Category Archives: General

Better local DNS

Posted on by
Reply

For what’s felt like forever, I’ve run dnscrypt-proxy as a local DNS resolver for my LAN. Queries initially hit a BIND instance for my “local” domains and dnscrypt-proxy is the forwarder for this setup. This configuration doesn’t lend itself well to query logging or to individually unblocking “semi-desirable”1 trackers with the ad-blocking lists I’ve configured through dnscrypt-proxy. I could finagle something with BIND’s views, but why not look at something like Pi-Hole?

I’ve looked at Pi-Hole off and on before. I usually come back to the same problem: local DNS.There are several forward and reverse zones I run in a split DNS setup with BIND. Pi-Hole partially supports something like this with conditional forwarding; however, I’ve got more than one zone to contend with forwarding. dnsmasq has the option to set several upstreams per domain and Pi-Hole seems to have maintained this functionality as they progress with their own fork.

So as long as this upstream server setting remains, I create /etc/dnsmasq.d/99-forwarders.conf with the following type of content to enable all this forwarding:

server=/example.com/192.168.1.x
server=/1.168.192.in-addr.arpa/192.168.1.x
server=//192.168.1.x

This setup allows BIND to still answer for the zones it’s responsible for while letting Pi-Hole do what it does best. Now, if you’re wondering where dnscrypt-proxy is in my setup – it’s still there! I have Pi-Hole querying it as an upstream resolver. It took me a minute to figure out that the Pi-Hole GUI wants the upstream DNS port to be expressed with a # vs a : though. Now I’ve got the ability to group my “clients” with Pi-Hole and maintain my local DNS. Truly, the best of both worlds.

  1. So many sites become useless if you block their tracker and telemetry hosts. Chipotle and other online restaurants are good examples of this. Both their app and website simply fail with an unknown error if you block Traffic Manager, which seems to occasionally appear on crowd sourced DNS blocklists. ↩︎

BitLocker automatically rebooting

Posted on by
Reply

My Windows 10 PC automatically updates and automatically reboots. I’m generally fine with the former behavior, the latter can be a bit frustrating at times. Suspending updates and doing them on my schedule feels clumsy. Not to mention the fact that Windows doesn’t consider running PuTTY sessions worth preventing a reboot. I guess that’s a plug for more tmux and/or screen usage, though. Nevertheless, I wish Microsoft would yield more control over this update system to power users.

I use BitLocker and must manually unlock the system during a reboot. Normally, this is fine; however, when an automatic reboot inconveniently occurs, it’ll boot loop the system because I’m not there to enter the passphrase. The Windows UEFI system automatically reboots the system after a minute. And again, and again, and again… Sometimes it gets itself in such a loop that Startup Recovery is needed.

I finally found an answer to this annoying problem. In Boot Configuration Data (BCD), there’s a value, “bootshutdowndisabled,” that can prevent this automatic reboot. Now the system will wait into perpetuity for me to unlock it. A far sight better than a constant reboot. I’m sure the fans and power supply are a might happier too. I figured I’d share this, since I’m probably not the only one annoyed by it on a modern system they want to (better) secure.

In an administrator command prompt:
bcdedit /set bootshutdowndisabled 1

Your system will thank you later 🙂

Weekend DIY project

Posted on by
Reply

Ambient Orb

Ambient Orb

Anyone remember the Ambient Orb by Mathmos? When they came out years ago, I very much wanted one for my desk at work to keep track of emails, ticket queues, etc.  The price was pretty high for what was ultimately a toy, so I never bought one.  If I remember right, they weren’t open source and were difficult to work with as well.

A similar, pre-IoT device came out to help you track things, the Nabaztag “Rabbit.”  It also did cute tricks and spoke to you, much like the Furby toy.  Funny how both of these devices ended up in my office via coworkers.  Ironically both are now pretty defunct, though I think are a lot of FOSS efforts to keep the Rabbits working via reverse engineering and DNS masquerading.

Nabaztag Rabbit

Nabaztag Rabbit

Well, I decided I wanted to do something fun.  Back when the Raspberry Pi craze hit, I never really bought one.  They were constantly out of stock and I had better things to spend money on.  When a coworker became infatuated with Chromebits for his kiosk needs, he chucked his Raspberry Pis in the garbage.  I rescued one and it ended up falling into one of my electronics junk boxes.  (I really do need to go through and clean those out someday.)

My original visions for the Pi were to setup a VPN for remote tech support for parents, family, and friends.  Today however, I’m settling for an alarm clock.  Voice assistant based alarms, like Alexa and Google Assistant, are too easy to yell, “shut up,” at across the room.  I’ve developed an almost subconscious “rollover and disable” maneuver for my phone’s alarm.  So what’s left? Clocky is tempting, but I’m always worried about knocking things over or injuring pets.  Enter the Raspberry Pi.

Raspbian plus a simple shell script with an ffplay fade puts me in business.  I can have the “alarm” loop forever with a heavy metal song that fades in slowly.  Why a fade? In the oft chance I actually get up before it reaches peak intensity and to also not completely jar me awake when the song starts at full blast.  To disable the alarm, I’ll have to SSH in and “kill” the script.  Pretty hard to do that from bed, much less half awake.  A simple Monday through Friday rotation is in cron and I’m looking forward to a successful test tomorrow 🙂

Oh, and for added fun: I added a blink(1) to the setup to monitor important emails, server status, etc.  It’s kind of like having my own Ambient Orb or Nabaztag Rabbit again.  Albeit this time, it’s a heck of a lot cheaper.  The blink(1) is only about $30 USD on Amazon.

Time changes, but Apple’s genius bar experience doesn’t

Posted on by
Reply

It’s been nearly a year since I blogged here.  Time flies, eh?

Remember when I complained about my terrible time with Apple’s “genius bar” experience?  Same laptop, same shenanigans (mostly).  I needed the machine to do a week long class far from home.  I normally use my smaller MacBook for these classes, but horsepower was emphasized.  So I brought the MacBook Pro.  I didn’t realize it until I got to the city hosting the class, but the laptop was wobbling.  You literally couldn’t lay it on a flat surface and type on it without it wobbling.  Annoying, but not world ending.

There was an Apple Store in the town I was visiting.  They told me to bring it in as a walk-in.  I spent an hour in the zoo known as an Apple Store before I was turned away.  The geniuses weren’t taking any more people.  I wish I knew that before I committed the time.  All the while, I was really hoping it was the pentalobe screws being lose or the internal case snaps not being connected.  I’d seen plenty of these issues doing IT work for a big company.  I almost bit the bullet and attempted a fix myself, but I didn’t want to endanger the AppleCare warranty.

I was able to score an appointment for the following day.  Surprisingly, the appointment time was right on the mark.  Normally, I feel like you wait ~30-60 minutes after your scheduled time.  The genius was pretty confident the battery had swollen.  Unfortunately, they had no top cases (with batteries) on hand.  3-5 days to ship it to Texas and have it return.  If you’re an Apple Joint Venture member you can at least get a loaner.  This isn’t worth $500/year to me.  I ask the genius if I can drop it off the day before I leave for home and have it returned to my local Apple Store.  Nope! It can only return to the originating Apple Store.  Welp.

Rather than dealing with another genius reservation back home, I just had the remote AppleCare folks send a box to my home.  When I returned, I ran a backup – verified said backup – and wiped the machine before sending it off to Texas.  Two days to get there, a day in repair, and two days to make it back to me.  If I didn’t have another machine, I’d be hurting.  Five days is a long time to wait to fix a battery.  The worst part is that I didn’t even have to go to the store to get resolution.  It makes me ponder why the Genius Bar is even a thing for things that are clearly hardware related.  Either stock enough on hand to do common repairs or just divert customers when they book genius bar reservations online or over the phone.

All you do with these in-person “repairs” at the genius bar is piss people off.  If it had to be mailed off anyway, I’d rather have skipped both visits to the Apple Store and just had the box mailed to me.  I suppose in-person gives the opportunity for the less savvy to get backed up or maybe get talking into buying an upgraded machine.  For the more tech savvy, it’s just a time sink and a visit to a very hectic, very crowded, and very noisy environment.

Funny enough, I actually interviewed with Apple the year I posted my original rant.  One of the interviewers actually read it! Disappointingly, while he agreed with me; two of the other interviewers did not.  Full disclosure: I didn’t get the job.  I’m about 99.99% sure me griping had absolutely nothing to do with it.  It is funny to think about though! I’m told retail and corporate are very, very different animals and virtually have zero interaction with one another.

Maybe someday the genius bar experience will make more sense.  Someday…

Dear, Apple: Your store support experiences are terrible!

Posted on by
Reply

Last summer, I bought a mid-2015 MacBook Pro Retina that I absolutely love.  The machine doubles as my travel laptop and my primary desktop (in clamshell mode).  I backup using Time Machine to my ZFS backed storage and I keep my Mac fairly pristine.  Recently though, I began experiencing kernel panics that were file system related.  After much head banging, I discovered this was due to a corrupt “sparsebundle” that Time Machine uses.  Unfortunately, my Mac already had its logic board replaced before I made this discovery.

My first trip to the Apple Genius Bar with this Mac was unremarkable.  The service was relatively prompt and the shipping/receiving estimates were on par.  I was able to pickup my laptop and get back on the road fairly quick.  Unfortunately, the refurbished logic board used by Apple’s repair depot had a faulty GPU.  I had moved and swapped several monitors and cables before making this frustrating discovery.  This is honestly why I hate refurbished equipment.  The testing never feels sufficiently rigorous and my luck often leaves me revisiting failed repairs all too often.  The worst was probably going through four iPod Touch units before the store admitted that their refurbs weren’t up to spec and gave me a new-in-the-box iPod.

I return to the store, hoping I can just get a new machine or at least have my existing one repaired in the store.  The Genius exams my videos and stills of the display completely freaking out and doesn’t waste much time.  The machine has to return to the repair center in Texas.  *Sigh.*  Now the trouble begins.  The Genius won’t treat this as a failed repair.  To them, this is like a first attempt.  No need to empathize/sympathize with me.  The Genius writes the machine’s status up in their ticket.  We quickly squabble over two points.  The Genius put that they couldn’t replicate the issue (they didn’t try) and that the machine has scratches and scuffs (it didn’t and was listed as “no damage” on the last repair ticket).  We battle over something that should be relatively simple and the machine is eventually taken back, pending shipment to the repair depot.

For the first time in a long while, I’m leaving Apple negative feedback.  If you botch a repair, you need to make good on it.  You don’t just give standard service and expect the customer to appreciate that you did the bare minimums.  I’m not expecting Apple to listen, but if they do, maybe this will be another point in favor of changing some support policies at the Genius Bar.  If you tried once and failed, you need to help me keep faith in Apple.  I’m not asking for the whole cow, but I am asking for something to prove that my time is at least somewhat valued by the store staff.

I hate companies that robo dial

Posted on by
Reply

I especially hate them if they call and expect you to contact them, but they just happen to be closed when their robo dialer calls you.  They have no respect for weekends or typical “downtime” hours.  They make themselves especially difficult to block, because they often rotate numbers — seemingly when they detect that they’ve been blocked.  Why we haven’t made it a law for these nuisance callers is beyond me.  I’m on the Do Not Call registry and yet this seems to encourage more crap calls.

Maybe I’m just getting old and am tired of being woken up early Saturday morning with a robo call telling me that I haven’t yet registered for my car warranty.  Ironically, the car they’re calling about hasn’t been in my possession for about five years now.  Sure, I could file a complaint and hope the company gets slapped with a fine, but is that worth my time and effort? I see lots of people filing complaints (or at least claiming to) and yet these companies still seem to be operating at full speed.  So either they’re not being fined or they have pockets so deep the fines are practically meaningless.

Not the best way to start one’s Saturday…

You’re killing me, HP

Posted on by
Reply

UPDATE: HP Case Managers made good on their word.  I spoke with someone who was knowledgeable, technical, and well-versed in the English language.  We agreed it was probably some sort of firmware issue or engineering defect.  He promised to research the issue and get back to me the following day.  And you know what? He actually did.  They identified a set of serial numbers with the EWS issue and sent me a brand new unit that would not be prone to the problem.  Sounds like a win to me!

I posted awhile back about my old HP printer finally biting the dust.  The replacement Photosmart 7520 worked rather well.  It had a document feeder, a duplexer, and a decent photo printing capability.  Sadly, its printhead released the magic smoke a few weeks ago.  Since the printer was still in warranty, I opted to have it replaced.  Within two weeks, I had a semi-new (refurbished) 7520 on my doorstep.

This 7520 printed like a champ, but its web scan, even its entire web interface would not respond.  The service was listening on port 80.  I could get the initial banner off of it.  Try as I might though, I could not get the damn thing to load up the embedded web server (EWS).  It’d all eventually fail with a timeout or a 405 not allowed error.  Even with a basic “GET /” request.  Calling and chatting (online) with tech support, they eventually decided to replace the printer again.

So here we are on replacement number two and guess what? The EWS still doesn’t respond! Argh! At this point the people at HP must think I’m trying to swindle them out of a printer, but they keep me talking with their lowest tier, script reading tech support minions.  Firmware update? netcat, what? At one point they wanted to “remote in” and help me, because it’s clearly an OS issue, not a printer problem, when the printer’s own web server doesn’t respond.  Surely that’s it, right?

Foolish me, I told them my main OS was a Mac.  They want me to go and download their remote desktop helper.  There’s no way in hell I’m letting them run loose on my desktop, so I put them and their app in a VM.  The poor tech is completely baffled by seeing a Windows desktop.  So they transfer me, with no ticket history, to the Windows department.  Well, “Windows” doesn’t want to remote in when I have the 405 error or the hung netcat session up.  No, they want to replace the printer again.  But since they haven’t gotten replacement one back, this throws them in an infinite loop.

Whatever happened to tier two or the engineering department? Has anyone at HP actually tested the 7520’s EWS on the varying firmware versions out there? A cursory Google search, and even one of HP’s own support forum, shows other people having this issue.  How many replacement printers and trips to FedEx are they willing to make me go through?

So now I’m here waiting for a call from a “case manager,” hoping they won’t be frightened away by HTTP status codes or words like “firmware” or “embedded web server.”  I’m really hoping its a simple firmware fix, but I’m not going to hold my breath.  A friend with this same printer has a working EWS instance and my original unit had one too.  So clearly something has gone afoul with newer 7520 units.

Maybe HP could simply repair my original unit? Nah, that’d make too much sense…

Yelp is dishonest

Posted on by
Reply

After years of pestering, I finally started leaving online reviews.  I did a few with Amazon and I’ve done several with Yelp.  Maybe it’s a little narcissistic, but I enjoy going back and reading my reviews every now and again.  Amazon happily seems to maintain your review’s ordering, good or bad.  Now here’s my dig on Yelp.  When you’re logged in, your review maintains its ordering.  When you’re not logged in, your review can easily be buried by older, more positive reviews.  One can’t help but wonder if some of these reviews are paid or promoted.

When I go out to eat, I’m looking for transparency in the reviews.  I usually discount the cacophony of, “omg! this place sux!” Places that have a torrent of bad reviews with half-decent English usually get the pass.  I’m picky about local food because a) I don’t want to get sick and b) I generally want to have a good time the few occasions I go out to eat.  Pretty simple, right? If you’re fair and honest, I have no problem eating at your establishment.

It’s unwise to pay too little

Posted on by
Reply

I love this quote by John Ruskin:

“It’s unwise to pay too much, but it’s worse to pay too little. When you pay too much, you lose a little money – that’s all. When you pay too little, you sometimes lose everything, because the thing you bought was incapable of doing the thing it was bought to do. The common law of business balance prohibits paying a little and getting a lot – it can’t be done. If you deal with the lowest bidder, it is well to add something for the risk you run, and if you do that you will have enough to pay for something better.”

I feel like I learn this lesson time and time again with cheap barbershops.  My usual shop is pricey, and I mean really pricey.  $60 for a haircut and a shave, not including tip.  Pretty high, right? So every now and again I’ll try a new place.  Usually I end up paying $25-40.  I save some money, but often my hair or face regrets the experience.

I went through this experience again this weekend.  A friend took me to his favorite barbershop.  $29 for a haircut and shave.  The haircut was okay, maybe even a little sloppy near the end.  (I also loathe barbers and bar tenders that argue with their customer’s wishes.)  The shave left some facial hair behind and actually ending up cutting me a couple times.  If I wanted to be cut, I’d go at my beard with the straight razor myself (something I’m terrible at).

My main shop may charge $30 for the shave, but they take their time.  If I do get nicked, it’s pretty rare.  I also feel like they take their time with the actual haircut and aren’t trying to rush me out the door.  Worth the extra $20? I think so.  I just wish they weren’t always booked up all the time!

The banes of success, right?