Author: Simon

Posted on

Project Lazarus

I sit here, typing on an HP Pavilion…running Ubuntu Linux!  That’s very exciting for me, although I’ve come to understand that the accomplishment isn’t so nearly as grandiose as I had predicted.  Still, it’s a happy accomplishment.

This computer was a necessary replacement.  Liz’s VAIO–her college computer–had died a quiet and dignified death through inevitable hardware failure.  Afterwards, she used my iMac G4–my college computer.  Eventually, that too died.  For obvious reasons we needed a computer, and since I was unable to justify the cost of a new mac (my own preference), and since Liz hated macs, we decided upon the HP laptop (since our apartment had a certain lack of space for a permanent desktop setup, as the computer room had been converted into a nursery).  Still, we opted for something with higher-end hardware, thus the HP (dv-3186cl)–an i5 quad-core 2.27 GHz with 4 gigs of RAM.  It was, and still is, a respectable computing system.

This machine served us well for years, but eventually it too succumbed to the ravages of time.  The hard drive had started to wear out, the OS (Windows 7), had become increasingly bloated (the inevitable fate of evolving OSes), the battery (which we had replaced multiple times) died, and the WiFi card ceased to function.

Upon this last failure, I lost my patience and bought a MacBook Pro.  It had been years since I enjoyed Apple’s OS, and I was elated at the homecoming.  Liz limped along with the HP, until one day it refused to cooperate at all.  And as she needed it for work, she immediately replaced it (with a newer iteration of HP’s Pavilion series).  I, being ever-loath to discard technology, retired the broken machine to the mothyard (the basement), with the vague plan of replacing its defective hardware parts one day, and installing Linux.

Then I received some Amazon gift cards and decided that was the necessary excuse to begin.  I hooked it up (it had no battery) and pressed the power button.  And it promptly informed me that the WiFi card was inoperable.  I disregarded the warning, and was then informed that the drive was likely to experience imminent failure.  I ignored this message too (all the data had been backed up anyway), and continued.

Rather, I tried to continue, but was then informed that the drive failed to mount.  Again,  no biggie.  This was just a test to see if the hardware would function at all.  Perhaps the drive was fine, but the OS had become corrupted.  So I began my search for a Linux distro.

My first hands-on experience with Linux was openSUSE, years ago when I had managed to install it on an old beige G3 powermac.  At the time, I had it configured to be a simple Apache web server, and it had performed its duties as a platform for my first-ever blog: intellectualnexus.net.  I’m happy to see that the domain lies unregistered currently.  Apparently no one else has since thought to use the name.  I ultimately agreed to discard that derelict machine once the kid arrived, and I had been without a web server since (until I bought my Synology).

Then my sister bought me a Raspberry Pi.  The Pi came with its fork of Debian, NOOBS.  That was my second experience using Linux.  The Pi has lived an off-and-on existence, primary simply to serve an omni-present web page (currently a Google calendar).

In both of these examples, my familiarity with Linux had been minimal, and my hand-on experiences to be lacking in confidence.  But Linux had changed since my earliest experiences, and the Internet was confident that contemporary distros were rivals in usability to the other major OS players.  In fact, I had even stumbled across Dell’s product listings that included machines with Ubuntu pre-installations.  I hadn’t much cared for SUSE at the time, and with Debian appearing rather minimalist, I took Dell’s endorsement of Ubuntu and searched for a package.

It didn’t take long to find.  It turned out that Ubuntu has very comprehensive guides for downloading and installing.  They even provided a step-by-step guide for my exact scenario: downloading the installation iso onto a USB flash drive with a Mac.  With this amount of helpful documentation, Ubuntu made a good option.  I picked up a USB stick on the way home from work the next day.

That night, I followed the instructions to the letter, and quickly ended up with a usable USB install drive.  I plugged it into the HP and booted up, and after ignoring the error message regarding the WiFi and failing HD, entered into the install prompts.  This, too, was straightforward, and after the installation completed, I rebooted, hoping to see Ubuntu’s happy welcome screen.

It certainly is pretty

But instead I was met with a new error, and this time the HD was completely inaccessible.  So despite my misgivings that the drive was okay and Windows was to blame, the hardware was indeed at fault.  I bought a 1TB HD off Amazon and waited the two days for shipping.  The old drive, now undoubtedly defunct, was removed and relegated to the mothyard’s stack of inoperable/obsolete hard drives.

What am I going to do with an 80GB PATA?

The drive installed easily enough and I re-ran the installation (once again ignoring the WiFi error (vowing to discover how to turn that message off in the BIOS later)).  The install completed much quicker this time.  Apparently a functioning hard drive was the key factor.  I also paid more attention to what the installation was doing, and was pleasantly surprised to see that it was automatically deciding upon the appropriate drivers for the detected hardware and removing those that weren’t relevant.  In short order, upon reboot, I was greeted with the happy welcome screen which for which I had eagerly awaited.

Elegant in its simplicity

I signed in and began poking around.  The default installation included the basic applications necessary to navigate a file system and the Internet.  I triggered a mass application update to get the most recent versions, then poked around in the package center (or whatever they call it).  There were similarities between Synology’s Linux fork and Apple’s OS (a freeBSD fork), so it’s been relatively straightforward to figure out.  Ultimately, I had just planned to use the HP as a web browser (courtesy of Firefox) and a coding platform (now using Notepadqq).  And it’s fulfilled these expectations.

So purdy

It’s also exceeded them.  The OS is incredibly efficient, and has proven to be the fastest system I have used to date.  And after discovering that a sticker had melted onto the internal WiFi card, and removing said sticker fixed it, I’ve decided to order a battery and have a completely restored workstation.  I don’t know if it’ll turn out to be my primary machine, but it’ll certainly fill a niche where more technical tasks are involved.  So far, Ubuntu has excelled beyond my every expectation.  I offer my personal endorsement.

–Simon

Posted on

What’s the Fox Say?

I like Firefox.  It has the visual settings I want, the security features I want, the plugins I want, and the business model I like.  Chrome and Safari in their own right are just fine, but I prefer Firefox.

My employer, however, does not like Firefox, and that is for obvious reasons.  Firefox is a standalone application that doesn’t require root privileges to install or configure.  It also ignores group policy, and maintains its own certificate store.  From an IT admin perspective, it’d be a nightmare to try to support.  So, officially, they don’t.  But, they don’t explicitly forbid its use, either.  In fact, many internal documents offer information that is Firefox-specific.  But, IT also blocks the domains which provide Firefox installation packages, and the company’s Reasonable Use of Company Resources policy does state that circumvention of technological protections is prohibited, so am I violating this policy by, say, acquiring an installation package that I had downloaded onto a domain I control?  I’m not really bypassing these protections, and besides which–I have a business need to test how web code renders in different browsers.  It’s a bit of a grey area.

What isn’t a grey area, however, is the means by which I connect to the Internet.  Naturally, I use the default proxy URL and configuration provided by the company, so all good there.

Then recently, I couldn’t connect at all.  I received a certificate error for every HTTPS page I attempted to access.  Unbeknownst to me, IT had installed a middlebox.

Middleboxes operate by intercepting a connection, breaking it open, then re-encrypting it back to the end user.    This re-encryption, however, requires a re-signing of the contents with a valid certificate.  This certificate is generally a company-generated CA, installed via group policy into every machine’s certificate store.  But since Firefox uses it’s own certificate store, when the re-signed connection arrived, Firefox only saw that the connection was signed with an unknown and invalid certificate, and promptly terminated the connection as a security measure.  This is, amusingly, the way it’s supposed to operate.  Breaking TLS in this manner violates its purpose, but it works because of its current limitations (at least for now–TLS 1.3 has protections against this but is being pushed back because of its ability to prevent this type of corporate TLS-breaking).

Naturally, I don’t have a problem with the company monitoring the use of its own resources, so you’ll find no soap box argument here.  My main concern, then, was how to get Firefox working again.

Fortunately there’s a buried setting, within about:config.

Simply changing the Value from “False” to “True” will allow Firefox to access and accept the hosting machine’s certificate store, thus allowing corporate TLS certificates to break and re-sign HTTPS.

So at least for now, I can still use Firefox.  I just had to configure it myself, which is no doubt the kind of support IT wants to avoid having to provide.

Curiously, when I’m connected to the company VPN, my traffic doesn’t appear to be funneled through the middlebox.  I wonder if there’s too much overhead to do that, or because since the VPN uses TLS it’d be a technical challenge to separate VPN TLS from HTTPS TLS?  Maybe they’re only concerned about monitoring non-exempts to that extent.  Dunno.

Regardless, Firefox can still play nice in a corporate environment.  It’s just that it has to be manually switched away from its default, and untrusting, policies.

–Simon

Posted on

Herbie

Remember those old Disney movies with the sentient Volkswagen?  It was a fun take on our tendency as a species to anthropomorphize our vehicles.  And as a kid with few friends, I found the idea of being besties with a car to be a very reasonable movie premise.  So it was that my favorite in the series became Herbie Goes Bananas.  It involved a Hispanic orphan who gets into wacky adventures with the car, culminating in them foiling a plot to steal Aztec gold by a gang of enterprising bandits.  That touch of Indiana Jones in the story must have really taken me in.

Anyway, another individual with a goofy sense of humor must have found meaning in these films too, for we witnessed this in the parking lot during a Target run:

Not exactly a Volkswagen, but no matter.  See you around, Ocho.

–Simon

Posted on

Whippet Ingenuity

Dogs can be clever when the need arises, though certainly some exhibit this more than others.

Whippets are not winter dogs.  Their short hair and predilection for cuddling conditions them for warm and comfortable environments, and the bitter cold of February simply does not meet these requirements.  In the past, the whippets have simply burrowed deep into blankets and cushions, at times even becoming invisible to the unsuspecting human who wishes to sit upon the couch (resulting in a rather canine-sounding whoopie cushion).  But Poppy took a novel approach, and actively sought ambient heat, apparently not content to merely preserve her own.  It seems like an obvious solution for a dog, but I find it awfully darned funny.

Here she is on a heating register
I thought Man’s mastery of fire was part of what made us different from animals–apparently not

I later found the thermostat cranked up to 90, although I didn’t catch her in the act, so blame seems to point elsewhere.  It would seem that the whippet’s ingenuity is just one example of an inter-species female desperation for heat.

The thermostat will stay at 64!

–Simon

Posted on

Olympics and VPN

I run a VPN server at home.  This is for 2 reasons: to remotely access local services, and as a security measure to encrypt my phone’s traffic.  These reasons are what I feel to be the primary purpose of VPNs.  This is also what allows me to work at home with a company computer.

However, a consequence of this tunneling is that, from the perspective of any server to which the computer connects, that computer appears “physically” to be at the VPN’s emergence point.  This result, what I consider to be a mere auxiliary function, has caused VPN services to experience a surge in popularity for the sole reason of bypassing geolocation restrictions.  I snub my nose at those who subscribe to services for this reason, as I envision Millennials, deluded with a sense of feeling smarter than everyone else, bypassing “The Man” in order to access streaming content–with no appreciation for the actual security benefits that VPNs provide.

Then the 2018 Olympics arrived and I found myself unwilling to endure yet another year of NBC’s coverage.  Between their endless commentary and commercial breaks every 5 minutes, they’ve done everything in their power to make these events unwatchable.  And they succeeded, at least for me.  So I did exactly what I just expressed my condescension against, and shopped for VPN providers.

I stumbled across a site that actually explained the history of VPNs and their technology, a refreshing divergence from the usual array of clickbait-y sites (a la Gizmodo):

www.bestvpn.com/vpn-encryption-the-complete-guide

Given the comprehensiveness of the supplied information, I took their opinions to be acceptably educated, and subscribed to a month’s service from their top recommendation, www.expressvpn.com.

When the Olympics arrived, I connected to a server in Toronto and loaded the CBC’s live stream.  And behold!:

The CBC is mercifully low on commercials and commentary; and they stream live, rather than delaying for time zones.  I’d launch into some self-righteous rhetoric about runaway capitalism interfering with something who’s inherent purpose is contrary to this value, but I’m content to just go watch some more events and stop blogging.

Because, really, when’s the last time anyone in the US got to watch curling?

Simon