even look that tired). Wow!

tmux: Kill all sessions except these

I use tmux an awful lot at work since it allows for a workflow where each session name references a separate piece of work that may need to be returned to (it's impossible to know upfront) and if it does it's far easier to pull up the previous session than start off from scratch.

However, the problem with this approach is it's really easy to rapidly accumulate sessions and to have no idea which ones I need to keep hanging around which is how I regularly end up with fifty sessions; in fact it's really not unusual for me to end up with over a hundred sessions.

This means every few weeks I need to purge my sessions. Until I've figured out a way to automatically look up the work id and see if it's closed (there is an API, but I've not figured if that kind of query is possible yet) I either have to close one at a time or hope there is just one session I want to keep so I can use tmux kill-session -a -t theoneIwanttokeep. Which is great if there is just one I want to keep, but invariably I know for a fact there are four or five I want.

So I finally wrote a simple script to do just that:

#!/bin/bash
for i in $(tmux list-sessions -F '#S'); do
  if [[ ! $@ =~ $i ]]; then
    tmux kill-session -t $i
  fi
done

Then I can call this as ./tkse sessiona sessionb sessionc sessiond, etc and it'll kill everything except those sessions.

This won't work if a session name has a space in it, but what kind of heathen does that?

Note: Spotted first swallow of the year. Nice to have them back home.

Note: After four weeks of rest managed a gentle 5k on my knee. Yay!

Such A Revelation

"And it was to each such a revelation that a woman could be as tolerant and free-spoken as a man, and a man as strange and subtle as a woman..."

Orlando by Virginia Woolf

On it's own that could probably be taken out of context. Here's a better understanding of that bit and the whole novel.

These are the ten most recent posts (not counting any note drivel), for older posts see the Archive.